[Resolvido!] Log para conferência

[Salgado 4]

Boas pessoal competente!

Meu PC às vezes trava na 1ª inicialização do dia, depois de resetar ele funciona normalmente o dia inteiro, podendo mesmo ser desligado e religado após 1 ou 2 horas.

 

Segue o LOG:

Logfile of HijackThis v1.99.1

Scan saved at 16:07:29, on 24/6/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Google\Google Talk\googletalk.exe

C:\Arquivos de programas\Windows Live\Proteção para a Família\fssui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Arquivos de programas\Windows Live\Proteção para a Família\fssbho.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [fssui] "C:\Arquivos de programas\Windows Live\Proteção para a Família\fssui.exe" -autorun

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Conexão Oi Velox] "C:\Arquivos de programas\Oi Velox\Conexão\pppoe.exe"

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1209060596203

O17 - HKLM\System\CCS\Services\Tcpip\..\{6923F7B0-05BA-409A-8C0A-AC51532F8787}: NameServer = 200.149.55.140 200.165.132.147

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

 

E já agradeço por qualquer observação.

[jgarcia 1]

Opa Salgado,

 

Baixe o ComboFix em:

ComboFix

 

1) Desabilite o seu anti-vírus temporariamente;

2) Dê um duplo-clique no combofix.exe e tecle "1" para prosseguir. O processo vai durar, em média, 10 minutos;

3) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção);

4) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt;

5) Não clique na janela do ComboFix, nem feche clicando no X, enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco);

6) Para parar ou sair do ComboFix, tecle "N";

7) Reabilite o seu anti-vírus;

8) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta.

 

Abraços.

[Salgado 4]

Após o boot foi gerado o seguinte LOG pelo Combofix:

ComboFix 08-06-20.4 - Alex 2008-06-28 9:41:48.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.604 [GMT -3:00]

Executando de: C:\combofix\ComboFix.exe

* Criado um novo ponto de restauro

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\system32\packet.dll

C:\WINDOWS\system32\pthreadVC.dll

C:\WINDOWS\system32\wpcap.dll

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_NPF

-------\Service_NPF

 

 

((((((((((((((((((((((( Ficheiros criados de 2008-05-28 to 2008-06-28 ))))))))))))))))))))))))))))))))

.

 

2008-06-28 09:47 . 2008-06-28 09:47 <DIR> d-------- C:\Temp\WPDNSE

2008-06-28 09:47 . 2008-06-28 09:47 53,248 --a------ C:\Temp\catchme.dll

2008-06-28 09:44 . 2008-06-28 09:49 <DIR> d-------- C:\Temp

2008-06-21 18:46 . 2008-06-21 18:46 <DIR> d-------- C:\Arquivos de programas\WinAVI Video Converter

2008-06-20 17:38 . 2008-06-20 17:39 <DIR> d-------- C:\Documents and Settings\Amanda\Dados de aplicativos\Lightcomm

2008-06-12 18:41 . 2008-06-12 18:41 <DIR> d-------- C:\Documents and Settings\Alex\Dados de aplicativos\CyberLink

2008-06-11 22:48 . 2008-06-11 22:48 <DIR> d-------- C:\Program Files

2008-06-11 22:48 . 2004-02-22 10:11 719,872 --a------ C:\WINDOWS\system32\devil.dll

2008-06-11 22:48 . 2006-10-07 17:43 502,784 --a------ C:\WINDOWS\x2.64.exe

2008-06-11 22:48 . 2008-02-07 16:15 408,576 --a------ C:\WINDOWS\system32\Smab.dll

2008-06-11 22:48 . 2007-05-17 17:30 318,976 --a------ C:\WINDOWS\system32\avisynth.dll

2008-06-11 22:48 . 2005-02-28 13:16 240,128 --a------ C:\WINDOWS\system32\x.264.exe

2008-06-11 22:48 . 2006-04-12 09:47 217,073 --a------ C:\WINDOWS\meta4.exe

2008-06-11 22:48 . 2004-01-25 00:00 70,656 --a------ C:\WINDOWS\system32\i420vfw.dll

2008-06-11 22:48 . 2006-04-05 08:09 66,560 --a------ C:\WINDOWS\MOTA113.exe

2008-06-11 22:48 . 2005-07-14 12:31 27,648 --a------ C:\WINDOWS\system32\AVSredirect.dll

2008-06-11 22:47 . 2008-06-11 22:47 <DIR> d-------- C:\Arquivos de programas\eRightSoft

2008-06-11 22:28 . 2008-06-11 22:28 <DIR> d-------- C:\Arquivos de programas\7-Zip

2008-06-10 22:44 . 2008-05-08 11:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys

2008-06-10 22:43 . 2008-06-14 14:34 272,384 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

2008-06-05 18:32 . 2008-06-05 18:37 <DIR> d-------- C:\WINDOWS\system32\NtmsData

2008-05-29 18:20 . 2008-05-29 18:20 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\SWF Studio

 

.

((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-28 12:47 --------- d-----w C:\Documents and Settings\Alex\Dados de aplicativos\Lightcomm

2008-06-27 15:24 --------- d-----w C:\Documents and Settings\Alex\Dados de aplicativos\uTorrent

2008-06-26 22:17 --------- d-----w C:\Documents and Settings\Samira\Dados de aplicativos\Lightcomm

2008-06-24 11:16 --------- d-----w C:\Arquivos de programas\Foxit Software

2008-06-14 17:34 272,384 ------w C:\WINDOWS\system32\drivers\bthport.sys

2008-06-12 21:30 --------- d-----w C:\Documents and Settings\Alex\Dados de aplicativos\Ahead

2008-05-26 23:31 --------- d-----w C:\Arquivos de programas\Microsoft Silverlight

2008-05-20 18:02 --------- d-----w C:\Arquivos de programas\Windows Live

2008-05-20 03:02 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-05-20 03:01 --------- d-----w C:\Arquivos de programas\Spybot - Search & Destroy

2008-05-20 02:50 691,545 ----a-w C:\WINDOWS\unins000.exe

2008-05-19 21:53 --------- d-----w C:\Arquivos de programas\Windows Media Connect 2

2008-05-19 21:31 --------- d-----w C:\Arquivos de programas\Windows Live Toolbar

2008-05-19 21:31 --------- d-----w C:\Arquivos de programas\Windows Live Favorites

2008-05-19 21:26 --------- d-----w C:\Arquivos de programas\Microsoft SQL Server Compact Edition

2008-05-19 21:11 --------- dcsh--w C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-05-19 21:02 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-05-19 20:59 --------- d-----w C:\Arquivos de programas\Puxa Rápido

2008-05-15 16:57 --------- d-----w C:\Documents and Settings\Alex\Dados de aplicativos\LimeWire

2008-05-11 20:57 --------- d-----w C:\Arquivos de programas\LimeWire

2008-05-11 20:34 --------- d-----w C:\Arquivos de programas\uTorrent

2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys

2008-04-28 20:19 --------- d-----w C:\Arquivos de programas\Programas RFB

2008-04-14 02:21 70,144 ----a-w C:\WINDOWS\notepad.exe

2008-04-14 02:21 32,866 ------w C:\WINDOWS\slrundll.exe

2008-04-14 02:21 287,744 ----a-w C:\WINDOWS\winhlp32.exe

2008-04-14 02:21 150,528 ----a-w C:\WINDOWS\regedit.exe

2008-04-14 02:21 10,752 ----a-w C:\WINDOWS\hh.exe

2008-04-14 02:20 50,688 ----a-w C:\WINDOWS\twain_32.dll

2008-04-14 02:20 451,072 ----a-w C:\WINDOWS\AppPatch\aclayers.dll

2008-04-14 02:20 39,424 ------w C:\WINDOWS\AppPatch\acadproc.dll

2008-04-14 02:20 245,248 ----a-w C:\WINDOWS\AppPatch\acspecfc.dll

2008-04-14 02:20 141,312 ----a-w C:\WINDOWS\AppPatch\aclua.dll

2008-04-14 02:20 116,224 ----a-w C:\WINDOWS\AppPatch\acxtrnal.dll

2008-04-14 02:20 1,852,928 ----a-w C:\WINDOWS\AppPatch\acgenral.dll

2008-04-14 02:20 1,035,776 ----a-w C:\WINDOWS\explorer.exe

2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll

2007-02-21 11:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll

2007-12-17 13:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]

C:\Arquivos de programas\Windows Live\Proteção para a Família\fssbho.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 23:20 15360]

"Conexão Oi Velox"="C:\Arquivos de programas\Oi Velox\Conexão\pppoe.exe" [ ]

"SpybotSD TeaTimer"="C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

"MsnMsgr"="C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]

"RemoteControl"="C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 17:35 32768]

"googletalk"="C:\Arquivos de programas\Google\Google Talk\googletalk.exe" [2007-01-01 19:54 3735552]

"fssui"="C:\Arquivos de programas\Windows Live\Proteção para a Família\fssui.exe" [ ]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 23:20 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_3"="advpack.dll" [2008-04-23 04:14 124928 C:\WINDOWS\system32\advpack.dll]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.i420"= i420vfw.dll

"VIDC.YV12"= yv12vfw.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\\Arquivos de programas\\Google\\Google Talk\\googletalk.exe"=

"C:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"C:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"C:\\WINDOWS\\system32\\sessmgr.exe"=

"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

 

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-15 20:20]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-15 20:16]

R2 fssfltr;FssFltr;C:\WINDOWS\system32\DRIVERS\fssfltr.sys [2007-10-17 13:53]

R2 fsssvc;Windows Live OneCare Proteção para a Família;"C:\Arquivos de programas\Windows Live\Proteção para a Família\fsssvc.exe" []

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS [2002-06-10 00:09]

R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2007-06-10 11:12]

 

.

Conte£do da pasta 'Tarefas Agendadas'

"2008-06-28 12:30:04 C:\WINDOWS\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job"

[jgarcia 1]

Opa Salgado,

 

Siga as instruções:

 

1. Baixe o MSNFix e salve-o em seu desktop.

• a. Extraia os arquivos. Será criada uma pasta MSNFix.
  b. Entre na pasta e dê um duplo-clique no MSNFix.bat. A janela MSN_Fix-menu irá se abrir.
  c. Primeiro tecle P para escolher o idioma Português (Brasil) e dê Enter.
  d. Depois tecle R e dê Enter para começar o exame. Se uma infecção for encontrada, aparecerá a mensagem Infecção Presente. Então aperte qualquer tecla, menos a Q que é para sair do programa.
  e. O processo de remoção comecará. Aguarde, pois o mesmo pode demorar alguns minutos.
  f. Ao final abrir-se-á o bloco de notas com um relatório. Selecione e copie o conteúdo relatório, colando-o em sua próxima resposta.
   
  PS.: Este relatório será salvo na pasta MSNFix sob o nome msnfix.txt.
  

2. Poste ainda um novo log do ComboFix.

 

Abraços.

[Salgado 4]

Vamos lá:

MSNFix 1.728

 

C:\Documents and Settings\Alex\Desktop\msnfix\MSNFix

Fix lançado dia 2008-06-30 - 22:08:39.79 By Alex

modo normal

 

************************ Procurando os arquivos presentes

 

... C:\WINDOWS\WinLogT.exe

 

************************ Procurando as pastas presentes

 

Nenhuma pasta encontrada

 

 

 

 

************************ Apagando os arquivos

 

.. OK ... C:\WINDOWS\WinLogT.exe

 

 

 

************************ Limpeza do registro

 

 

 

Os arquivos ainda presentes serão apagado no proximo boot

 

 

Nenhum arquivo encontrado

 

 

 

************************ Arquivos suspeitos

 

Nenhum arquivo encontrado

 

 

Os arquivos e as chaves do registro apagados foram salvos no arquivo 2008-06-30_221516.09.zip

 

************************ HKLM\...\Winlogon\Userinit

 

Userinit = C:\WINDOWS\system32\userinit.exe,

 

------------------------------------------------------------------------

Autor : !aur3n7 Contact: http://changelog.fr

------------------------------------------------------------------------

 

--------------------------------------------- END ---------------------------------------------

 

ComboFix 08-06-20.4 - Alex 2008-06-30 22:28:00.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.613 [GMT -3:00]

Executando de: C:\Downloads\prg\ComboFix.exe

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

C:\WINDOWS\system32\packet.dll

C:\WINDOWS\system32\pthreadVC.dll

C:\WINDOWS\system32\wpcap.dll

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_NPF

-------\Service_NPF

 

 

((((((((((((((((((((((( Ficheiros criados de 2008-06-01 to 2008-07-01 ))))))))))))))))))))))))))))))))

.

 

2008-06-30 22:30 . 2008-06-30 22:30 53,248 --a------ C:\Temp\catchme.dll

2008-06-30 22:16 . 2008-06-30 22:16 16,384 --a----t- C:\Temp\Perflib_Perfdata_838.dat

2008-06-28 11:46 . 2008-06-28 11:46 <DIR> d-------- C:\Arquivos de programas\Alcohol Soft

2008-06-28 10:36 . 2008-06-28 10:36 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2008-06-28 09:44 . 2008-06-30 22:31 <DIR> d-------- C:\Temp

2008-06-21 18:46 . 2008-06-21 18:46 <DIR> d-------- C:\Arquivos de programas\WinAVI Video Converter

2008-06-20 17:38 . 2008-06-20 17:39 <DIR> d-------- C:\Documents and Settings\Amanda\Dados de aplicativos\Lightcomm

2008-06-12 18:41 . 2008-06-12 18:41 <DIR> d-------- C:\Documents and Settings\Alex\Dados de aplicativos\CyberLink

2008-06-11 22:48 . 2008-06-11 22:48 <DIR> d-------- C:\Program Files

2008-06-11 22:48 . 2004-02-22 10:11 719,872 --a------ C:\WINDOWS\system32\devil.dll

2008-06-11 22:48 . 2006-10-07 17:43 502,784 --a------ C:\WINDOWS\x2.64.exe

2008-06-11 22:48 . 2008-02-07 16:15 408,576 --a------ C:\WINDOWS\system32\Smab.dll

2008-06-11 22:48 . 2007-05-17 17:30 318,976 --a------ C:\WINDOWS\system32\avisynth.dll

2008-06-11 22:48 . 2005-02-28 13:16 240,128 --a------ C:\WINDOWS\system32\x.264.exe

2008-06-11 22:48 . 2006-04-12 09:47 217,073 --a------ C:\WINDOWS\meta4.exe

2008-06-11 22:48 . 2004-01-25 00:00 70,656 --a------ C:\WINDOWS\system32\i420vfw.dll

2008-06-11 22:48 . 2006-04-05 08:09 66,560 --a------ C:\WINDOWS\MOTA113.exe

2008-06-11 22:48 . 2005-07-14 12:31 27,648 --a------ C:\WINDOWS\system32\AVSredirect.dll

2008-06-11 22:47 . 2008-06-11 22:47 <DIR> d-------- C:\Arquivos de programas\eRightSoft

2008-06-11 22:28 . 2008-06-11 22:28 <DIR> d-------- C:\Arquivos de programas\7-Zip

2008-06-10 22:44 . 2008-05-08 11:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys

2008-06-10 22:43 . 2008-06-14 14:34 272,384 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

2008-06-05 18:32 . 2008-06-05 18:37 <DIR> d-------- C:\WINDOWS\system32\NtmsData

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-01 01:16 --------- d-----w C:\Documents and Settings\Alex\Dados de aplicativos\Lightcomm

