[Arquivado] Analisem meu log

[Paumioto 0]

Olá. Estou tendo problemas para acessar algumas paginas, geralmente relacionadas a antivirus ou à microsoft.

Acabei de formatar o computador, mas não resolveu o problema.

segue o meu log para análise:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:16:53, on 17/8/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

c:\arquivos de programas\idt\ecsxpv_5902_012208\wdm\STacSV.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\arquivos de programas\idt\ecsxpv_5902_012208\wdm\STacSV.exe

 

--

End of file - 856 bytes

 

 

Obrigado

Paulo

[DigRam 144]

Bom Dia! Paumioto

 

<@> Abra o HijackThis --> Clique em View the list of backup

<@> Selecione tudo o que encontrar --> Clique em RESTORE --> Reinicie o computador!

<><><><><><><><><><>

<@> Baixe: < DDS > ( ...by sUBs )

<@> Salve-o no desktop!

<@> Desabilite seus programas de proteção: antivírus,antimalware,antispyware ou firewall.

<@> Estando desconectado,execute a ferramenta! --> Duplo clique em .

<@> Aguarde o término do scan,até obtermos o relatório. ( DDS.txt ) <--

<@> Surgirá,também,uma nova janela: "D.D.S - Optional_Scan" --> Clique em Sim.

<@> O Bloco de Notas irá abrir,com outro relatório. ( Attach.txt ) <--

<@> Ps: Caso o relatório seja incompreensível,renomeie o executável para DDS.exe e repita o scan.

<@> Outra janela,finalmente,abrir-se-à! --> Clique em OK.

<@> Salve os relatórios: DDS.txt + Attach.txt <-- Poste-os!

 

Abraços!

[Paumioto 0]

Obrigado pela ajuda, e desulpe a demora pra responder!

 

seguem os arquivos DDS.txt e Attach.txt (em ordem)

 

Valeu!

 

 

DDS (Ver_09-07-30.01) - NTFSx86

Run by Zé at 17:19:22,93 on --- 21/08/2009

Internet Explorer: 6.0.2900.2180

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.2303.1956 [GMT -3:00]

 

 

============== Running Processes ===============

 

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost -k DcomLaunch

C:\WINDOWS\system32\nvsvc32.exe

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

c:\arquivos de programas\idt\ecsxpv_5902_012208\wdm\STacSV.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

svchost.exe C:\WINDOWS\TEMP\VRT2.tmp

C:\WINDOWS\System32\reader_s.exe

C:\WINDOWS\System32\svchost.exe

svchost.exe

C:\WINDOWS\TEMP\1.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\servises.exe

C:\WINDOWS\system32\servises.exe

C:\WINDOWS\System32\reader_s.exe

\\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE

C:\Documents and Settings\Zé\Desktop\dds.scr

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://www.google.com.br/

uRun: [NitroPC] "c:\arquivos de programas\nitropc\NitroPC.exe" -minimized

uRun: [reader_s] c:\documents and settings\zé\reader_s.exe

uRun: [servises] c:\windows\system32\servises.exe

mRun: [11553] c:\windows\system32\5.tmp.exe

mRun: [servises] c:\windows\system32\servises.exe

mRun: [reader_s] c:\windows\system32\reader_s.exe

dRun: [servises] c:\windows\system32\servises.exe

dRun: [reader_s] c:\windows\system32\config\systemprofile\reader_s.exe

dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe

uExplorerRun: [servises] c:\windows\system32\servises.exe

mExplorerRun: [servises] c:\windows\system32\servises.exe

dExplorerRun: [servises] c:\windows\system32\servises.exe

IE: Baixar link usando &BitComet - c:\arquivos de programas\bitcomet\BitComet.exe/AddLink.htm

IE: Baixar todos os links usando BitComet - c:\arquivos de programas\bitcomet\BitComet.exe/AddAllLink.htm

IE: Baixar todos os vídeos usando BitComet - c:\arquivos de programas\bitcomet\BitComet.exe/AddVideo.htm

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

 

============= SERVICES / DRIVERS ===============

 

S2 ICF;ICF;c:\windows\system32\svchost.exe:exe.exe []

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-8-17 38160]

 

=============== Created Last 30 ================

 

2009-08-21 17:12 64,018 a------- c:\windows\system32\servises.exe

2009-08-21 17:12 6 a------- c:\windows\system32\_id.dat

2009-08-21 17:12 0 a------- c:\windows\system32\8.tmp

2009-08-21 17:12 359,040 a------- c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL

2009-08-21 17:12 68,608 a------- c:\windows\system32\6.tmp

2009-08-21 17:12 59,904 a------- c:\windows\system32\reader_s.exe

2009-08-21 17:12 18,944 a------- c:\windows\system32\5.tmp

2009-08-21 17:12 140 a------- c:\windows\system32\3.tmp

2009-08-21 17:09 811,064 ac------ c:\windows\system32\dllcache\imjp81k.dll

2009-08-21 17:08 488 a---hr-- c:\windows\system32\logonui.exe.manifest

2009-08-21 17:08 749 a---hr-- c:\windows\WindowsShell.Manifest

2009-08-21 17:08 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest

2009-08-21 17:08 749 a---hr-- c:\windows\system32\sapi.cpl.manifest

2009-08-21 17:08 749 a---hr-- c:\windows\system32\nwc.cpl.manifest

2009-08-21 17:08 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest

2009-08-21 16:58 <DIR> --d----- c:\windows\LastGood.Tmp

2009-08-20 12:08 <DIR> --d----- c:\arquivos de programas\Persona

2009-08-17 17:20 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys

2009-08-17 17:20 19,096 a------- c:\windows\system32\drivers\mbam.sys

2009-08-17 17:20 <DIR> --d----- c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-08-17 16:19 <DIR> --d----- c:\windows\ERUNT

2009-08-17 15:58 189,104 a------- c:\windows\system32\PnkBstrB.exe

2009-08-17 15:58 189,104 a------- c:\windows\system32\PnkBstrB.xtr

2009-08-17 15:58 <DIR> --d----- c:\windows\system32\LogFiles

2009-08-17 15:58 75,064 a------- c:\windows\system32\PnkBstrA.exe

2009-08-17 15:55 <DIR> --d----- c:\windows\Logs

2009-08-17 15:55 <DIR> --dsh--- c:\windows\ftpcache

2009-08-17 15:41 <DIR> --d----- c:\docume~1\z9ea5~1\dadosd~1\Malwarebytes

2009-08-17 15:41 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Malwarebytes

2009-08-17 12:57 <DIR> --d----- c:\arquivos de programas\Trend Micro

2009-08-17 12:06 <DIR> --d----- c:\windows\system32\AGEIA

2009-08-17 12:06 <DIR> --d----- c:\arquivos de programas\NVIDIA Corporation

2009-08-17 12:06 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\NVIDIA Corporation

2009-08-17 12:06 1,706,528 a------- c:\windows\system32\nvcuvenc.dll

2009-08-17 12:06 1,597,690 a------- c:\windows\system32\nvdata.bin

2009-08-17 12:04 155,136 a------- c:\windows\system32\drivers\d347bus.sys

2009-08-17 12:04 5,248 a------- c:\windows\system32\drivers\d347prt.sys

2009-08-17 12:03 <DIR> --d----- c:\arquivos de programas\D-Tools

2009-08-17 12:03 <DIR> --d----- c:\windows\Downloaded Installations

2009-08-17 11:59 <DIR> --d----- c:\arquivos de programas\SystemRequirementsLab

2009-08-17 11:56 21,840 a------- c:\windows\system32\SIntfNT.dll

2009-08-17 11:56 17,212 a------- c:\windows\system32\SIntf32.dll

2009-08-17 11:56 12,067 a------- c:\windows\system32\SIntf16.dll

2009-08-17 11:49 <DIR> --d----- C:\Downloads

2009-08-17 11:49 <DIR> --d----- c:\arquivos de programas\BitComet

2009-08-17 11:43 <DIR> --d----- c:\windows\system32\ReinstallBackups

2009-08-17 11:43 <DIR> --d----- c:\arquivos de programas\arquivos comuns\Wise Installation Wizard

2009-08-17 11:42 212,711 a------- c:\windows\system32\nvapps.nvb

2009-08-17 11:41 <DIR> --d----- C:\NVIDIA

2009-08-17 11:30 376,832 a----r-- c:\windows\system32\nvusmu.exe

2009-08-17 11:30 13,312 a----r-- c:\windows\system32\drivers\nvsmu.sys

2009-08-17 11:30 659 a----r-- c:\windows\system32\nvsmu.nvu

2009-08-17 11:30 462,848 a----r-- c:\windows\system32\nvusmb.exe

2009-08-17 11:30 2,016 a----r-- c:\windows\system32\nvsmb.nvu

2009-08-17 11:29 485,920 a------- c:\windows\system32\NVUNINST.EXE

2009-08-17 11:29 6,400 a------- c:\windows\system32\drivers\splitter.sys

2009-08-17 11:29 52,864 a------- c:\windows\system32\drivers\DMusic.sys

2009-08-17 11:28 8,101,951 a------- c:\windows\system32\idtsg.cpl

2009-08-17 11:28 2,314,240 a------- c:\windows\system32\stlang.dll

2009-08-17 11:28 462,848 a------- c:\windows\sttray.exe

2009-08-17 11:28 241,664 a------- c:\windows\system32\stacsv.exe

2009-08-17 11:28 130,048 a------- c:\windows\system32\ksproxy.ax

2009-08-17 11:28 4,096 a------- c:\windows\system32\ksuser.dll

2009-08-17 11:28 150,016 a------- c:\windows\system32\staco.dll

2009-08-17 11:28 1,292,888 a------- c:\windows\system32\drivers\sthda.sys

2009-08-17 11:28 442,439 a------- c:\windows\system32\stacapi.dll

2009-08-17 11:28 <DIR> --d----- c:\arquivos de programas\IDT

2009-08-17 11:27 22,752 a------- c:\windows\system32\spupdsvc.exe

2009-08-17 11:26 105,856 a----r-- c:\windows\system32\drivers\Rtenicxp.sys

2009-08-17 11:25 <DIR> --d----- c:\windows\system32\Tools

2009-08-17 11:25 <DIR> --d----- c:\arquivos de programas\arquivos comuns\InstallShield

2009-08-17 11:24 4,864 a----r-- c:\windows\system32\drivers\PortIo.sys

2009-08-17 11:20 <DIR> --d-hr-- c:\documents and settings\zé\Dados de aplicativos

2009-08-17 11:20 <DIR> --d-h--- c:\documents and settings\zé\Modelos

2009-08-17 11:20 <DIR> --d-h--- c:\documents and settings\zé\Configurações locais

2009-08-17 11:20 <DIR> --d-h--- c:\documents and settings\zé\Ambiente de rede

2009-08-17 11:20 <DIR> --d-h--- c:\documents and settings\zé\Ambiente de impressão

2009-08-17 11:20 <DIR> --d--r-- c:\documents and settings\zé\Meus documentos

2009-08-17 11:20 <DIR> --d--r-- c:\documents and settings\zé\Menu Iniciar

2009-08-17 11:20 <DIR> --d--r-- c:\documents and settings\zé\Favoritos

2009-08-17 11:20 <DIR> --d----- c:\documents and settings\Zé

2009-08-17 11:19 <DIR> --ds---- c:\windows\system32\Microsoft

2009-08-17 11:18 8,192 a------- c:\windows\REGLOCS.OLD

2009-08-17 11:15 <DIR> --dsh--- c:\documents and settings\all users\DRM

2009-08-17 11:15 488 a---hr-- c:\windows\system32\WindowsLogon.manifest

2009-08-17 11:15 <DIR> --ds---- c:\windows\Downloaded Program Files

2009-08-17 11:15 <DIR> --d--r-- c:\windows\Offline Web Pages

2009-08-17 11:15 749 a---hr-- c:\windows\system32\cdplayer.exe.manifest

2009-08-17 11:15 <DIR> --d-h--- c:\arquivos de programas\WindowsUpdate

2009-08-17 11:15 <DIR> --d----- c:\arquivos de programas\Serviços on-line

2009-08-17 11:15 4,399,505 ac------ c:\windows\system32\dllcache\nls302en.lex

2009-08-17 11:15 <DIR> --d----- c:\windows\system32\DirectX

2009-08-17 11:14 <DIR> --d----- c:\arquivos de programas\arquivos comuns\Serviços

2009-08-17 11:14 <DIR> --d----- c:\arquivos de programas\arquivos comuns\MSSoap

2009-08-17 11:13 <DIR> --d----- c:\arquivos de programas\Messenger

2009-08-17 11:13 <DIR> --d----- c:\arquivos de programas\MSN Gaming Zone

2009-08-17 11:12 <DIR> --d----- c:\arquivos de programas\Windows NT

2009-08-17 08:08 <DIR> --d----- c:\arquivos de programas\arquivos comuns\ODBC

2009-08-17 08:08 <DIR> --d----- c:\arquivos de programas\arquivos comuns\SpeechEngines

2009-08-17 08:08 <DIR> --d-h--- c:\documents and settings\all users\Modelos

2009-08-17 08:08 <DIR> --d--r-- c:\documents and settings\all users\Menu Iniciar

2009-08-17 08:08 <DIR> --d--r-- c:\documents and settings\all users\Documentos

2009-08-17 08:08 <DIR> --d----- c:\documents and settings\all users\Favoritos

2009-08-17 08:06 <DIR> --d-hr-- c:\documents and settings\all users\Dados de aplicativos

 

==================== Find3M ====================

 

2009-08-21 17:12 34,816 a------- c:\windows\system32\svchost.exe

2009-08-21 17:12 359,040 a------- c:\windows\system32\drivers\TCPIP.SYS

2009-08-21 17:07 344,380 a------- c:\windows\system32\perfh016.dat

2009-08-21 17:07 48,628 a------- c:\windows\system32\perfc016.dat

2009-08-21 17:07 22,980 a------- c:\windows\system32\emptyregdb.dat

2009-08-18 11:19 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat

2009-07-14 15:54 10,457,088 a------- c:\windows\system32\nvoglnt.dll

2009-07-14 15:54 7,741,664 a------- c:\windows\system32\drivers\nv4_mini.sys

2009-07-14 15:54 5,842,816 a------- c:\windows\system32\nv4_disp.dll

2009-07-14 15:54 2,189,856 a------- c:\windows\system32\nvcuvid.dll

2009-07-14 15:54 2,002,944 a------- c:\windows\system32\nvcuda.dll

2009-07-14 15:54 868,352 a------- c:\windows\system32\nvapi.dll

2009-07-14 15:54 485,920 a------- c:\windows\system32\nvudisp.exe

2009-07-14 15:54 151,552 a------- c:\windows\system32\nvcodins.dll

2009-07-14 15:54 151,552 a------- c:\windows\system32\nvcod.dll

2009-07-14 13:35 2,173,472 a------- c:\windows\system32\nvcplui.exe

2009-07-14 13:35 81,920 a------- c:\windows\system32\nvwddi.dll

2009-07-14 13:35 4,026,368 a------- c:\windows\system32\nvvitvs.dll

2009-07-14 13:35 3,170,304 a------- c:\windows\system32\nvwss.dll

2009-07-14 13:34 13,877,248 a------- c:\windows\system32\nvcpl.dll

2009-07-14 13:34 4,923,392 a------- c:\windows\system32\nvdisps.dll

2009-07-14 13:34 3,547,136 a------- c:\windows\system32\nvgames.dll

2009-07-14 13:34 1,286,144 a------- c:\windows\system32\nvmobls.dll

2009-07-14 13:34 188,416 a------- c:\windows\system32\nvsvc32.exe

2009-07-14 13:34 188,416 a------- c:\windows\system32\nvmccss.dll

2009-07-14 13:34 143,360 a------- c:\windows\system32\nvcolor.exe

2009-07-14 13:34 86,016 a------- c:\windows\system32\nvmctray.dll

2009-07-14 13:34 229,376 a------- c:\windows\system32\nvmccs.dll

 

============= FINISH: 17:19:29,93 ===============

 

 

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

 

DDS (Ver_09-07-30.01)

 

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 21/8/2009 17:10:53

System Uptime: 21/8/2009 17:11:26 (0 hours ago)

 

Motherboard: ECS | | GeForce 8000 series

Processor: AMD Phenom 9550 Quad-Core Processor | CPU 1 | 2200/200mhz

Processor: AMD Phenom 9550 Quad-Core Processor | CPU 1 | 2200/200mhz

Processor: AMD Phenom 9550 Quad-Core Processor | CPU 1 | 2200/200mhz

Processor: AMD Phenom 9550 Quad-Core Processor | CPU 1 | 2200/200mhz

 

==== Disk Partitions =========================

 

A: is Removable

C: is FIXED (NTFS) - 39 GiB total, 33,967 GiB free.

D: is FIXED (NTFS) - 194 GiB total, 9,904 GiB free.

E: is CDROM (CDFS)

F: is CDROM (UDF)

 

==== Disabled Device Manager Items =============

 

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ethernet NIC

Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_81111019&REV_02\4&3929A0B5&0&00A0

Manufacturer: Realtek Semiconductor Corp.

Name: Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ethernet NIC

PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_81111019&REV_02\4&3929A0B5&0&00A0

Service: RTLE8023xp

 

==== System Restore Points ===================

 

No restore point in system.

 

==== Installed Programs ======================

 

Adobe Flash Player 10 ActiveX

Arquivo do WinRAR

BitComet 1.06

DAEMON Tools

HijackThis 2.0.2

Hybrid Downloader 1,0,2,6

IDT Audio

Malwarebytes' Anti-Malware

NVIDIA Drivers

NVIDIA nView Desktop Manager

NVIDIA PhysX

Pangya (Ntreev USA)

System Requirements Lab

WebFldrs XP

 

==== End Of File ===========================

[DigRam 144]

Boa Noite! Paumioto

 

<!> É recomendável,que adquira os programas de desinfecção,por intermédio de outro computador e mantendo este desconectado e com a Restauração do Sistema desabilitada.

<><><><><><><><><><>

<@> Baixe: < SafeBootKeyRepair >

<@> Salve-a,diretamente,no Disco-local ©.

<@> Execute-a!E,ao terminar,gerará um relatório: C:\SafeBoot_Repair.txt <-- Não poste!

<@> Verifique se já pode entrar,em Modo de Segurança!

<><><><><><><><><><>

<@> Baixe: < DrWebCureIt >

<@> Caso tenha dificuldades para o download,utilize outro computador ou proxy.

<@> Vá em: < Proxify >

<@> Digite,na caixa,a URL ao DrWebCureIt.

<@> Clique em Proxify.

<@> Salve a ferramenta no desktop!

<@> Reinicie o computador em Modo de Segurança.

<@> Inicie a instalação/execução,com um duplo-clique em drweb-cureit.

<@> Na janela que abrir,clique em Iniciar --> OK.

<@> Será dado início a "Verificação rápida" --> Feche a janela de propaganda!

<@> Terminando,marque a caixa de "Verificação Completa".

<@> Click em "Options" --> Em Change settings,desmarque a "Heuristic analysis".

 

Neste modo são verificados os seguintes objectos:

 

* Sectores de Arranque de Todos os Discos. <--

 

* Todas as Unidades Removíveis. <--

 

* Todos os Discos Locais. <--

<@> Clique em "Iniciar verificação" --> Aguarde!

<@> Surgindo mensagens para mover ou desinfectar arquivos,clique em Sim.

<@> Terminando,clique em "Ficheiro" --> "Guardar lista de relatórios".

<@> Procure salvá-lo em um local adequado. ( DrWeb.csv ) <-- Converta em Texto!

<@> Poste: DrWeb.csv

<><><><><><><><><><>

<@> Baixe: < AVPTool > ( by Kaspersky Labs )

<@> Salve-o em Arquivos de Programas,e instale-o aí mesmo!

<@> Reinicie o computador,em Modo de Segurança! <-- Importante!

<@> Dê início ao exame,clicando em "Scan".

<@> A verificação é muito demorada. <-- Aguarde!

<@> Caso sejam encontradas infecções,clique em "disinfect" se a opção estiver habilitada.

<@> Ps: Para algumas detecções ( Cracks ou Keygens ),conhecidas,clique em skip.

<@> Evite,para esses casos,a opção "Delete".

<@> Terminando,clique na aba Events.

<@> Desmarque a caixa de seleção "Show all events".

<@> Clique em "Save to file".

<@> Nomeie-o e salve-o no desktop! <-- Relatório para postagem!

<@> Poste,também,HijackThis atualizado.

 

Abraços!

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.