[Resolvido!] Problemas com navegadores (IE e FF)

[GHV 0]

Boa noite a todos!

Mais uma vez venho até vocês em busca de ajuda. Tenho um notebook IBM (T43, se não me engano), Centrino M 1.5, 1.5 RAM DDR, SO XP Professional em inglês, SP 2 também em inglês, com o AVAST 4.7. Desde semana passada estou encontrando problemas para ver páginas da internet. Mesmo conectado a internet, meus navegadores só exibem as páginas por cinco minutos, depois disso ficam exibindo a mensagem padrão de erro para não exibição das páginas. Outros programs, como MSN continuam conectados normalmente. Já rodei (até em modo de segurança) o antivírus, que apesar de não ser muito bom é o único que disponho, o Spyware Terminator e o CCleaner e mesmo assim o erro persiste. Só não tetei formatar ainda, porque esse modelo não tem drive de cd. Teria de comprar um periférico, ou utilizar uma rede,mas quero tentar esses recursos para último caso.

 

Se alguém puder me ajudar ficarei muito grato!

 

Desde já agradeço.

 

Abraços, Gregory H. Valente.

[jgarcia 1]

Opa GHV,

 

Baixe o ComboFix em:

ComboFix

 

1) Desabilite o seu anti-vírus temporariamente;

2) Dê um duplo-clique no combofix.exe e tecle "1" para prosseguir. O processo vai durar, em média, 10 minutos;

3) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção);

4) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt;

5) Não clique na janela do ComboFix, nem feche clicando no X, enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco);

6) Para parar ou sair do ComboFix, tecle "N";

7) Reabilite o seu anti-vírus;

8) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta.

 

Abraços.

[GHV 0]

Olá de novo!

 

Segue abaixo.

 