2008-06-27 15:24 --------- d-----w C:\Documents and Settings\Alex\Dados de aplicativos\uTorrent

2008-06-26 22:17 --------- d-----w C:\Documents and Settings\Samira\Dados de aplicativos\Lightcomm

2008-06-24 11:16 --------- d-----w C:\Arquivos de programas\Foxit Software

2008-06-14 17:34 272,384 ------w C:\WINDOWS\system32\drivers\bthport.sys

2008-06-12 21:30 --------- d-----w C:\Documents and Settings\Alex\Dados de aplicativos\Ahead

2008-05-29 21:20 --------- d-----w C:\Arquivos de programas\Arquivos comuns\SWF Studio

2008-05-26 23:31 --------- d-----w C:\Arquivos de programas\Microsoft Silverlight

2008-05-20 18:02 --------- d-----w C:\Arquivos de programas\Windows Live

2008-05-20 03:02 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-05-20 03:01 --------- d-----w C:\Arquivos de programas\Spybot - Search & Destroy

2008-05-20 02:50 691,545 ----a-w C:\WINDOWS\unins000.exe

2008-05-19 21:53 --------- d-----w C:\Arquivos de programas\Windows Media Connect 2

2008-05-19 21:31 --------- d-----w C:\Arquivos de programas\Windows Live Toolbar

2008-05-19 21:31 --------- d-----w C:\Arquivos de programas\Windows Live Favorites

2008-05-19 21:26 --------- d-----w C:\Arquivos de programas\Microsoft SQL Server Compact Edition

2008-05-19 21:11 --------- dcsh--w C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-05-19 21:02 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-05-19 20:59 --------- d-----w C:\Arquivos de programas\Puxa Rápido

2008-05-15 16:57 --------- d-----w C:\Documents and Settings\Alex\Dados de aplicativos\LimeWire

2008-05-11 20:57 --------- d-----w C:\Arquivos de programas\LimeWire

2008-05-11 20:34 --------- d-----w C:\Arquivos de programas\uTorrent

2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys

2008-05-07 05:11 1,292,800 ----a-w C:\WINDOWS\system32\quartz.dll

2008-04-23 07:14 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-04-14 02:37 1,804 ----a-w C:\WINDOWS\system32\dcache.bin

2008-04-14 02:24 332,800 ----a-w C:\WINDOWS\system32\netsetup.exe

2008-04-14 02:20 99,840 ----a-w C:\WINDOWS\system32\winscard.dll

2008-04-14 02:19 763,392 ----a-w C:\WINDOWS\system32\winntbbu.dll

2008-04-14 02:19 57,375 ----a-w C:\WINDOWS\system32\odbcji32.dll

2008-04-14 02:19 5,632 ----a-w C:\WINDOWS\system32\wmi.dll

2008-04-14 02:19 102,912 ----a-w C:\WINDOWS\system32\dpcdll.dll

2008-04-14 02:01 2,193,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe

2008-04-14 02:00 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll

2008-04-14 02:00 2,070,144 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe

2008-04-14 01:58 86,016 ----a-w C:\WINDOWS\system32\msxml6r.dll

2008-04-14 01:57 80,896 ------w C:\WINDOWS\system32\msshavmsg.dll

2008-04-14 01:56 49,664 ----a-w C:\WINDOWS\system32\inetres.dll

2008-04-14 01:55 563,712 ----a-w C:\WINDOWS\system32\shdoclc.dll

2008-04-14 01:54 10,240 ----a-w C:\WINDOWS\system32\gpkrsrc.dll

2008-04-14 01:54 1,845,760 ----a-w C:\WINDOWS\system32\win32k.sys

2008-04-14 01:53 67,584 ----a-w C:\WINDOWS\system32\browselc.dll

2008-04-13 22:21 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe

2008-04-13 22:20 995,328 ----a-w C:\WINDOWS\system32\setupapi.dll

2008-04-13 22:20 424,448 ----a-w C:\WINDOWS\system32\licdll.dll

2008-04-13 18:44 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys

2008-04-13 18:43 9,728 ------w C:\WINDOWS\system32\comsdupd.exe

2008-04-13 18:43 12,800 ----a-w C:\WINDOWS\system32\spiisupd.exe

2008-04-13 18:40 444,928 ----a-w C:\WINDOWS\system32\xpob2res.dll

2008-04-13 18:35 2,945,536 ----a-w C:\WINDOWS\system32\xpsp2res.dll

2008-04-13 18:35 192,512 ----a-w C:\WINDOWS\system32\xpsp1res.dll

2008-04-13 18:31 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll

2008-04-13 18:30 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll

2008-04-13 17:37 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll

2008-04-13 17:37 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll

2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll

2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll

2008-04-13 17:21 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll

2008-04-13 16:48 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll

2008-04-13 16:45 216,064 ----a-w C:\WINDOWS\system32\moricons.dll

2008-04-13 16:23 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll

2008-04-13 15:39 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll

2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll

2007-02-21 11:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll

2007-12-17 13:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll

.

 

((((((((((((((((((((((((((((( snapshot@2008-06-28_ 9.52.15.48 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-06-28 12:47:07 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-07-01 01:11:54 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2004-07-15 05:49:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1496\_aspnet_isapi.dll

+ 2004-07-15 04:32:22 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1496\_CORPerfMonExt.dll

+ 2004-07-15 04:24:30 282,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1496\_fusion.dll

+ 2004-07-15 04:25:06 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1496\_mscorjit.dll

+ 2004-07-15 18:29:02 2,138,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1496\_mscorlib.dll

+ 2003-02-20 23:09:18 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1496\_mscorsn.dll

+ 2004-07-15 04:26:52 2,510,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1496\_mscorsvr.dll

+ 2004-07-15 04:28:34 2,502,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1496\_mscorwks.dll

+ 2003-02-21 08:42:22 348,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1496\_msvcr71.dll

+ 2004-07-15 04:34:50 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1496\_PerfCounter.dll

+ 2004-07-15 05:49:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW896\_aspnet_isapi.dll

+ 2004-07-15 04:32:22 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW896\_CORPerfMonExt.dll

+ 2004-07-15 04:24:30 282,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW896\_fusion.dll

+ 2004-07-15 04:25:06 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW896\_mscorjit.dll

+ 2004-07-15 18:29:02 2,138,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW896\_mscorlib.dll

+ 2003-02-20 23:09:18 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW896\_mscorsn.dll

+ 2004-07-15 04:26:52 2,510,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW896\_mscorsvr.dll

+ 2004-07-15 04:28:34 2,502,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW896\_mscorwks.dll

+ 2003-02-21 08:42:22 348,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW896\_msvcr71.dll

+ 2004-07-15 04:34:50 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW896\_PerfCounter.dll

- 2008-01-17 17:34:01 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys

+ 2008-01-17 18:34:01 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys

+ 2008-07-01 01:12:05 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_4e8.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]

2007-12-17 11:12 56360 --a------ C:\Arquivos de programas\Windows Live\Proteção para a Família\fssbho.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 23:20 15360]

"Conexão Oi Velox"="C:\Arquivos de programas\Oi Velox\Conexão\pppoe.exe" [2007-06-13 14:43 2156032]

"SpybotSD TeaTimer"="C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

"MsnMsgr"="C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]

"AlcoholAutomount"="C:\Arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-02-22 08:30 217544]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]

"RemoteControl"="C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 17:35 32768]

"googletalk"="C:\Arquivos de programas\Google\Google Talk\googletalk.exe" [2007-01-01 19:54 3735552]

"fssui"="C:\Arquivos de programas\Windows Live\Proteção para a Família\fssui.exe" [2007-12-17 11:12 243240]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-15 20:19 79224]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 23:20 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_3"="advpack.dll" [2008-04-23 04:14 124928 C:\WINDOWS\system32\advpack.dll]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.i420"= i420vfw.dll

"VIDC.YV12"= yv12vfw.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\\Arquivos de programas\\Google\\Google Talk\\googletalk.exe"=

"C:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"C:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"C:\\WINDOWS\\system32\\sessmgr.exe"=

"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

 

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-15 20:20]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-15 20:16]

R2 fssfltr;FssFltr;C:\WINDOWS\system32\DRIVERS\fssfltr.sys [2007-10-17 13:53]

R2 fsssvc;Windows Live OneCare Proteção para a Família;"C:\Arquivos de programas\Windows Live\Proteção para a Família\fsssvc.exe" [2007-12-17 11:13]

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS [2002-06-10 00:09]

R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2007-06-10 11:12]

 

.

Conteúdo da pasta 'Tarefas Agendadas'

"2008-07-01 01:30:03 C:\WINDOWS\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job"

- C:\Arquivos de programas\Windows Live Toolbar\MSNTBUP.EXE

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-30 22:31:01

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-06-30 22:34:34

ComboFix-quarantined-files.txt 2008-07-01 01:34:28

 

Pre-Run: 29,614,764,032 bytes disponíveis

Post-Run: 29,604,012,032 bytes disponíveis

 

200 --- E O F --- 2008-06-29 20:37:46

[jgarcia 1]

Opa Salgado,

 

1. Baixe o Kaspersky Virus Removal Tool.

 

2. O arquivo possui 19 Mb, mas o resultado compensará o trabalho.

 

3. Reinicie a máquina em Modo Seguro.

 

4. Execute a ferramenta dando duplo-clique sobre o arquivo baixado.

 

5. Abrir-se-á a seguinte janela:

 

6. Marque os diretórios que deseja varrer (é melhor marcar todos).

 

7. Clique em Scan e aguarde o término do processo.

 

8. Terminada a varredura, retorne com o resultado.

 

Abraços.

[Salgado 4]

Obrigado jota, segue trechinho do log que gerei.

Scan
----
Scanned:	709178
Detected:	0
Untreated:	0
Start time:	2/7/2008 19:17:41
Duration:	14:51:10
Finish time:	3/7/2008 10:08:51

Acha necessário novo log do hijackthis?

[jgarcia 1]

Obrigado jota, segue trechinho do log que gerei.

Scan
----
Scanned:	709178
Detected:	0
Untreated:	0
Start time:	2/7/2008 19:17:41
Duration:	14:51:10
Finish time:	3/7/2008 10:08:51

Acha necessário novo log do hijackthis?

Me parece que não. A máquina está limpa. O que me diz amigo Salgado?

[Salgado 4]

Grato jota, o PC está iniciando sem problemas aparentes.

 

Posso fazer uma pergunta para que eu consiga visualizar as possíveis infecções? Quais foram os indícios que lhe indicaram a presença de infecções em cada LOG que lhe passei?

 

 

Outra duvida que vem ocorrendo, reinstalei a algum tempo o XP e baixei todas as atualizações mas uma delas insiste em dar erro e solicitar a instalação novamente ela é a Atualização de segurança para o MicroSoft .NET Framework, versão 1.1, Service Pack 1. (KB928366)..

Não encontrei muita coisa sobre como retirar/excluir essa atualização, consegue me ajudar nessa?

[jgarcia 1]

Outra duvida que vem ocorrendo, reinstalei a algum tempo o XP e baixei todas as atualizações mas uma delas insiste em dar erro e solicitar a instalação novamente ela é a Atualização de segurança para o MicroSoft .NET Framework, versão 1.1, Service Pack 1. (KB928366)..

Não encontrei muita coisa sobre como retirar/excluir essa atualização, consegue me ajudar nessa?

Isto também aconteceu comigo.

 

Bem, após inúmeras tentativas fracassadas, eu cancelei a atualização e marquei a caixa Não lembrar-me desta atualização novamente. Resolveu. :thumbsup:

[Mário Monteiro 179]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.