[Arquivado] Analise de Log!

FeSpeeD · Agosto 27, 2009

Ola! Estou enfrentando alguns problemas com meu computador...

Algumas vezes ele apresenta lentidão, e o avg detecta direto os cookies atdmt[2] e doubleclick, mesmo eu deletando os cookies eles voltam a aparecer e subir

aqueles avisos do avg todos os momentos

recentemente eu passei o Ccleaner e o Malwarebytes no pc!

Segue o Log do HijackThis:

Obrigado... aguardo alguma ajuda =)

-------------------------------------------------------------------------------------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:35:32, on 27/8/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\spoolsv.exe

D:\WINDOWS\Explorer.EXE

D:\PROGRA~1\AVG\AVG8\avgtray.exe

D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

D:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

D:\Program Files\Java\jre6\bin\jqs.exe

D:\Program Files\CDBurnerXP\NMSAccessU.exe

D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

D:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

D:\WINDOWS\system32\nvsvc32.exe

D:\WINDOWS\system32\svchost.exe

D:\PROGRA~1\AVG\AVG8\avgrsx.exe

D:\PROGRA~1\AVG\AVG8\avgemc.exe

D:\PROGRA~1\AVG\AVG8\avgnsx.exe

D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

D:\Program Files\AVG\AVG8\avgcsrvx.exe

D:\WINDOWS\system32\ctfmon.exe

D:\WINDOWS\Explorer.EXE

D:\HijackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.live.com/sphome.aspx'>http://search.live.com/sphome.aspx

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx'>http://search.live.com/sphome.aspx

R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - D:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - D:\Program Files\AskBarDis\bar\bin\askBar.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Macromedia Flash Object - {637B1BB0-BC87-4C3F-8112-A40DE567251A} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - D:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - D:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - D:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - D:\Program Files\AskBarDis\bar\bin\askBar.dll

O4 - HKLM\..\Run: [AVG8_TRAY] D:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O8 - Extra context menu item: Baixar com o FDM - file://D:\Program Files\Free Download Manager\dllink.htm

O8 - Extra context menu item: Baixar tudo com o FDM - file://D:\Program Files\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selecionado pelo FDM - file://D:\Program Files\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download video with Free Download Manager - file://D:\Program Files\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O10 - Unknown file in Winsock LSP: d:\windows\system32\prxernsp.dll

O10 - Unknown file in Winsock LSP: d:\windows\system32\prxerdrv.dll

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1224796167437

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: avgrsstarter - D:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: NMSAccessU - Unknown owner - D:\Program Files\CDBurnerXP\NMSAccessU.exe

O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe

--

End of file - 9043 bytes

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Power Max · Agosto 27, 2009

:thumbsup: Olá FeSpeeD! Seja bem-vindo(a) ao Fórum Imasters.

:seta: Abra o HijackThis, clique em Do a system scan only, marque as entradas abaixo e clique em Fix checked:

O2 - BHO: Macromedia Flash Object - {637B1BB0-BC87-4C3F-8112-A40DE567251A} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

___________________________________________

:seta: Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet:

Faça o download de ToolBar S&D

*Salve-o no desktop (área de trabalho).

*Reinicie o PC em Modo de Segurança (apertando a tecla F8 (ou a tecla F5 em alguns computadores) repetidas vezes quando o computador estiver reiniciando e escolhendo a opção Modo Seguro ou Modo de Segurança).

*Execute o programa, e à seguir, aperte o "p" --> Enter --> Ok.

*Digite o dois! ( 2 ) --> Aperte Enter --> Aguarde!

*Terminando, o relatório estará em C:\ToolBar SD\TB_1.txt

___________________________________________

:seta: Siga também, por gentileza, as dicas deste tutorial para fazer um escaneamento de seu PC pelo Nod32 Online:

Tutorial do antivirus Nod32 Online

Após o término do escaneamento será gerado um relatório (log) que estará no seguinte local do seu computador:

C:\Arquivos de programas\Eset\Eset Online Scanner\log.txt

___________________________________________

recentemente eu passei o Ccleaner e o Malwarebytes no pc

:seta: Atualize o seu Malwarebytes > Faça uma Verificação Completa com ele e remova todos os problemas que ele encontrar.

Na sua próxima resposta poste este log do Malwarebytes, o log do Nod32 Online que estará em C:\Arquivos de programas\Eset\Eset Online Scanner\log.txt, o log do Toolbar S&D que estará em C:\ToolBar SD\TB_1.txt e um novo log do Hijackthis e nos diga, por gentileza, como está o seu PC após seguir estes procedimentos.

Ficamos no aguardo de sua resposta.

FeSpeeD · Agosto 28, 2009

Nossa! Obrigado pela rapida resposta, segui os procedimentos indicados e varias coisas foram detectadas no meu pc XD qm diria hehe! Enfim, os avisos dos cookies atdmt[2], doubleclick[1] e as vezes do ad.yieldmanager[1] continuam aparecendo. Outro problema que vem ocorrendo, são algumas páginas da internet como orkut e facebook não carregam no firefox, somente depois deu clicar varias vezes em atualizar.

Seguem os Logs:

------------------------ NOD32 ---------------------------------------------------------------------------------------------

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=6

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6050

# api_version=3.0.2

# EOSSerial=432a7e3d0207724b9f88243fcf955f79

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2009-08-28 01:25:07

# local_time=2009-08-27 10:25:07 (-0300, E. South America Standard Time)

# country="Brazil"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=1026 61 83 97 3082704987603

# scanned=92442

# found=4

# cleaned=4

# scan_time=6713

C:\Arquivos HD NOVO\Programas\Windows XP advanced\Nova pasta\TinyXP-Rev09.iso Win32/CMDOW.143 application (deleted - quarantined) 00000000000000000000000000000000 C

D:\Documents and Settings\Administrator\Desktop\DESKTOP\New Folder\sPwnage Public.exe Win32/HackTool.Unreal-Rage application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

D:\Documents and Settings\Administrator\Desktop\DESKTOP\New Folder\[cheat-project.com] sPwnage Public v1.0 2009-06-29.rar Win32/HackTool.Unreal-Rage application (deleted - quarantined) 00000000000000000000000000000000 C

D:\Documents and Settings\Administrator\My Documents\Instaladores\NaRuTh----www.therebels.de___Vegas.9.a_Build_85.rar a variant of Win32/HackTool.Patcher.A application (deleted - quarantined) 00000000000000000000000000000000 C

-------------------------------------------------------------------------------------------------------------------------------------------------------------------

---------------------------------------------- TOOLBAR S&D ---------------------------------------------------------------------------------------------------------

-----------\\ ToolBar S&D 1.2.9 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3

X86-based PC ( Multiprocessor Free : Intel® Core2 Duo CPU E6750 @ 2.66GHz )

BIOS : Phoenix - AwardBIOS v6.00PG

USER : Administrator ( Administrator )

BOOT : Fail-safe boot

A:\ (USB)

C:\ (Local Disk) - NTFS - Total:74 Go (Free:6 Go)

D:\ (Local Disk) - NTFS - Total:298 Go (Free:168 Go)

E:\ (USB)

F:\ (USB)

G:\ (USB)

H:\ (USB)

I:\ (CD or DVD)

J:\ (CD or DVD)

"D:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )

Option : [2] ( qui 27/08/2009|20:14 )

-----------\\ REMOVIDOS

Deletado! - D:\Program Files\AskBarDis\bar

Deletado! - D:\Program Files\AskBarDis\PopSwatter

Deletado! - D:\Program Files\AskBarDis\unins000.dat

Deletado! - D:\Program Files\AskBarDis\unins000.exe

Deletado! - D:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll

Deletado! - D:\Program Files\DAEMON Tools Toolbar\Resources

Deletado! - D:\Program Files\DAEMON Tools Toolbar\uninst.exe

Deletado! - D:\Program Files\DAEMON Tools Toolbar\_DTLite.xml

Deletado! - D:\Program Files\AskBarDis

Deletado! - D:\Program Files\DAEMON Tools Toolbar

-----------\\ Procura por Arquivos / Ficheiros ...

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.com.br/"

"Search Page"="http://search.live.com"'>http://search.live.com"

"Search Bar"="http://search.live.com/sphome.aspx'>http://search.live.com/sphome.aspx"'>http://search.live.com/sphome.aspx'>http://search.live.com/sphome.aspx"

"Default_Page_URL"="http://www.google.com"

"SearchMigratedDefaultURL"="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"

"Local Page"="D:\\WINDOWS\\system32\\blank.htm"

"Url"="http://go.microsoft.com/fwlink/?LinkId=68928"

"Url"="http://go.microsoft.com/fwlink/?LinkId=68929"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"'>http://go.microsoft.com/fwlink/?LinkId=69157"

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896"

"Local Page"="D:\\WINDOWS\\system32\\blank.htm"

"Start Page"="http://www.msn.com/"

--------------------\\ Procurando por outras infecções

--------------------\\ Cracks & Keygens ..

D:\DOCUME~1\ADMINI~1\Desktop\DESKTOP\AV.Voice.Changer.v6.0.10+++Crack.rar

D:\DOCUME~1\ADMINI~1\Desktop\DESKTOP\crack windows

D:\DOCUME~1\ADMINI~1\Desktop\DESKTOP\AV.Voice.Changer.v6.0.10\keygen.exe

D:\DOCUME~1\ADMINI~1\Desktop\DESKTOP\crack windows\Crack Windows XP SP3.rar

D:\DOCUME~1\ADMINI~1\Desktop\DESKTOP\crack windows\Info.nfo

D:\DOCUME~1\ADMINI~1\Desktop\DESKTOP\crack windows\installer.bat

D:\DOCUME~1\ADMINI~1\Desktop\DESKTOP\crack windows\LegitCheckControl.dll

D:\DOCUME~1\ADMINI~1\Desktop\DESKTOP\crack windows\My Digital Life.url

D:\DOCUME~1\ADMINI~1\Desktop\DESKTOP\crack windows\WgaLogon.dll

D:\DOCUME~1\ADMINI~1\Desktop\DESKTOP\crack windows\WgaTray.exe

1 - "D:\ToolBar SD\TB_1.txt" - qui 27/08/2009|20:16 - Option : [2]

-----------------------------------------------------------------------------------------------------------------------------------

--------------------------------------------- MALWAREBYTES ------------------------------------------------------------------------

Malwarebytes' Anti-Malware 1.40

Versão do banco de dados: 2708

Windows 5.1.2600 Service Pack 3 (Safe Mode)

28/8/2009 04:10:25

mbam-log-2009-08-28 (04-10-25).txt

Tipo de Verificação: Completa (C:\|D:\|)

Objetos verificados: 203605

Tempo decorrido: 24 minute(s), 51 second(s)

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 0

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 2

Processos da Memória infectados: