[Arquivado]Não consigo instalar antivirus ou similares

DeePoo · Setembro 3, 2007

Olá Pessoal. Ao fazer upload do Active Virus Shield verifiquei, com surpresa, que el tem novo proprietário de direitos. Tive de efetuar novo login para receber o "novo" free antivirus, mas a partir daí não mais consegui instalar nenhum antivirus (o download completa, mas na instalação dá erro de arquivo corrompido, em todos). Para piorar, ao tentar scanear o PC on-line, verifiquei q tem de ser através do IExplorer (trabalho com um outro mas tenho a versão 6.0 instalada). Ao acessar o IE, as janelas de digitação não mostram o cursor nem tampouco colam qquer msg. Segue log do Hijack. Grato pela atenção, desde já.

Logfile of HijackThis v1.99.1

Scan saved at 11:24:09, on 3/9/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\spoolsv.exe

D:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

D:\Arquivos de programas\CPUCooL\CooLSrv.exe

D:\WINDOWS\system32\nvsvc32.exe

D:\WINDOWS\Explorer.EXE

D:\Arquivos de programas\Intel\NCS\PROSet\PRONoMgr.exe

D:\WINDOWS\system32\RUNDLL32.EXE

D:\Arquivos de programas\DAEMON Tools\daemon.exe

D:\Arquivos de programas\Java\j2re1.4.2_14\bin\jusched.exe

D:\Arquivos de programas\Browser MOUSE\mouse32a.exe

D:\Arquivos de programas\QuickTime\qttask.exe

D:\WINDOWS\SOUNDMAN.EXE

D:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

D:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

D:\Arquivos de programas\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe

D:\WINDOWS\system32\ctfmon.exe

D:\Arquivos de programas\Microsoft Office\Office\1046\OLFSNT40.EXE

C:\Arquivos de programas\WinZip\WZQKPICK.EXE

D:\WINDOWS\System32\svchost.exe

D:\Arquivos de programas\Mozilla Firefox\firefox.exe

D:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: XBTP06568 - {311F9DE8-6126-4EEE-B15F-65CBB3B4F9F6} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: AOL Security Toolbar - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - (no file)

O4 - HKLM\..\Run: [PRONoMgr.exe] D:\Arquivos de programas\Intel\NCS\PROSet\PRONoMgr.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [DAEMON Tools] "D:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Arquivos de programas\Java\j2re1.4.2_14\bin\jusched.exe"

O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] D:\Arquivos de programas\Browser MOUSE\mouse32a.exe

O4 - HKLM\..\Run: [QuickTime Task] "D:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [RemoteControl] "D:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [PowerBar] "D:\Arquivos de programas\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime

O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [uniblue RegistryBooster 2] D:\Arquivos de programas\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

O4 - Global Startup: Microsoft Office.lnk = D:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = D:\Arquivos de programas\Microsoft Office\Office\1046\OLFSNT40.EXE

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Arquivos de programas\WinZip\WZQKPICK.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Arquivos de programas\Java\j2re1.4.2_14\bin\npjpi142_14.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Arquivos de programas\Java\j2re1.4.2_14\bin\npjpi142_14.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: D:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O17 - HKLM\System\CCS\Services\Tcpip\..\{5D95ED47-B59E-4C8C-AF7B-8DFE83D3B2AC}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: CPUCooLServer Service (CPUCooLServer) - Unknown owner - D:\Arquivos de programas\CPUCooL\CooLSrv.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - D:\Arquivos de programas\Intel\NCS\Sync\NetSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe

Intel Dual Core 3,4

1Gb RAM

PV G Force 6200 256 Mb

Placa Mãe Gigabyte GA 81865 GME 775

jgarcia · Setembro 3, 2007

Opa DeePoo,

Siga as instruções deste tutorial e retorne com o resultado.

Poste ainda um novo log do HijackThis.

Abraços.

DeePoo · Setembro 14, 2007

Olá amigo. Demorei para postar pq meu pc apresentou uma pane total com relação à Net. O técnico da Speedy veio apenas ontem (13/09). Vai o Log.Logfile of HijackThis v1.99.1Scan saved at 11:52:49, on 14/9/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Unable to get Internet Explorer version!Running processes:D:\WINDOWS\System32\smss.exeD:\WINDOWS\system32\winlogon.exeD:\WINDOWS\system32\services.exeD:\WINDOWS\system32\lsass.exeD:\WINDOWS\system32\svchost.exeD:\WINDOWS\System32\svchost.exeD:\WINDOWS\system32\spoolsv.exeD:\Arquivos de programas\CPUCooL\CooLSrv.exeD:\WINDOWS\system32\nvsvc32.exeD:\WINDOWS\System32\svchost.exeD:\WINDOWS\Explorer.EXED:\Arquivos de programas\Winamp\winampa.exeD:\Arquivos de programas\Mozilla Firefox\firefox.exeD:\WINDOWS\explorer.exeD:\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missingO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocxO2 - BHO: XBTP06568 - {311F9DE8-6126-4EEE-B15F-65CBB3B4F9F6} - (no file)O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kO4 - HKLM\..\Run: [WinampAgent] D:\Arquivos de programas\Winamp\winampa.exeO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Arquivos de programas\Java\j2re1.4.2_14\bin\npjpi142_14.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Arquivos de programas\Java\j2re1.4.2_14\bin\npjpi142_14.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Arquivos de programas\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Arquivos de programas\Messenger\msmsgs.exeO14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.aspO17 - HKLM\System\CCS\Services\Tcpip\..\{3181BD99-DB33-45EC-92B2-15ABF800C2CE}: NameServer = 200.204.0.10,200.204.0.138O17 - HKLM\System\CCS\Services\Tcpip\..\{5D95ED47-B59E-4C8C-AF7B-8DFE83D3B2AC}: NameServer = 200.204.0.10 200.204.0.138O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLLO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLLO20 - Winlogon Notify: WgaLogon - D:\WINDOWS\O23 - Service: CPUCooLServer Service (CPUCooLServer) - Unknown owner - D:\Arquivos de programas\CPUCooL\CooLSrv.exeO23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - D:\Arquivos de programas\Intel\NCS\Sync\NetSvc.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exeO23 - Service: Panda anti-virus service (PAVSRV) - Unknown owner - (no file)A propósito, os downloads referentes à Microsoft (IE 7.0, WMP 10.0 q tento abriritb dão problemas de arquivos corrompidos, além dos antivirus)Grato

jgarcia · Setembro 14, 2007

Opa DeePoo,

Baixe o F-Secure Blacklight em:

F-Secure Blacklight

Salve-o em sua área de trabalho (desktop) e o execute. Aceite o acordo. Clique em Scan e aguarde.

Se ele encontrar algum arquivo, ignore, pois quero apenas o log.

Ao final do scan será gerado o arquivo fsbl-xxxxx.log (onde xxx são números). Preciso que você copie o log e poste em sua próxima resposta.

Abraços.

DeePoo · Setembro 14, 2007

Aqui vai jgarcia:09/14/07 16:12:01 [info]: BlackLight Engine 1.0.64 initialized09/14/07 16:12:01 [info]: OS: 5.1 build 2600 (Service Pack 2)09/14/07 16:12:02 [Note]: 7019 409/14/07 16:12:02 [Note]: 7005 009/14/07 16:12:05 [Note]: 7006 009/14/07 16:12:05 [Note]: 7011 172009/14/07 16:12:05 [Note]: 7026 009/14/07 16:12:05 [Note]: 7026 009/14/07 16:12:08 [Note]: FSRAW library version 1.7.102209/14/07 16:14:56 [Note]: 7007 0AbraçosDeePoo

jgarcia · Setembro 14, 2007

Opa DeePoo,

Baixe o ComboFix em:

ComboFix

1) Dê um duplo-clique no combofix.exe e tecle "Y" para prosseguir. O processo vai durar, em média, 10 minutos;

2) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção);

3) Quando a varredura acabar, será gerado um log, que estará em D:\ComboFix.txt;

4) Não clique na janela do ComboFix, nem feche clicando no X, enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco);

5) Para parar ou sair do ComboFix, tecle "N";

6) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta, juntamente com um novo log do HijackThis.

Abraços.

DeePoo · Setembro 14, 2007

Aqui vai jgarcia, apenas com ressalva q o PC não reiniciou:

ComboFix 07-09-14.2 - "Administrador" 2007-09-14 16:43:54.2 - FAT32x86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.782 [GMT -3:00]

.

((((((((((((((((((((((( Ficheiros criados de 2007-08-14 to 2007-09-14 ))))))))))))))))))))))))))))))))

.

2007-09-14 16:39 51,200 --a------ D:\WINDOWS\NirCmd.exe

2007-09-14 10:58 93,184 --a------ D:\WINDOWS\system32\wvjava.dll

2007-09-14 10:58 <DIR> d-------- D:\Arquivos de programas\PLATINUM technology

2007-09-14 09:17 <DIR> d-------- D:\Arquivos de programas\Winamp

2007-09-12 21:00 <DIR> d-------- D:\DOCUME~1\CONVID~1\DADOSD~1\CyberLink

2007-09-11 13:49 <DIR> d-------- D:\DOCUME~1\ADMINI~1\DADOSD~1\Opera

2007-09-11 13:48 <DIR> d-------- D:\Arquivos de programas\Opera7

2007-09-11 13:30 <DIR> d-------- D:\DOCUME~1\ADMINI~1\DADOSD~1\Lavasoft

2007-09-11 13:30 <DIR> d-------- D:\Arquivos de programas\Lavasoft

2007-09-07 10:26 59,264 --a------ D:\WINDOWS\system32\drivers\USBAUDIO.sys

2007-09-07 10:26 59,264 --a------ D:\WINDOWS\system32\dllcache\usbaudio.sys

2007-09-07 10:26 31,616 --a------ D:\WINDOWS\system32\drivers\usbccgp.sys

2007-09-07 10:26 31,616 --a------ D:\WINDOWS\system32\dllcache\usbccgp.sys

2007-09-06 19:20 <DIR> d-------- D:\DOCUME~1\CONVID~1\DADOSD~1\SolSuite

2007-09-06 18:18 66,591 --a------ D:\WINDOWS\system32\drivers\el90xbc5.sys

2007-09-06 18:18 66,591 --a------ D:\WINDOWS\system32\dllcache\el90xbc5.sys

2007-09-03 17:16 <DIR> d--hs---- D:\WINDOWS\system32\Sys

2007-09-03 17:16 <DIR> d-------- D:\Arquivos de programas\Panda Software

2007-09-03 16:33 626,688 --a------ D:\WINDOWS\system32\msvcr80.dll

2007-09-03 11:23 218,112 --a------ D:\HijackThis.exe

2007-09-02 22:11 <DIR> d-------- D:\DOCUME~1\ADMINI~1\DADOSD~1\Uniblue

2007-09-02 21:43 <DIR> d-------- D:\Arquivos de programas\Trend Micro

2007-09-02 21:16 18,432 --a------ D:\WINDOWS\system32\dllcache\iedw.exe

2007-08-23 11:08 <DIR> d-------- D:\Arquivos de programas\Sony

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-08-10 21:45 --------- d-------- D:\Arquivos de programas\Driver-Soft

2007-08-08 18:46 --------- d-------- D:\DOCUME~1\ALLUSE~1\DADOSD~1\Office Genuine Advantage

2007-08-07 19:13 --------- d-------- D:\DOCUME~1\CONVID~1\DADOSD~1\foobar2000

2007-08-06 17:19 --------- d-------- D:\Arquivos de programas\Lame

2007-08-06 17:19 --------- d-------- D:\Arquivos de programas\GoldWave

2007-08-06 14:14 --------- d-------- D:\Arquivos de programas\Realtek AC97

2007-08-06 14:02 --------- d-------- D:\DOCUME~1\ADMINI~1\DADOSD~1\foobar2000

2007-08-06 14:02 --------- d-------- D:\Arquivos de programas\foobar2000

2007-07-30 19:19 92504 --a------ D:\WINDOWS\system32\dllcache\cdm.dll

2007-07-30 19:19 92504 --a------ D:\WINDOWS\system32\cdm.dll

2007-07-30 19:19 549720 --a------ D:\WINDOWS\system32\wuapi.dll

2007-07-30 19:19 549720 --a------ D:\WINDOWS\system32\dllcache\wuapi.dll

2007-07-30 19:19 53080 --a------ D:\WINDOWS\system32\wuauclt.exe

2007-07-30 19:19 53080 --a------ D:\WINDOWS\system32\dllcache\wuauclt.exe

2007-07-30 19:19 43352 --a------ D:\WINDOWS\system32\wups2.dll

2007-07-30 19:19 325976 --a------ D:\WINDOWS\system32\wucltui.dll

2007-07-30 19:19 325976 --a------ D:\WINDOWS\system32\dllcache\wucltui.dll

2007-07-30 19:19 203096 --a------ D:\WINDOWS\system32\wuweb.dll

2007-07-30 19:19 203096 --a------ D:\WINDOWS\system32\dllcache\wuweb.dll

2007-07-30 19:19 1712984 --a------ D:\WINDOWS\system32\wuaueng.dll

2007-07-30 19:19 1712984 --a------ D:\WINDOWS\system32\dllcache\wuaueng.dll

2007-07-30 19:18 33624 --a------ D:\WINDOWS\system32\wups.dll

2007-07-30 19:18 33624 --a------ D:\WINDOWS\system32\dllcache\wups.dll

2007-07-29 19:32 --------- d-------- D:\DOCUME~1\CONVID~1\DADOSD~1\Talkback

2007-06-26 11:09 660992 --a------ D:\WINDOWS\system32\dllcache\wininet.dll

2007-06-26 10:57 851968 --a------ D:\WINDOWS\system32\dllcache\vgx.dll

2007-06-26 03:10 1104896 --a------ D:\WINDOWS\system32\msxml3.dll

2007-06-26 03:10 1104896 --a------ D:\WINDOWS\system32\dllcache\msxml3.dll

2007-06-19 10:31 282112 --a------ D:\WINDOWS\system32\gdi32.dll

2007-06-19 10:31 282112 --a------ D:\WINDOWS\system32\dllcache\gdi32.dll

2007-06-14 15:09 96768 --a------ D:\WINDOWS\system32\dllcache\inseng.dll

2007-06-14 15:09 616448 --a------ D:\WINDOWS\system32\dllcache\urlmon.dll

2007-06-14 15:09 55808 --a------ D:\WINDOWS\system32\dllcache\extmgr.dll

2007-06-14 15:09 532480 --a------ D:\WINDOWS\system32\dllcache\mstime.dll

2007-06-14 15:09 474112 --a------ D:\WINDOWS\system32\dllcache\shlwapi.dll

2007-06-14 15:09 449024 --a------ D:\WINDOWS\system32\dllcache\mshtmled.dll

2007-06-14 15:09 39424 --a------ D:\WINDOWS\system32\dllcache\pngfilt.dll

2007-06-14 15:09 357888 --a------ D:\WINDOWS\system32\dllcache\dxtmsft.dll

2007-06-14 15:09 3079680 --a------ D:\WINDOWS\system32\dllcache\mshtml.dll

2007-06-14 15:09 251392 --a------ D:\WINDOWS\system32\dllcache\iepeers.dll

2007-06-14 15:09 205312 --a------ D:\WINDOWS\system32\dllcache\dxtrans.dll

2007-06-14 15:09 16384 --a------ D:\WINDOWS\system32\dllcache\jsproxy.dll

2007-06-14 15:09 151552 --------- D:\WINDOWS\system32\dllcache\cdfview.dll

2007-06-14 15:09 1494528 --a------ D:\WINDOWS\system32\dllcache\shdocvw.dll

2007-06-14 15:09 146432 --a------ D:\WINDOWS\system32\dllcache\msrating.dll

2007-06-14 15:09 1055744 --------- D:\WINDOWS\system32\dllcache\danim.dll

2007-06-14 15:09 1024000 --------- D:\WINDOWS\system32\dllcache\browseui.dll

2007-04-10 15:42 333 --a------ D:\Arquivos de programas\INSTALL.LOG

2007-03-19 20:13 6422611 --a------ D:\Arquivos de programas\frostwire-4.13.1.6.windows.exe

2004-10-01 15:00 40960 --a------ D:\Arquivos de programas\Uninstall_CDS.exe

2004-09-03 10:32 3488 --a------ D:\WINDOWS\inf\OTHER\CMIAINFO.SYS

1999-04-01 20:53 99840 --a------ D:\Arquivos de programas\Arquivos comuns\IRAABOUT.DLL

1998-12-09 06:53 70144 --a------ D:\Arquivos de programas\Arquivos comuns\IRAMDMTR.DLL

1998-12-09 06:53 48640 --a------ D:\Arquivos de programas\Arquivos comuns\IRALPTTR.DLL

1998-12-09 06:53 31744 --a------ D:\Arquivos de programas\Arquivos comuns\IRAWEBTR.DLL

1998-12-09 06:53 186368 --a------ D:\Arquivos de programas\Arquivos comuns\IRAREG.DLL

1998-12-09 06:53 17920 --a------ D:\Arquivos de programas\Arquivos comuns\IRASRIAL.DLL

.

((((((((((((((((((((((((((((( snapshot_2007-09-14_164056,70 )))))))))))))))))))))))))))))))))))))))))

.

----a-w 163,328 2007-03-13 13:57:12 D:\WINDOWS\erdnt\subs\F3M\ERDNT.EXE

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="D:\WINDOWS\system32\NvCpl.dll" [2006-08-11 10:43]

"WinampAgent"="D:\Arquivos de programas\Winamp\winampa.exe" [2007-05-14 19:22]

"WMC_AutoUpdate"="" []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoRecentDocsMenu"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Microsoft Office.lnk]

backup=D:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Symantec Fax Starter Edition Port.lnk]

backup=D:\WINDOWS\pss\Symantec Fax Starter Edition Port.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^WinZip Quick Pick.lnk]

backup=D:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]

RunDll32 cmicnfg.cpl,CMICtrlWnd

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

D:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

"D:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLMOFFICE4DMOUSE]

D:\Arquivos de programas\Browser MOUSE\mouse32a.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

D:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerBar]

"D:\Arquivos de programas\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRONoMgr.exe]

D:\Arquivos de programas\Intel\NCS\PROSet\PRONoMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

"D:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

"D:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

"D:\Arquivos de programas\Java\j2re1.4.2_14\bin\jusched.exe"

S2 PAVDRV;pavdrv;D:\WINDOWS\system32\DRIVERS\pavdrv51.sys

S3 ASPI;Advanced SCSI Programming Interface Driver;\??\D:\WINDOWS\System32\DRIVERS\ASPI32.sys

*Newly Created Service* - CATCHME

.

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-09-14 16:44:12

Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2007-09-14 16:44:32

D:\ComboFix-quarantined-files.txt ... 2007-09-14 16:44

D:\ComboFix2.txt ... 2007-09-14 16:41

.

--- E O F ---

HIJACK

Logfile of HijackThis v1.99.1

Scan saved at 16:46:27, on 14/9/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Unable to get Internet Explorer version!

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\spoolsv.exe

D:\Arquivos de programas\Winamp\winampa.exe

D:\Arquivos de programas\CPUCooL\CooLSrv.exe

D:\WINDOWS\system32\nvsvc32.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\explorer.exe

D:\WINDOWS\system32\notepad.exe

D:\Arquivos de programas\Mozilla Firefox\firefox.exe

D:\WINDOWS\system32\wuauclt.exe

D:\WINDOWS\explorer.exe

D:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: XBTP06568 - {311F9DE8-6126-4EEE-B15F-65CBB3B4F9F6} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [WinampAgent] D:\Arquivos de programas\Winamp\winampa.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Arquivos de programas\Java\j2re1.4.2_14\bin\npjpi142_14.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Arquivos de programas\Java\j2re1.4.2_14\bin\npjpi142_14.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{3181BD99-DB33-45EC-92B2-15ABF800C2CE}: NameServer = 200.204.0.10,200.204.0.138

O17 - HKLM\System\CCS\Services\Tcpip\..\{5D95ED47-B59E-4C8C-AF7B-8DFE83D3B2AC}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\

O23 - Service: CPUCooLServer Service (CPUCooLServer) - Unknown owner - D:\Arquivos de programas\CPUCooL\CooLSrv.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - D:\Arquivos de programas\Intel\NCS\Sync\NetSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Unknown owner - (no file)

Abraços e Mt Obrigado pela força

DeePoo

jgarcia · Setembro 19, 2007

Opa DeePoo,

Execute o Active Scan da Panda, observando os seguintes procedimentos:

1) Alguns anti-vírus, tal como o AVAST, podem exibir um alerta de detecção durante a execução do scan, porém tal alerta deve ser ignorado. O aviso não passa de um falso-positivo. Sugiro que o AV seja desabilitado, temporariamente, a fim de que o scan ocorra sem problemas;

2) Para iniciar o processo, clique sobre o botão ;

3) Informe os dados solicitados no formulário;

4) Clique sobre o botão "Pesquise agora sem custos";

5) Siga todas as instruções que lhe serão passadas e aguarde o fim da varredura;

6) Ao término do scan, clique em visualizar o log. Salve-o em seu Desktop;

7) Poste o conteúdo do log em sua próxima resposta.

Abraços.

DeePoo · Setembro 19, 2007

jgarcia, não consigo operar o IExplorer. Não consigo atualizá-lo e a digitação, bem como o cursor não aparecem. Tentei até "colar" mas tb não funciona. Busquei pela Net qq Sacn Online via Firefox ou outro, mas não consegui. É mole?A propósito, não tenho o Avast instalado. Pode aparecer no log, mas não consta no Drive (acho q não). No momento estou sem Antivirus instalado, apenas o Adware e MV Clean.AbraçosDeePooA propósito jgarcia, não tenho o Avast instalado. Pode aparecer no log, mas não consta no Drive (acho q não). No momento estou sem Antivirus instalado, apenas o Adware e MV Clean.AbraçosDeePoo

DeePoo · Setembro 19, 2007

jgarcia: Consegui, por um colega, reinstalar o IExplorer, mas pasme: Todos os Scan OnLine q tentei dão erro; Desabilitei o Firewall para poder instalar direto o Active X, mas o Panda dá erro de página e não inicia o scan; O trend Micro, o Bit Defender e o House Call dão erro. Salve-se quem puder. Eu quero a minha mãe!DeePoo

jgarcia · Setembro 22, 2007

Opa DeePoo,

Baixe o SilentRunners.

Extraia o arquivo SilentRunners.vbs para o D. Dê duplo clique sobre o arquivo para executá-lo.

Após executá-lo aguarde até que seja gerado um documento denominado Startup Programs (USUÁRIO) data. Copie o conteúdo deste documento e cole em sua próxima resposta.

Abraços.

Obs.: Caso o seu AV detecte o arquivo como sendo um script malicioso não se preocupe e autorize a execução.

DeePoo · Setembro 25, 2007

Aí vai jgarcia

"Silent Runners.vbs", revision 52, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:

---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"ctfmon.exe" = "D:\WINDOWS\system32\ctfmon.exe" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"NvCplDaemon" = "RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]

"WinampAgent" = "D:\Arquivos de programas\Winamp\winampa.exe" [null data]

"WMC_AutoUpdate" = "(empty string)" [file not found]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

-> {HKLM...CLSID} = "AcroIEHlprObj Class"

\InProcServer32\(Default) = "D:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extensão do 'Painel de controle' para panorâmica de vídeo"

-> {HKLM...CLSID} = "Extensão do 'Painel de controle' para panorâmica de vídeo"

\InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extensão de ícone do HyperTerminal"

-> {HKLM...CLSID} = "HyperTerminal Icon Ext"

\InProcServer32\(Default) = "D:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"

-> {HKLM...CLSID} = "DesktopContext Class"

\InProcServer32\(Default) = "D:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"

-> {HKLM...CLSID} = "NVIDIA CPL Extension"

\InProcServer32\(Default) = "D:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"

-> {HKLM...CLSID} = "Desktop Explorer"

\InProcServer32\(Default) = "D:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "D:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"

-> {HKLM...CLSID} = "nView Desktop Context Menu"

\InProcServer32\(Default) = "D:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{B28C18DB-6816-4F31-9630-397683E3C2C3}" = "Filzip Shell Extension"

-> {HKLM...CLSID} = "Filzip Shell Extension"

\InProcServer32\(Default) = "D:\ARQUIV~1\Filzip\fzshext.dll" [empty string]

"{59850401-6664-101B-B21C-00AA004BA90B}" = "Microsoft Office Binder Unbind"

-> {HKLM...CLSID} = "Microsoft Office Binder Unbind"

\InProcServer32\(Default) = "D:\ARQUIV~1\MICROS~2\Office\1046\UNBIND.DLL" [MS]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"

-> {HKLM...CLSID} = "Extensão de ícone de arquivo do Outlook"

\InProcServer32\(Default) = "D:\ARQUIV~1\MICROS~2\Office\OLKFSTUB.DLL" [MS]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "D:\Arquivos de programas\WinRAR\rarext.dll" [null data]

"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32\(Default) = "C:\ARQUIV~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32\(Default) = "C:\ARQUIV~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32\(Default) = "C:\ARQUIV~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32\(Default) = "C:\ARQUIV~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"

-> {HKLM...CLSID} = "Minhas Pastas de Compartilhamento"

\InProcServer32\(Default) = "D:\Arquivos de programas\MSN Messenger\fsshext.8.1.0178.00.dll" [MS]

"{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band"

-> {HKLM...CLSID} = "History Band"

\InProcServer32\(Default) = "D:\WINDOWS\system32\Shdocvw.dll" [MS]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

Filzip\(Default) = "{B28C18DB-6816-4F31-9630-397683E3C2C3}"

-> {HKLM...CLSID} = "Filzip Shell Extension"

\InProcServer32\(Default) = "D:\ARQUIV~1\Filzip\fzshext.dll" [empty string]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "D:\Arquivos de programas\WinRAR\rarext.dll" [null data]

WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32\(Default) = "C:\ARQUIV~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "D:\Arquivos de programas\WinRAR\rarext.dll" [null data]

WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32\(Default) = "C:\ARQUIV~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

Filzip\(Default) = "{B28C18DB-6816-4F31-9630-397683E3C2C3}"

-> {HKLM...CLSID} = "Filzip Shell Extension"

\InProcServer32\(Default) = "D:\ARQUIV~1\Filzip\fzshext.dll" [empty string]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "D:\Arquivos de programas\WinRAR\rarext.dll" [null data]

WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32\(Default) = "C:\ARQUIV~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"ClearRecentDocsOnExit" = (REG_DWORD) hex:0x00000001

{unrecognized setting}

"NoRecentDocsMenu" = (REG_DWORD) hex:0x00000001

{unrecognized setting}

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}

Active Desktop and Wallpaper:

-----------------------------

Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "D:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp"

Winsock2 Service Provider DLLs:

-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:

------------------------------------

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Sun Java Console"

"CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}"

{653D93AF-C741-4E5E-8C1B-59BA43F93E16}\

"ButtonText" = "Panda ActiveScan"

"Exec" = "http://www.pandasoftware.com/activescan/pt/activescan_principal.htm" [file not found]

{E2E2DD38-D088-4134-82B7-F2BA38496583}\

"MenuText" = "@xpsp3res.dll,-20001"

"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\

"ButtonText" = "Messenger"

"MenuText" = "Windows Messenger"

"Exec" = "D:\Arquivos de programas\Messenger\msmsgs.exe" [MS]

Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------

CPUCooLServer Service, CPUCooLServer, ""D:\Arquivos de programas\CPUCooL\CooLSrv.exe"" [null data]

NVIDIA Display Driver Service, NVSvc, "D:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]

Windows User Mode Driver Framework, UMWdf, "D:\WINDOWS\system32\wdfmgr.exe" [MS]

Print Monitors:

---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\

OLFax Ports\Driver = "OLFMNT40.DLL" [MS]

---------- (launch time: 2007-09-25 05:34:26)

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

DLL launch points, use the -supp parameter or answer "No" at the

first message box and "Yes" at the second message box.

---------- (total run time: 29 seconds, including 9 seconds for message boxes)

Abraços

DeePoo

jgarcia · Setembro 26, 2007

Opa DeePoo,

Não há, no log, entradas que justifiquem os problemas relatados por você. Os erros continuam ocorrendo?

DeePoo · Setembro 26, 2007

jgarcia, bom dia. Após ler sua resposta, tentei instalar o AVG e deu erro (file corrupted). Baixei o Comodo (eu já tinha o arquivo, mas baixei novo), tentei instalar e deu erro no Instaler (não abre). A única coisa funcionando é o Ad-Aware.Abraços - DeePoo

jgarcia · Setembro 26, 2007

jgarcia, bom dia. Após ler sua resposta, tentei instalar o AVG e deu erro (file corrupted). Baixei o Comodo (eu já tinha o arquivo, mas baixei novo), tentei instalar e deu erro no Instaler (não abre). A única coisa funcionando é o Ad-Aware.
Abraços - DeePoo

Poste um novo log do ComboFix.

DeePoo · Setembro 26, 2007

Bom Dia jgarcia. Aí vai o relatório:

ComboFix 07-09-21.2 - "Administrador" 2007-09-26 10:47:07.3 - FAT32x86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.808 [GMT -3:00]

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

D:\DOCUME~1\CONVID~1\DESKTOP\internet.lnk

.

((((((((((((((((((((((( Ficheiros criados de 2007-08-26 to 2007-09-26 ))))))))))))))))))))))))))))))))

.

2007-09-25 05:32 349,272 --a------ D:\Silent Runners.vbs

2007-09-23 14:15 <DIR> d--hs---- D:\FOUND.002

2007-09-21 19:37 <DIR> d-------- D:\DOCUME~1\CONVID~1\DADOSD~1\Apple Computer

2007-09-20 15:45 <DIR> dr------- D:\DOCUME~1\LOCALS~1\Favoritos

2007-09-20 15:45 <DIR> d-------- D:\DOCUME~1\LOCALS~1\DADOSD~1\Talkback

2007-09-20 15:40 <DIR> d-------- D:\Arquivos de programas\SDU

2007-09-20 15:40 <DIR> d-------- D:\Arquivos de programas\SD Updater

2007-09-19 21:33 6,058,496 --------- D:\WINDOWS\system32\dllcache\ieframe.dll

2007-09-19 21:33 52,224 --------- D:\WINDOWS\system32\dllcache\msfeedsbs.dll

2007-09-19 21:33 459,264 --------- D:\WINDOWS\system32\dllcache\msfeeds.dll

2007-09-19 21:33 383,488 --------- D:\WINDOWS\system32\dllcache\ieapfltr.dll

2007-09-19 21:33 2,455,488 --------- D:\WINDOWS\system32\dllcache\ieapfltr.dat

2007-09-19 21:33 13,824 --------- D:\WINDOWS\system32\dllcache\ieudinit.exe

2007-09-19 18:40 <DIR> d-------- D:\DOCUME~1\ADMINI~1\.housecall6.6

2007-09-19 18:13 <DIR> d-------- D:\WINDOWS\system32\ActiveScan

2007-09-16 13:05 <DIR> d-------- D:\Arquivos de programas\Discador itelefonica

2007-09-16 12:59 <DIR> d-------- D:\Discador itelefonica

2007-09-16 12:07 <DIR> d-------- D:\DOCUME~1\CONVID~1\DADOSD~1\Help

2007-09-15 21:14 <DIR> d-------- D:\DOCUME~1\ADMINI~1\DADOSD~1\Shareaza

2007-09-15 21:14 <DIR> d-------- D:\Arquivos de programas\Shareaza

2007-09-15 20:53 <DIR> d-------- D:\Arquivos de programas\eMule

2007-09-15 10:04 <DIR> d--hs---- D:\FOUND.001

2007-09-14 22:34 <DIR> d-------- D:\Arquivos de programas\Free Ringtones

2007-09-14 20:34 <DIR> d--hs---- D:\FOUND.000