[Arquivado] Análise de log

[venturap 0]

Bom dia,

Esse é o meu primeiro contato com vocês e escrevo porque estou com um problema chato no meu pc...

Se tento entrar no msn, a tela trava e minutos depois entra a mensagem "O windows live communication platform parou de funcionar".

Tentei me informar a respeito e resolvi instalar o Combofix pois parece que esse erro estaria relacionado a algum tipo de vírus. Recebi o log mas ainda não sei o que fazer por isso preferi confiar em quem entende do assunto!

 

Vocês podem me ajudar? Estou preocupada! Desde já agradeço!

 

Aí vai o log:

 

ComboFix 09-07-12.03 - Luana 13/07/2009 13:56.1.2 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.55.1046.18.2813.1731 [GMT -3:00]

Executando de: c:\users\Luana\Desktop\ComboFix.exe

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\$recycle.bin\S-1-5-21-1430575796-37152530-360485526-500

c:\$recycle.bin\S-1-5-21-703815751-3185536837-3713799660-500

c:\windows\Installer\1ec52.msi

c:\windows\Installer\32f65.msi

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-06-13 to 2009-07-13 ))))))))))))))))))))))))))))

.

 

2009-07-13 17:01 . 2009-07-13 17:01 -------- d-----w- c:\users\Convidado\AppData\Local\temp

2009-06-25 05:31 . 2009-06-25 05:31 -------- d-----w- c:\program files\Alwil Software

2009-06-14 02:19 . 2009-06-14 02:20 1915520 ----a-w- c:\users\Luana\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe

2009-06-14 00:49 . 2009-04-30 12:37 428544 ----a-w- c:\windows\system32\EncDec.dll

2009-06-14 00:49 . 2009-04-30 12:37 293376 ----a-w- c:\windows\system32\psisdecd.dll

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-07-13 15:51 . 2009-03-16 17:24 634222 ----a-w- c:\windows\system32\prfh0416.dat

2009-07-13 15:51 . 2009-03-16 17:24 121888 ----a-w- c:\windows\system32\prfc0416.dat

2009-07-13 14:08 . 2009-03-16 12:37 12 ----a-w- c:\windows\bthservsdp.dat

2009-07-06 20:00 . 2009-04-20 01:13 680 ----a-w- c:\users\Luana\AppData\Local\d3d9caps.dat

2009-06-25 05:33 . 2009-03-16 12:51 -------- d-----w- c:\program files\Common Files\Symantec Shared

2009-06-25 04:44 . 2009-03-16 12:51 -------- d-----w- c:\programdata\Symantec

2009-06-14 06:01 . 2009-03-16 14:02 -------- d-----w- c:\programdata\Microsoft Help

2009-06-11 06:03 . 2009-03-16 13:40 -------- d-----w- c:\program files\Microsoft Works

2009-05-31 18:37 . 2009-05-31 18:25 -------- d-----w- c:\program files\PhotoScape

2009-05-31 18:26 . 2009-05-31 18:25 -------- d-----w- c:\program files\Google

2009-05-27 03:34 . 2009-05-27 03:34 -------- d-----w- c:\program files\Ask.com

2009-05-27 03:34 . 2009-05-27 03:34 -------- d-----w- c:\users\Luana\AppData\Roaming\Desktopicon

2009-05-27 03:34 . 2009-05-27 03:33 -------- d-----w- c:\program files\FormatFactory

2009-05-27 01:18 . 2009-03-16 16:12 -------- d-----w- c:\programdata\CyberLink

2009-05-27 01:18 . 2009-04-16 02:23 -------- d-----w- c:\users\Luana\AppData\Roaming\CyberLink

2009-05-24 20:51 . 2009-05-24 20:51 -------- d-----w- c:\program files\XP Codec Pack

2009-05-24 05:11 . 2009-05-24 05:10 -------- d-----w- c:\program files\Ares

2009-05-24 04:16 . 2009-05-24 04:17 410984 ----a-w- c:\windows\system32\deploytk.dll

2009-05-24 04:16 . 2009-03-16 14:28 -------- d-----w- c:\program files\Java

2009-05-23 23:45 . 2009-05-23 23:45 675144 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2009-05-23 23:41 . 2009-05-23 23:37 -------- d-----w- c:\program files\VIVO INTERNET 3G

2009-05-20 19:07 . 2009-04-20 02:05 -------- d-----w- c:\users\Luana\AppData\Roaming\U3

2009-05-19 19:46 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2009-05-07 12:15 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat

2009-04-24 16:05 . 2009-06-11 00:22 827904 ----a-w- c:\windows\system32\wininet.dll

2009-04-24 16:02 . 2009-06-11 00:22 78336 ----a-w- c:\windows\system32\ieencode.dll

2009-04-24 13:44 . 2009-06-11 00:22 26624 ----a-w- c:\windows\system32\ieUnatt.exe

2009-04-24 10:42 . 2009-04-15 20:00 108472 ----a-w- c:\users\Convidado\AppData\Local\GDIPFONTCACHEV1.DAT

