[Resolvido!] erro no explorer

[Cairo Santos 0]

Primeiramente Agradeço pela atenção de todos e venho parabenizá-los pelo excelente fórum quem vem ajudando muitas pessoas. Bem vamos ao assunto, não tenho experiência, sou leigo no assunto, vi isso no meu pc e venho pedir socorro a você:

 

AppName:explore.exe AppVer: 6.0.2900.5512 ModName: unknown ModVer: 0.0.0.0

 

OffSet: 02aa16ce

 

 

ogfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:08:48, on 8/12/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Comodo\Firewall\cmdagent.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Arquivos de programas\Symantec\Norton Ghost 2003\GhostStartService.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

C:\Arquivos de programas\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe

C:\Arquivos de programas\Comodo\Firewall\CPF.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe

C:\Arquivos de programas\Free Download Manager\fdm.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\ARQUIV~1\Crawler\CToolbar.exe

C:\WINDOWS\explorer.exe

C:\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.a...&tbid=60327

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327

R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\ARQUIV~1\Crawler\ctbr.dll

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O1 - Hosts: 85.14.217.127 l2authd.lineage2.com

O1 - Hosts: 216.107.250.194 nprotect.lineage2.com

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\ARQUIV~1\Crawler\ctbr.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdm2.dll

O3 - Toolbar: Barra de ferramentas &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\ARQUIV~1\Crawler\ctbr.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Arquivos de programas\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [spywareTerminator] "C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Arquivos de programas\Comodo\Firewall\CPF.exe" /background

O4 - HKLM\..\Run: [avast!] "C:\Arquivos de programas\Alwil Software\Avast4\ashDisp.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Picasa Media Detector] C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe

O4 - HKCU\..\Run: [Free Download Manager] "C:\Arquivos de programas\Free Download Manager\fdm.exe" -autorun

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: Baixar com o FDM - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: Baixar tudo com o FDM - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Crawler Search - tbr:iemenu

O8 - Extra context menu item: Download selecionado pelo FDM - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{FC61E42D-BCAE-4486-85F3-0AB07F9B22F3}: NameServer = 201.10.128.3,201.10.120.3

O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\ARQUIV~1\Crawler\ctbr.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Arquivos de programas\Comodo\Firewall\cmdagent.exe

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

O23 - Service: GhostStartService - Symantec Corporation - C:\Arquivos de programas\Symantec\Norton Ghost 2003\GhostStartService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

 

--

End of file - 10156 bytes

ogfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:08:48, on 8/12/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Comodo\Firewall\cmdagent.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Arquivos de programas\Symantec\Norton Ghost 2003\GhostStartService.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

C:\Arquivos de programas\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe

C:\Arquivos de programas\Comodo\Firewall\CPF.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe

C:\Arquivos de programas\Free Download Manager\fdm.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\ARQUIV~1\Crawler\CToolbar.exe

C:\WINDOWS\explorer.exe

C:\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.a...&tbid=60327

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327

R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\ARQUIV~1\Crawler\ctbr.dll

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O1 - Hosts: 85.14.217.127 l2authd.lineage2.com

O1 - Hosts: 216.107.250.194 nprotect.lineage2.com

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\ARQUIV~1\Crawler\ctbr.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdm2.dll

O3 - Toolbar: Barra de ferramentas &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\ARQUIV~1\Crawler\ctbr.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Arquivos de programas\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [spywareTerminator] "C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Arquivos de programas\Comodo\Firewall\CPF.exe" /background

O4 - HKLM\..\Run: [avast!] "C:\Arquivos de programas\Alwil Software\Avast4\ashDisp.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Picasa Media Detector] C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe

O4 - HKCU\..\Run: [Free Download Manager] "C:\Arquivos de programas\Free Download Manager\fdm.exe" -autorun

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: Baixar com o FDM - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: Baixar tudo com o FDM - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Crawler Search - tbr:iemenu

O8 - Extra context menu item: Download selecionado pelo FDM - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{FC61E42D-BCAE-4486-85F3-0AB07F9B22F3}: NameServer = 201.10.128.3,201.10.120.3

O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\ARQUIV~1\Crawler\ctbr.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Arquivos de programas\Comodo\Firewall\cmdagent.exe

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

O23 - Service: GhostStartService - Symantec Corporation - C:\Arquivos de programas\Symantec\Norton Ghost 2003\GhostStartService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

 

--

End of file - 10156 bytes

[PedroN 1]

• Baixe: < ComboFix.exe >

• Salve-o no Desktop!

• Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

• Feche todas as janelas e execute a ferramenta!

• Na solicitação: "Negação de garantia de software" --> Clique em Sim!

• Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!

 

<!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.

-- Salve-a no desktop,renomeada como: Kombo.exe

-- Ps: Nomeie durante o salvamento,e não após salvá-la!

-- Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em Modo de Segurança.

-- Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

-- Ps: Evite executar,voluntariamente,esta ferramenta!Siga,àcima,todas as recomendações propostas.

• Abrir-se-á a janela Auto Scan. --> Aguarde!

• Àfim de completar as remoções,o ComboFix poderá reiniciar o computador.

• Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter.

• Aguarde a conclusão!

• Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

• Para parar ou sair do ComboFix,tecle "N" --> Enter.

----------------------

• Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

[Cairo Santos 0]

Segue os relatórios do ComboFix e Hijackthis:

ComboFix 08-12-07.04 - HOME 2008-12-09 20:56:28.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.1377 [GMT -2:00]

Executando de: c:\downloads\Software\ComboFix.exe

* Criado um novo ponto de restauro

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\HOME\Dados de aplicativos\inst.exe

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2008-11-09 to 2008-12-09 ))))))))))))))))))))))))))))

.

 

2008-12-09 17:29 . 2008-12-09 17:29 <DIR> d-------- c:\documents and settings\HOME\SystemRequirementsLab

2008-12-09 17:29 . 2008-12-09 17:31 <DIR> d-------- c:\arquivos de programas\SystemRequirementsLab

2008-12-08 15:56 . 2008-12-08 15:56 396,288 --a------ C:\HijackThis.exe

2008-12-07 19:04 . 2008-11-23 16:14 2,233,442,925 --a------ C:\pw_15052008.rar

2008-12-06 14:32 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll

2008-12-06 14:32 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll

2008-12-05 17:20 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui

2008-12-01 11:18 . 2001-09-05 23:50 99,328 --a------ c:\windows\system32\srusd.dll

2008-12-01 11:18 . 2001-09-05 23:50 99,328 --a--c--- c:\windows\system32\dllcache\srusd.dll

2008-12-01 11:18 . 2001-09-05 23:50 71,680 --a------ c:\windows\system32\fnfilter.dll

2008-12-01 11:18 . 2001-09-05 23:50 71,680 --a--c--- c:\windows\system32\dllcache\fnfilter.dll

2008-12-01 11:18 . 2001-09-05 23:27 6,912 --a------ c:\windows\system32\drivers\serscan.sys

2008-12-01 11:18 . 2001-09-05 23:27 6,912 --a--c--- c:\windows\system32\dllcache\serscan.sys

2008-11-23 20:56 . 2008-11-23 20:56 <DIR> d-------- C:\Level Up! Games

2008-11-23 15:59 . 2008-11-23 15:59 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\vsosdk

2008-11-23 14:57 . 2008-11-23 14:57 <DIR> d-------- c:\arquivos de programas\VSO

2008-11-23 14:57 . 2004-05-04 11:53 1,645,320 --a------ c:\windows\gdiplus.dll

2008-11-23 14:57 . 2006-05-20 16:16 1,184,984 --a------ c:\windows\system32\wvc1dmod.dll

2008-11-23 14:57 . 2006-05-11 19:21 626,688 --a------ c:\windows\system32\vp7vfw.dll

2008-11-23 14:57 . 2006-09-29 12:24 217,127 --a------ c:\windows\system32\drv43260.dll

2008-11-23 14:57 . 2006-09-29 12:25 208,935 --a------ c:\windows\system32\drv33260.dll

2008-11-23 14:57 . 2006-09-29 12:26 176,165 --a------ c:\windows\system32\drv23260.dll

2008-11-23 14:57 . 2007-03-18 20:37 65,602 --a------ c:\windows\system32\cook3260.dll

2008-11-16 23:08 . 2008-11-16 23:08 <DIR> d-------- c:\arquivos de programas\Alwil Software

2008-11-12 17:44 . 2008-09-04 15:16 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll

2008-11-12 17:39 . 2008-10-24 09:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-09 22:57 --------- d-----w c:\documents and settings\HOME\Dados de aplicativos\Free Download Manager

2008-12-09 22:41 --------- d-----w c:\arquivos de programas\Crawler

2008-12-09 22:39 --------- d-----w c:\documents and settings\HOME\Dados de aplicativos\Spyware Terminator

2008-12-09 22:39 --------- d-----w c:\arquivos de programas\eMule

2008-12-08 22:45 --------- d-----w c:\documents and settings\HOME\Dados de aplicativos\Vso

2008-12-07 17:08 --------- d-----w c:\arquivos de programas\WinClamAVShield

2008-12-06 16:39 --------- d-----w c:\arquivos de programas\Yahoo!

2008-12-06 16:28 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Spyware Terminator

2008-12-02 18:02 --------- d-----w c:\documents and settings\Elidiane B. Santos\Dados de aplicativos\Spyware Terminator

2008-11-23 16:57 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys

2008-11-23 16:57 47,360 ----a-w c:\documents and settings\HOME\Dados de aplicativos\pcouffin.sys

2008-11-17 20:29 --------- d-----w c:\arquivos de programas\Spyware Terminator

2008-11-17 00:30 --------- d-----w c:\arquivos de programas\Google

2008-11-17 00:22 --------- d--h--w c:\arquivos de programas\InstallShield Installation Information

2008-11-11 15:51 --------- d-----w c:\arquivos de programas\Silkroad

2008-11-06 21:40 --------- d-----w c:\arquivos de programas\Nero

2008-10-30 22:38 --------- d-----w c:\arquivos de programas\IObit

2008-10-26 23:42 --------- d-----w c:\arquivos de programas\Reference Assemblies

2008-10-26 23:42 --------- d-----w c:\arquivos de programas\MSBuild

2008-10-26 17:30 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Nero

2008-10-26 17:30 --------- d-----w c:\arquivos de programas\Arquivos comuns\Ahead

2008-10-26 13:37 --------- d-----w c:\arquivos de programas\MSXML 4.0

2008-10-26 13:29 --------- d-----w c:\documents and settings\HOME\Dados de aplicativos\Ahead

2008-10-26 13:25 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Ahead

2008-10-25 18:18 --------- d-----w c:\documents and settings\HOME\Dados de aplicativos\Orbit

2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys

2008-10-20 00:50 --------- d-----w c:\documents and settings\HOME\Dados de aplicativos\SecondLife

2008-10-19 11:20 98,304 ----a-w c:\windows\system32\CmdLineExt.dll

2008-10-18 19:03 --------- d-----w c:\arquivos de programas\Arquivos comuns\DirectX

2008-10-17 20:46 --------- d-----w c:\documents and settings\Maria L. P. Santos\Dados de aplicativos\Orbit

2008-10-17 20:23 --------- d-----w c:\documents and settings\Maria L. P. Santos\Dados de aplicativos\Spyware Terminator

2008-10-17 20:23 --------- d-----w c:\documents and settings\Maria L. P. Santos\Dados de aplicativos\Comodo

2008-10-16 17:01 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\FreeDownloadManager.ORG

2008-10-16 17:01 --------- d-----w c:\arquivos de programas\Free Download Manager

2008-10-16 16:13 202,776 ----a-w c:\windows\system32\wuweb.dll

2008-10-16 16:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll

2008-10-16 16:12 561,688 ----a-w c:\windows\system32\wuapi.dll

2008-10-16 16:12 323,608 ----a-w c:\windows\system32\wucltui.dll

2008-10-16 16:09 92,696 ----a-w c:\windows\system32\cdm.dll

2008-10-16 16:09 51,224 ----a-w c:\windows\system32\wuauclt.exe

2008-10-16 16:09 43,544 ----a-w c:\windows\system32\wups2.dll

2008-10-16 16:08 34,328 ----a-w c:\windows\system32\wups.dll

2008-10-14 15:17 --------- d-----w c:\documents and settings\Elidiane B. Santos\Dados de aplicativos\Orbit

2008-10-14 13:52 --------- d-----w c:\documents and settings\Elidiane B. Santos\Dados de aplicativos\Comodo

2008-10-12 04:33 --------- d-----w c:\arquivos de programas\Comodo

2008-10-12 02:05 --------- d-----w c:\documents and settings\HOME\Dados de aplicativos\Comodo

2008-10-12 02:05 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Comodo

2008-10-12 01:30 141,312 ----a-w c:\windows\system32\drivers\sp_rsdrv2.sys

2008-10-12 01:23 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Avg8

2008-10-11 21:31 717,296 ----a-w c:\windows\system32\drivers\sptd.sys

2008-10-11 21:31 --------- d-----w c:\documents and settings\HOME\Dados de aplicativos\DAEMON Tools

2008-10-11 17:29 2,887,680 ----a-w c:\windows\system32\VagalumePluginWMP.dll

2008-10-11 13:45 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\McAfee

2008-10-10 00:29 --------- d-----w c:\arquivos de programas\MSN Messenger

2008-09-26 13:53 27,262,976 ----a-w C:\VIRTPART.DAT

2008-09-26 07:22 315,392 ----a-w c:\windows\HideWin.exe

2008-09-25 20:50 155,995 ----a-w c:\windows\java\Packages\W3HZRVH3.ZIP

2008-09-15 15:26 1,846,528 ----a-w c:\windows\system32\win32k.sys

2008-09-10 01:15 1,307,648 -c----w c:\windows\system32\msxml6.dll

2007-11-14 17:06 37,969,497 ----a-w c:\arquivos de programas\Nero-7.7.5.1_portuguese_lite_www.baixebr.blogspot.com.exe

2004-07-20 00:58 1,156,363 ----a-w c:\arquivos de programas\BDANT.cab

2004-07-20 00:53 976,020 ----a-w c:\arquivos de programas\BDAXP.cab

2004-07-09 11:13 703,080 ----a-w c:\arquivos de programas\BDA.cab

2004-07-09 11:13 15,493,481 -c--a-w c:\arquivos de programas\DirectX.cab

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"Picasa Media Detector"="c:\arquivos de programas\Picasa2\PicasaMediaDetector.exe" [2008-08-20 443968]

"Free Download Manager"="c:\arquivos de programas\Free Download Manager\fdm.exe" [2008-05-20 2474031]

"MSMSGS"="c:\arquivos de programas\Messenger\msmsgs.exe" [2008-04-14 1695232]

"MsnMsgr"="c:\arquivos de programas\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"GhostStartTrayApp"="c:\arquivos de programas\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe" [2003-06-10 94208]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"SpywareTerminator"="c:\arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe" [2008-10-11 1783808]

"COMODO Firewall Pro"="c:\arquivos de programas\Comodo\Firewall\CPF.exe" [2008-10-12 1115728]

"avast!"="c:\arquivos de programas\Alwil Software\Avast4\ashDisp.exe" [2008-11-26 81000]

"nwiz"="nwiz.exe" [2008-05-16 c:\windows\system32\nwiz.exe]

"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 c:\windows\RTHDCPL.exe]

"SkyTel"="SkyTel.EXE" [2007-06-15 c:\windows\SkyTel.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"8366:TCP"= 8366:TCP:emule

 

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-16 111184]

R1 GhPciScan;GhostPciScanner;\??\c:\arquivos de programas\Symantec\Norton Ghost 2003\ghpciscan.sys [2003-05-28 5632]

R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\c:\windows\system32\drivers\sp_rsdrv2.sys [2008-10-11 141312]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-11-16 20560]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d144f68-8b9c-11dd-b80d-001fc673cd94}]

\Shell\AutoRun\command - J:\ivcvknr.bat

\Shell\explore\Command - J:\ivcvknr.bat

\Shell\open\Command - J:\ivcvknr.bat

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a183cc3-8b7d-11dd-981d-806d6172696f}]

\Shell\AutoRun\command - e:\bin\assetup.exe

 

*Newly Created Service* - PROCEXP90

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Baixar com o FDM - file://c:\arquivos de programas\Free Download Manager\dllink.htm

IE: Baixar tudo com o FDM - file://c:\arquivos de programas\Free Download Manager\dlall.htm

IE: Crawler Search - tbr:iemenu

IE: Download selecionado pelo FDM - file://c:\arquivos de programas\Free Download Manager\dlselected.htm

IE: Download video with Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlfvideo.htm

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: {FC61E42D-BCAE-4486-85F3-0AB07F9B22F3} = 201.10.128.3,201.10.120.3

Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\arquiv~1\Crawler\ctbr.dll

 

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

FireFox -: Profile - c:\documents and settings\HOME\Dados de aplicativos\Mozilla\Firefox\Profiles\c0zcbzfp.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com.br/

FF -: plugin - c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF -: plugin - c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF -: plugin - c:\arquivos de programas\Picasa2\npPicasa2.dll

FF -: plugin - c:\arquivos de programas\Yahoo!\Common\npyaxmpb.dll

FF -: plugin - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-09 20:57:10

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(776)

c:\windows\system32\WlNotify.dll

.

Tempo para conclusão: 2008-12-09 20:57:37

ComboFix-quarantined-files.txt 2008-12-09 22:57:31

 

Pré-execução: 12 pasta(s) 11.043.586.048 bytes disponíveis

Pós execução: 12 pasta(s) 11,059,974,144 bytes disponíveis

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /usepmtimer /NoExecute=OptOut

 

202 --- E O F --- 2008-12-09 19:26:07

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:00:32, on 9/12/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Comodo\Firewall\cmdagent.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Arquivos de programas\Symantec\Norton Ghost 2003\GhostStartService.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

C:\Arquivos de programas\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe

C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe

C:\Arquivos de programas\Comodo\Firewall\CPF.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashDisp.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe

C:\Arquivos de programas\Free Download Manager\fdm.exe

C:\Arquivos de programas\Nero\Nero Core\nero.exe

C:\WINDOWS\explorer.exe

C:\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\ARQUIV~1\Crawler\ctbr.dll

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O1 - Hosts: 85.14.217.127 l2authd.lineage2.com

O1 - Hosts: 216.107.250.194 nprotect.lineage2.com

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\ARQUIV~1\Crawler\ctbr.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdm2.dll

O3 - Toolbar: Barra de ferramentas &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\ARQUIV~1\Crawler\ctbr.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Arquivos de programas\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [spywareTerminator] "C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Arquivos de programas\Comodo\Firewall\CPF.exe" /background

O4 - HKLM\..\Run: [avast!] "C:\Arquivos de programas\Alwil Software\Avast4\ashDisp.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Picasa Media Detector] C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe

O4 - HKCU\..\Run: [Free Download Manager] "C:\Arquivos de programas\Free Download Manager\fdm.exe" -autorun

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: Baixar com o FDM - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: Baixar tudo com o FDM - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Crawler Search - tbr:iemenu

O8 - Extra context menu item: Download selecionado pelo FDM - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{FC61E42D-BCAE-4486-85F3-0AB07F9B22F3}: NameServer = 201.10.128.3,201.10.120.3

O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\ARQUIV~1\Crawler\ctbr.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Arquivos de programas\Comodo\Firewall\cmdagent.exe

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

O23 - Service: GhostStartService - Symantec Corporation - C:\Arquivos de programas\Symantec\Norton Ghost 2003\GhostStartService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

 

--

End of file - 9206 bytes

[PedroN 1]

Sugiro que imprima ou salve os procedimentos abaixo, e não use a internet até terminado o procedimento.

 

Selecione e copie o texto dentro do QUOTE (caixa cinza) abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt.

 

File:

J:\ivcvknr.bat

e:\bin\assetup.exe

Registry::

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000000

"UpdatesDisableNotify"=dword:00000000

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 1 (0x0)

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d144f68-8b9c-11dd-b80d-001fc673cd94}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a183cc3-8b7d-11dd-981d-806d6172696f}]

 

Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes não use-o em outro computador, pos pode trazer danos.

 

Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo.

 

 

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

 

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

 

Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.

 

Poste-o junto com o novo log do hijackthis

[Cairo Santos 0]

Sr. Perfect peço-lhe desculpas pela demora das respostas das análises. É que o pentelho do meu irmão fez a graça de queimar a fonte do meu pc, enquanto eu estava no trabalho. Aí levou correndo às pressas no técnico de informática para arrumar, agora pergunto-lhe se posso continuar de onde paramos e fazer os preocedimentos para salvar CFScript.txt. como disse ou vou ter que iniciar tudo de novo.

 

OBS: Liguei no técnico para saber o que ele fez ele disse que apenas passou um removedor de entradas invalidas e arquivos temporários, perguntei se ele estava a par do programa chamado combofix, ele disse que já tinha ouvido falar, mas nunca experimentara, ou seja, fiquei com a pulga atrás da orelha em respeito dessa manutenção que ele fez.

[PedroN 1]

Ok, execute o combofix novamente e poste um novo log do hijackthis

[Cairo Santos 0]

Desde já, agradeço pela paciência e segue as análises do combofix e hijackthis:

 

ComboFix 08-12-12.05 - HOME 2008-12-13 14:49:59.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.2047.1564 [GMT -2:00]

Executando de: c:\downloads\Software\ComboFix.exe

* Criado um novo ponto de restauro

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\HOME\Dados de aplicativos\inst.exe

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2008-11-13 to 2008-12-13 ))))))))))))))))))))))))))))

.

 

2008-12-13 14:28 . 2008-12-13 14:28 <DIR> d-------- c:\windows\LastGood

2008-12-12 19:00 . 2008-12-12 19:01 1,393 --a------ c:\windows\imsins.BAK

2008-12-12 09:52 . 2008-12-12 09:53 <DIR> d-------- c:\arquivos de programas\Silkroad

2008-12-11 16:15 . 2008-12-12 09:53 <DIR> d-------- C:\RECYCLER(2)

2008-12-11 16:06 . 2008-12-12 09:53 <DIR> d-------- c:\documents and settings\Administrador\Modelos

2008-12-11 16:06 . 2008-12-12 09:53 <DIR> d-------- c:\documents and settings\Administrador\Menu Iniciar

2008-12-11 16:06 . 2008-12-12 09:53 <DIR> d-------- c:\documents and settings\Administrador\Favoritos

2008-12-11 16:06 . 2008-12-11 16:06 <DIR> d-------- c:\documents and settings\Administrador\Dados de aplicativos\Spyware Terminator

2008-12-11 16:06 . 2008-12-12 09:53 <DIR> d-------- c:\documents and settings\Administrador\Dados de aplicativos

2008-12-11 16:06 . 2008-12-13 14:50 <DIR> d-------- c:\documents and settings\Administrador\Configurações locais

2008-12-11 16:06 . 2008-12-12 09:53 <DIR> d---s---- c:\documents and settings\Administrador

2008-12-07 19:04 . 2008-11-23 16:14 2,233,442,925 --a------ C:\pw_15052008.rar

2008-12-06 14:32 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll

2008-12-05 17:20 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui

2008-12-01 11:18 . 2001-09-05 23:50 99,328 --a------ c:\windows\system32\srusd.dll

2008-12-01 11:18 . 2001-09-05 23:50 99,328 --a--c--- c:\windows\system32\dllcache\srusd.dll

2008-12-01 11:18 . 2001-09-05 23:50 71,680 --a------ c:\windows\system32\fnfilter.dll

2008-12-01 11:18 . 2001-09-05 23:50 71,680 --a--c--- c:\windows\system32\dllcache\fnfilter.dll

2008-12-01 11:18 . 2001-09-05 23:27 6,912 --a------ c:\windows\system32\drivers\serscan.sys

2008-12-01 11:18 . 2001-09-05 23:27 6,912 --a--c--- c:\windows\system32\dllcache\serscan.sys

2008-11-23 20:56 . 2008-11-23 20:56 <DIR> d-------- C:\Level Up! Games

2008-11-23 15:59 . 2008-11-23 15:59 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\vsosdk

2008-11-23 14:57 . 2008-11-23 14:57 <DIR> d-------- c:\arquivos de programas\VSO

2008-11-23 14:57 . 2004-05-04 11:53 1,645,320 --a------ c:\windows\gdiplus.dll

2008-11-23 14:57 . 2006-05-20 16:16 1,184,984 --a------ c:\windows\system32\wvc1dmod.dll

2008-11-23 14:57 . 2006-05-11 19:21 626,688 --a------ c:\windows\system32\vp7vfw.dll

2008-11-23 14:57 . 2006-09-29 12:24 217,127 --a------ c:\windows\system32\drv43260.dll

2008-11-23 14:57 . 2006-09-29 12:25 208,935 --a------ c:\windows\system32\drv33260.dll

2008-11-23 14:57 . 2006-09-29 12:26 176,165 --a------ c:\windows\system32\drv23260.dll

2008-11-23 14:57 . 2007-03-18 20:37 65,602 --a------ c:\windows\system32\cook3260.dll

2008-11-16 23:08 . 2008-11-16 23:08 <DIR> d-------- c:\arquivos de programas\Alwil Software

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-13 16:48 --------- d-----w c:\documents and settings\HOME\Dados de aplicativos\Free Download Manager

2008-12-13 16:41 --------- d-----w c:\arquivos de programas\Crawler

2008-12-12 21:07 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Spyware Terminator

2008-12-12 21:06 --------- d-----w c:\documents and settings\HOME\Dados de aplicativos\Spyware Terminator

2008-12-12 21:06 --------- d-----w c:\arquivos de programas\WinClamAVShield

2008-12-12 19:21 --------- d-----w c:\arquivos de programas\eMule

2008-12-12 11:53 --------- d-----w c:\arquivos de programas\Arquivos comuns\Symantec Shared

2008-12-11 18:16 --------- d-----w c:\arquivos de programas\Symantec

2008-12-08 22:45 --------- d-----w c:\documents and settings\HOME\Dados de aplicativos\Vso

2008-12-06 16:39 --------- d-----w c:\arquivos de programas\Yahoo!

