[Resolvido!]I E lento, analizem meu log

avapor · Junho 18, 2007

ola pessoal,venho novamente a este forum pedir ajuda,meu internet explorer ta lentissimo,e nao consigo enviar emails por ele ,so pelo opera,segue log e desde ja obrigado

Logfile of HijackThis v1.99.1

Scan saved at 14:46:50, on 18/6/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\AOL\Active Virus Shield\avp.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\AOL\Active Virus Shield\avp.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)

O2 - BHO: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O3 - Toolbar: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [aol] "C:\Arquivos de programas\AOL\Active Virus Shield\avp.exe"

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - Startup: Dora Fairytale Adventures Registration.lnk = E:\ATR1.exe

O8 - Extra context menu item: Download All by FlashGet - C:\Arquivos de programas\FlashGet\jc_all.htm

O8 - Extra context menu item: Download using FlashGet - C:\Arquivos de programas\FlashGet\jc_link.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARQUIV~1\FlashGet\flashget.exe (file missing)

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARQUIV~1\FlashGet\flashget.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O11 - Options group: [iNTERNATIONAL] International*

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{937B7480-FBF6-4397-901E-CBAB329E2852}: NameServer = 200.204.0.10

O17 - HKLM\System\CCS\Services\Tcpip\..\{EDBD5ABB-B0F2-4289-A3A9-15DD67703B71}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Arquivos de programas\AOL\Active Virus Shield\avp.exe" -r (file missing)

O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Arquivos de programas\iolo\System Mechanic Professional 6\IoloSGCtrl.exe (file missing)

O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Arquivos de programas\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe (file missing)

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Unknown owner - C:\Arquivos de programas\WinClamAVShield\sp_clamsrv.exe (file missing)

:!:

jgarcia · Junho 20, 2007

Opa avapor,

Execute o Active Scan da Panda e retorne com o resultado.

Abraços.

avapor · Junho 21, 2007

ola garcia,ja tentei executar 2 vezes o Active Scan da Panda,mais ele ,no meio do processo,trava.antes de travar ele acusa 1 virus,41 spywares e 1 rotkits,so pode ser bug,41 spywares,nossa senhora.Vou tentar de novo,mais se você tiver outra soluçao posta ai e obrigado por mais uma vez me atender,abraços

jgarcia · Junho 21, 2007

Opa avapor,

Baixe o ComboFix em:

ComboFix

1) Dê um duplo-clique no combofix.exe e tecle "Y" para prosseguir. O processo vai durar, em média, 10 minutos;

2) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado;

3) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt;

4) Não clique na janela do ComboFix, nem feche clicando no X, enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco);

5) Para parar ou sair do ComboFix, tecle "N";

6) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta.

Abraços.

avapor · Junho 21, 2007

Boa noite Garcia,mais uma vez obrigado por me atender,como sempre,abaixo log do combo fix.

ComboFix 07-06-18.2 - C:\Documents and Settings\Fabricio\Desktop\ComboFix.exe

"Fabricio" - 2007-06-21 19:49:41 - Service Pack 2 NTFS

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\dialerexe.ini

C:\WINDOWS\system32\msxml3a.dll

((((((((((((((((((((((((( Files Created from 2007-05-21 to 2007-06-21 )))))))))))))))))))))))))))))))

2007-06-21 19:49 49,152 --a------ C:\WINDOWS\nircmd.exe

2007-06-21 08:14 <DIR> d-------- C:\Arquivos de programas\Norton AntiVirus

2007-06-21 08:13 48,824 --a------ C:\WINDOWS\system32\S32EVNT1.DLL

2007-06-21 08:13 108,728 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS

2007-06-21 08:13 <DIR> d-------- C:\Arquivos de programas\Symantec

2007-06-21 07:46 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Symantec

2007-06-21 07:45 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Symantec Shared

2007-06-20 20:25 <DIR> d-------- C:\WINDOWS\system32\ActiveScan

2007-06-19 18:54 <DIR> d-------- C:\Arquivos de programas\EA SPORTS

2007-06-18 13:09 <DIR> d-------- C:\Arquivos de programas\Plate 'n' Sheet Professional

2007-06-17 09:28 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll

2007-06-17 09:19 <DIR> d-------- C:\Arquivos de programas\Microsoft Works

2007-06-17 09:18 <DIR> d-------- C:\Arquivos de programas\MSBuild

2007-06-17 09:12 <DIR> d-------- C:\Arquivos de programas\Microsoft.NET

2007-06-17 08:58 <DIR> d-------- C:\Arquivos de programas\Microsoft Visual Studio 8

2007-06-17 08:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Microsoft Help

2007-06-17 08:50 <DIR> dr-h----- C:\MSOCache

2007-06-16 17:31 <DIR> d-------- C:\DOCUME~1\Fabricio\DADOSD~1\Ahead

2007-06-16 17:30 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Ahead

2007-06-16 17:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Nero

2007-06-16 17:20 <DIR> d-------- C:\Arquivos de programas\Nero

2007-06-16 17:20 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Ahead

2007-06-13 09:39 <DIR> d-------- C:\Arquivos de programas\eMule

2007-06-09 21:22 <DIR> d-------- C:\DOCUME~1\Fabricio\DADOSD~1\uTorrent

2007-06-09 15:16 <DIR> d-------- C:\DOCUME~1\Fabricio\DADOSD~1\WNR

2007-06-09 13:02 11,272,192 --a------ C:\DOCUME~1\Fabricio\ntuser.dat

2007-06-08 09:14 <DIR> d-------- C:\DOCUME~1\Fabricio\DADOSD~1\Disney Interactive Studios

2007-06-08 09:05 <DIR> d-------- C:\DOCUME~1\Fabricio\DADOSD~1\InstallShield

2007-06-08 09:05 <DIR> d-------- C:\Arquivos de programas\Disney Interactive Studios

2007-06-03 11:36 <DIR> d-------- C:\WINDOWS\Performance

2007-06-03 11:36 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Microsoft Corporation

2007-06-01 08:28 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll

2007-06-01 08:12 <DIR> d-------- C:\UT2004

2007-05-27 18:47 <DIR> d-------- C:\Arquivos de programas\Virtual Villagers 2

2007-05-27 18:35 <DIR> d-------- C:\Arquivos de programas\Virtual Villagers

2007-05-27 18:35 <DIR> d-------- C:\Arquivos de programas\ReflexiveArcade

2007-05-25 19:28 <DIR> d-------- C:\Arquivos de programas\The All-Seeing Eye

2007-05-25 18:52 <DIR> d-------- C:\Arquivos de programas\Mplayer

2007-05-25 18:48 <DIR> d-------- C:\Arquivos de programas\Quake III Arena

2007-05-23 19:00 <DIR> d-------- C:\WINDOWS\wb

2007-05-23 13:41 <DIR> d-------- C:\Arquivos de programas\directx

2007-05-23 13:35 <DIR> d-------- C:\UnrealTournament

2007-05-23 07:30 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll

2007-05-23 07:30 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll

2007-05-23 07:30 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll

2007-05-23 07:30 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll

2007-05-23 07:30 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll

2007-05-23 07:30 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll

2007-05-23 07:30 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll

2007-05-23 07:30 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll

2007-05-23 07:30 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-21 20:16:50 -------- d-----w C:\DOCUME~1\Fabricio\DADOSD~1\Azureus

2007-06-21 09:24:52 -------- d-----w C:\Arquivos de programas\TuneUp Utilities 2007

2007-06-21 09:22:26 -------- d-----w C:\Arquivos de programas\MSN Messenger

2007-06-21 09:19:42 -------- d-----w C:\Arquivos de programas\MegauploadToolbar

2007-06-20 03:14:46 -------- d-----w C:\Arquivos de programas\Azureus

2007-06-18 19:01:35 -------- d-----w C:\Arquivos de programas\PROfirst_V2

2007-06-18 16:09:10 286,720 ------w C:\WINDOWS\Setup1.exe

2007-06-18 16:09:03 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE

2007-06-16 20:14:25 -------- d-----w C:\Arquivos de programas\Ahead

2007-06-15 21:31:07 -------- d-----w C:\Arquivos de programas\Joost

2007-06-13 12:47:48 -------- d-----w C:\DOCUME~1\Fabricio\DADOSD~1\MegauploadToolbar

2007-06-08 12:10:50 -------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2007-06-03 14:31:30 -------- d-----w C:\Arquivos de programas\Arquivos comuns\Autodesk Shared

2007-05-26 17:54:30 -------- d-----w C:\DOCUME~1\Fabricio\DADOSD~1\combustion4

2007-05-21 14:50:03 -------- d-----w C:\Arquivos de programas\UltraISO

2007-05-20 12:05:04 -------- d-----w C:\Arquivos de programas\Ubisoft

2007-05-17 23:49:59 -------- d-----w C:\DOCUME~1\Fabricio\DADOSD~1\Joost

2007-05-16 21:19:52 133,168 ----a-w C:\WINDOWS\system32\drivers\imagesrv.sys

2007-05-16 21:19:50 11,568 ----a-w C:\WINDOWS\system32\drivers\imagedrv.sys

2007-05-16 12:42:22 972,336 ----a-w C:\WINDOWS\UNNeroMediaHome.exe

2007-05-15 12:45:14 972,336 ----a-w C:\WINDOWS\UNNeroVision.exe

2007-05-15 11:59:15 -------- d-----w C:\DOCUME~1\Fabricio\DADOSD~1\GetRightToGo

2007-05-13 12:58:29 -------- d-----w C:\Arquivos de programas\WinMPG Video Convert

2007-05-12 17:39:40 -------- d-----w C:\Arquivos de programas\WinAVI Video Converter

2007-05-12 15:37:23 86,016 ------w C:\WINDOWS\system32\pxwma.dll

2007-05-12 15:37:23 17,136 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys

2007-05-12 12:38:27 -------- d-----w C:\DOCUME~1\Fabricio\DADOSD~1\Sega

2007-05-10 14:21:59 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

2007-05-06 23:58:49 218,112 ----a-w C:\HijackThis.exe

2007-05-04 21:25:54 53 ----a-w C:\Pos.sys

2007-04-30 15:13:35 -------- d-----w C:\Arquivos de programas\MegaDown

2007-04-29 21:10:58 -------- d-----w C:\Arquivos de programas\Google

2007-04-29 14:07:07 -------- d-----w C:\Arquivos de programas\CyberLink DVD Solution

2007-04-29 14:07:01 -------- d-----w C:\Arquivos de programas\Morgan

2007-04-29 14:06:54 -------- d-----w C:\Arquivos de programas\vso

2007-04-29 01:30:00 -------- d-----w C:\DOCUME~1\Fabricio\DADOSD~1\Vso

2007-04-27 16:20:14 -------- d-----w C:\DOCUME~1\Fabricio\DADOSD~1\Leadertech

2007-04-23 19:42:50 972,336 ----a-w C:\WINDOWS\UNRecode.exe

2007-04-18 02:16:20 13 ----a-w C:\WINDOWS\popcinfo.dat

2007-04-15 02:17:41 218,112 ----a-w C:\Arquivos de programas\HijackThis.exe

2007-04-09 02:26:26 8,375 ----a-w C:\WINDOWS\system32\cjtdwfbe.dat

2007-04-09 02:26:10 1,396 ----a-w C:\WINDOWS\system32\cjtdwfbe_navps.dat

2007-04-07 00:37:24 45,056 ----a-w C:\WINDOWS\NCUNINST.EXE

2007-04-03 21:44:02 241,066 ----a-w C:\WINDOWS\system32\cjtdwfbe_nav.dat

2007-03-25 21:04:19 0 ----a-w C:\WINDOWS\nsreg.dat

2007-03-23 00:05:00 520,192 ------w C:\WINDOWS\system32\ati2sgag.exe

2007-03-21 00:22:04 972,336 ----a-w C:\WINDOWS\UNNeroBackItUp.exe

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 10:28]

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-03-02 11:02]

{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}=C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL [2006-10-31 03:55]

{72853161-30C5-4D22-B7F9-0BBC1D38A37E}=C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 00:48]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VTTimer"="VTTimer.exe" [2005-03-07 16:33 C:\WINDOWS\system32\VTTimer.exe]

"VTTrayp"="VTtrayp.exe" [2005-03-11 06:33 C:\WINDOWS\system32\VTTrayp.exe]

"SoundMan"="SOUNDMAN.EXE" [2005-05-17 07:48 C:\WINDOWS\SOUNDMAN.EXE]

"TkBellExe"="C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2007-02-24 17:07]

"RemoteControl"="C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 20:24]

"NeroFilterCheck"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57]

"GrooveMonitor"="C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47]

"ccApp"="C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe" [2006-09-02 23:04]

"osCheck"="C:\Arquivos de programas\Norton AntiVirus\osCheck.exe" [2006-09-05 17:22]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 09:27]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"LinkResolveIgnoreLinkInfo"=0 (0x0)

"NoResolveSearch"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"LinkResolveIgnoreLinkInfo"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL" [2006-10-27 00:48]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^InterVideo WinCinema Manager.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\InterVideo WinCinema Manager.lnk

backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^JVM0.exe]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\JVM0.exe

backup=C:\WINDOWS\pss\JVM0.exeCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JVM0]

C:\WINDOWS\system32\JVM0.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

"C:\Arquivos de programas\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

"C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]

sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSystemAnalyzer]

C:\Arquivos de programas\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"wuauserv"=2 (0x2)

"wscsvc"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"MsnMsgr"="C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"TkBellExe"="C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - netsvcs

UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe4309ee-be0e-11db-b5fc-000fea2cf8a1}]

AutoRun\command- E:\CDIntro.exe

Contents of the 'Scheduled Tasks' folder

2007-06-15 20:17:53 C:\WINDOWS\tasks\1-Click Maintenance.job

2007-06-21 11:24:46 C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Fabricio.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-06-21 19:53:34

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

Completion time: 2007-06-21 19:55:05

C:\ComboFix-quarantined-files.txt ... 2007-06-21 19:54

--- E O F ---

ele tambem gerou esse arquivo de quarentena e você nao pediu Garcia,mais vou postar logo abaixo novo log do hijack this

2003-03-18 15:02	  24576	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\msxml3a.dll.vir2006-12-02 09:07	  755	--a------	C:\Qoobox\Quarantine\C\WINDOWS\dialerexe.ini.virListagem de caminhos de pastaO n£mero de s‚rie do volume ‚ 3078-9DD3C:\QOOBOX\---Quarantine	+---C	|   \---WINDOWS	|	   |   dialerexe.ini.vir	|	   |   	|	   \---system32	|			   msxml3a.dll.vir	|			   	\---Registry_backups

Logfile of HijackThis v1.99.1

Scan saved at 20:07:56, on 21/6/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\AppCore\AppSvc32.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\WINDOWS\system32\wuauclt.exe