[Arquivado] analisem meu log

Rafael Icassati · Junho 19, 2008

meu pc ta com alguns problemas: janelas abrem sosinho, esta meio lento e as vezes a do menu iniciar fica preta. deve ser algum virus.... se puderem analisar meu log ficarei grato

Logfile of HijackThis v1.99.1

Scan saved at 21:06:34, on 18/6/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\a-squared Free\a2service.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\NetProject\scit.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\antiviirus.exe

C:\Arquivos de programas\tmp0.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\tmp1.exe

C:\Arquivos de programas\tmp2.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Documents and Settings\Familia\Meus documentos\rafael\PC\HijackThis.exe

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Arquivos de programas\free-downloads.net\tbfree.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~2\MEGAUP~1.DLL

O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Arquivos de programas\free-downloads.net\tbfree.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL (file missing)

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [4c186136] rundll32.exe "C:\WINDOWS\system32\lwhasolt.dll",b

O4 - HKLM\..\Run: [antiviirus] C:\Arquivos de programas\antiviirus.exe

O4 - HKLM\..\Run: [systemDoctor Free] C:\Arquivos de programas\System Doctor Free\systemdoc.exe /min

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [C:\Documents and Settings\All Users\Dados de aplicativos\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe] "C:\Documents and Settings\All Users\Dados de aplicativos\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe" /autorun

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

O8 - Extra context menu item: Add to AMV Converter... - C:\AMVConverter\grab.html

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\MediaManager\grab.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img2.orkut.com/activex/10035/photouploader.cab

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL/jdk/6u...ows-i586-jc.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{0F50A095-4C9D-477A-8C47-AC2B1F492BFE}: NameServer = 85.255.115.34,85.255.112.99

O17 - HKLM\System\CCS\Services\Tcpip\..\{11D95B3A-435C-4E46-959F-662CD16BB0E9}: NameServer = 85.255.115.34 85.255.112.99

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.34 85.255.112.99

O17 - HKLM\System\CS1\Services\Tcpip\..\{0F50A095-4C9D-477A-8C47-AC2B1F492BFE}: NameServer = 85.255.115.34,85.255.112.99

O17 - HKLM\System\CS2\Services\Tcpip\..\{0F50A095-4C9D-477A-8C47-AC2B1F492BFE}: NameServer = 200.204.0.10,200.204.0.138

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.34 85.255.112.99

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll (file missing)

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O21 - SSODL: SunPrx - {74885a9e-825e-4453-b471-91a3b2cae04f} - C:\WINDOWS\Resources\SunPrx.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

jgarcia · Junho 19, 2008

Opa Rafael Icassati,

Baixe o ComboFix em:

ComboFix

1) Desabilite o seu anti-vírus temporariamente;

2) Dê um duplo-clique no combofix.exe e tecle "1" para prosseguir. O processo vai durar, em média, 10 minutos;

3) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção);

4) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt;

5) Não clique na janela do ComboFix, nem feche clicando no X, enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco);

6) Para parar ou sair do ComboFix, tecle "N";

7) Reabilite o seu anti-vírus;

8) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta.

Abraços.

Rafael Icassati · Junho 19, 2008

fiz oque você me pediu mas o combofix criou uma pasta e o texto estava dentro dela naum sei se deu certo mais vo postar oque tava no texto

ComboFix 08-06-16.5 - Familia 2008-06-18 22:21:46.3 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1046.18.211 [GMT -3:00]

Executando de: C:\Documents and Settings\Familia\Desktop\rafael\ComboFix.exe

* Criado um novo ponto de restauro

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Arquivos de programas\antiviirus.exe

C:\Arquivos de programas\NetProject

C:\Arquivos de programas\NetProject\scit.exe

C:\Arquivos de programas\NetProject\scu.exe

C:\Arquivos de programas\tmp0.exe

C:\Arquivos de programas\tmp1.exe

C:\Arquivos de programas\tmp2.exe

C:\Documents and Settings\All Users\Dados de aplicativos\Adsl Software Limited

C:\Documents and Settings\All Users\Dados de aplicativos\Adsl Software Limited\WinSpywareProtect\LOG\20080618104458000.log

C:\Documents and Settings\All Users\Dados de aplicativos\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe

C:\WINDOWS\cookies.ini

C:\WINDOWS\ksendlbtdpl.dll

C:\WINDOWS\resources\SunPrx.dll

C:\WINDOWS\system32\28463

C:\WINDOWS\system32\28463\BAQT.001

C:\WINDOWS\system32\28463\BAQT.002

C:\WINDOWS\system32\28463\BAQT.005

C:\WINDOWS\system32\28463\BAQT.007

C:\WINDOWS\system32\28463\ODHI.001

C:\WINDOWS\system32\763444

C:\WINDOWS\system32\763444\763444.dll

C:\WINDOWS\system32\cacls.dll

C:\WINDOWS\system32\ddcDTjgH.dll

C:\WINDOWS\system32\drivers\etc\tmphosts

C:\WINDOWS\system32\fccbXqrs.dll

C:\WINDOWS\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL

C:\WINDOWS\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\desktop.ini

C:\WINDOWS\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\erma.inf

C:\WINDOWS\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\Microsoft XML Parser for Java.osd

C:\WINDOWS\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\QTPlugin.inf

C:\WINDOWS\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\setup.inf

C:\WINDOWS\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\swflash.inf

C:\WINDOWS\system32\HgjTDcdd.ini

C:\WINDOWS\system32\HgjTDcdd.ini2

C:\WINDOWS\system32\kdyre.exe

C:\WINDOWS\system32\lwhasolt.dll

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\olxnjovv.dll

C:\WINDOWS\system32\reg_0001.txt

C:\WINDOWS\system32\svchosts.dll

C:\WINDOWS\system32\tlosahwl.ini

C:\WINDOWS\system32\vvojnxlo.ini

C:\WINDOWS\system32\wgapre32.dll

C:\WINDOWS\vrmdtneg.dll

C:\WINDOWS\wpvmqosg.dll

C:\WINDOWS\xvorfwbd.dll

.

((((((((((((((((((((((( Ficheiros criados de 2008-05-19 to 2008-06-19 ))))))))))))))))))))))))))))))))

.

2049-05-31 20:42 . 2049-05-31 20:42 <DIR> d-------- C:\Arquivos de programas\free-downloads.net

2049-05-31 20:42 . 2049-05-31 20:42 <DIR> d-------- C:\Arquivos de programas\Conduit

2017-06-15 15:24 . 2017-06-15 15:24 <DIR> d-------- C:\Documents and Settings\Familia\Dados de aplicativos\River Past G5

2017-06-15 15:24 . 2008-06-15 15:33 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\River Past G5

2017-06-15 15:24 . 2017-06-15 15:24 <DIR> d-------- C:\Arquivos de programas\River Past

2017-06-15 15:24 . 2017-06-15 15:24 167,086 --a------ C:\WINDOWS\Video Cleaner Uninstaller.exe

2008-06-18 12:40 . 2008-06-18 12:40 <DIR> d-------- C:\Documents and Settings\Familia\Dados de aplicativos\AVGTOOLBAR

2008-06-18 12:39 . 2008-06-18 12:41 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\avg8

2008-06-18 11:41 . 2004-10-07 14:39 89,088 --a------ C:\WINDOWS\system32\atl71.dll

2008-06-17 23:29 . 2008-06-16 19:36 94,208 --a------ C:\WINDOWS\exwd.exe

2008-06-17 23:29 . 2008-06-16 19:36 81,920 --a------ C:\WINDOWS\neltabxw.exe

2008-06-15 15:35 . 2008-06-15 15:35 <DIR> d-------- C:\Arquivos de programas\QuickTime

2008-06-15 15:34 . 2008-06-15 15:34 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Apple

2008-06-15 15:34 . 2008-06-15 15:34 <DIR> d-------- C:\Arquivos de programas\Apple Software Update

2008-06-15 15:14 . 2008-06-15 15:14 <DIR> d-------- C:\Arquivos de programas\I-ON Video CD Player 1.01

2008-06-03 17:33 . 2008-06-08 16:10 182 --a------ C:\WINDOWS\KB13735.ini

2008-06-03 15:29 . 2008-06-03 15:29 973,312 --a------ C:\WINDOWS\system32\wgapr32.dll

2008-05-30 21:09 . 2008-05-30 21:09 <DIR> d-------- C:\New Folder

2008-05-27 17:46 . 1998-11-13 11:18 308,224 --a------ C:\WINDOWS\IsUn0416.exe

2008-05-27 10:50 . 2008-05-27 10:50 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx

2008-05-27 10:50 . 2008-05-27 10:50 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts

.

((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2050-05-31 23:30 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys

2017-06-15 18:24 --------- d-----w C:\Arquivos de programas\Arquivos comuns\River Past

2008-06-18 23:51 --------- d-----w C:\Arquivos de programas\Windows Live Toolbar

2008-06-18 23:20 --------- d-----w C:\Documents and Settings\Familia\Dados de aplicativos\Shareaza

2008-06-18 23:20 --------- d-----w C:\Arquivos de programas\Cheat Engine

2008-06-18 23:20 --------- d-----w C:\Arquivos de programas\a-squared Free

2008-06-18 22:24 --------- d-----w C:\Documents and Settings\Familia\Dados de aplicativos\AVG7

2008-06-18 15:37 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\avg7

2008-06-15 18:14 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-06-15 18:13 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2008-06-04 21:12 --------- d---a-w C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-06-03 20:35 7,808 ----a-w C:\WINDOWS\system32\drivers\ntfs64.sys

2008-05-31 22:03 --------- d-----w C:\Arquivos de programas\ONGAME

2008-05-22 23:02 --------- d-----w C:\Arquivos de programas\Messenger Plus! Live

2008-05-15 01:02 --------- d-----w C:\Arquivos de programas\CABAL Online (BRAZIL)

2008-05-15 00:59 --------- d-----w C:\Arquivos de programas\LevelUpGames

2008-05-14 22:34 --------- d-----w C:\Arquivos de programas\ABBYY FineReader 6.0 Sprint

2008-05-14 13:12 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2008-05-13 18:56 --------- d-----w C:\Arquivos de programas\MSBuild

2008-05-13 18:56 --------- d-----w C:\Arquivos de programas\Microsoft Works

2008-05-13 18:53 --------- d-----w C:\Arquivos de programas\Microsoft.NET

2008-05-13 18:45 --------- d-----w C:\Arquivos de programas\Microsoft Visual Studio 8

2008-05-13 16:53 --------- d-----w C:\Arquivos de programas\AVG

2008-05-09 00:05 --------- d-----w C:\Arquivos de programas\Dofus

2008-05-08 00:22 --------- d-----w C:\Arquivos de programas\Tales of Pirates Online

2008-05-03 14:02 --------- d-----w C:\Arquivos de programas\KAIZEN Games

2008-05-02 15:31 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Blizzard Entertainment

2008-04-30 22:19 --------- d-----w C:\Arquivos de programas\K-LiteNitro

2008-04-13 22:21 769,024 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

2008-04-13 22:21 744,448 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe

2008-04-13 22:21 70,144 ----a-w C:\WINDOWS\notepad.exe

2008-04-13 22:21 32,866 ------w C:\WINDOWS\slrundll.exe

2008-04-13 22:21 287,744 ----a-w C:\WINDOWS\winhlp32.exe

2008-04-13 22:21 18,432 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\hscupd.exe

2008-04-13 22:21 171,520 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe

2008-04-13 22:21 150,528 ----a-w C:\WINDOWS\regedit.exe

2008-04-13 22:21 10,752 ----a-w C:\WINDOWS\hh.exe

2008-04-13 22:21 1,035,776 ----a-w C:\WINDOWS\explorer.exe

2008-04-06 21:26 65,536 ----a-w C:\WINDOWS\IFinst27.exe

2007-09-05 14:04 24,192 ----a-w C:\Documents and Settings\Familia\usbsermptxp.sys

2007-09-05 14:04 22,768 ----a-w C:\Documents and Settings\Familia\usbsermpt.sys

2005-04-01 01:17 40,960 ----a-w C:\Arquivos de programas\Uninstall_CDS.exe

2007-06-10 20:21 198,656 --sh--w C:\WINDOWS\system32\scripts.scr

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

REGEDIT4

*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{12EE68D4-4846-45FE-9B1E-4942FB84ACFD}]

2008-06-03 15:29 973312 --a------ c:\WINDOWS\system32\wgapr32.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{97F038AD-4328-4F98-9512-E27D382BBCE1}]

2008-02-24 18:31 822784 --a------ C:\WINDOWS\system32\wgacontrol32.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]

2008-02-14 14:54 1555480 --a------ C:\Arquivos de programas\free-downloads.net\tbfree.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEC9B824-F17F-40A3-9939-DE72B2174351}]

2008-06-03 15:29 973312 --a------ c:\WINDOWS\system32\wgapr32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "C:\Arquivos de programas\free-downloads.net\tbfree.dll" [2008-02-14 14:54 1555480]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= C:\Arquivos de programas\free-downloads.net\tbfree.dll [2008-02-14 14:54 1555480]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 19:20 15360]

"C:\Documents and Settings\All Users\Dados de aplicativos\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe"="C:\Documents and Settings\All Users\Dados de aplicativos\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVG7_CC"="C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe" [2007-07-07 16:29 416256]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 16:14 8491008]

"TkBellExe"="C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2007-06-29 12:58 180269]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2008-05-27 10:50 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 19:20 15360]

"AVG7_Run"="C:\ARQUIV~1\Grisoft\AVG7\avgw.exe" [2007-07-07 16:29 145920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

"this"= C:\Arquivos de programas\NetProject\scit.exe

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Assistente Tecnico Speedy.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^svhost.exe]

backup=C:\WINDOWS\pss\svhost.exeCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Windows Update.exe]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Windows Update.exe

backup=C:\WINDOWS\pss\Windows Update.exeCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Windows32.exe]

[HKLM\~\startupfolder\C:^Documents and Settings^Familia^Menu Iniciar^Programas^Inicializar^Recorte de tela e Iniciador do OneNote 2007.lnk]

path=C:\Documents and Settings\Familia\Menu Iniciar\Programas\Inicializar\Recorte de tela e Iniciador do OneNote 2007.lnk

backup=C:\WINDOWS\pss\Recorte de tela e Iniciador do OneNote 2007.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]

--a------ 2004-06-29 09:06 88363 C:\WINDOWS\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]

--a------ 2008-02-22 08:30 217544 C:\Arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AXIS TONS THE MP3]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]

--a------ 2006-09-28 16:21 57344 C:\Arquivos de programas\SlySoft\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

--a------ 2008-04-13 19:20 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Emurayden PSX Emulator]

--a------ 2006-09-28 16:21 57344 C:\Arquivos de programas\SlySoft\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX5600 Series]

--a------ 2007-01-25 03:00 179200 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

--a------ 2006-10-27 00:47 31016 C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]

--------- 2005-06-10 11:20 1397760 C:\Arquivos de programas\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IniciarPrograma]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2007-03-14 19:05 257088 C:\Arquivos de programas\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]

--------- 2005-05-19 19:38 1957888 C:\Arquivos de programas\Ahead\Nero BackItUp\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NitroPC]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

--a------ 2007-10-04 16:14 8491008 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

--a------ 2007-10-04 16:14 81920 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2007-10-04 16:14 1626112 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\regskind]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

-ra------ 2005-05-17 07:48 77824 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spudscv.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2008-02-22 04:25 144784 C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\svhost]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

--a------ 2007-08-30 18:47 68856 C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

--a------ 2007-06-29 12:58 180269 C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows32]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\\Arquivos de programas\\K-LiteNitro\\giFT\\giFTl.exe"=

"C:\\Arquivos de programas\\iTunes\\iTunes.exe"=

"C:\\Arquivos de programas\\DAP\\DAP.exe"=

"C:\\Arquivos de programas\\Shareaza\\Shareaza.exe"=

"C:\\Level Up! Games\\RF Online\\RF.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\LevelUpGames\\The Duel\\theduel.exe"=

R0 ntfs64;ntfs64;C:\WINDOWS\system32\drivers\ntfs64.sys [2008-06-03 17:35]

S3 motccgp;Motorola USB Composite Device Driver;C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-11-02 13:36]

S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-23 18:03]

S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys [2007-10-10 15:41]

S3 XDva120;XDva120;C:\WINDOWS\system32\XDva120.sys []

.

Conte£do da pasta 'Tarefas Agendadas'

"2008-06-15 18:34:37 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe

"2007-11-30 14:05:06 C:\WINDOWS\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job"

jgarcia · Junho 19, 2008

Opa Rafael Icassati,

Siga as instruções:

1. Abra o Bloco de Notas -> Copie (Control + C) e Cole (Control + V) todo o texto incluído no "Quote":

File::
C:\Arquivos de programas\I-ON Video CD Player 1.01

C:\Arquivos de programas\NetProject\scit.exe

C:\Arquivos de programas\free-downloads.net\tbfree.dll

C:\WINDOWS\Video Cleaner Uninstaller.exe

C:\Documents and Settings\All Users\Dados de aplicativos\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Windows Update.exe

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Windows32.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe

C:\WINDOWS\pchealth\helpctr\binaries\hscupd.exe

C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe

C:\WINDOWS\system32\drivers\sptd.sys

C:\WINDOWS\system32\drivers\ntfs64.sys

C:\WINDOWS\system32\wgapr32.dll

C:\WINDOWS\system32\wgacontrol32.dll

C:\WINDOWS\system32\scripts.scr

C:\WINDOWS\exwd.exe

C:\WINDOWS\neltabxw.exe

C:\WINDOWS\KB13735.ini

C:\WINDOWS\IsUn0416.exe

C:\WINDOWS\hh.exe

C:\WINDOWS\IFinst27.exe

C:\WINDOWS\pss\svhost.exe

Folder::

C:\Arquivos de programas\free-downloads.net

C:\Arquivos de programas\NetProject

C:\Documents and Settings\All Users\Dados de aplicativos\Adsl Software Limited

Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{12EE68D4-4846-45FE-9B1E-4942FB84ACFD}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{97F038AD-4328-4F98-9512-E27D382BBCE1}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEC9B824-F17F-40A3-9939-DE72B2174351}]

[-HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{ECDEE021-0D17-467F-A1FF-C7A115230949}"=-

[-HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

"this"=-

[-HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^svhost.exe]

[-HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Windows Update.exe]

[-HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Windows32.exe]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AXIS TONS THE MP3]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\regskind]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spudscv.exe]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\svhost]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows32]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000000

ATENÇÃO: O script acima foi elaborado especifícamente para a infecção contida neste computador. Utilizá-lo em outra máquina poderá originar graves problemas ao usuário.

2. Salve o arquivo como CFScript.txt;

3. Tal como exemplificado na foto abaixo, arraste o arquivo CFScript.txt para o ComboFix.exe.

4. Ao término do processo a ferramenta irá gerar um log. Poste-o (C:\ComboFix.txt) em sua próxima resposta, juntamente com um novo log do HijackThis.

Abraços.

Rafael Icassati · Junho 19, 2008

pronto

ComboFix 08-06-16.5 - Familia 2008-06-19 11:36:38.4 - NTFSx86

Executando de: C:\Documents and Settings\Familia\Desktop\rafael\ComboFix.exe

Command switches used :: C:\Documents and Settings\Familia\Desktop\CFScript.txt

* Criado um novo ponto de restauro

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::

C:\Arquivos de programas\free-downloads.net\tbfree.dll

C:\Arquivos de programas\I-ON Video CD Player 1.01

C:\Arquivos de programas\NetProject\scit.exe

C:\Documents and Settings\All Users\Dados de aplicativos\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Windows Update.exe

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Windows32.exe

C:\WINDOWS\exwd.exe

C:\WINDOWS\hh.exe

C:\WINDOWS\IFinst27.exe

C:\WINDOWS\IsUn0416.exe

C:\WINDOWS\KB13735.ini

C:\WINDOWS\neltabxw.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe

C:\WINDOWS\pchealth\helpctr\binaries\hscupd.exe

C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe

C:\WINDOWS\pss\svhost.exe

C:\WINDOWS\system32\drivers\ntfs64.sys

C:\WINDOWS\system32\drivers\sptd.sys

C:\WINDOWS\system32\scripts.scr

C:\WINDOWS\system32\wgacontrol32.dll

C:\WINDOWS\system32\wgapr32.dll

C:\WINDOWS\Video Cleaner Uninstaller.exe

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Arquivos de programas\free-downloads.net

C:\Arquivos de programas\free-downloads.net\INSTALL.LOG

C:\Arquivos de programas\free-downloads.net\tbfree.dll

C:\Arquivos de programas\free-downloads.net\toolbar.cfg

C:\Arquivos de programas\free-downloads.net\UNWISE.EXE

C:\WINDOWS\exwd.exe

C:\WINDOWS\hh.exe

C:\WINDOWS\IFinst27.exe

C:\WINDOWS\IsUn0416.exe

C:\WINDOWS\KB13735.ini

C:\WINDOWS\neltabxw.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe

C:\WINDOWS\pchealth\helpctr\binaries\hscupd.exe

C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe

C:\WINDOWS\system32\drivers\ntfs64.sys

C:\WINDOWS\system32\drivers\sptd.sys

C:\WINDOWS\system32\scripts.scr

C:\WINDOWS\system32\wgacontrol32.dll

C:\WINDOWS\system32\wgapr32.dll

C:\WINDOWS\Video Cleaner Uninstaller.exe

.

---- Previous Run -------