2008-12-02 18:02 --------- d-----w c:\documents and settings\Elidiane B. Santos\Dados de aplicativos\Spyware Terminator

2008-11-23 16:57 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys

2008-11-23 16:57 47,360 ----a-w c:\documents and settings\HOME\Dados de aplicativos\pcouffin.sys

2008-11-17 20:29 --------- d-----w c:\arquivos de programas\Spyware Terminator

2008-11-17 00:30 --------- d-----w c:\arquivos de programas\Google

2008-11-17 00:22 --------- d--h--w c:\arquivos de programas\InstallShield Installation Information

2008-11-06 21:40 --------- d-----w c:\arquivos de programas\Nero

2008-10-30 22:38 --------- d-----w c:\arquivos de programas\IObit

2008-10-26 23:42 --------- d-----w c:\arquivos de programas\Reference Assemblies

2008-10-26 23:42 --------- d-----w c:\arquivos de programas\MSBuild

2008-10-26 17:30 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Nero

2008-10-26 17:30 --------- d-----w c:\arquivos de programas\Arquivos comuns\Ahead

2008-10-26 13:37 --------- d-----w c:\arquivos de programas\MSXML 4.0

2008-10-26 13:29 --------- d-----w c:\documents and settings\HOME\Dados de aplicativos\Ahead

2008-10-26 13:25 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Ahead

2008-10-25 18:18 --------- d-----w c:\documents and settings\HOME\Dados de aplicativos\Orbit

2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys

2008-10-23 12:37 286,720 ----a-w c:\windows\system32\gdi32.dll

2008-10-20 00:50 --------- d-----w c:\documents and settings\HOME\Dados de aplicativos\SecondLife

2008-10-19 11:20 98,304 ----a-w c:\windows\system32\CmdLineExt.dll

2008-10-18 19:03 --------- d-----w c:\arquivos de programas\Arquivos comuns\DirectX

2008-10-17 20:46 --------- d-----w c:\documents and settings\Maria L. P. Santos\Dados de aplicativos\Orbit

2008-10-17 20:23 --------- d-----w c:\documents and settings\Maria L. P. Santos\Dados de aplicativos\Spyware Terminator

2008-10-17 20:23 --------- d-----w c:\documents and settings\Maria L. P. Santos\Dados de aplicativos\Comodo

2008-10-16 17:01 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\FreeDownloadManager.ORG

2008-10-16 17:01 --------- d-----w c:\arquivos de programas\Free Download Manager

2008-10-16 16:13 202,776 ----a-w c:\windows\system32\wuweb.dll

2008-10-16 16:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll

2008-10-16 16:12 561,688 ----a-w c:\windows\system32\wuapi.dll

2008-10-16 16:12 323,608 ----a-w c:\windows\system32\wucltui.dll

2008-10-16 16:09 92,696 ----a-w c:\windows\system32\cdm.dll

2008-10-16 16:09 51,224 ----a-w c:\windows\system32\wuauclt.exe

2008-10-16 16:09 43,544 ----a-w c:\windows\system32\wups2.dll

2008-10-16 16:08 34,328 ----a-w c:\windows\system32\wups.dll

2008-10-16 16:07 208,744 ----a-w c:\windows\system32\muweb.dll

2008-10-14 15:17 --------- d-----w c:\documents and settings\Elidiane B. Santos\Dados de aplicativos\Orbit

2008-10-14 13:52 --------- d-----w c:\documents and settings\Elidiane B. Santos\Dados de aplicativos\Comodo

2008-10-11 17:29 2,887,680 ----a-w c:\windows\system32\VagalumePluginWMP.dll

2008-10-03 10:04 247,326 ----a-w c:\windows\system32\strmdll.dll

2008-09-26 13:53 27,262,976 ----a-w C:\VIRTPART.DAT

2008-09-26 07:22 315,392 ----a-w c:\windows\HideWin.exe

2008-09-25 20:50 155,995 ----a-w c:\windows\java\Packages\W3HZRVH3.ZIP

2008-09-15 15:26 1,846,528 ----a-w c:\windows\system32\win32k.sys

2007-11-14 17:06 37,969,497 ----a-w c:\arquivos de programas\Nero-7.7.5.1_portuguese_lite_www.baixebr.blogspot.com.exe

2004-07-20 00:58 1,156,363 ----a-w c:\arquivos de programas\BDANT.cab

2004-07-20 00:53 976,020 ----a-w c:\arquivos de programas\BDAXP.cab

2004-07-09 11:13 703,080 ----a-w c:\arquivos de programas\BDA.cab

2004-07-09 11:13 15,493,481 -c--a-w c:\arquivos de programas\DirectX.cab

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"Picasa Media Detector"="c:\arquivos de programas\Picasa2\PicasaMediaDetector.exe" [2008-08-20 443968]

"Free Download Manager"="c:\arquivos de programas\Free Download Manager\fdm.exe" [2008-05-20 2474031]

"MSMSGS"="c:\arquivos de programas\Messenger\msmsgs.exe" [2008-04-14 1695232]

"MsnMsgr"="c:\arquivos de programas\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"GhostStartTrayApp"="c:\arquivos de programas\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe" [2003-06-10 94208]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"SpywareTerminator"="c:\arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe" [2008-10-11 1783808]

"COMODO Firewall Pro"="c:\arquivos de programas\Comodo\Firewall\CPF.exe" [2008-10-12 1115728]

"avast!"="c:\arquivos de programas\Alwil Software\Avast4\ashDisp.exe" [2008-11-18 81000]

"nwiz"="nwiz.exe" [2008-05-16 c:\windows\system32\nwiz.exe]

"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 c:\windows\RTHDCPL.exe]

"SkyTel"="SkyTel.EXE" [2007-06-15 c:\windows\SkyTel.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"8366:TCP"= 8366:TCP:emule

 

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-16 110160]

R1 GhPciScan;GhostPciScanner;\??\c:\arquivos de programas\Symantec\Norton Ghost 2003\ghpciscan.sys [2003-05-28 5632]

R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\c:\windows\system32\drivers\sp_rsdrv2.sys [2008-10-11 141312]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-11-16 20560]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d144f68-8b9c-11dd-b80d-001fc673cd94}]

\Shell\AutoRun\command - J:\ivcvknr.bat

\Shell\explore\Command - J:\ivcvknr.bat

\Shell\open\Command - J:\ivcvknr.bat

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a183cc3-8b7d-11dd-981d-806d6172696f}]

\Shell\AutoRun\command - e:\bin\assetup.exe

 

*Newly Created Service* - PROCEXP90

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Baixar com o FDM - file://c:\arquivos de programas\Free Download Manager\dllink.htm

IE: Baixar tudo com o FDM - file://c:\arquivos de programas\Free Download Manager\dlall.htm

IE: Crawler Search - tbr:iemenu

IE: Download selecionado pelo FDM - file://c:\arquivos de programas\Free Download Manager\dlselected.htm

IE: Download video with Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlfvideo.htm

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: {FC61E42D-BCAE-4486-85F3-0AB07F9B22F3} = 201.10.128.3,201.10.120.3

Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\arquiv~1\Crawler\ctbr.dll

 

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

FF - ProfilePath - c:\documents and settings\HOME\Dados de aplicativos\Mozilla\Firefox\Profiles\c0zcbzfp.default\

FF - prefs.js: browser.search.selectedEngine - DAEMON Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF - plugin: c:\arquivos de programas\Picasa2\npPicasa2.dll

FF - plugin: c:\arquivos de programas\Yahoo!\Common\npyaxmpb.dll

FF - plugin: c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-13 14:50:45

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-12-13 14:51:10

ComboFix-quarantined-files.txt 2008-12-13 16:51:06

 

Pré-execução: 13 pasta(s) 15.971.078.144 bytes disponíveis

Pós execução: 13 pasta(s) 15,968,624,640 bytes disponíveis

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /usepmtimer /NoExecute=OptOut

 

198 --- E O F --- 2008-12-12 21:01:49

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:37:38, on 13/12/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Comodo\Firewall\cmdagent.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Arquivos de programas\Symantec\Norton Ghost 2003\GhostStartService.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

C:\Arquivos de programas\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Comodo\Firewall\CPF.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe

C:\Arquivos de programas\Free Download Manager\fdm.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\ARQUIV~1\Crawler\CToolbar.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\DOCUME~1\HOME\CONFIG~1\Temp\Rar$EX66.250\HijackThis.exe

C:\WINDOWS\explorer.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.a...&tbid=60327

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327

R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\ARQUIV~1\Crawler\ctbr.dll

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\yt.dll

O1 - Hosts: 85.14.217.127 l2authd.lineage2.com

O1 - Hosts: 216.107.250.194 nprotect.lineage2.com

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\ARQUIV~1\Crawler\ctbr.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdm2.dll

O3 - Toolbar: Barra de ferramentas &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\ARQUIV~1\Crawler\ctbr.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\yt.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Arquivos de programas\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [spywareTerminator] "C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Arquivos de programas\Comodo\Firewall\CPF.exe" /background

O4 - HKLM\..\Run: [avast!] "C:\Arquivos de programas\Alwil Software\Avast4\ashDisp.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Picasa Media Detector] C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe

O4 - HKCU\..\Run: [Free Download Manager] "C:\Arquivos de programas\Free Download Manager\fdm.exe" -autorun

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: Baixar com o FDM - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: Baixar tudo com o FDM - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Crawler Search - tbr:iemenu

O8 - Extra context menu item: Download selecionado pelo FDM - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1228485763781

O17 - HKLM\System\CCS\Services\Tcpip\..\{FC61E42D-BCAE-4486-85F3-0AB07F9B22F3}: NameServer = 201.10.128.3,201.10.120.3

O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\ARQUIV~1\Crawler\ctbr.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Arquivos de programas\Comodo\Firewall\cmdagent.exe

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

O23 - Service: GhostStartService - Symantec Corporation - C:\Arquivos de programas\Symantec\Norton Ghost 2003\GhostStartService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

 

--

End of file - 10394 bytes

 

Obs.: apenas para salientar, mesmo depois da verificação do técnico, a mensagem de erro continua.

[PedroN 1]

Olá amigo, o processo com o CFScript.txt acima pode ser feito em seu micro.

 

Siga às minhas instruções do Post #4

[Cairo Santos 0]

Segue o seu pedido das análises:

 

ComboFix 08-12-12.05 - HOME 2008-12-15 21:00:21.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.2047.1515 [GMT -2:00]

Executando de: c:\downloads\Software\ComboFix.exe

Comandos utilizados :: c:\documents and settings\HOME\Desktop\CFScript.txt

* Criado um novo ponto de restauro

.

 

(((((((((((((((( Arquivos/Ficheiros criados de 2008-11-15 to 2008-12-15 ))))))))))))))))))))))))))))

.

 

2008-12-12 19:00 . 2008-12-12 19:01 1,393 --a------ c:\windows\imsins.BAK

2008-12-12 09:52 . 2008-12-12 09:53 <DIR> d-------- c:\arquivos de programas\Silkroad

2008-12-11 16:15 . 2008-12-12 09:53 <DIR> d-------- C:\RECYCLER(2)

2008-12-11 16:06 . 2008-12-12 09:53 <DIR> d-------- c:\documents and settings\Administrador\Modelos

2008-12-11 16:06 . 2008-12-12 09:53 <DIR> d-------- c:\documents and settings\Administrador\Menu Iniciar

2008-12-11 16:06 . 2008-12-12 09:53 <DIR> d-------- c:\documents and settings\Administrador\Favoritos

2008-12-11 16:06 . 2008-12-11 16:06 <DIR> d-------- c:\documents and settings\Administrador\Dados de aplicativos\Spyware Terminator

2008-12-11 16:06 . 2008-12-12 09:53 <DIR> d-------- c:\documents and settings\Administrador\Dados de aplicativos

2008-12-11 16:06 . 2008-12-15 21:01 <DIR> d-------- c:\documents and settings\Administrador\Configurações locais

2008-12-11 16:06 . 2008-12-12 09:53 <DIR> d---s---- c:\documents and settings\Administrador

2008-12-07 19:04 . 2008-11-23 16:14 2,233,442,925 --a------ C:\pw_15052008.rar

2008-12-06 14:32 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll

2008-12-05 17:20 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui

2008-12-01 11:18 . 2001-09-05 23:50 99,328 --a------ c:\windows\system32\srusd.dll

2008-12-01 11:18 . 2001-09-05 23:50 99,328 --a--c--- c:\windows\system32\dllcache\srusd.dll

2008-12-01 11:18 . 2001-09-05 23:50 71,680 --a------ c:\windows\system32\fnfilter.dll

2008-12-01 11:18 . 2001-09-05 23:50 71,680 --a--c--- c:\windows\system32\dllcache\fnfilter.dll

2008-12-01 11:18 . 2001-09-05 23:27 6,912 --a------ c:\windows\system32\drivers\serscan.sys

2008-12-01 11:18 . 2001-09-05 23:27 6,912 --a--c--- c:\windows\system32\dllcache\serscan.sys

2008-11-23 20:56 . 2008-11-23 20:56 <DIR> d-------- C:\Level Up! Games

2008-11-23 15:59 . 2008-11-23 15:59 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\vsosdk

2008-11-23 14:57 . 2008-11-23 14:57 <DIR> d-------- c:\arquivos de programas\VSO

2008-11-23 14:57 . 2004-05-04 11:53 1,645,320 --a------ c:\windows\gdiplus.dll

2008-11-23 14:57 . 2006-05-20 16:16 1,184,984 --a------ c:\windows\system32\wvc1dmod.dll

2008-11-23 14:57 . 2006-05-11 19:21 626,688 --a------ c:\windows\system32\vp7vfw.dll

2008-11-23 14:57 . 2006-09-29 12:24 217,127 --a------ c:\windows\system32\drv43260.dll

2008-11-23 14:57 . 2006-09-29 12:25 208,935 --a------ c:\windows\system32\drv33260.dll

2008-11-23 14:57 . 2006-09-29 12:26 176,165 --a------ c:\windows\system32\drv23260.dll

2008-11-23 14:57 . 2007-03-18 20:37 65,602 --a------ c:\windows\system32\cook3260.dll

2008-11-16 23:08 . 2008-11-16 23:08 <DIR> d-------- c:\arquivos de programas\Alwil Software

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-15 22:58 --------- d-----w c:\documents and settings\HOME\Dados de aplicativos\Free Download Manager

2008-12-15 22:57 --------- d-----w c:\arquivos de programas\Crawler

2008-12-15 22:50 --------- d-----w c:\documents and settings\HOME\Dados de aplicativos\Spyware Terminator

2008-12-14 21:00 --------- d-----w c:\arquivos de programas\Spyware Terminator

2008-12-14 18:25 --------- d-----w c:\arquivos de programas\eMule

2008-12-13 22:39 --------- d-----w c:\arquivos de programas\WinClamAVShield

2008-12-13 22:35 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Spyware Terminator

2008-12-12 11:53 --------- d-----w c:\arquivos de programas\Arquivos comuns\Symantec Shared

2008-12-11 18:16 --------- d-----w c:\arquivos de programas\Symantec

2008-12-08 22:45 --------- d-----w c:\documents and settings\HOME\Dados de aplicativos\Vso

2008-12-06 16:39 --------- d-----w c:\arquivos de programas\Yahoo!

2008-12-02 18:02 --------- d-----w c:\documents and settings\Elidiane B. Santos\Dados de aplicativos\Spyware Terminator

2008-11-23 16:57 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys

2008-11-23 16:57 47,360 ----a-w c:\documents and settings\HOME\Dados de aplicativos\pcouffin.sys

2008-11-17 00:30 --------- d-----w c:\arquivos de programas\Google

2008-11-17 00:22 --------- d--h--w c:\arquivos de programas\InstallShield Installation Information

2008-11-06 21:40 --------- d-----w c:\arquivos de programas\Nero

2008-10-30 22:38 --------- d-----w c:\arquivos de programas\IObit

2008-10-26 23:42 --------- d-----w c:\arquivos de programas\Reference Assemblies

2008-10-26 23:42 --------- d-----w c:\arquivos de programas\MSBuild

2008-10-26 17:30 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Nero

2008-10-26 17:30 --------- d-----w c:\arquivos de programas\Arquivos comuns\Ahead

2008-10-26 13:37 --------- d-----w c:\arquivos de programas\MSXML 4.0

2008-10-26 13:29 --------- d-----w c:\documents and settings\HOME\Dados de aplicativos\Ahead

2008-10-26 13:25 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Ahead

2008-10-25 18:18 --------- d-----w c:\documents and settings\HOME\Dados de aplicativos\Orbit

2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys

2008-10-23 12:37 286,720 ----a-w c:\windows\system32\gdi32.dll

2008-10-20 00:50 --------- d-----w c:\documents and settings\HOME\Dados de aplicativos\SecondLife

2008-10-19 11:20 98,304 ----a-w c:\windows\system32\CmdLineExt.dll

2008-10-18 19:03 --------- d-----w c:\arquivos de programas\Arquivos comuns\DirectX

2008-10-17 20:46 --------- d-----w c:\documents and settings\Maria L. P. Santos\Dados de aplicativos\Orbit

2008-10-17 20:23 --------- d-----w c:\documents and settings\Maria L. P. Santos\Dados de aplicativos\Spyware Terminator

2008-10-17 20:23 --------- d-----w c:\documents and settings\Maria L. P. Santos\Dados de aplicativos\Comodo

2008-10-16 20:23 826,368 ----a-w c:\windows\system32\wininet.dll

2008-10-16 17:01 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\FreeDownloadManager.ORG

2008-10-16 17:01 --------- d-----w c:\arquivos de programas\Free Download Manager

2008-10-16 16:13 202,776 ----a-w c:\windows\system32\wuweb.dll

2008-10-16 16:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll

2008-10-16 16:12 561,688 ----a-w c:\windows\system32\wuapi.dll

2008-10-16 16:12 323,608 ----a-w c:\windows\system32\wucltui.dll

2008-10-16 16:09 92,696 ----a-w c:\windows\system32\cdm.dll

2008-10-16 16:09 51,224 ----a-w c:\windows\system32\wuauclt.exe

2008-10-16 16:09 43,544 ----a-w c:\windows\system32\wups2.dll

2008-10-16 16:08 34,328 ----a-w c:\windows\system32\wups.dll

2008-10-16 16:07 208,744 ----a-w c:\windows\system32\muweb.dll

2008-10-11 17:29 2,887,680 ----a-w c:\windows\system32\VagalumePluginWMP.dll

2008-10-03 10:04 247,326 ----a-w c:\windows\system32\strmdll.dll

2008-09-26 13:53 27,262,976 ----a-w C:\VIRTPART.DAT

2008-09-26 07:22 315,392 ----a-w c:\windows\HideWin.exe

2008-09-25 20:50 155,995 ----a-w c:\windows\java\Packages\W3HZRVH3.ZIP

2008-09-15 15:26 1,846,528 ----a-w c:\windows\system32\win32k.sys

2007-11-14 17:06 37,969,497 ----a-w c:\arquivos de programas\Nero-7.7.5.1_portuguese_lite_www.baixebr.blogspot.com.exe

2004-07-20 00:58 1,156,363 ----a-w c:\arquivos de programas\BDANT.cab

2004-07-20 00:53 976,020 ----a-w c:\arquivos de programas\BDAXP.cab

2004-07-09 11:13 703,080 ----a-w c:\arquivos de programas\BDA.cab

2004-07-09 11:13 15,493,481 -c--a-w c:\arquivos de programas\DirectX.cab

.

 

((((((((((((((((((((((((((((( snapshot@2008-12-13_14.50.53,79 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-08-26 08:11:45 124,928 -c----w c:\windows\ie7updates\KB958215-IE7\advpack.dll

+ 2008-08-26 08:11:45 347,136 -c----w c:\windows\ie7updates\KB958215-IE7\dxtmsft.dll

+ 2008-08-26 08:11:45 214,528 -c----w c:\windows\ie7updates\KB958215-IE7\dxtrans.dll

+ 2008-08-26 08:11:45 133,120 -c----w c:\windows\ie7updates\KB958215-IE7\extmgr.dll

+ 2008-08-26 08:11:45 63,488 -c----w c:\windows\ie7updates\KB958215-IE7\icardie.dll

+ 2008-08-25 08:42:17 70,656 -c----w c:\windows\ie7updates\KB958215-IE7\ie4uinit.exe

+ 2008-08-26 08:11:45 153,088 -c----w c:\windows\ie7updates\KB958215-IE7\ieakeng.dll

+ 2008-08-26 08:11:45 230,400 -c----w c:\windows\ie7updates\KB958215-IE7\ieaksie.dll

+ 2008-08-23 05:54:51 161,792 -c----w c:\windows\ie7updates\KB958215-IE7\ieakui.dll

+ 2008-08-26 08:11:46 383,488 -c----w c:\windows\ie7updates\KB958215-IE7\ieapfltr.dll

+ 2008-08-26 08:11:46 384,512 -c----w c:\windows\ie7updates\KB958215-IE7\iedkcs32.dll

+ 2008-10-03 17:26:01 6,066,176 -c----w c:\windows\ie7updates\KB958215-IE7\ieframe.dll

+ 2008-08-26 08:11:48 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\iernonce.dll

+ 2008-08-26 08:11:48 267,776 -c----w c:\windows\ie7updates\KB958215-IE7\iertutil.dll

+ 2008-08-25 08:38:00 13,824 -c----w c:\windows\ie7updates\KB958215-IE7\ieudinit.exe

+ 2008-08-23 05:56:15 635,848 -c----w c:\windows\ie7updates\KB958215-IE7\iexplore.exe

+ 2008-08-26 08:11:49 27,648 -c----w c:\windows\ie7updates\KB958215-IE7\jsproxy.dll

+ 2008-08-26 08:11:49 459,264 -c----w c:\windows\ie7updates\KB958215-IE7\msfeeds.dll

+ 2008-08-26 08:11:49 52,224 -c----w c:\windows\ie7updates\KB958215-IE7\msfeedsbs.dll

+ 2008-08-27 09:11:54 3,593,216 -c----w c:\windows\ie7updates\KB958215-IE7\mshtml.dll

+ 2008-08-26 08:11:52 477,696 -c----w c:\windows\ie7updates\KB958215-IE7\mshtmled.dll

+ 2008-08-26 08:11:52 193,024 -c----w c:\windows\ie7updates\KB958215-IE7\msrating.dll

+ 2008-08-26 08:11:53 671,232 -c----w c:\windows\ie7updates\KB958215-IE7\mstime.dll

+ 2008-08-26 08:11:53 102,912 -c----w c:\windows\ie7updates\KB958215-IE7\occache.dll

+ 2008-08-26 08:11:53 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\pngfilt.dll

+ 2007-03-06 01:01:00 215,264 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\spuninst.exe

+ 2007-03-06 01:02:08 384,224 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\updspapi.dll

+ 2008-08-26 08:11:53 105,984 -c----w c:\windows\ie7updates\KB958215-IE7\url.dll

+ 2008-08-26 08:11:53 1,159,680 -c----w c:\windows\ie7updates\KB958215-IE7\urlmon.dll

+ 2008-08-26 08:11:54 233,472 -c----w c:\windows\ie7updates\KB958215-IE7\webcheck.dll

+ 2008-08-26 08:11:54 826,368 -c----w c:\windows\ie7updates\KB958215-IE7\wininet.dll

- 2008-08-26 08:11:45 124,928 ----a-w c:\windows\system32\advpack.dll

+ 2008-10-16 20:23:05 124,928 ----a-w c:\windows\system32\advpack.dll

- 2008-08-26 08:11:45 124,928 -c--a-w c:\windows\system32\dllcache\advpack.dll

+ 2008-10-16 20:23:05 124,928 -c--a-w c:\windows\system32\dllcache\advpack.dll

- 2008-08-26 08:11:45 347,136 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll

+ 2008-10-16 20:23:05 347,136 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll

- 2008-08-26 08:11:45 214,528 -c--a-w c:\windows\system32\dllcache\dxtrans.dll

+ 2008-10-16 20:23:05 214,528 -c--a-w c:\windows\system32\dllcache\dxtrans.dll

- 2008-08-26 08:11:45 133,120 -c--a-w c:\windows\system32\dllcache\extmgr.dll

+ 2008-10-16 20:23:05 133,120 -c--a-w c:\windows\system32\dllcache\extmgr.dll

- 2008-08-26 08:11:45 63,488 -c----w c:\windows\system32\dllcache\icardie.dll

+ 2008-10-16 20:23:05 63,488 -c----w c:\windows\system32\dllcache\icardie.dll

- 2008-08-25 08:42:17 70,656 -c--a-w c:\windows\system32\dllcache\ie4uinit.exe

+ 2008-10-16 13:15:01 70,656 -c--a-w c:\windows\system32\dllcache\ie4uinit.exe

- 2008-08-26 08:11:45 153,088 -c--a-w c:\windows\system32\dllcache\ieakeng.dll

+ 2008-10-16 20:23:05 153,088 -c--a-w c:\windows\system32\dllcache\ieakeng.dll

- 2008-08-26 08:11:45 230,400 -c--a-w c:\windows\system32\dllcache\ieaksie.dll

+ 2008-10-16 20:23:05 230,400 -c--a-w c:\windows\system32\dllcache\ieaksie.dll

- 2008-08-23 05:54:51 161,792 -c--a-w c:\windows\system32\dllcache\ieakui.dll

+ 2008-10-15 07:04:53 161,792 -c--a-w c:\windows\system32\dllcache\ieakui.dll

- 2008-08-26 08:11:46 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll

+ 2008-10-16 20:23:05 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll

- 2008-08-26 08:11:46 384,512 -c--a-w c:\windows\system32\dllcache\iedkcs32.dll

+ 2008-10-16 20:23:05 384,512 -c--a-w c:\windows\system32\dllcache\iedkcs32.dll

- 2008-10-03 17:26:01 6,066,176 -c----w c:\windows\system32\dllcache\ieframe.dll

+ 2008-10-16 20:23:06 6,066,176 -c----w c:\windows\system32\dllcache\ieframe.dll

- 2008-08-26 08:11:48 44,544 -c--a-w c:\windows\system32\dllcache\iernonce.dll

+ 2008-10-16 20:23:06 44,544 -c--a-w c:\windows\system32\dllcache\iernonce.dll

- 2008-08-26 08:11:48 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll

+ 2008-10-16 20:23:06 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll

- 2008-08-25 08:38:00 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe

+ 2008-10-16 13:11:09 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe

- 2008-08-23 05:56:15 635,848 -c--a-w c:\windows\system32\dllcache\iexplore.exe

+ 2008-10-15 07:06:26 633,632 -c--a-w c:\windows\system32\dllcache\iexplore.exe

- 2008-08-26 08:11:49 27,648 -c--a-w c:\windows\system32\dllcache\jsproxy.dll

+ 2008-10-16 20:23:06 27,648 -c--a-w c:\windows\system32\dllcache\jsproxy.dll

- 2008-08-26 08:11:49 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll

+ 2008-10-16 20:23:06 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll

- 2008-08-26 08:11:49 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll

+ 2008-10-16 20:23:06 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll

- 2008-08-27 09:11:54 3,593,216 -c--a-w c:\windows\system32\dllcache\mshtml.dll

+ 2008-10-17 03:53:08 3,593,216 -c--a-w c:\windows\system32\dllcache\mshtml.dll

- 2008-08-26 08:11:52 477,696 -c--a-w c:\windows\system32\dllcache\mshtmled.dll

+ 2008-10-16 20:23:07 477,696 -c--a-w c:\windows\system32\dllcache\mshtmled.dll

- 2008-08-26 08:11:52 193,024 -c--a-w c:\windows\system32\dllcache\msrating.dll

+ 2008-10-16 20:23:07 193,024 -c--a-w c:\windows\system32\dllcache\msrating.dll

- 2008-08-26 08:11:53 671,232 -c--a-w c:\windows\system32\dllcache\mstime.dll

+ 2008-10-16 20:23:07 671,232 -c--a-w c:\windows\system32\dllcache\mstime.dll

- 2008-08-26 08:11:53 102,912 -c--a-w c:\windows\system32\dllcache\occache.dll

+ 2008-10-16 20:23:07 102,912 -c--a-w c:\windows\system32\dllcache\occache.dll

- 2008-08-26 08:11:53 44,544 -c--a-w c:\windows\system32\dllcache\pngfilt.dll

+ 2008-10-16 20:23:07 44,544 -c--a-w c:\windows\system32\dllcache\pngfilt.dll

- 2008-08-26 08:11:53 105,984 -c--a-w c:\windows\system32\dllcache\url.dll

+ 2008-10-16 20:23:07 105,984 -c--a-w c:\windows\system32\dllcache\url.dll

- 2008-08-26 08:11:53 1,159,680 -c--a-w c:\windows\system32\dllcache\urlmon.dll

+ 2008-10-16 20:23:07 1,160,192 -c--a-w c:\windows\system32\dllcache\urlmon.dll

- 2008-08-26 08:11:54 233,472 -c--a-w c:\windows\system32\dllcache\webcheck.dll

+ 2008-10-16 20:23:07 233,472 -c--a-w c:\windows\system32\dllcache\webcheck.dll

- 2008-08-26 08:11:54 826,368 -c--a-w c:\windows\system32\dllcache\wininet.dll

+ 2008-10-16 20:23:07 826,368 -c--a-w c:\windows\system32\dllcache\wininet.dll

- 2008-08-26 08:11:45 347,136 ----a-w c:\windows\system32\dxtmsft.dll

+ 2008-10-16 20:23:05 347,136 ----a-w c:\windows\system32\dxtmsft.dll

- 2008-08-26 08:11:45 214,528 ----a-w c:\windows\system32\dxtrans.dll

+ 2008-10-16 20:23:05 214,528 ----a-w c:\windows\system32\dxtrans.dll

- 2008-08-26 08:11:45 133,120 ----a-w c:\windows\system32\extmgr.dll

+ 2008-10-16 20:23:05 133,120 ----a-w c:\windows\system32\extmgr.dll

- 2008-08-26 08:11:45 63,488 ----a-w c:\windows\system32\icardie.dll

+ 2008-10-16 20:23:05 63,488 ----a-w c:\windows\system32\icardie.dll

- 2008-08-25 08:42:17 70,656 ----a-w c:\windows\system32\ie4uinit.exe

+ 2008-10-16 13:15:01 70,656 ----a-w c:\windows\system32\ie4uinit.exe

- 2008-08-26 08:11:45 153,088 ----a-w c:\windows\system32\ieakeng.dll

+ 2008-10-16 20:23:05 153,088 ----a-w c:\windows\system32\ieakeng.dll

- 2008-08-26 08:11:45 230,400 ----a-w c:\windows\system32\ieaksie.dll

+ 2008-10-16 20:23:05 230,400 ----a-w c:\windows\system32\ieaksie.dll

- 2008-08-23 05:54:51 161,792 ----a-w c:\windows\system32\ieakui.dll

+ 2008-10-15 07:04:53 161,792 ----a-w c:\windows\system32\ieakui.dll

- 2008-08-26 08:11:46 383,488 ----a-w c:\windows\system32\ieapfltr.dll

+ 2008-10-16 20:23:05 383,488 ----a-w c:\windows\system32\ieapfltr.dll

- 2008-08-26 08:11:46 384,512 ----a-w c:\windows\system32\iedkcs32.dll

+ 2008-10-16 20:23:05 384,512 ----a-w c:\windows\system32\iedkcs32.dll

- 2008-10-03 17:26:01 6,066,176 ----a-w c:\windows\system32\ieframe.dll

+ 2008-10-16 20:23:06 6,066,176 ----a-w c:\windows\system32\ieframe.dll

- 2008-08-26 08:11:48 44,544 ----a-w c:\windows\system32\iernonce.dll

+ 2008-10-16 20:23:06 44,544 ----a-w c:\windows\system32\iernonce.dll

- 2008-08-26 08:11:48 267,776 ----a-w c:\windows\system32\iertutil.dll

+ 2008-10-16 20:23:06 267,776 ----a-w c:\windows\system32\iertutil.dll

- 2008-08-25 08:38:00 13,824 ----a-w c:\windows\system32\ieudinit.exe

+ 2008-10-16 13:11:09 13,824 ----a-w c:\windows\system32\ieudinit.exe

- 2008-08-26 08:11:49 27,648 ----a-w c:\windows\system32\jsproxy.dll

+ 2008-10-16 20:23:06 27,648 ----a-w c:\windows\system32\jsproxy.dll

- 2008-11-04 00:10:25 17,318,336 ----a-w c:\windows\system32\MRT.exe

+ 2008-12-09 23:24:37 17,593,280 ----a-w c:\windows\system32\MRT.exe

- 2008-08-26 08:11:49 459,264 ----a-w c:\windows\system32\msfeeds.dll

+ 2008-10-16 20:23:06 459,264 ----a-w c:\windows\system32\msfeeds.dll

- 2008-08-26 08:11:49 52,224 ----a-w c:\windows\system32\msfeedsbs.dll

+ 2008-10-16 20:23:06 52,224 ----a-w c:\windows\system32\msfeedsbs.dll

- 2008-08-27 09:11:54 3,593,216 ----a-w c:\windows\system32\mshtml.dll

+ 2008-10-17 03:53:08 3,593,216 ----a-w c:\windows\system32\mshtml.dll

- 2008-08-26 08:11:52 477,696 ----a-w c:\windows\system32\mshtmled.dll

+ 2008-10-16 20:23:07 477,696 ----a-w c:\windows\system32\mshtmled.dll

- 2008-08-26 08:11:52 193,024 ----a-w c:\windows\system32\msrating.dll

+ 2008-10-16 20:23:07 193,024 ----a-w c:\windows\system32\msrating.dll

- 2008-08-26 08:11:53 671,232 ----a-w c:\windows\system32\mstime.dll

+ 2008-10-16 20:23:07 671,232 ----a-w c:\windows\system32\mstime.dll

- 2008-08-26 08:11:53 102,912 ----a-w c:\windows\system32\occache.dll

+ 2008-10-16 20:23:07 102,912 ----a-w c:\windows\system32\occache.dll

- 2008-08-26 08:11:53 44,544 ----a-w c:\windows\system32\pngfilt.dll

+ 2008-10-16 20:23:07 44,544 ----a-w c:\windows\system32\pngfilt.dll

- 2008-08-26 08:11:53 105,984 ----a-w c:\windows\system32\url.dll

+ 2008-10-16 20:23:07 105,984 ----a-w c:\windows\system32\url.dll

- 2008-08-26 08:11:53 1,159,680 ----a-w c:\windows\system32\urlmon.dll

+ 2008-10-16 20:23:07 1,160,192 ----a-w c:\windows\system32\urlmon.dll

- 2008-08-26 08:11:54 233,472 ----a-w c:\windows\system32\webcheck.dll

+ 2008-10-16 20:23:07 233,472 ----a-w c:\windows\system32\webcheck.dll

+ 2008-12-15 22:49:27 16,384 ----atw c:\windows\TEMP\Perflib_Perfdata_568.dat

.

-- Snapshot resetado para data atual --

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"Picasa Media Detector"="c:\arquivos de programas\Picasa2\PicasaMediaDetector.exe" [2008-08-20 443968]

"Free Download Manager"="c:\arquivos de programas\Free Download Manager\fdm.exe" [2008-05-20 2474031]

"MSMSGS"="c:\arquivos de programas\Messenger\msmsgs.exe" [2008-04-14 1695232]

"MsnMsgr"="c:\arquivos de programas\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"GhostStartTrayApp"="c:\arquivos de programas\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe" [2003-06-10 94208]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"SpywareTerminator"="c:\arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe" [2008-10-11 1783808]

"COMODO Firewall Pro"="c:\arquivos de programas\Comodo\Firewall\CPF.exe" [2008-10-12 1115728]

"avast!"="c:\arquivos de programas\Alwil Software\Avast4\ashDisp.exe" [2008-11-18 81000]

"nwiz"="nwiz.exe" [2008-05-16 c:\windows\system32\nwiz.exe]

"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 c:\windows\RTHDCPL.exe]

"SkyTel"="SkyTel.EXE" [2007-06-15 c:\windows\SkyTel.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"8366:TCP"= 8366:TCP:emule

 

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-16 110160]

R1 GhPciScan;GhostPciScanner;\??\c:\arquivos de programas\Symantec\Norton Ghost 2003\ghpciscan.sys [2003-05-28 5632]

R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\c:\windows\system32\drivers\sp_rsdrv2.sys [2008-10-11 141312]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-11-16 20560]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Baixar com o FDM - file://c:\arquivos de programas\Free Download Manager\dllink.htm

IE: Baixar tudo com o FDM - file://c:\arquivos de programas\Free Download Manager\dlall.htm

IE: Crawler Search - tbr:iemenu

IE: Download selecionado pelo FDM - file://c:\arquivos de programas\Free Download Manager\dlselected.htm

IE: Download video with Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlfvideo.htm

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: {FC61E42D-BCAE-4486-85F3-0AB07F9B22F3} = 201.10.128.3,201.10.120.3

Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\arquiv~1\Crawler\ctbr.dll

 

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

FF - ProfilePath - c:\documents and settings\HOME\Dados de aplicativos\Mozilla\Firefox\Profiles\c0zcbzfp.default\

FF - prefs.js: browser.search.selectedEngine - DAEMON Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF - plugin: c:\arquivos de programas\Picasa2\npPicasa2.dll

FF - plugin: c:\arquivos de programas\Yahoo!\Common\npyaxmpb.dll

FF - plugin: c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-15 21:01:04

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-12-15 21:01:30

ComboFix-quarantined-files.txt 2008-12-15 23:01:28

ComboFix2.txt 2008-12-13 16:51:11

 

Pré-execução: 13 pasta(s) 12.793.040.896 bytes disponíveis

Pós execução: 13 pasta(s) 12,792,483,840 bytes disponíveis

 

328 --- E O F --- 2008-12-15 22:51:37

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:04:45, on 15/12/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Comodo\Firewall\cmdagent.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Arquivos de programas\Symantec\Norton Ghost 2003\GhostStartService.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

C:\Arquivos de programas\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe

C:\Arquivos de programas\Comodo\Firewall\CPF.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe

C:\Arquivos de programas\Free Download Manager\fdm.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\DOCUME~1\HOME\CONFIG~1\Temp\Rar$EX00.484\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\ARQUIV~1\Crawler\ctbr.dll

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\yt.dll

O1 - Hosts: 85.14.217.127 l2authd.lineage2.com

O1 - Hosts: 216.107.250.194 nprotect.lineage2.com

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\ARQUIV~1\Crawler\ctbr.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdm2.dll

O3 - Toolbar: Barra de ferramentas &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\ARQUIV~1\Crawler\ctbr.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\yt.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Arquivos de programas\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [spywareTerminator] "C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Arquivos de programas\Comodo\Firewall\CPF.exe" /background

O4 - HKLM\..\Run: [avast!] "C:\Arquivos de programas\Alwil Software\Avast4\ashDisp.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Picasa Media Detector] C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe

O4 - HKCU\..\Run: [Free Download Manager] "C:\Arquivos de programas\Free Download Manager\fdm.exe" -autorun

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: Baixar com o FDM - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: Baixar tudo com o FDM - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Crawler Search - tbr:iemenu

O8 - Extra context menu item: Download selecionado pelo FDM - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1228485763781

O17 - HKLM\System\CCS\Services\Tcpip\..\{FC61E42D-BCAE-4486-85F3-0AB07F9B22F3}: NameServer = 201.10.128.3,201.10.120.3

O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\ARQUIV~1\Crawler\ctbr.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Arquivos de programas\Comodo\Firewall\cmdagent.exe

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

O23 - Service: GhostStartService - Symantec Corporation - C:\Arquivos de programas\Symantec\Norton Ghost 2003\GhostStartService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

 

--

End of file - 9565 bytes

 

Obs.: Vou ser sincero com você Sr. Perfect., quando vejo esse tanto de análises da um friozinho na barriga, pois quando você é leigo do assunto, o medo do desconhecido aumenta, tenho apenas 2 meses de uso desse computador, só de imagina você dizer que meu computador tá com um problema sério, fico até triste de pensar. É uma máquina na verdade, mas é o meu primeiro depois de tanto tempo querendo comprar um. Bem vamos para com essa conversa de buteco, parecendo que a mulher vai me deixar.

[PedroN 1]

Olá amigo, o log estar limpo

[Cairo Santos 0]

Obrigado pela paciência Sr. Perfect, fico bastante agradecido

[PedroN 1]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.