[Resolvido!] Analise meu log

glalla2005 · Outubro 29, 2007

Olá amigos,

Estou com problemas na minha conexão.

Instalei o Windows XP no sábado e hoje já recebi vários avisos de vírus no avast.

Quando tento navegar em alguns site a conexão trava.

Estou ainda um pouco perdido com as configurações e preciso da ajuda de vocês, principalmente no que diz respeito a segurança de navegação.

Logfile of HijackThis v1.99.1

Scan saved at 16:30:42, on 29/10/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Microsoft Office\Office10\msoffice.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\slserv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Crazy Browser\Crazy Browser.exe

C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1193623657812

O17 - HKLM\System\CCS\Services\Tcpip\..\{BD5F61E1-8229-4028-BB93-168ECFA3D2F0}: NameServer = 200.204.0.10,200.204.0.138

O17 - HKLM\System\CCS\Services\Tcpip\..\{EA102849-482C-4F49-B64B-F4DFE2B508D6}: NameServer = 200.204.0.10 200.204.0.138

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

Erros que aparecem no Avast:

Sign of "Win32:Agent-KIR [Trj]" has been found in "C:\WINDOWS\System32\drivers\ip6fw.sys" file.

Sign of "Win32:Agent-KIR [Trj]" has been found in "C:\windows\system32\drivers\ip6fw.sys" file.

Sign of "Win32:Agent-MEB [Trj]" has been found in "C:\WINDOWS\System32\drivers\runtime.sys" file.

Sign of "Win32:Small-EPJ [Trj]" has been found in "http://208.66.194.241/s_17_2852016043?m=3&a=1&hdd=4536334459595236202020202020202020202020&fs=0&gen=0& amp;os=940000000500000001000000280a0000020000005365727669636

5205061636b2032" file.

Sign of "Win32:Small-EPJ [Trj]" has been found in "http://208.66.194.234/s_17_2852016043?m=3&a=1&hdd=4536334459595236202020202020202020202020&fs=0&gen=0& amp;os=940000000500000001000000280a0000020000005365727669636

5205061636b2032" file.

Sign of "Win32:Small-EPJ [Trj]" has been found in "http://62.72.1243.static.theplanet.com/s_17_2852016043?m=3&a=1&hdd=4536334459595236202020202020202020202020&fs=0&gen=0& amp;os=940000000500000001000000280a0000020000005365727669636

5205061636b2032" file.

Sign of "Win32:Small-EPJ [Trj]" has been found in "http://208.66.194.241/s_17_2852016043?m=3&a=1&hdd=4536334459595236202020202020202020202020&fs=0&gen=0& amp;os=940000000500000001000000280a0000020000005365727669636

5205061636b2032" file.

Sign of "Win32:Small-EPJ [Trj]" has been found in "http://208.66.194.234/s_17_2852016043?m=3&a=1&hdd=4536334459595236202020202020202020202020&fs=0&gen=0& amp;os=940000000500000001000000280a0000020000005365727669636

5205061636b2032" file.

Sign of "Win32:Small-EPJ [Trj]" has been found in "http://62.72.1243.static.theplanet.com/s_17_2852016043?m=3&a=1&hdd=4536334459595236202020202020202020202020&fs=0&gen=0& amp;os=940000000500000001000000280a0000020000005365727669636

5205061636b2032" file.

Sign of "Win32:Small-EPJ [Trj]" has been found in "http://208.66.194.241/s_17_2852016043?m=3&a=1&hdd=4536334459595236202020202020202020202020&fs=0&gen=0& amp;os=940000000500000001000000280a0000020000005365727669636

5205061636b2032" file.

Sign of "Win32:Small-EPJ [Trj]" has been found in "http://208.66.194.234/s_17_2852016043?m=3&a=1&hdd=4536334459595236202020202020202020202020&fs=0&gen=0& amp;os=940000000500000001000000280a0000020000005365727669636

5205061636b2032" file.

