[Resolvido!] IE só funciona no Modo de segurança!

Charlle · Junho 24, 2009

E aí galera, to precisando de uma grande ajuda!

Utilizo Wireless- D-Link G Adsl2+ conectado a velox.

Meu IE parou de abrir paginas juntamente com o msn parando de funcionar, embora mozilla e google Chrome estejam funcionando!

Já googlei muito.

Numa dessas descobri que em Opções de internet/conexões/configurações de lan quando desabilito "usar script de configuração automática" o IE dá um pico de leve e para novamente. Quando olho nas configurações Lan a opção "usar script de configuração automática" foi remarcada sem que eu fisesse nada. Com o endereço de http://localhost:9000/proxy.pac. Visto que não estou conectado a nenhuma rede.

Tambem descobri que o Internet explorer só funciona no Modo de Segurança.

Ai vai o log HijackThis

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:59:34, on 23/6/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\agrsmsvc.exe

C:\Arquivos de programas\Symantec\Norton Ghost 2003\GhostStartService.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9000/proxy.pac

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: BywifiBHO - {C4743D3E-20D7-4B52-84F2-5E4E277B2D82} - C:\Arquivos de programas\Bywifi\bywifiie.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: GhostStartService - Symantec Corporation - C:\Arquivos de programas\Symantec\Norton Ghost 2003\GhostStartService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

--

End of file - 5075 bytes

Se alguem puder me ajudar!

Desde jah agradeço!

Charlle · Junho 24, 2009

Ai vai tbem o log do combofix

ComboFix 09-06-22.0E - Administrador 23/06/2009 23:16.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2038.1545 [GMT -3:00]

Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-05-24 to 2009-06-24 ))))))))))))))))))))))))))))

.

2009-06-22 16:07 . 2009-04-30 21:14 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2009-06-22 16:07 . 2009-04-30 21:14 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2009-06-22 10:13 . 2009-06-22 10:13 -------- d--h--w- c:\windows\system32\GroupPolicy

2009-06-22 08:20 . 2008-10-16 17:06 208744 ----a-w- c:\windows\system32\muweb.dll

2009-06-22 01:59 . 2009-04-06 18:32 15504 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-06-22 01:59 . 2009-04-06 18:32 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-06-22 01:59 . 2009-06-22 01:59 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-06-22 01:56 . 2009-06-23 23:54 117760 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2009-06-22 01:54 . 2009-06-22 01:54 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\SUPERAntiSpyware.com

2009-06-22 01:53 . 2009-06-22 01:53 -------- d-----w- c:\arquivos de programas\SUPERAntiSpyware

2009-06-22 01:53 . 2009-06-22 01:53 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\SUPERAntiSpyware.com

2009-06-22 01:53 . 2009-06-22 01:53 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Wise Installation Wizard

2009-06-22 01:38 . 2009-06-22 01:38 -------- d-----w- c:\arquivos de programas\CCleaner

2009-06-22 01:33 . 2009-06-22 01:33 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

2009-06-22 01:27 . 2008-04-13 22:20 81920 ------w- c:\windows\system32\ieencode.dll

2009-06-22 01:27 . 2008-04-13 22:19 102912 -c----w- c:\windows\system32\dllcache\dpcdll.dll

2009-06-21 15:07 . 2009-06-21 15:07 -------- d-----w- c:\arquivos de programas\Trend Micro

2009-06-20 22:36 . 2009-06-20 22:39 -------- dc-h--w- c:\windows\ie8

2009-06-20 22:15 . 2009-06-20 22:15 0 ----a-w- c:\windows\nsreg.dat

2009-06-20 21:49 . 2009-06-20 21:49 -------- d-----w- c:\arquivos de programas\SopCast

2009-06-20 19:18 . 2009-06-20 19:18 -------- d-----w- c:\arquivos de programas\Rockstar Games

2009-06-19 21:04 . 2009-06-19 21:04 -------- d-----w- c:\arquivos de programas\Aquiris Olympikus

2009-06-19 04:27 . 2009-03-24 19:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-06-16 23:32 . 2008-06-19 20:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys

2009-06-16 23:32 . 2009-06-16 23:32 -------- d-----w- c:\arquivos de programas\Panda Security

2009-06-15 20:19 . 2009-06-15 21:07 -------- d-----w- c:\arquivos de programas\Project64 v1.5

2009-06-15 01:22 . 2009-06-15 01:22 -------- d-----w- c:\arquivos de programas\SomePDF

2009-06-14 18:58 . 2009-06-14 18:58 -------- d-----w- c:\arquivos de programas\VDOWNLOADER

2009-06-04 20:46 . 2009-06-04 20:46 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\ESET

2009-06-02 21:00 . 2009-06-02 21:00 -------- d-----w- c:\arquivos de programas\MSXML 4.0

2009-06-01 22:04 . 2009-06-01 22:04 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\DivX

2009-06-01 22:01 . 2009-06-01 22:04 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Pinnacle VideoSpin

2009-06-01 22:01 . 2009-06-01 22:01 -------- d-----w- c:\arquivos de programas\Pinnacle

2009-06-01 22:01 . 2009-06-01 22:01 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Yahoo!

2009-06-01 21:59 . 2009-06-01 21:59 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Pinnacle

2009-05-31 20:26 . 2009-05-31 20:26 -------- d-----w- c:\windows\Logs

2009-05-31 00:45 . 2009-05-31 00:45 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2009-05-27 16:08 . 2009-05-27 16:08 -------- d-----w- c:\arquivos de programas\MSECache

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-06-24 00:21 . 2008-12-11 15:16 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Orbit

2009-06-23 23:27 . 2008-04-14 11:00 77144 ----a-w- c:\windows\system32\perfc016.dat

2009-06-23 23:27 . 2008-04-14 11:00 467160 ----a-w- c:\windows\system32\perfh016.dat

2009-06-23 20:47 . 2009-05-18 14:23 -------- d-----w- c:\arquivos de programas\Yahoo!

2009-06-22 01:50 . 2009-04-28 23:50 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP

2009-06-20 19:18 . 2008-09-16 20:01 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2009-06-02 21:48 . 2009-03-24 01:28 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Any Video Converter

2009-06-01 22:12 . 2009-03-24 01:28 -------- d-----w- c:\arquivos de programas\Any Video Converter

2009-06-01 20:36 . 2009-03-17 23:27 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Skype

2009-06-01 20:35 . 2008-12-06 01:07 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\skypePM

2009-05-24 18:00 . 2009-05-24 18:00 25214 ----a-r- c:\documents and settings\Administrador\Dados de aplicativos\Microsoft\Installer\{9509674F-3972-11DE-806D-005056806466}\UNINST_Uninstall_G_408FFBEED62349E08B232864A94D2864.exe

2009-05-24 18:00 . 2009-05-24 18:00 25214 ----a-r- c:\documents and settings\Administrador\Dados de aplicativos\Microsoft\Installer\{9509674F-3972-11DE-806D-005056806466}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe

2009-05-24 18:00 . 2009-05-24 18:00 25214 ----a-r- c:\documents and settings\Administrador\Dados de aplicativos\Microsoft\Installer\{9509674F-3972-11DE-806D-005056806466}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe

2009-05-24 18:00 . 2009-05-24 18:00 25214 ----a-r- c:\documents and settings\Administrador\Dados de aplicativos\Microsoft\Installer\{9509674F-3972-11DE-806D-005056806466}\googleearth.exe1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe

2009-05-24 18:00 . 2009-05-24 18:00 25214 ----a-r- c:\documents and settings\Administrador\Dados de aplicativos\Microsoft\Installer\{9509674F-3972-11DE-806D-005056806466}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe

2009-05-24 18:00 . 2009-05-24 18:00 25214 ----a-r- c:\documents and settings\Administrador\Dados de aplicativos\Microsoft\Installer\{9509674F-3972-11DE-806D-005056806466}\ARPPRODUCTICON.exe

2009-05-21 22:00 . 2009-05-21 22:00 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Malwarebytes

2009-05-21 22:00 . 2009-05-21 22:00 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2009-05-21 14:14 . 2008-12-11 15:16 -------- d-----w- c:\arquivos de programas\Orbitdownloader

2009-05-18 14:23 . 2009-05-18 14:23 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Yahoo!

2009-05-18 13:36 . 2009-04-29 00:09 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\IObit

2009-05-17 23:53 . 2009-03-26 22:57 -------- d-----w- c:\arquivos de programas\Bywifi

2009-05-17 23:02 . 2009-05-17 23:02 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\EarMaster

2009-05-16 21:27 . 2009-05-16 21:27 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Borland Shared

2009-05-16 21:27 . 2009-05-16 21:27 -------- d-----w- c:\arquivos de programas\Sisvar

2009-05-13 05:03 . 2008-05-27 21:38 915456 ----a-w- c:\windows\system32\wininet.dll

2009-05-07 15:33 . 2008-04-14 11:00 347136 ----a-w- c:\windows\system32\localspl.dll

2009-04-29 00:09 . 2009-04-29 00:09 -------- d-----w- c:\arquivos de programas\IObit

2009-04-29 00:08 . 2008-12-12 15:38 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft

2009-04-29 00:08 . 2008-09-16 20:10 -------- d-----w- c:\arquivos de programas\Lavasoft

2009-04-27 23:00 . 2009-04-27 23:00 -------- d-----w- c:\arquivos de programas\Unity

2009-04-26 16:49 . 2009-04-26 16:49 410984 ----a-w- c:\windows\system32\deploytk.dll

2009-04-26 16:49 . 2008-09-16 18:18 -------- d-----w- c:\arquivos de programas\Java

2009-04-26 16:48 . 2009-04-26 16:48 152576 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Sun\Java\jre1.6.0_13\lzma.dll

2009-04-19 19:50 . 2008-04-14 11:00 1847296 ----a-w- c:\windows\system32\win32k.sys

2009-04-15 14:53 . 2008-04-14 11:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="shell32" [X]

"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-03-08 128512]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\arquivos de programas\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-12-22 15:05 356352 ----a-w- c:\arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^BTTray.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\BTTray.lnk

backup=c:\windows\pss\BTTray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Orbit.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Orbit.lnk

backup=c:\windows\pss\Orbit.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"c:\\Arquivos de programas\\Ares\\Ares.exe"=

"c:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"=

"c:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"=

"c:\\Arquivos de programas\\Bywifi\\bywifi.exe"=

"c:\\CS1.6 pod-Bot\\hl.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"c:\\Arquivos de programas\\Pinnacle\\VideoSpin\\Programs\\RM.exe"=

"c:\\Arquivos de programas\\Pinnacle\\VideoSpin\\Programs\\umi.exe"=

"c:\\Arquivos de programas\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"=

"c:\\Arquivos de programas\\EA Sports\\FIFA 08\\FIFA08.exe"=

"c:\\Documents and Settings\\All Users\\Dados de aplicativos\\NexonUS\\NGM\\NGM.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [16/6/2009 20:32 28544]

R1 GhPciScan;GhostPciScanner;c:\arquivos de programas\Symantec\Norton Ghost 2003\GhPciScan.sys [28/5/2003 19:01 5632]

R1 SASDIFSV;SASDIFSV;c:\arquivos de programas\SUPERAntiSpyware\sasdifsv.sys [26/5/2009 10:05 9968]

R1 SASKUTIL;SASKUTIL;c:\arquivos de programas\SUPERAntiSpyware\SASKUTIL.SYS [26/5/2009 10:05 72944]

R3 hidshim;Service for HID-KMDF Shim layer;c:\windows\system32\drivers\hidshim.sys [16/9/2008 16:55 5632]

R3 winbondhidcir;Winbond HID CIR Receiver;c:\windows\system32\drivers\winbondhidcir.sys [16/9/2008 16:55 21504]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]

S3 CrystalSysInfo;CrystalSysInfo;\??\c:\arquivos de programas\MediaCoder\SysInfo.sys --> c:\arquivos de programas\MediaCoder\SysInfo.sys [?]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 SASENUM;SASENUM;c:\arquivos de programas\SUPERAntiSpyware\SASENUM.SYS [26/5/2009 10:05 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{67EFG7H6-8IJL-56YT-KLH4-76WE8D3RAM87}]

c:\system\S-3-7-89-2225458569-9856321456-454423558-8896\\Driver.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]

c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\arquivos de programas\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

uInternet Settings,ProxyOverride = local

FF - ProfilePath -

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

------- Associação de arquivos/ficheiros -------

.

inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-06-23 23:18

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_USERS\S-1-5-21-861567501-879983540-1417001333-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fc,e1,93,ab,0e,3d,49,43,93,52,82,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fc,e1,93,ab,0e,3d,49,43,93,52,82,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,6b,26,7d,96,9b,

b7,5a,a2,e2,63,26,f1,3f,c8,ff,68,92,49,9f,94,20,f0,3c,a4,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,b0,e5,6d,c3,37,

4d,5a,7f,6a,9c,d6,61,af,45,84,18,3c,60,7b,fb,eb,2e,83,22,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,88,8b,fc,0f,f7,

d6,70,a0,ff,7c,85,e0,43,d4,0e,fe,81,70,34,89,3c,29,fd,4d,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,17,e6,b3,34,96,

48,ce,63,86,8c,21,01,be,91,eb,e7,96,34,c2,cf,c6,fe,73,05,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,b1,1e,a0,86,cb,

84,aa,45,f5,1d,4d,73,a8,13,5c,05,20,c7,0d,7a,43,dd,d3,5f,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,c8,48,b9,47,38,

93,c9,0f,df,20,58,62,78,6b,cf,c8,b1,76,c9,de,e6,68,10,40,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,a4,43,19,15,ec,

81,a5,d5,fb,a7,78,e6,12,2f,9a,ea,9d,26,17,46,7a,71,33,c9,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,9e,31,89,0e,3f,

1e,76,b7,01,3a,48,fc,e8,04,4a,f1,86,d9,6a,fb,ea,27,68,e6,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,57,22,19,ba,cf,

f7,ff,46,f6,0f,4e,58,98,5b,89,c9,c8,96,01,c8,c3,47,25,74,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"f5f62a6129303efb32fbe080bb27835b"=hex:37,a4,aa,c3,a6,15,56,0a,1f,12,e8,bb,36,

b2,fd,45,3d,ce,ea,26,2d,45,aa,78,f9,97,bb,7b,51,ba,a2,a2,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,94,6b,10,65,4a,

a2,d2,c3,2a,b7,cc,b5,b9,7f,41,e7,c0,db,50,04,f0,ef,9a,ab,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,c9,04,d7,d3,76,

07,cb,52,6c,43,2d,1e,aa,22,2f,9c,1e,97,22,d5,04,4c,ad,cb,6c,43,2d,1e,aa,22,\

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(748)

c:\arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(204)

c:\windows\system32\WININET.dll

c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroSearchBar.dll

c:\arquivos de programas\Arquivos comuns\Ahead\Lib\MFC71U.DLL

c:\arquivos de programas\Arquivos comuns\Ahead\Lib\BCGCBPRO800u.dll

c:\arquiv~1\WINDOW~2\wmpband.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Tempo para conclusão: 2009-06-24 23:19

ComboFix-quarantined-files.txt 2009-06-24 02:19

ComboFix2.txt 2009-06-20 00:10

ComboFix3.txt 2009-06-15 17:14

ComboFix4.txt 2009-05-29 21:22

ComboFix5.txt 2009-06-24 02:13

Pré-execução: 11 pasta(s) 70.936.702.976 bytes disponíveis

Pós execução: 11 pasta(s) 70.954.037.248 bytes disponíveis

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

266 --- E O F --- 2009-06-22 16:13

DigRam · Junho 24, 2009

Bom Dia! Charlle

<!> O problema pode estar relacionado à DRIVER.EXE. <-- Link!

<><><><><><><><><><><>

<@> Selecione e copie,todo o conteúdo que está na área do QUOTE,para o Bloco de Notas.

<@> Salve-o,no Desktop,com o nome: CFScript.txt

Files::
c:\system\S-3-7-89-2225458569-9856321456-454423558-8896\\Driver.exe

c:\system\s-3-7-89-2225458569-9856321456-454423558-8896\desktop.ini

c:\windows\system32\GameMon.des

Registry::

[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{67EFG7H6-8IJL-56YT-KLH4-76WE8D3RAM87}]

[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]

DirLook::

c:\windows\system32\GroupPolicy

Driver::

"npggsvc"

<@> Ps: Não utilizem este script em outra máquina!

<@> Arraste,o CFScript.txt para o ícone/interior do ComboFix.

<@> Veja a demonstração!

<@> Atenda à solicitação,que deverá surgir,para rodar o ComboFix.

<@> Ps: Faça o arraste,até surgir essa solicitação! ( janela )

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

Abraços!

Charlle · Junho 25, 2009

Grande Dig Ram!

Muito obrigado por atender meu chamado.

Aconteceu algo inesperado, após passar o Combofix ontem o IE voltou a funcionar, não entendi pois já havia rodado o combofix antes e não obtive resultados!

O que me diz? Mesmo assim devo fazer o que me disse?

Desde já lhe agradeço muito!

DigRam · Junho 25, 2009

Grande Dig Ram!

Muito obrigado por atender meu chamado.

Aconteceu algo inesperado, após passar o Combofix ontem o IE voltou a funcionar, não entendi pois já havia rodado o combofix antes e não obtive resultados!

O que me diz? Mesmo assim devo fazer o que me disse?

Desde já lhe agradeço muito!

<><><><><><><><>

Opa! Charlle

<!> Se voçê possui esse novo relatório,da ferramenta,poste-o para vermos o que aconteceu.

<!> Provavelmente teremos como cabeçalho:

<1> ComboFix xx-yy-zz.0E - Administrador xx/06/2009 xx:xx.2 - NTFSx86 <-- Segunda execução!

<2> ComboFix 09-06-22.0E - Administrador 23/06/2009 23:16.1 - NTFSx86 <-- Para este,não houve fix pela ferramenta,de algum malware! ( 1ª execução )

Abraços!

Charlle · Julho 2, 2009

Dig Ram, me desculpe pela demora, mas é que o bicho tá pegando na facul e não tava tendo tempo!

Mas o que aconteceu foi que o IE voltou a funcionar a partir do scan com combofix que te mandei o log anteriormente, não entendi porque.

Mas estou mandando outros logs

Para que você possa me dizer se ainda teria que fazer os passos que me disse antes.

desde já Obrigado

Abraço

ComboFix 09-07-01.04 - Administrador 02/07/2009 13:20.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2038.1476 [GMT -3:00]

Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\Installer\b5b8.msi

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-06-02 to 2009-07-02 ))))))))))))))))))))))))))))

.

2009-06-24 14:47 . 2009-06-24 14:47 -------- d-----w- C:\Intel

2009-06-24 03:16 . 2009-06-24 03:17 -------- d-----w- c:\arquivos de programas\Google

2009-06-24 02:31 . 2009-03-30 13:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys

2009-06-24 02:31 . 2009-02-13 15:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2009-06-24 02:31 . 2009-02-13 15:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2009-06-24 02:31 . 2009-06-24 02:31 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Avira

2009-06-24 02:31 . 2009-06-24 02:31 -------- d-----w- c:\arquivos de programas\Avira

2009-06-22 16:07 . 2009-04-30 21:14 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2009-06-22 16:07 . 2009-04-30 21:14 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2009-06-22 10:13 . 2009-06-22 10:13 -------- d--h--w- c:\windows\system32\GroupPolicy

2009-06-22 08:20 . 2008-10-16 17:06 208744 ----a-w- c:\windows\system32\muweb.dll

2009-06-22 01:59 . 2009-04-06 18:32 15504 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-06-22 01:59 . 2009-04-06 18:32 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-06-22 01:59 . 2009-06-22 01:59 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-06-22 01:56 . 2009-07-02 15:11 117760 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2009-06-22 01:54 . 2009-06-22 01:54 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\SUPERAntiSpyware.com

2009-06-22 01:53 . 2009-06-24 02:41 -------- d-----w- c:\arquivos de programas\SUPERAntiSpyware