ComboFix 08-04-03.5 - Gregory 2008-04-05 21:46:53.1 - NTFSx86Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.1138 [GMT -3:00]Running from: C:\_Programas\combofix\ComboFix.exe * Created a new restore point[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color].TimedOut: progfile.dat (((((((((((((((((((((((((((((((((((((((   Other Deletions   ))))))))))))))))))))))))))))))))))))))))))))))))).C:\WINDOWS\system32\CacheC:\WINDOWS\system32\x64.(((((((((((((((((((((((((   Files Created from 2008-03-06 to 2008-04-06  ))))))))))))))))))))))))))))))).2008-04-02 20:43 . 2008-04-02 20:43	<DIR>	d--------	C:\Program Files\FirefoxPortable2008-03-31 20:39 . 2008-03-31 20:41	<DIR>	d--------	C:\Documents and Settings\Gregory\Application Data\uTorrent2008-03-31 01:07 . 2008-03-31 01:07	<DIR>	d--------	C:\Documents and Settings\Gregory\Application Data\vlc2008-03-31 00:37 . 2008-03-31 00:37	<DIR>	d--------	C:\Program Files\Common Files\xing shared2008-03-31 00:35 . 2008-03-31 00:35	<DIR>	d--------	C:\Program Files\Real2008-03-31 00:35 . 2008-03-31 00:36	<DIR>	d--------	C:\Program Files\Common Files\Real2008-03-30 22:47 . 2008-03-29 15:31	75,856	--a------	C:\WINDOWS\system32\drivers\aswSP.sys2008-03-30 22:47 . 2008-03-29 15:35	20,560	--a------	C:\WINDOWS\system32\drivers\aswFsBlk.sys2008-03-30 22:43 . 2008-03-31 00:09	<DIR>	d--------	C:\Documents and Settings\Gregory\Contacts2008-03-30 20:50 . 2008-04-05 14:02	<DIR>	d--------	C:\Documents and Settings\Gregory\Application Data\Spyware Terminator2008-03-30 20:43 . 2006-09-20 22:38	<DIR>	d--------	C:\Documents and Settings\Gregory\Application Data\AdobeUM2008-03-30 20:28 . 2008-03-30 20:28	<DIR>	d--------	C:\Documents and Settings\Administrator\Application Data\Apple Computer2008-03-30 00:01 . 2008-03-30 00:01	<DIR>	d--------	C:\Documents and Settings\Administrator\Application Data\Talkback2008-03-28 19:54 . 2008-03-28 19:54	<DIR>	d--------	C:\Documents and Settings\Gregory\workspace2008-03-27 21:06 . 2008-03-27 21:06	5,120	--ahs----	C:\WINDOWS\system32\Thumbs.db2008-03-27 20:13 . 2008-03-30 12:35	<DIR>	d--------	C:\Documents and Settings\Administrator\Application Data\uTorrent2008-03-26 00:27 . 2008-04-05 14:07	<DIR>	d--------	C:\Program Files\Spyware Terminator2008-03-26 00:27 . 2008-03-26 00:28	<DIR>	d--------	C:\Program Files\Crawler2008-03-26 00:27 . 2008-04-05 14:07	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Spyware Terminator2008-03-26 00:27 . 2008-03-29 23:06	<DIR>	d--------	C:\Documents and Settings\Administrator\Application Data\Spyware Terminator2008-03-26 00:27 . 2008-03-26 00:27	138,752	--a------	C:\WINDOWS\system32\drivers\sp_rsdrv2.sys2008-03-26 00:02 . 2008-03-26 00:02	<DIR>	d--------	C:\Program Files\CCleaner2008-03-25 22:33 . 2008-03-26 12:46	<DIR>	d--------	C:\wamp2008-03-25 22:11 . 2008-03-25 22:11	<DIR>	d--------	C:\Program Files\Lavalys2008-03-25 20:25 . 2008-03-25 20:25	<DIR>	d--------	C:\Documents and Settings\Gregory\.eclipse2008-03-23 23:36 . 2008-03-23 23:36	<DIR>	d--hs----	C:\Documents and Settings\Administrator\UserData2008-03-23 21:24 . 2008-03-26 11:38	<DIR>	d--------	C:\Documents and Settings\Administrator\Contacts2008-03-23 20:09 . 2008-03-23 20:10	<DIR>	d--------	C:\Documents and Settings\Administrator\Application Data\FileZilla2008-03-23 20:05 . 2008-03-23 20:05	<DIR>	d--------	C:\Documents and Settings\Administrator\Application Data\vlc2008-03-21 01:02 . 2004-08-04 00:56	10,752	---------	C:\WINDOWS\system32\smtpapi.dll2008-03-21 01:02 . 2004-08-04 00:56	9,728	---------	C:\WINDOWS\system32\rwnh.dll2008-03-21 00:48 . 2008-03-21 00:48	<DIR>	d--------	C:\WINDOWS\ServicePackFiles2008-03-21 00:21 . 2008-03-21 00:21	<DIR>	d--------	C:\Program Files\PHP2008-03-20 00:28 . 2008-03-20 00:28	<DIR>	d--------	C:\Documents and Settings\mmesti\Application Data\Netscape2008-03-20 00:23 . 2008-03-22 17:38	<DIR>	d--------	C:\Program Files\Netscape2008-03-19 19:43 . 2004-08-04 01:56	8,192	--a------	C:\WINDOWS\system32\staxmem.dll2008-03-19 19:43 . 2004-08-04 01:56	8,192	--a--c---	C:\WINDOWS\system32\dllcache\staxmem.dll2008-03-16 11:45 . 2008-03-16 11:45	<DIR>	d--------	C:\Documents and Settings\mmesti\Application Data\Apple Computer2008-03-16 10:08 . 2008-03-16 10:07	2,125,312	--a------	C:\WINDOWS\Internet Logsbu_tosave.rdb2008-03-11 22:06 . 2008-03-15 01:30	<DIR>	d--------	C:\Program Files\Project64 1.62008-03-09 17:53 . 2008-03-21 14:23	<DIR>	d--------	C:\Documents and Settings\mmesti\Application Data\FileZilla2008-03-09 12:25 . 2008-03-09 12:25	<DIR>	d--------	C:\Program Files\FileZilla FTP Client2008-03-08 02:45 . 2008-03-08 03:08	<DIR>	d--h-----	C:\Program Files\Scpad2008-03-08 02:12 . 2008-03-08 02:12	0	--ah-----	C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf2008-03-08 02:12 . 2008-03-08 02:12	0	--ah-----	C:\WINDOWS\system32\drivers\Msft_Kernel_tp4track_01007.Wdf2008-03-08 02:10 . 2008-03-08 02:10	<DIR>	d--------	C:\Program Files\Lenovo2008-03-08 02:09 . 2008-03-08 02:09	<DIR>	d--------	C:\Program Files\MSBuild2008-03-08 02:05 . 2008-03-08 04:13	<DIR>	d--------	C:\WINDOWS\system32\XPSViewer2008-03-08 02:03 . 2008-03-08 02:03	<DIR>	d--------	C:\Program Files\Reference Assemblies2008-03-08 02:01 . 2006-06-29 13:07	14,048	---------	C:\WINDOWS\system32\spmsg2.dll2008-03-08 02:00 . 2008-03-08 02:00	<DIR>	d--------	C:\Program Files\MSXML 6.02008-03-08 01:55 . 2008-03-08 01:55	<DIR>	d--------	C:\WINDOWS\system32\URTTEMP2008-03-08 01:29 . 2006-11-13 03:02	288,768	---------	C:\WINDOWS\system32\rhttpaa.dll2008-03-08 01:29 . 2006-11-13 03:02	116,736	---------	C:\WINDOWS\system32\aaclient.dll2008-03-08 01:29 . 2006-11-13 03:02	36,352	---------	C:\WINDOWS\system32\tsgqec.dll2008-03-08 00:47 . 2005-05-26 15:34	2,297,552	--a------	C:\WINDOWS\system32\d3dx9_26.dll2008-03-08 00:11 . 2008-03-08 00:12	<DIR>	d--------	C:\Program Files\Microsoft Silverlight2008-03-08 00:06 . 2008-03-08 00:47	<DIR>	d--h-----	C:\WINDOWS\msdownld.tmp2008-03-07 21:02 . 2004-08-04 01:56	281,088	--a--c---	C:\WINDOWS\system32\dllcache\pinball.exe2008-03-07 21:02 . 2003-03-31 09:00	55,296	--a------	C:\WINDOWS\system32\freecell.exe2008-03-07 21:02 . 2003-03-31 09:00	55,296	--a--c---	C:\WINDOWS\system32\dllcache\freecell.exe2008-03-07 21:01 . 2004-08-04 01:56	538,624	--a------	C:\WINDOWS\system32\spider.exe2008-03-07 21:01 . 2004-08-04 01:56	538,624	--a--c---	C:\WINDOWS\system32\dllcache\spider.exe2008-03-07 15:38 . 2004-08-04 01:56	257,024	--a--c---	C:\WINDOWS\system32\dllcache\infocomm.dll2008-03-07 15:38 . 2004-08-04 01:56	44,544	--a--c---	C:\WINDOWS\system32\dllcache\nsepm.dll2008-03-07 15:38 . 2004-08-04 01:56	26,624	--a--c---	C:\WINDOWS\system32\dllcache\iscomlog.dll2008-03-07 15:38 . 2004-08-04 01:56	13,312	--a--c---	C:\WINDOWS\system32\dllcache\lonsint.dll2008-03-07 15:38 . 2004-08-04 01:56	7,168	--a--c---	C:\WINDOWS\system32\dllcache\iisfecnv.dll2008-03-07 15:38 . 2004-08-04 01:56	4,096	--a--c---	C:\WINDOWS\system32\dllcache\rpcref.dll2008-03-07 15:37 . 2004-08-04 01:56	108,544	--a--c---	C:\WINDOWS\system32\dllcache\appconf.dll2008-03-07 15:37 . 2004-08-04 01:56	25,088	--a--c---	C:\WINDOWS\system32\dllcache\iisadmin.dll2008-03-07 14:47 . 2004-08-04 01:56	29,696	--a--c---	C:\WINDOWS\system32\dllcache\admexs.dll2008-03-06 22:12 . 2008-03-06 22:12	<DIR>	d--------	C:\Program Files\MSECache2008-03-06 13:43 . 2006-10-04 11:06	1,197,294	-----c---	C:\WINDOWS\system32\dllcache\sysmain.sdb2008-03-06 13:43 . 2006-10-04 11:06	764,868	-----c---	C:\WINDOWS\system32\dllcache\apph_sp.sdb2008-03-06 13:43 . 2006-10-04 11:06	217,118	-----c---	C:\WINDOWS\system32\dllcache\apphelp.sdb2008-03-06 13:42 . 2008-03-27 21:09	<DIR>	d--------	C:\Program Files\Windows Media Connect 22008-03-06 13:38 . 2008-04-02 20:29	<DIR>	d--------	C:\WINDOWS\system32\drivers\UMDF.((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-03-29 18:45	1,146,232	----a-w	C:\WINDOWS\system32\aswBoot.exe2008-03-29 18:35	94,544	----a-w	C:\WINDOWS\system32\drivers\aswmon2.sys2008-03-29 18:29	23,152	----a-w	C:\WINDOWS\system32\drivers\aswRdr.sys2008-03-29 18:27	42,912	----a-w	C:\WINDOWS\system32\drivers\aswTdi.sys2008-03-29 18:26	26,944	----a-w	C:\WINDOWS\system32\drivers\aavmker4.sys2008-03-29 18:23	95,608	----a-w	C:\WINDOWS\system32\AvastSS.scr2008-03-23 04:33	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Messenger Plus!2008-03-22 16:22	---------	d-----w	C:\Program Files\Common Files\Macromedia2008-03-22 16:16	---------	d-----w	C:\Program Files\Macromedia2008-03-21 17:49	---------	d-----w	C:\Program Files\Common Files\Adobe2008-03-14 22:30	2,125,312	----a-w	C:\WINDOWS\Internet Logs\xDBB.tmp2008-03-14 22:30	124,928	----a-w	C:\WINDOWS\Internet Logs\xDBA.tmp2008-03-12 01:01	668,672	----a-w	C:\WINDOWS\Internet Logs\xDB7.tmp2008-03-12 01:01	2,136,576	----a-w	C:\WINDOWS\Internet Logs\xDB8.tmp2008-03-09 20:52	2,125,312	----a-w	C:\WINDOWS\Internet Logs\xDBC.tmp2008-03-09 20:52	2,125,312	----a-w	C:\WINDOWS\Internet Logs\xDB9.tmp2008-03-09 16:11	1,939,283	----a-w	C:\WINDOWS\Internet Logs\tvDebug.zip2008-03-08 05:00	---------	d-----w	C:\Program Files\Common Files\logishrd2008-03-06 01:15	---------	d-----w	C:\Program Files\Common Files\InstallShield2008-03-06 00:01	---------	d-----w	C:\Documents and Settings\All Users\Application Data\FLEXnet2008-03-05 23:33	---------	d-----w	C:\Program Files\Common Files\Macrovision Shared2008-03-05 19:03	479,752	----a-w	C:\WINDOWS\system32\XAudio2_0.dll2008-03-05 19:03	238,088	----a-w	C:\WINDOWS\system32\xactengine3_0.dll2008-03-05 19:00	25,608	----a-w	C:\WINDOWS\system32\X3DAudio1_3.dll2008-03-05 18:56	3,786,760	----a-w	C:\WINDOWS\system32\D3DX9_37.dll2008-03-05 18:56	1,420,824	----a-w	C:\WINDOWS\system32\D3DCompiler_37.dll2008-03-03 04:41	---------	d-----w	C:\Documents and Settings\mmesti\Application Data\vlc2008-03-03 04:38	---------	d-----w	C:\Program Files\VideoLAN2008-03-03 03:45	---------	d-----w	C:\Program Files\Windows Live2008-03-03 03:34	---------	dcsh--w	C:\Program Files\Common Files\WindowsLiveInstaller2008-03-03 03:21	---------	d-----w	C:\Documents and Settings\All Users\Application Data\WLInstaller2008-03-03 03:18	---------	d-----w	C:\Program Files\MSN Messenger2008-03-02 22:12	---------	d-----w	C:\Program Files\Messenger Plus! Live2008-03-02 22:08	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Avg72008-03-02 22:07	---------	d-----w	C:\Program Files\Alwil Software2008-02-29 05:13	---------	d-----w	C:\Program Files\Altiris2008-02-29 05:10	---------	d-----w	C:\Documents and Settings\mmesti\Application Data\ICAClient2008-02-27 05:21	---------	d-----w	C:\Program Files\Windows Live Safety Center2008-02-26 03:09	---------	d-----w	C:\Program Files\Java2008-02-25 23:30	---------	d-----w	C:\Program Files\Ares2008-02-06 02:07	462,864	----a-w	C:\WINDOWS\system32\d3dx10_37.dll2007-12-06 21:24	2,003,968	----a-w	C:\WINDOWS\Internet Logs\xDB6.tmp2007-11-23 00:50	1,992,192	----a-w	C:\WINDOWS\Internet Logs\xDB5.tmp2007-11-23 00:50	1,863,168	----a-w	C:\WINDOWS\Internet Logs\xDB4.tmp2007-08-24 16:26	35,328	----a-w	C:\WINDOWS\Internet Logs\xDB2.tmp2007-08-24 16:26	1,849,344	----a-w	C:\WINDOWS\Internet Logs\xDB3.tmp2007-08-24 16:09	1,381,888	----a-w	C:\WINDOWS\Internet Logs\xDB1.tmp.(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]"ares"="C:\Program Files\Ares\Ares.exe" [2008-02-20 11:33 963072]"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 13:34 5724184][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 03:11 132496]"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 15:37 79224]"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-03-26 00:27 2957824]"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-31 00:35 185896][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:56 15360][hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]"{A3717295-941D-416F-9384-ED1736729F1C}"= C:\Program Files\Scpad\scpLIB.dll [2007-03-27 01:29 128512][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]"CompIBBrd"= {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll [2007-03-27 01:29 128512][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"VIDC.I420"= lvcodec2.dll"MSVideo"= vfwwdm32.dll"MSVideo8"= VfWWDM32.dll[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]@="Driver"[HKLM\~\startupfolder\C:^Documents and Settings^Gregory^Start Menu^Programs^Startup^prf10.tmp]path=C:\Documents and Settings\Gregory\Start Menu\Programs\Startup\prf10.tmpbackup=C:\WINDOWS\pss\prf10.tmpStartup[HKLM\~\startupfolder\C:^Documents and Settings^Gregory^Start Menu^Programs^Startup^prf12.tmp]path=C:\Documents and Settings\Gregory\Start Menu\Programs\Startup\prf12.tmpbackup=C:\WINDOWS\pss\prf12.tmpStartup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AClntUsr]--a------ 2008-03-28 01:15 180224 C:\Program Files\Altiris\AClient\AClntUsr.EXE[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AeXSWDUsr]C:\Program Files\Altiris\eXpress\NS Client\AeXSWDUsr.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]--a------ 2004-08-04 01:56 15360 C:\WINDOWS\system32\ctfmon.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]--ah----- 2006-08-14 18:41 114688 C:\WINDOWS\system32\hkcmd.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]--ah----- 2006-08-14 18:39 98304 C:\WINDOWS\system32\igfxtray.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mouse Suite 98 Daemon]--a------ 2002-03-14 17:46 45056 C:\WINDOWS\system32\ico.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]--ah----- 2006-08-14 18:38 94208 C:\WINDOWS\system32\igfxpers.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]--a------ 2006-09-01 16:57 282624 C:\Program Files\QuickTime\qttask.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]--a------ 2008-03-31 00:35 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrackPointSrv]--a------ 2007-11-08 10:56 92960 C:\Program Files\Lenovo\TrackPoint\tp4serv.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]C:\WINDOWS\system32\dumprep 0 -u[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zone Labs Client]--a------ 2006-08-04 11:16 780048 C:\Program Files\CheckPoint\Integrity Client\iclient.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]"usnjsvc"=3 (0x3)"tp4serv"=2 (0x2)"tmlisten"=2 (0x2)"ose"=3 (0x3)"OfcPfwSvc"=2 (0x2)"ntrtscan"=2 (0x2)"ImapiService"=3 (0x3)"idsvc"=3 (0x3)"Bonjour Service"=2 (0x2)"AresChatServer"=3 (0x3)"AClient"=2 (0x2)[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusDisableNotify"=dword:00000001"UpdatesDisableNotify"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 15:31]R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-03-26 00:27]R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 15:35]R3 TcUsb;TC USB Kernel Driver;C:\WINDOWS\system32\Drivers\tcusb.sys [2006-04-25 23:13]R3 Tp4Track;PS/2 TrackPoint Driver;C:\WINDOWS\system32\DRIVERS\tp4track.sys [2007-11-08 10:56]S3 Net6IM;Net6;C:\WINDOWS\system32\DRIVERS\net6im51.sys []S3 pelmouse;Mouse Suite Driver;C:\WINDOWS\system32\DRIVERS\pelmouse.sys [2003-01-10 14:55]S3 pelps2m;PS/2 Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\pelps2m.sys [2003-01-20 23:28]S3 pelusblf;USB Mouse Low Filter Driver;C:\WINDOWS\system32\DRIVERS\pelusblf.sys [2003-02-11 14:25]S3 vsinstdv;vsinstdv;C:\DOCUME~1\mmesti\LOCALS~1\Temp\{D6E88299-45C1-4794-A6B9-4226C3F77A47}\vsinstdv.sys []S3 wampapache;wampapache;"c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe" -k runservice []S3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe wampmysqld []S4 tp4serv;tp4serv;C:\Program Files\Lenovo\TrackPoint\TP4SERVINST.EXE [2007-11-08 10:56][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{99f481a1-010c-11dd-80dd-000ae4372f76}]\Shell\AutoRun\command - 6.bat\Shell\explore\Command - 6.bat\Shell\open\Command - 6.bat*Newly Created Service* - CATCHME.**************************************************************************catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-04-05 21:52:54Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfully hidden files: 0 **************************************************************************.Completion time: 2008-04-05 21:58:25ComboFix-quarantined-files.txt  2008-04-06 00:58:22Pre-Run: 4,910,903,296 bytes freePost-Run: 4,897,021,952 bytes free.2008-03-27 17:23:48	--- E O F ---

[jgarcia 1]

Opa GHV,

 

Siga as instruções:

 

1. Abra o Bloco de Notas -> Copie (Control + C) e Cole (Control + V) todo o texto incluído no "Quote":

Registry::

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000000

"UpdatesDisableNotify"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]

"DisableMonitoring"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000000

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{99f481a1-010c-11dd-80dd-000ae4372f76}]

ATENÇÃO: O script acima foi elaborado especificamente para a infecção contida neste computador. Utilizá-lo em outra máquina poderá originar graves problemas ao usuário.

• 2. Salve o arquivo como CFScript.txt;
   
  3. Tal como exemplificado na foto abaixo, arraste o arquivo CFScript.txt para o ComboFix.exe.
  
   
  4. Ao término do processo a ferramenta irá gerar um log. Poste-o (C:\ComboFix.txt) em sua próxima resposta, juntamente com um log do HijackThis.
  

Abraços.

[GHV 0]

Boa noite, td bem?

Vlw ae mano, jah testei mas o problema persiste..

segue os dois logs!

 

Combofix

ComboFix 08-04-03.5 - Gregory 2008-04-12  0:59:46.2 - NTFSx86Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.1069 [GMT -3:00]Running from: C:\_Programas\combofix\ComboFix.exeCommand switches used :: C:\_Programas\combofix\CFScript.txt * Created a new restore point[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color].TimedOut: progfile.dat (((((((((((((((((((((((((   Files Created from 2008-03-12 to 2008-04-12  ))))))))))))))))))))))))))))))).2008-04-12 00:28 . 2008-04-12 00:28	<DIR>	d--------	C:\WINDOWS\LastGood2008-04-10 20:25 . 2004-08-04 00:56	159,232	--a------	C:\WINDOWS\system32\ptpusd.dll2008-04-10 20:25 . 2004-08-03 22:58	15,104	--a------	C:\WINDOWS\system32\drivers\usbscan.sys2008-04-10 20:25 . 2004-08-03 22:58	15,104	--a--c---	C:\WINDOWS\system32\dllcache\usbscan.sys2008-04-10 20:25 . 2001-08-17 22:36	5,632	--a------	C:\WINDOWS\system32\ptpusb.dll2008-04-05 23:11 . 2008-04-05 23:11	4,096	--a------	C:\WINDOWS\system32\drivers\nocashio.sys2008-04-02 20:43 . 2008-04-02 20:43	<DIR>	d--------	C:\Program Files\FirefoxPortable2008-03-31 20:39 . 2008-04-11 22:09	<DIR>	d--------	C:\Documents and Settings\Gregory\Application Data\uTorrent2008-03-31 01:07 . 2008-03-31 01:07	<DIR>	d--------	C:\Documents and Settings\Gregory\Application Data\vlc2008-03-31 00:37 . 2008-03-31 00:37	<DIR>	d--------	C:\Program Files\Common Files\xing shared2008-03-31 00:35 . 2008-03-31 00:35	<DIR>	d--------	C:\Program Files\Real2008-03-31 00:35 . 2008-03-31 00:36	<DIR>	d--------	C:\Program Files\Common Files\Real2008-03-30 22:47 . 2008-03-29 15:31	75,856	--a------	C:\WINDOWS\system32\drivers\aswSP.sys2008-03-30 22:47 . 2008-03-29 15:35	20,560	--a------	C:\WINDOWS\system32\drivers\aswFsBlk.sys2008-03-30 22:43 . 2008-03-31 00:09	<DIR>	d--------	C:\Documents and Settings\Gregory\Contacts2008-03-30 20:50 . 2008-04-10 23:00	<DIR>	d--------	C:\Documents and Settings\Gregory\Application Data\Spyware Terminator2008-03-30 20:43 . 2006-09-20 22:38	<DIR>	d--------	C:\Documents and Settings\Gregory\Application Data\AdobeUM2008-03-30 20:28 . 2008-03-30 20:28	<DIR>	d--------	C:\Documents and Settings\Administrator\Application Data\Apple Computer2008-03-30 00:01 . 2008-03-30 00:01	<DIR>	d--------	C:\Documents and Settings\Administrator\Application Data\Talkback2008-03-28 19:54 . 2008-03-28 19:54	<DIR>	d--------	C:\Documents and Settings\Gregory\workspace2008-03-27 21:06 . 2008-03-27 21:06	5,120	--ahs----	C:\WINDOWS\system32\Thumbs.db2008-03-27 20:13 . 2008-03-30 12:35	<DIR>	d--------	C:\Documents and Settings\Administrator\Application Data\uTorrent2008-03-26 00:27 . 2008-04-08 20:03	<DIR>	d--------	C:\Program Files\Spyware Terminator2008-03-26 00:27 . 2008-03-26 00:28	<DIR>	d--------	C:\Program Files\Crawler2008-03-26 00:27 . 2008-04-06 19:53	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Spyware Terminator2008-03-26 00:27 . 2008-03-29 23:06	<DIR>	d--------	C:\Documents and Settings\Administrator\Application Data\Spyware Terminator2008-03-26 00:27 . 2008-03-26 00:27	138,752	--a------	C:\WINDOWS\system32\drivers\sp_rsdrv2.sys2008-03-26 00:02 . 2008-03-26 00:02	<DIR>	d--------	C:\Program Files\CCleaner2008-03-25 22:33 . 2008-03-26 12:46	<DIR>	d--------	C:\wamp2008-03-25 22:11 . 2008-03-25 22:11	<DIR>	d--------	C:\Program Files\Lavalys2008-03-25 20:25 . 2008-03-25 20:25	<DIR>	d--------	C:\Documents and Settings\Gregory\.eclipse2008-03-23 23:36 . 2008-03-23 23:36	<DIR>	d--hs----	C:\Documents and Settings\Administrator\UserData2008-03-23 21:24 . 2008-03-26 11:38	<DIR>	d--------	C:\Documents and Settings\Administrator\Contacts2008-03-23 20:09 . 2008-03-23 20:10	<DIR>	d--------	C:\Documents and Settings\Administrator\Application Data\FileZilla2008-03-23 20:05 . 2008-03-23 20:05	<DIR>	d--------	C:\Documents and Settings\Administrator\Application Data\vlc2008-03-21 01:02 . 2004-08-04 00:56	10,752	---------	C:\WINDOWS\system32\smtpapi.dll2008-03-21 01:02 . 2004-08-04 00:56	9,728	---------	C:\WINDOWS\system32\rwnh.dll2008-03-21 00:48 . 2008-03-21 00:48	<DIR>	d--------	C:\WINDOWS\ServicePackFiles2008-03-21 00:21 . 2008-03-21 00:21	<DIR>	d--------	C:\Program Files\PHP2008-03-20 00:28 . 2008-03-20 00:28	<DIR>	d--------	C:\Documents and Settings\mmesti\Application Data\Netscape2008-03-20 00:23 . 2008-03-22 17:38	<DIR>	d--------	C:\Program Files\Netscape2008-03-19 19:43 . 2004-08-04 01:56	8,192	--a------	C:\WINDOWS\system32\staxmem.dll2008-03-19 19:43 . 2004-08-04 01:56	8,192	--a--c---	C:\WINDOWS\system32\dllcache\staxmem.dll2008-03-16 11:45 . 2008-03-16 11:45	<DIR>	d--------	C:\Documents and Settings\mmesti\Application Data\Apple Computer2008-03-16 10:08 . 2008-03-16 10:07	2,125,312	--a------	C:\WINDOWS\Internet Logsbu_tosave.rdb.((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-03-29 18:45	1,146,232	----a-w	C:\WINDOWS\system32\aswBoot.exe2008-03-29 18:35	94,544	----a-w	C:\WINDOWS\system32\drivers\aswmon2.sys2008-03-29 18:29	23,152	----a-w	C:\WINDOWS\system32\drivers\aswRdr.sys2008-03-29 18:27	42,912	----a-w	C:\WINDOWS\system32\drivers\aswTdi.sys2008-03-29 18:26	26,944	----a-w	C:\WINDOWS\system32\drivers\aavmker4.sys2008-03-29 18:23	95,608	----a-w	C:\WINDOWS\system32\AvastSS.scr2008-03-28 00:09	---------	d-----w	C:\Program Files\Windows Media Connect 22008-03-23 04:33	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Messenger Plus!2008-03-22 16:22	---------	d-----w	C:\Program Files\Common Files\Macromedia2008-03-22 16:16	---------	d-----w	C:\Program Files\Macromedia2008-03-21 17:49	---------	d-----w	C:\Program Files\Common Files\Adobe2008-03-21 17:23	---------	d-----w	C:\Documents and Settings\mmesti\Application Data\FileZilla2008-03-15 04:30	---------	d-----w	C:\Program Files\Project64 1.62008-03-14 22:30	2,125,312	----a-w	C:\WINDOWS\Internet Logs\xDBB.tmp2008-03-14 22:30	124,928	----a-w	C:\WINDOWS\Internet Logs\xDBA.tmp2008-03-12 01:01	668,672	----a-w	C:\WINDOWS\Internet Logs\xDB7.tmp2008-03-12 01:01	2,136,576	----a-w	C:\WINDOWS\Internet Logs\xDB8.tmp2008-03-09 20:52	2,125,312	----a-w	C:\WINDOWS\Internet Logs\xDBC.tmp2008-03-09 20:52	2,125,312	----a-w	C:\WINDOWS\Internet Logs\xDB9.tmp2008-03-09 16:11	1,939,283	----a-w	C:\WINDOWS\Internet Logs\tvDebug.zip2008-03-09 15:25	---------	d-----w	C:\Program Files\FileZilla FTP Client2008-03-08 06:08	---------	d--h--w	C:\Program Files\Scpad2008-03-08 05:12	0	---ha-w	C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf2008-03-08 05:12	0	---ha-w	C:\WINDOWS\system32\drivers\Msft_Kernel_tp4track_01007.Wdf2008-03-08 05:10	---------	d-----w	C:\Program Files\Lenovo2008-03-08 05:09	---------	d-----w	C:\Program Files\MSBuild2008-03-08 05:03	---------	d-----w	C:\Program Files\Reference Assemblies2008-03-08 05:00	---------	d-----w	C:\Program Files\MSXML 6.02008-03-08 05:00	---------	d-----w	C:\Program Files\Common Files\logishrd2008-03-08 03:12	---------	d-----w	C:\Program Files\Microsoft Silverlight2008-03-07 01:12	---------	d-----w	C:\Program Files\MSECache2008-03-06 01:15	---------	d-----w	C:\Program Files\Common Files\InstallShield2008-03-06 00:01	---------	d-----w	C:\Documents and Settings\All Users\Application Data\FLEXnet2008-03-05 23:33	---------	d-----w	C:\Program Files\Common Files\Macrovision Shared2008-03-05 19:03	479,752	----a-w	C:\WINDOWS\system32\XAudio2_0.dll2008-03-05 19:03	238,088	----a-w	C:\WINDOWS\system32\xactengine3_0.dll2008-03-05 19:00	25,608	----a-w	C:\WINDOWS\system32\X3DAudio1_3.dll2008-03-05 18:56	3,786,760	----a-w	C:\WINDOWS\system32\D3DX9_37.dll2008-03-05 18:56	1,420,824	----a-w	C:\WINDOWS\system32\D3DCompiler_37.dll2008-03-03 04:41	---------	d-----w	C:\Documents and Settings\mmesti\Application Data\vlc2008-03-03 04:38	---------	d-----w	C:\Program Files\VideoLAN2008-03-03 03:45	---------	d-----w	C:\Program Files\Windows Live2008-03-03 03:34	---------	dcsh--w	C:\Program Files\Common Files\WindowsLiveInstaller2008-03-03 03:21	---------	d-----w	C:\Documents and Settings\All Users\Application Data\WLInstaller2008-03-03 03:18	---------	d-----w	C:\Program Files\MSN Messenger2008-03-02 22:12	---------	d-----w	C:\Program Files\Messenger Plus! Live2008-03-02 22:08	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Avg72008-03-02 22:07	---------	d-----w	C:\Program Files\Alwil Software2008-02-29 05:13	---------	d-----w	C:\Program Files\Altiris2008-02-29 05:10	---------	d-----w	C:\Documents and Settings\mmesti\Application Data\ICAClient2008-02-27 05:21	---------	d-----w	C:\Program Files\Windows Live Safety Center2008-02-26 03:09	---------	d-----w	C:\Program Files\Java2008-02-25 23:30	---------	d-----w	C:\Program Files\Ares2008-02-06 02:07	462,864	----a-w	C:\WINDOWS\system32\d3dx10_37.dll2007-12-06 21:24	2,003,968	----a-w	C:\WINDOWS\Internet Logs\xDB6.tmp2007-11-23 00:50	1,992,192	----a-w	C:\WINDOWS\Internet Logs\xDB5.tmp2007-11-23 00:50	1,863,168	----a-w	C:\WINDOWS\Internet Logs\xDB4.tmp2007-08-24 16:26	35,328	----a-w	C:\WINDOWS\Internet Logs\xDB2.tmp2007-08-24 16:26	1,849,344	----a-w	C:\WINDOWS\Internet Logs\xDB3.tmp2007-08-24 16:09	1,381,888	----a-w	C:\WINDOWS\Internet Logs\xDB1.tmp.(((((((((((((((((((((((((((((   snapshot@2008-04-05_21.58.13,50   ))))))))))))))))))))))))))))))))))))))))).- 2008-03-25 03:36:53	65,536	----a-r	C:\WINDOWS\Installer\{2BD5C305-1B27-4D41-B690-7A61172D2FEB}\ARPPRODUCTICONFL8.exe+ 2008-04-11 00:08:57	65,536	----a-r	C:\WINDOWS\Installer\{2BD5C305-1B27-4D41-B690-7A61172D2FEB}\ARPPRODUCTICONFL8.exe+ 2008-04-09 02:38:15	16,384	----atw	C:\WINDOWS\Temp\Perflib_Perfdata_61c.dat.(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ares"="C:\Program Files\Ares\Ares.exe" [2008-02-20 11:33 963072]"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 13:34 5724184][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 03:11 132496]"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 15:37 79224]"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-03-26 00:27 2957824]"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-31 00:35 185896][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:56 15360][hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]"{A3717295-941D-416F-9384-ED1736729F1C}"= C:\Program Files\Scpad\scpLIB.dll [2007-03-27 01:29 128512][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]"CompIBBrd"= {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll [2007-03-27 01:29 128512][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"VIDC.I420"= lvcodec2.dll"MSVideo"= vfwwdm32.dll"MSVideo8"= VfWWDM32.dll[HKLM\~\startupfolder\C:^Documents and Settings^Gregory^Start Menu^Programs^Startup^prf10.tmp]path=C:\Documents and Settings\Gregory\Start Menu\Programs\Startup\prf10.tmpbackup=C:\WINDOWS\pss\prf10.tmpStartup[HKLM\~\startupfolder\C:^Documents and Settings^Gregory^Start Menu^Programs^Startup^prf12.tmp]path=C:\Documents and Settings\Gregory\Start Menu\Programs\Startup\prf12.tmpbackup=C:\WINDOWS\pss\prf12.tmpStartup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AClntUsr]--a------ 2008-03-28 01:15 180224 C:\Program Files\Altiris\AClient\AClntUsr.EXE[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AeXSWDUsr]C:\Program Files\Altiris\eXpress\NS Client\AeXSWDUsr.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]--a------ 2004-08-04 01:56 15360 C:\WINDOWS\system32\ctfmon.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]--ah----- 2006-08-14 18:41 114688 C:\WINDOWS\system32\hkcmd.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]--ah----- 2006-08-14 18:39 98304 C:\WINDOWS\system32\igfxtray.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mouse Suite 98 Daemon]--a------ 2002-03-14 17:46 45056 C:\WINDOWS\system32\ico.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]--a------ 2007-10-18 13:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]--ah----- 2006-08-14 18:38 94208 C:\WINDOWS\system32\igfxpers.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]--a------ 2006-09-01 16:57 282624 C:\Program Files\QuickTime\qttask.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]--a------ 2008-03-31 00:35 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrackPointSrv]--a------ 2007-11-08 10:56 92960 C:\Program Files\Lenovo\TrackPoint\tp4serv.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]C:\WINDOWS\system32\dumprep 0 -u[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zone Labs Client]--a------ 2006-08-04 11:16 780048 C:\Program Files\CheckPoint\Integrity Client\iclient.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]"usnjsvc"=3 (0x3)"tp4serv"=2 (0x2)"tmlisten"=2 (0x2)"ose"=3 (0x3)"OfcPfwSvc"=2 (0x2)"ntrtscan"=2 (0x2)"ImapiService"=3 (0x3)"idsvc"=3 (0x3)"Bonjour Service"=2 (0x2)"AresChatServer"=3 (0x3)"AClient"=2 (0x2)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Documents and Settings\\Gregory\\Desktop\\eclipse\\eclipse.exe"="C:\\Documents and Settings\\Gregory\\Desktop\\utorrent.exe"=R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 15:31]R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-03-26 00:27]R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 15:35]R3 TcUsb;TC USB Kernel Driver;C:\WINDOWS\system32\Drivers\tcusb.sys [2006-04-25 23:13]R3 Tp4Track;PS/2 TrackPoint Driver;C:\WINDOWS\system32\DRIVERS\tp4track.sys [2007-11-08 10:56]S3 Net6IM;Net6;C:\WINDOWS\system32\DRIVERS\net6im51.sys []S3 pelmouse;Mouse Suite Driver;C:\WINDOWS\system32\DRIVERS\pelmouse.sys [2003-01-10 14:55]S3 pelps2m;PS/2 Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\pelps2m.sys [2003-01-20 23:28]S3 pelusblf;USB Mouse Low Filter Driver;C:\WINDOWS\system32\DRIVERS\pelusblf.sys [2003-02-11 14:25]S3 vsinstdv;vsinstdv;C:\DOCUME~1\mmesti\LOCALS~1\Temp\{D6E88299-45C1-4794-A6B9-4226C3F77A47}\vsinstdv.sys []S3 wampapache;wampapache;"c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe" -k runservice []S3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe wampmysqld []S4 tp4serv;tp4serv;C:\Program Files\Lenovo\TrackPoint\TP4SERVINST.EXE [2007-11-08 10:56][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]\Shell\AutoRun\command - D:\LaunchU3.exe -a[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a8cbaba-e4dd-11dc-800e-f3d6a1e24787}]\shell\explore\Command - boot.exe\shell\open\Command - boot.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fb5e0c8e-0754-11dd-80fa-000ae4372f76}]\Shell\AutoRun\command - D:\LaunchU3.exe -a.**************************************************************************catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-04-12 01:06:04Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfully hidden files: 0 **************************************************************************.Completion time: 2008-04-12  1:11:43ComboFix-quarantined-files.txt  2008-04-12 04:11:39ComboFix2.txt  2008-04-06 00:58:26Pre-Run: 4,996,308,992 bytes freePost-Run: 4,983,197,696 bytes free.2008-03-27 17:23:48	--- E O F ---