Sign of "Win32:Small-EPJ [Trj]" has been found in "http://62.72.1243.static.theplanet.com/s_17_2852016043?m=3&a=1&hdd=4536334459595236202020202020202020202020&fs=0&gen=0& amp;os=940000000500000001000000280a0000020000005365727669636

5205061636b2032" file.

Sign of "Win32:Small-EPJ [Trj]" has been found in "http://208.66.194.241/s_17_2852016043?m=3&a=1&hdd=4536334459595236202020202020202020202020&fs=0&gen=0& amp;os=940000000500000001000000280a0000020000005365727669636

5205061636b2032" file.

Sign of "Win32:Small-EPJ [Trj]" has been found in "http://616957.ds.nac.net/s_17_2852016043?m=3&a=1&hdd=4536334459595236202020202020202020202020&fs=0&gen=0& amp;os=940000000500000001000000280a0000020000005365727669636

5205061636b2032" file.

Sign of "Win32:Small-EPJ [Trj]" has been found in "http://616959.ds.nac.net/s_17_2852016043?m=3&a=1&hdd=4536334459595236202020202020202020202020&fs=0&gen=0& amp;os=940000000500000001000000280a0000020000005365727669636

5205061636b2032" file.

Sign of "Win32:Small-EPJ [Trj]" has been found in "http://208.66.194.234/s_17_2852016043?m=3&a=1&hdd=4536334459595236202020202020202020202020&fs=0&gen=0& amp;os=940000000500000001000000280a0000020000005365727669636

5205061636b2032" file.

Sign of "Win32:Small-EPJ [Trj]" has been found in "http://62.72.1243.static.theplanet.com/s_17_2852016043?m=3&a=1&hdd=4536334459595236202020202020202020202020&fs=0&gen=0& amp;os=940000000500000001000000280a0000020000005365727669636

5205061636b2032" file.

Sign of "Win32:Small-EPJ [Trj]" has been found in "http://208.66.194.241/s_17_2852016043?m=3&a=1&hdd=4536334459595236202020202020202020202020&fs=0&gen=0& amp;os=940000000500000001000000280a0000020000005365727669636

5205061636b2032" file.

27/10/2007 10:40:56 SYSTEM 1016 The virus database (VPS 071026-0) was automatically updated.

27/10/2007 15:53:30 SYSTEM 1160 The virus database (VPS 071027-0) was automatically updated.

28/10/2007 13:08:34 SYSTEM 1148 The virus database (VPS 071028-0) was automatically updated.

29/10/2007 16:18:31 SYSTEM 1252 The virus database (VPS 071029-0) was automatically updated.

jgarcia · Novembro 2, 2007

Opa glalla2005,

Baixe o ComboFix em:

ComboFix

1) Dê um duplo-clique no combofix.exe e tecle "1" para prosseguir. O processo vai durar, em média, 10 minutos;

2) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção);

3) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt;

4) Não clique na janela do ComboFix, nem feche clicando no X, enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco);

5) Para parar ou sair do ComboFix, tecle "N";

6) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta, juntamente com um novo log do HijackThis.

Abraços.

glalla2005 · Novembro 2, 2007

ComboFix 07-10-29.1 - GLAUBER 2007-10-31 19:41:20.2 - FAT32x86

Executando de: C:\Documents and Settings\GLAUBER\Configurações locais\Temporary Internet Files\Content.IE5\IK0YITSY\ComboFix[1].exe

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\system32\4_exception.nls

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\runtime

((((((((((((((((((((((( Ficheiros criados de 2007-09-28 to 2007-10-31 ))))))))))))))))))))))))))))))))

.