2009-04-23 16:55 . 2009-04-15 19:14 108472 ----a-w- c:\users\Luana\AppData\Local\GDIPFONTCACHEV1.DAT

2009-04-23 12:43 . 2009-06-11 00:22 784896 ----a-w- c:\windows\system32\rpcrt4.dll

2009-04-23 12:42 . 2009-06-11 00:22 636928 ----a-w- c:\windows\system32\localspl.dll

2009-04-21 11:55 . 2009-06-11 00:23 2033152 ----a-w- c:\windows\system32\win32k.sys

2009-04-16 15:04 . 2009-04-16 15:04 680 ----a-w- c:\users\Convidado\AppData\Local\d3d9caps.dat

2009-04-16 02:33 . 2009-04-16 02:33 0 ----a-w- c:\users\Luana\AppData\Roaming\wklnhst.dat

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2009-04-02 22:50 809864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-04-02 809864]

 

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-04-02 809864]

 

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]

"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"Le Petit Robert Hyperappel"="c:\program files\Le Robert\Le Petit Robert\prhyper.exe" [2001-10-11 22560]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-31 39408]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-17 1033512]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-04-16 442433]

"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]

"DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2008-03-12 699456]

"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-05-15 468264]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]

"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]

"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-01 554288]

"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]

"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-24 148888]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]

 

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-1-16 727592]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer3"=wdmaud.drv

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli DPPWDFLT

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{F8E99BE2-F53A-4949-AE2B-6B06DC8C827B}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play

"{AAD7411E-189A-42FE-9D07-7B6D81A88537}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program

"{970E3442-BBAF-4968-B82A-5F652C1C7D14}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{A8FFFF91-EFFC-4410-A7DE-5AC6E8DAC687}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{1B283B61-FCE4-4961-B35E-1789E374A8AF}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector

"{83A528B0-F562-41A1-8796-A36B46DCA471}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"{ADC08BF1-1CC8-4158-B778-F14F8EC75644}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{33E8DFC5-D6A2-404D-8512-00FFD5940D01}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{96659376-AA19-4CE1-AAFF-8237CD5BFA40}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

 

R0 Amddfltr;Amd Disk Lower Filter Driver;c:\windows\System32\drivers\Amddfltr.sys [16/03/2009 12:38 15416]

R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\AEstSrv.exe [16/03/2009 12:33 73728]

R2 hpsrv;HP Service;c:\windows\System32\hpservice.exe [18/03/2008 16:24 19456]

R2 vfsFPService;Validity Fingerprint Service;c:\windows\System32\vfsFPService.exe [26/03/2008 18:27 595248]

R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [16/03/2009 10:18 193840]

R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [23/01/2008 18:23 52736]

R3 vfs101x;vfs101x;c:\windows\System32\drivers\vfs101x.sys [26/03/2008 18:28 40752]

S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [16/03/2009 11:23 341328]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

"c:\program files\Common Files\LightScribe\LSRunOnce.exe"

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://oglobo.globo.com/

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=pt_br&c=83&bd=Pavilion&pf=cnnb

IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Enviar imagem para Dispositivo &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Enviar página para Dispositivo &Bluetooth ... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: {44A6DC9D-3A59-4C41-AD21-D5A78C34BBB0} = 200.220.227.101 200.142.130.10

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-07-13 14:01

Windows 6.0.6001 Service Pack 1 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Le Petit Robert Hyperappel = c:\program files\Le Robert\Le Petit Robert\prhyper.exe?v????$????????N?v,?kw%??wp?t?-?B?R???H?"???$??????3"???"??2"? ???????$??????@??????????$???"?$?????????"???"???$???????????"?????????@?kw0?"???kw???w??????"???$?????$???z??v"???????????,???,????????O?v

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'lsass.exe'(660)

c:\windows\system32\DPPWDFLT.dll

.

Tempo para conclusão: 2009-07-13 14:03

ComboFix-quarantined-files.txt 2009-07-13 17:03

 

Pré-execução: 169.381.322.752 bytes disponíveis

Pós execução: 169.390.858.240 bytes disponíveis

 

213 --- E O F --- 2009-07-13 16:10

[DigRam 144]

Boa Tarde! venturap

 

<!> Poste o log do HijackThis,segundo este Tutorial.

 

< Regra Nº 02 - Utilizando O Hijackthis - LEIA ANTES DE POSTAR! >

 

<><><><><><><><><><><>

<@> Baixe: < Malwarebytes >

<@> Atualize o programa!

<@> Escolha o escaneamento Completo!

<@> Desabilite programas de proteção,ao executar o malwarebytes.

<@> Procure enviar os ítens detectados para a quarentena,clicando em Remover itens.

<@> Para maiores detalhes: < Link >

<><><><><><><><><><><>

<@> Poste,os relatórios: mbam-log-2009-xx-xx (00-00-00).txt + HijackThis,atualizado.

 

Abraços!

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.