 

hijackthis

Logfile of HijackThis v1.99.1Scan saved at 01:15:27, on 12/4/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16608)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\ibmpmsvc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\Program Files\Java\jre1.6.0_03\bin\jusched.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Spyware Terminator\SpywareTerminatorShield.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Ares\Ares.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Spyware Terminator\sp_rsser.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\explorer.exeC:\_Programas\HijackThis\hijackthis\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dllO2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files\Scpad\scpsssh2.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dllO4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osbootO4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -hO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /backgroundO8 - Extra context menu item: Crawler Search - tbr:iemenuO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO11 - Options group: [INTERNATIONAL] International*O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1204494896328O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLLO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLLO18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dllO18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dllO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dllO20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dllO21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dllO21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dllO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exeO23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exeO23 - Service: wampapache - Unknown owner - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe" -k runservice (file missing)O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe

[jgarcia 1]

Opa GHV,

 

Siga as instruções:

 

1. Abra o Bloco de Notas -> Copie (Control + C) e Cole (Control + V) todo o texto incluído no "Quote":

File::

C:\WINDOWS\Internet Logsbu_tosave.rdb

D:\LaunchU3.exe

Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a8cbaba-e4dd-11dc-800e-f3d6a1e24787}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fb5e0c8e-0754-11dd-80fa-000ae4372f76}]

ATENÇÃO: O script acima foi elaborado especifícamente para a infecção contida neste computador. Utilizá-lo em outra máquina poderá originar graves problemas ao usuário.

• 2. Salve o arquivo como CFScript.txt;
   
  3. Tal como exemplificado na foto abaixo, arraste o arquivo CFScript.txt para o ComboFix.exe.
  
   
  4. Ao término do processo a ferramenta irá gerar um log. Poste-o (C:\ComboFix.txt) em sua próxima resposta.
  

[GHV 0]

Boa noite!

Desculpe a demora...

to meio corrido na facul e no trampo...

hehe

 

segue abaixo:

 

ComboFix 08-04-15.1 - Gregory 2008-04-23  0:52:11.5 - NTFSx86Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.1139 [GMT -3:00]Running from: C:\_Programas\combofix\ComboFix.exeCommand switches used :: C:\_Programas\combofix\CFScript.txt * Created a new restore point[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color].(((((((((((((((((((((((((   Files Created from 2008-03-23 to 2008-04-23  ))))))))))))))))))))))))))))))).2008-04-15 00:08 . 2008-04-15 00:08	<DIR>	d--------	C:\Documents and Settings\Gregory\Application Data\Apple Computer2008-04-13 23:36 . 2008-04-13 23:38	1,374	--a------	C:\WINDOWS\imsins.BAK2008-04-10 20:25 . 2004-08-04 00:56	159,232	--a------	C:\WINDOWS\system32\ptpusd.dll2008-04-10 20:25 . 2004-08-03 22:58	15,104	--a------	C:\WINDOWS\system32\drivers\usbscan.sys2008-04-10 20:25 . 2004-08-03 22:58	15,104	--a--c---	C:\WINDOWS\system32\dllcache\usbscan.sys2008-04-10 20:25 . 2001-08-17 22:36	5,632	--a------	C:\WINDOWS\system32\ptpusb.dll2008-04-05 23:11 . 2008-04-05 23:11	4,096	--a------	C:\WINDOWS\system32\drivers\nocashio.sys2008-04-02 20:43 . 2008-04-02 20:43	<DIR>	d--------	C:\Program Files\FirefoxPortable2008-04-01 22:20 . 2008-04-01 22:20	<DIR>	d--------	C:\Documents and Settings\Guest2008-03-31 20:39 . 2008-04-14 21:31	<DIR>	d--------	C:\Documents and Settings\Gregory\Application Data\uTorrent2008-03-31 01:07 . 2008-03-31 01:07	<DIR>	d--------	C:\Documents and Settings\Gregory\Application Data\vlc2008-03-31 00:37 . 2008-03-31 00:37	<DIR>	d--------	C:\Program Files\Common Files\xing shared2008-03-31 00:35 . 2008-03-31 00:35	<DIR>	d--------	C:\Program Files\Real2008-03-31 00:35 . 2008-03-31 00:36	<DIR>	d--------	C:\Program Files\Common Files\Real2008-03-30 22:47 . 2008-03-29 15:31	75,856	--a------	C:\WINDOWS\system32\drivers\aswSP.sys2008-03-30 22:47 . 2008-03-29 15:35	20,560	--a------	C:\WINDOWS\system32\drivers\aswFsBlk.sys2008-03-30 22:43 . 2008-03-31 00:09	<DIR>	d--------	C:\Documents and Settings\Gregory\Contacts2008-03-30 20:50 . 2008-04-19 07:51	<DIR>	d--------	C:\Documents and Settings\Gregory\Application Data\Spyware Terminator2008-03-30 20:43 . 2006-09-20 22:38	<DIR>	d--------	C:\Documents and Settings\Gregory\Application Data\AdobeUM2008-03-30 20:43 . 2008-04-23 00:46	<DIR>	d--------	C:\Documents and Settings\Gregory2008-03-30 20:28 . 2008-03-30 20:28	<DIR>	d--------	C:\Documents and Settings\Administrator\Application Data\Apple Computer2008-03-30 00:01 . 2008-03-30 00:01	<DIR>	d--------	C:\Documents and Settings\Administrator\Application Data\Talkback2008-03-28 19:54 . 2008-03-28 19:54	<DIR>	d--------	C:\Documents and Settings\Gregory\workspace2008-03-27 21:06 . 2008-03-27 21:06	5,120	--ahs----	C:\WINDOWS\system32\Thumbs.db2008-03-27 20:13 . 2008-03-30 12:35	<DIR>	d--------	C:\Documents and Settings\Administrator\Application Data\uTorrent2008-03-26 00:27 . 2008-04-19 09:04	<DIR>	d--------	C:\Program Files\Spyware Terminator2008-03-26 00:27 . 2008-03-26 00:28	<DIR>	d--------	C:\Program Files\Crawler2008-03-26 00:27 . 2008-04-23 00:47	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Spyware Terminator2008-03-26 00:27 . 2008-03-29 23:06	<DIR>	d--------	C:\Documents and Settings\Administrator\Application Data\Spyware Terminator2008-03-26 00:27 . 2008-03-26 00:27	138,752	--a------	C:\WINDOWS\system32\drivers\sp_rsdrv2.sys2008-03-26 00:02 . 2008-03-26 00:02	<DIR>	d--------	C:\Program Files\CCleaner2008-03-25 22:33 . 2008-03-26 12:46	<DIR>	d--------	C:\wamp2008-03-25 22:11 . 2008-03-25 22:11	<DIR>	d--------	C:\Program Files\Lavalys2008-03-25 20:25 . 2008-03-25 20:25	<DIR>	d--------	C:\Documents and Settings\Gregory\.eclipse2008-03-23 23:36 . 2008-03-23 23:36	<DIR>	d--hs----	C:\Documents and Settings\Administrator\UserData2008-03-23 21:24 . 2008-03-26 11:38	<DIR>	d--------	C:\Documents and Settings\Administrator\Contacts2008-03-23 20:09 . 2008-03-23 20:10	<DIR>	d--------	C:\Documents and Settings\Administrator\Application Data\FileZilla2008-03-23 20:05 . 2008-03-23 20:05	<DIR>	d--------	C:\Documents and Settings\Administrator\Application Data\vlc.((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-03-29 18:45	1,146,232	----a-w	C:\WINDOWS\system32\aswBoot.exe2008-03-29 18:35	94,544	----a-w	C:\WINDOWS\system32\drivers\aswmon2.sys2008-03-29 18:29	23,152	----a-w	C:\WINDOWS\system32\drivers\aswRdr.sys2008-03-29 18:27	42,912	----a-w	C:\WINDOWS\system32\drivers\aswTdi.sys2008-03-29 18:26	26,944	----a-w	C:\WINDOWS\system32\drivers\aavmker4.sys2008-03-29 18:23	95,608	----a-w	C:\WINDOWS\system32\AvastSS.scr2008-03-28 00:09	---------	d-----w	C:\Program Files\Windows Media Connect 22008-03-23 04:33	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Messenger Plus!2008-03-22 20:38	---------	d-----w	C:\Program Files\Netscape2008-03-22 16:22	---------	d-----w	C:\Program Files\Common Files\Macromedia2008-03-22 16:16	---------	d-----w	C:\Program Files\Macromedia2008-03-21 17:49	---------	d-----w	C:\Program Files\Common Files\Adobe2008-03-21 17:23	---------	d-----w	C:\Documents and Settings\mmesti\Application Data\FileZilla2008-03-21 03:21	---------	d-----w	C:\Program Files\PHP2008-03-20 03:28	---------	d-----w	C:\Documents and Settings\mmesti\Application Data\Netscape2008-03-19 09:47	1,845,248	----a-w	C:\WINDOWS\system32\win32k.sys2008-03-16 14:45	---------	d-----w	C:\Documents and Settings\mmesti\Application Data\Apple Computer2008-03-14 22:30	2,125,312	----a-w	C:\WINDOWS\Internet Logs\xDBB.tmp2008-03-14 22:30	124,928	----a-w	C:\WINDOWS\Internet Logs\xDBA.tmp2008-03-12 01:01	668,672	----a-w	C:\WINDOWS\Internet Logs\xDB7.tmp2008-03-12 01:01	2,136,576	----a-w	C:\WINDOWS\Internet Logs\xDB8.tmp2008-03-09 20:52	2,125,312	----a-w	C:\WINDOWS\Internet Logs\xDBC.tmp2008-03-09 20:52	2,125,312	----a-w	C:\WINDOWS\Internet Logs\xDB9.tmp2008-03-09 16:11	1,939,283	----a-w	C:\WINDOWS\Internet Logs\tvDebug.zip2008-03-09 15:25	---------	d-----w	C:\Program Files\FileZilla FTP Client2008-03-08 06:08	---------	d--h--w	C:\Program Files\Scpad2008-03-08 05:12	0	---ha-w	C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf2008-03-08 05:12	0	---ha-w	C:\WINDOWS\system32\drivers\Msft_Kernel_tp4track_01007.Wdf2008-03-08 05:10	---------	d-----w	C:\Program Files\Lenovo2008-03-08 05:09	---------	d-----w	C:\Program Files\MSBuild2008-03-08 05:03	---------	d-----w	C:\Program Files\Reference Assemblies2008-03-08 05:00	---------	d-----w	C:\Program Files\MSXML 6.02008-03-08 05:00	---------	d-----w	C:\Program Files\Common Files\logishrd2008-03-08 03:12	---------	d-----w	C:\Program Files\Microsoft Silverlight2008-03-07 01:12	---------	d-----w	C:\Program Files\MSECache2008-03-06 01:15	---------	d-----w	C:\Program Files\Common Files\InstallShield2008-03-06 00:01	---------	d-----w	C:\Documents and Settings\All Users\Application Data\FLEXnet2008-03-05 23:33	---------	d-----w	C:\Program Files\Common Files\Macrovision Shared2008-03-05 19:03	479,752	----a-w	C:\WINDOWS\system32\XAudio2_0.dll2008-03-05 19:03	238,088	----a-w	C:\WINDOWS\system32\xactengine3_0.dll2008-03-05 19:00	25,608	----a-w	C:\WINDOWS\system32\X3DAudio1_3.dll2008-03-05 18:56	3,786,760	----a-w	C:\WINDOWS\system32\D3DX9_37.dll2008-03-05 18:56	1,420,824	----a-w	C:\WINDOWS\system32\D3DCompiler_37.dll2008-03-03 04:41	---------	d-----w	C:\Documents and Settings\mmesti\Application Data\vlc2008-03-03 04:38	---------	d-----w	C:\Program Files\VideoLAN2008-03-03 03:45	---------	d-----w	C:\Program Files\Windows Live2008-03-03 03:34	---------	dcsh--w	C:\Program Files\Common Files\WindowsLiveInstaller2008-03-03 03:21	---------	d-----w	C:\Documents and Settings\All Users\Application Data\WLInstaller2008-03-03 03:18	---------	d-----w	C:\Program Files\MSN Messenger2008-03-02 22:12	---------	d-----w	C:\Program Files\Messenger Plus! Live2008-03-02 22:08	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Avg72008-03-02 22:07	---------	d-----w	C:\Program Files\Alwil Software2008-03-01 13:06	826,368	----a-w	C:\WINDOWS\system32\wininet.dll2008-02-29 05:13	---------	d-----w	C:\Program Files\Altiris2008-02-29 05:10	---------	d-----w	C:\Documents and Settings\mmesti\Application Data\ICAClient2008-02-27 05:21	---------	d-----w	C:\Program Files\Windows Live Safety Center2008-02-26 03:09	---------	d-----w	C:\Program Files\Java2008-02-25 23:30	---------	d-----w	C:\Program Files\Ares2008-02-20 06:51	282,624	----a-w	C:\WINDOWS\system32\gdi32.dll2008-02-20 05:32	45,568	----a-w	C:\WINDOWS\system32\dnsrslvr.dll2008-02-06 02:07	462,864	----a-w	C:\WINDOWS\system32\d3dx10_37.dll2008-01-27 14:57	1,839	----a-w	C:\WINDOWS\Fonts\Swz721b.pfm2008-01-27 14:57	1,812	----a-w	C:\WINDOWS\Fonts\Swz721n.pfm2008-01-27 14:57	1,745	----a-w	C:\WINDOWS\Fonts\Swz721i.pfm2008-01-27 14:57	1,589	----a-w	C:\WINDOWS\Fonts\Swz721bi.pfm2007-12-06 21:24	2,003,968	----a-w	C:\WINDOWS\Internet Logs\xDB6.tmp2007-11-23 00:50	1,992,192	----a-w	C:\WINDOWS\Internet Logs\xDB5.tmp2007-11-23 00:50	1,863,168	----a-w	C:\WINDOWS\Internet Logs\xDB4.tmp2007-08-24 16:26	35,328	----a-w	C:\WINDOWS\Internet Logs\xDB2.tmp2007-08-24 16:26	1,849,344	----a-w	C:\WINDOWS\Internet Logs\xDB3.tmp2007-08-24 16:09	1,381,888	----a-w	C:\WINDOWS\Internet Logs\xDB1.tmp.(((((((((((((((((((((((((((((   snapshot_2008-04-16_ 0.24.54,01   ))))))))))))))))))))))))))))))))))))))))).- 2008-04-16 03:03:59	2,048	--s-a-w	C:\WINDOWS\bootstat.dat+ 2008-04-23 03:48:02	2,048	--s-a-w	C:\WINDOWS\bootstat.dat- 2008-04-14 21:08:56	1,625,160	----a-w	C:\WINDOWS\system32\FNTCACHE.DAT+ 2008-04-20 14:27:58	1,643,200	----a-w	C:\WINDOWS\system32\FNTCACHE.DAT+ 2008-04-23 03:48:12	16,384	----atw	C:\WINDOWS\Temp\Perflib_Perfdata_634.dat.(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 13:34 5724184]"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 15:37 79224]"TrackPointSrv"="C:\Program Files\Lenovo\TrackPoint\tp4serv.exe" [2007-11-08 10:56 92960]"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-31 00:35 185896]"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 03:11 132496]"SpywareTerminator"="C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe" [2008-03-26 00:27 2957824]"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 16:57 282624]"OfficeScanNT Monitor"="C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" [2005-01-24 03:53 335872][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:56 15360][hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]"{A3717295-941D-416F-9384-ED1736729F1C}"= C:\Program Files\Scpad\scpLIB.dll [2007-03-27 01:29 128512][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]"CompIBBrd"= {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll [2007-03-27 01:29 128512][HKLM\~\startupfolder\C:^Documents and Settings^Gregory^Start Menu^Programs^Startup^prf10.tmp]path=C:\Documents and Settings\Gregory\Start Menu\Programs\Startup\prf10.tmpbackup=C:\WINDOWS\pss\prf10.tmpStartup[HKLM\~\startupfolder\C:^Documents and Settings^Gregory^Start Menu^Programs^Startup^prf12.tmp]path=C:\Documents and Settings\Gregory\Start Menu\Programs\Startup\prf12.tmpbackup=C:\WINDOWS\pss\prf12.tmpStartup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AClntUsr]--a------ 2008-04-15 22:10 180224 C:\Program Files\Altiris\AClient\AClntUsr.EXE[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AeXSWDUsr]C:\Program Files\Altiris\eXpress\NS Client\AeXSWDUsr.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]--a------ 2008-02-20 11:33 963072 C:\Program Files\Ares\Ares.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]--a------ 2004-08-04 01:56 15360 C:\WINDOWS\system32\ctfmon.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]--ah----- 2006-08-14 18:41 114688 C:\WINDOWS\system32\hkcmd.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]--ah----- 2006-08-14 18:39 98304 C:\WINDOWS\system32\igfxtray.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mouse Suite 98 Daemon]--a------ 2002-03-14 17:46 45056 C:\WINDOWS\system32\ico.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]--a------ 2007-10-18 13:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeScanNT Monitor]--a------ 2005-01-24 03:53 335872 C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]--ah----- 2006-08-14 18:38 94208 C:\WINDOWS\system32\igfxpers.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]C:\WINDOWS\system32\dumprep 0 -u[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zone Labs Client]--a------ 2006-08-04 11:16 780048 C:\Program Files\CheckPoint\Integrity Client\iclient.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]"tmlisten"=2 (0x2)"ose"=3 (0x3)"OfcPfwSvc"=2 (0x2)"ntrtscan"=2 (0x2)"Bonjour Service"=2 (0x2)"AresChatServer"=3 (0x3)"AClient"=2 (0x2)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Documents and Settings\\Gregory\\Desktop\\eclipse\\eclipse.exe"="C:\\Documents and Settings\\Gregory\\Desktop\\utorrent.exe"="C:\\Program Files\\Altiris\\AClient\\AClntUsr.EXE"=R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 15:31]R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-03-26 00:27]R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 15:35]R2 tp4serv;tp4serv;C:\Program Files\Lenovo\TrackPoint\TP4SERVINST.EXE [2007-11-08 10:56]R3 TcUsb;TC USB Kernel Driver;C:\WINDOWS\system32\Drivers\tcusb.sys [2006-04-25 23:13]R3 Tp4Track;PS/2 TrackPoint Driver;C:\WINDOWS\system32\DRIVERS\tp4track.sys [2007-11-08 10:56]S3 Net6IM;Net6;C:\WINDOWS\system32\DRIVERS\net6im51.sys []S3 pelmouse;Mouse Suite Driver;C:\WINDOWS\system32\DRIVERS\pelmouse.sys [2003-01-10 14:55]S3 pelps2m;PS/2 Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\pelps2m.sys [2003-01-20 23:28]S3 pelusblf;USB Mouse Low Filter Driver;C:\WINDOWS\system32\DRIVERS\pelusblf.sys [2003-02-11 14:25]S3 vsinstdv;vsinstdv;C:\DOCUME~1\mmesti\LOCALS~1\Temp\{D6E88299-45C1-4794-A6B9-4226C3F77A47}\vsinstdv.sys []S3 wampapache;wampapache;"c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe" -k runservice []S3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe wampmysqld [][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0faee768-ed4e-11dc-8056-000ae4372f76}]\shell\explore\Command - boot.exe\shell\open\Command - boot.exe.**************************************************************************catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-04-23 00:59:19Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.Completion time: 2008-04-23  1:08:28ComboFix-quarantined-files.txt  2008-04-23 04:07:51ComboFix2.txt  2008-04-16 03:25:30ComboFix3.txt  2008-04-12 04:11:44ComboFix4.txt  2008-04-06 00:58:26Pre-Run: 7,020,568,576 bytes freePost-Run: 7,019,659,264 bytes free.2008-04-15 21:55:15	--- E O F ---

 

Obrigado pela ajuda!!

 

Abraços!

[jgarcia 1]

Opa GHV,

 

Siga as instruções:

 

1. Abra o Bloco de Notas -> Copie (Control + C) e Cole (Control + V) todo o texto incluído no "Quote":

File::

C:\Documents and Settings\Gregory\Start Menu\Programs\Startup\prf10.tmp

C:\Documents and Settings\Gregory\Start Menu\Programs\Startup\prf12.tmp

C:\WINDOWS\pss\prf10.tmp

C:\WINDOWS\pss\prf12.tmp

C:\WINDOWS\imsins.BAK

Registry::

[-HKLM\~\startupfolder\C:^Documents and Settings^Gregory^Start Menu^Programs^Startup^prf10.tmp]

[-HKLM\~\startupfolder\C:^Documents and Settings^Gregory^Start Menu^Programs^Startup^prf12.tmp]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0faee768-ed4e-11dc-8056-000ae4372f76}]

ATENÇÃO: O script acima foi elaborado especifícamente para a infecção contida neste computador. Utilizá-lo em outra máquina poderá originar graves problemas ao usuário.

• 2. Salve o arquivo como CFScript.txt;
   
  3. Tal como exemplificado na foto abaixo, arraste o arquivo CFScript.txt para o ComboFix.exe.
  
   
  4. Ao término do processo a ferramenta irá gerar um log. Poste-o (C:\ComboFix.txt) em sua próxima resposta.
  

[GHV 0]

Vlw pela ajuda e pela atenção jgarcia, mas eu consegui fazer um backup e formatar o note!

Se quiser fechar o topico sinta-se a vontade.

Abraços!

[jgarcia 1]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.