2007-10-31 17:39 1,744 --a------ C:\WINDOWS\system32\d3d9caps.dat

2007-10-31 12:56 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Adobe

2007-10-31 01:22 <DIR> d-------- C:\Documents and Settings\GLAUBER\Contacts

2007-10-31 01:21 <DIR> d-------- C:\WINDOWS\system32\DRVSTORE

2007-10-31 01:08 <DIR> d-------- C:\Arquivos de programas\MSN Messenger

2007-10-31 00:57 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

2007-10-31 00:54 <DIR> d-------- C:\Arquivos de programas\Free WMA to MP3 Converter

2007-10-31 00:47 <DIR> d-------- C:\Arquivos de programas\Illustrate

2007-10-31 00:47 4,103,032 --a------ C:\WINDOWS\system32\SpoonUninstall.exe

2007-10-31 00:47 13,021 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat

2007-10-31 00:24 24,576 --------- C:\WINDOWS\system32\UleadPhotoExplorer8_Res.dll

2007-10-31 00:24 24,576 --------- C:\WINDOWS\system32\Ulead Photo Explorer 8.scr

2007-10-31 00:23 <DIR> d-------- C:\Arquivos de programas\Ulead Systems

2007-10-31 00:23 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Ulead Systems

2007-10-31 00:22 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Ulead Systems

2007-10-31 00:19 68,220 --a------ C:\WINDOWS\system32\drivers\StMp3Rec.sys

2007-10-31 00:18 <DIR> d-------- C:\Arquivos de programas\Philips Firmware Manager

2007-10-30 20:37 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab

2007-10-30 20:37 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab

2007-10-30 11:55 51,200 --a------ C:\WINDOWS\NirCmd.exe

2007-10-30 02:04 <DIR> d-------- C:\WINDOWS\Sun

2007-10-30 00:36 <DIR> d-------- C:\WINDOWS\system32\NtmsData

2007-10-29 19:08 <DIR> d-------- C:\XP

2007-10-29 16:41 <DIR> d-------- C:\Arquivos de programas\SpywareBlaster

2007-10-29 16:12 <DIR> d-------- C:\Spyware Blaster

2007-10-29 10:53 <DIR> d-------- C:\Arquivos de programas\Java

2007-10-29 10:47 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Java

2007-10-29 10:45 <DIR> d-------- C:\Java

2007-10-29 02:29 <DIR> d-------- C:\Arquivos de programas\Aba Daba

2007-10-29 02:29 41,984 --a------ C:\WINDOWS\UnGins.exe

2007-10-29 02:04 <DIR> d-------- C:\WINDOWS\pss

2007-10-29 01:27 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy

2007-10-29 00:15 <DIR> d--h----- C:\WINDOWS\$hf_mig$

2007-10-29 00:15 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe

2007-10-29 00:09 43,352 --a------ C:\WINDOWS\system32\wups2.dll

2007-10-28 12:14 <DIR> d---s---- C:\Documents and Settings\GLAUBER\UserData

2007-10-28 01:53 <DIR> d-------- C:\Arquivos de programas\Racer

2007-10-28 01:49 <DIR> d-------- C:\MILHAO4

2007-10-28 01:46 107,008 --a------ C:\WINDOWS\system32\fxtls432.dll

2007-10-28 01:45 <DIR> d-------- C:\milhao3

2007-10-28 01:45 1,056,768 --a------ C:\WINDOWS\system32\Msjet35.dll

2007-10-28 01:45 430,080 --a------ C:\WINDOWS\system32\Msrepl35.dll

2007-10-28 01:45 252,176 --a------ C:\WINDOWS\system32\Msrd2x35.dll

2007-10-28 01:45 139,264 --a------ C:\WINDOWS\UNWISE.EXE

2007-10-28 01:45 123,664 --a------ C:\WINDOWS\system32\Msjint35.dll

2007-10-28 01:45 89,360 --a------ C:\WINDOWS\system32\Vb5db.dll

2007-10-28 01:45 72,704 --a------ C:\WINDOWS\system32\Odbctl32.dll

2007-10-28 01:45 24,848 --a------ C:\WINDOWS\system32\Msjter35.dll

2007-10-28 01:41 <DIR> d-------- C:\Revista

2007-10-28 01:24 <DIR> d-------- C:\WINDOWS\Cache

2007-10-28 01:22 <DIR> d-------- C:\Arquivos de programas\CDex_150

2007-10-28 01:20 <DIR> d-------- C:\Arquivos de programas\Lavalys

2007-10-28 01:20 <DIR> d-------- C:\Arquivos de programas\Encoder 2002

2007-10-28 01:11 <DIR> d-------- C:\Arquivos de programas\Reg Seeker

2007-10-28 01:09 <DIR> d-------- C:\Documents and Settings\GLAUBER\Dados de aplicativos\Skype

2007-10-28 01:08 <DIR> d-------- C:\Arquivos de programas\Skype

2007-10-28 01:06 <DIR> d-------- C:\Documents and Settings\GLAUBER\Dados de aplicativos\SopCast

2007-10-28 01:06 <DIR> d-------- C:\Arquivos de programas\SopCast

2007-10-28 01:05 <DIR> d-------- C:\Arquivos de programas\RegCleaner

2007-10-28 00:54 <DIR> d-------- C:\Documents and Settings\GLAUBER\Dados de aplicativos\Shareaza

2007-10-28 00:54 <DIR> d-------- C:\Arquivos de programas\Shareaza

2007-10-28 00:52 <DIR> d-------- C:\Arquivos de programas\Soulseek-Test

2007-10-28 00:46 <DIR> d--h----- C:\WINDOWS\PIF

2007-10-28 00:39 <DIR> d-------- C:\Arquivos de programas\Gmail auto configurador do outlook express

2007-10-28 00:33 <DIR> d-------- C:\Arquivos de programas\ToniArts

2007-10-28 00:33 <DIR> d--h----- C:\Arquivos de programas\InstallShield Installation Information

2007-10-28 00:33 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\InstallShield

2007-10-28 00:21 <DIR> d-------- C:\Arquivos de programas\Crazy Browser

2007-10-28 00:08 <DIR> d-------- C:\Arquivos de programas\CCleaner

2007-10-28 00:06 <DIR> d-------- C:\Arquivos de programas\Belarc

2007-10-28 00:06 3,840 --a------ C:\WINDOWS\system32\drivers\BANTExt.sys

2007-10-28 00:05 <DIR> d-------- C:\Arquivos de programas\Arr Name

2007-10-27 23:54 <DIR> d-------- C:\Arquivos de programas\ICEOWS

2007-10-27 23:47 <DIR> d-------- C:\Documents and Settings\GLAUBER\Dados de aplicativos\Lavasoft

2007-10-27 23:47 <DIR> d-------- C:\Arquivos de programas\Lavasoft

2007-10-27 19:55 <DIR> d-------- C:\startdreck

2007-10-27 19:55 <DIR> d-------- C:\Pimaco

2007-10-27 19:54 <DIR> d-------- C:\Killbox

2007-10-27 19:54 <DIR> d-------- C:\JOGOS

2007-10-27 19:53 <DIR> d-------- C:\HijackThis

2007-10-27 19:52 <DIR> d-------- C:\GenialGiFT

2007-10-27 19:51 <DIR> d-------- C:\Dic

2007-10-27 19:51 <DIR> d-------- C:\Desligamento Rápido

2007-10-27 19:51 <DIR> d-------- C:\CadEtiq

2007-10-27 19:50 <DIR> d-------- C:\ATARI

2007-10-27 19:50 <DIR> d-------- C:\ARJ32

2007-10-27 19:19 <DIR> d-------- C:\Músicas MP3

2007-10-27 15:50 <DIR> d--hs---- C:\Recycled

2007-10-27 15:40 <DIR> d-------- C:\Arquivos de programas\Discador Yahoo

2007-10-27 15:26 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys

2007-10-27 10:20 <DIR> d-------- C:\Arquivos de programas\Alwil Software

2007-10-27 10:07 <DIR> d-------- C:\Documents and Settings\GLAUBER\Dados de aplicativos\Ahead

2007-10-27 10:04 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Nero

2007-10-27 10:04 <DIR> d-------- C:\Arquivos de programas\Nero

2007-10-27 10:04 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Ahead

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-10-27 11:07 --------- d-----w C:\Arquivos de programas\microsoft frontpage

2007-10-27 11:03 --------- d-----w C:\Arquivos de programas\Serviços on-line

2007-10-27 11:02 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

2007-10-27 11:02 --------- d-----w C:\Arquivos de programas\Arquivos comuns\MSSoap

2007-10-27 10:50 --------- d-----w C:\Arquivos de programas\Arquivos comuns\SpeechEngines

2007-10-27 10:50 --------- d-----w C:\Arquivos de programas\Arquivos comuns\ODBC

2007-09-06 09:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe

2007-09-06 09:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys

2007-09-06 09:05 92,848 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys

2007-09-06 09:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys

2007-09-06 09:02 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys

2007-09-06 09:00 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr

2007-09-06 09:00 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys

2007-07-30 21:19 92,504 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll

2007-07-30 21:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll

2007-07-30 21:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll

2007-07-30 21:19 549,720 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll

2007-07-30 21:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe

2007-07-30 21:19 53,080 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe

2007-07-30 21:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll

2007-07-30 21:19 325,976 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll

2007-07-30 21:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll

2007-07-30 21:19 203,096 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll

2007-07-30 21:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll

2007-07-30 21:19 1,712,984 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll

2007-07-30 21:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll

2007-07-30 21:18 33,624 ----a-w C:\WINDOWS\system32\dllcache\wups.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 07:06]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 16:14]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:45]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Microsoft Office.lnk - C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

"C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

.

**************************************************************************

catchme 0.3.1239 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-10-31 19:45:59

Windows 5.1.2600 Service Pack 2 FAT NTAPI

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2007-10-31 19:47:07 - machine was rebooted

.

--- E O F ---

Logfile of HijackThis v1.99.1

Scan saved at 12:18:15, on 2/11/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\AutoSizer\AutoSizer.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\slserv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\Arquivos de programas\Crazy Browser\Crazy Browser.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Outlook Express\msimn.exe

C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://baixaki.ig.com.br/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [AutoSizer] "C:\Arquivos de programas\AutoSizer\AutoSizer.exe"

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1193623657812

O17 - HKLM\System\CCS\Services\Tcpip\..\{BD5F61E1-8229-4028-BB93-168ECFA3D2F0}: NameServer = 200.204.0.10,200.204.0.138

O17 - HKLM\System\CCS\Services\Tcpip\..\{EA102849-482C-4F49-B64B-F4DFE2B508D6}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

Aguardo demais instruções.

jgarcia · Novembro 3, 2007

Opa glalla2005,

Não há entradas anormais em seus logs. O problema persiste?

glalla2005 · Novembro 3, 2007

Opa glalla2005,

Não há entradas anormais em seus logs. O problema persiste?

Sim, hoje após eu abrir um site com pop-ups mesmo deixando a opção de bloquear as pop-ups pelo IE, o Avast mostrou os mesmos erros.

Então fiz novamente os mesmos procedimentos do início do tópico.

Estou achando que o Avast está com algum falso positivo. Estou pensando em trocar o Avast pelo Antivir Avira.

ComboFix 07-11-01.1** - GLAUBER 2007-11-03 15:49:02.3 - FAT32x86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.69 [GMT -2:00]Executando de: C:\Documents and Settings\GLAUBER\Configurações locais\Temporary Internet Files\Content.IE5\IRLNIBN8\ComboFix[1].exe

* Criado um novo ponto de restauro

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\system32\9_exception.nls

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\runtime

((((((((((((((((((((((( Ficheiros criados de 2007-10-03 to 2007-11-03 ))))))))))))))))))))))))))))))))

.

2007-11-02 00:52 916,072 --a------ C:\fsbl.exe

2007-11-02 00:34 <DIR> d-------- C:\Arquivos de programas\AutoSizer

2007-11-01 11:29 <DIR> d-------- C:\Documents and Settings\GLAUBER\Dados de aplicativos\SUPERAntiSpyware.com

2007-11-01 11:29 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\SUPERAntiSpyware.com

2007-11-01 11:29 <DIR> d-------- C:\Arquivos de programas\SUPERAntiSpyware

2007-11-01 11:28 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard