[Resolvido!]Checagem de log

[Quintas 0]

Log abaixo:

 

Logfile of HijackThis v1.99.1

Scan saved at 18:59:11, on 9/7/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\BitComet\BitComet.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\Program Files\FlashGet\flashget.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Veio\Desktop\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A

O4 - HKLM\..\Run: [LVCOMS] C:\WINDOWS\system32\LVCOMS.EXE

O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\kefctyhd.dll",forkonce

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [bitComet] "C:\Program Files\BitComet\BitComet.exe" /tray

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1174058076319

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1174062100076

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\msvcrtd.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

 

 

 

obrigado :D

[jgarcia 1]

Opa Quintas,

 

Vamos lá.

 

* Baixe o VundoFix.

 

* Dê duplo-clique sobre VundoFix.exe para iniciá-lo;

 

* Quando o VundoFix abrir clique em Scan for Vundo. Aguarde o término do scan que pode demorar algum tempo. Seja paciente;

 

* Terminado o scan clique em Remove Vundo;

 

* Você receberá um alerta perguntando se deseja remover os arquivos. Clique em YES. O seu desktop irá apagar (isto é normal);

 

* Para completar o scan será necessário reinicializar a máquina. Clique em OK;

 

* Favor postar o log do VundoFix (C:\vundofix.txt) em sua próxima resposta, juntamente com um novo do HijackThis.

 

Abraços.

[Quintas 0]

Log do vundofix:

 

 

VundoFix V6.5.4

 

Checking Java version...

 

Scan started at 19:42:17 10/7/2007

 

Listing files found while scanning....

 

C:\windows\system32\dhytcfek.ini

C:\windows\system32\eoypuins.ini

C:\windows\system32\eshjtlxo.ini

C:\windows\system32\hgghige.dll

C:\WINDOWS\system32\hjkkj.bak1

C:\WINDOWS\system32\hjkkj.bak2

C:\WINDOWS\system32\hjkkj.ini

C:\windows\system32\iwcouarw.dll

C:\windows\system32\jeidscgw.dll

C:\WINDOWS\system32\jkkjh.dll

C:\WINDOWS\system32\kefctyhd.dll

C:\WINDOWS\system32\okkyvnpq.dll

C:\windows\system32\oxltjhse.dll

C:\windows\system32\sniupyoe.dll

C:\windows\system32\vnlnvvly.dll

C:\windows\system32\wgcsdiej.ini

C:\windows\system32\wrauocwi.ini

C:\windows\system32\xiwecygp.dll

C:\windows\system32\ylvvnlnv.ini

 

Beginning removal...

 

Attempting to delete C:\windows\system32\dhytcfek.ini

C:\windows\system32\dhytcfek.ini Has been deleted!

 

Attempting to delete C:\windows\system32\eoypuins.ini

C:\windows\system32\eoypuins.ini Has been deleted!

 

Attempting to delete C:\windows\system32\eshjtlxo.ini

C:\windows\system32\eshjtlxo.ini Has been deleted!

 

Attempting to delete C:\windows\system32\hgghige.dll

C:\windows\system32\hgghige.dll Could not be deleted.

 

Attempting to delete C:\WINDOWS\system32\hjkkj.bak1

C:\WINDOWS\system32\hjkkj.bak1 Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\hjkkj.bak2

C:\WINDOWS\system32\hjkkj.bak2 Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\hjkkj.ini

C:\WINDOWS\system32\hjkkj.ini Has been deleted!

 

Attempting to delete C:\windows\system32\iwcouarw.dll

C:\windows\system32\iwcouarw.dll Has been deleted!

 

Attempting to delete C:\windows\system32\jeidscgw.dll

C:\windows\system32\jeidscgw.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\jkkjh.dll

C:\WINDOWS\system32\jkkjh.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\kefctyhd.dll

C:\WINDOWS\system32\kefctyhd.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\okkyvnpq.dll

C:\WINDOWS\system32\okkyvnpq.dll Has been deleted!

 

Attempting to delete C:\windows\system32\oxltjhse.dll

C:\windows\system32\oxltjhse.dll Has been deleted!

 

Attempting to delete C:\windows\system32\sniupyoe.dll

C:\windows\system32\sniupyoe.dll Has been deleted!

 

Attempting to delete C:\windows\system32\vnlnvvly.dll

C:\windows\system32\vnlnvvly.dll Has been deleted!

 

Attempting to delete C:\windows\system32\wgcsdiej.ini

C:\windows\system32\wgcsdiej.ini Has been deleted!

 

Attempting to delete C:\windows\system32\wrauocwi.ini

C:\windows\system32\wrauocwi.ini Has been deleted!

 

Attempting to delete C:\windows\system32\xiwecygp.dll

C:\windows\system32\xiwecygp.dll Has been deleted!

 

Attempting to delete C:\windows\system32\ylvvnlnv.ini

C:\windows\system32\ylvvnlnv.ini Has been deleted!

 

Performing Repairs to the registry.

Done!

 

Beginning removal...

 

Attempting to delete C:\windows\system32\hgghige.dll

C:\windows\system32\hgghige.dll Has been deleted!

 

Performing Repairs to the registry.

Done!

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

Log do hijackthis:

 

Logfile of HijackThis v1.99.1

Scan saved at 19:51:43, on 10/7/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\BitComet\BitComet.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Veio\Desktop\HijackThis.exe

C:\Program Files\MSN Messenger\usnsvc.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - (no file)

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.6.14.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {A3C9194B-E81B-40EF-88A1-E8FE1CCDB4EE} - C:\WINDOWS\system32\jkkjh.dll (file missing)

O2 - BHO: (no name) - {A6807262-1D7A-44AB-947B-23B71E97915C} - C:\WINDOWS\system32\hgghige.dll (file missing)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)

O2 - BHO: (no name) - {E05C7083-03C1-4250-BF70-4FB56B1A8E46} - (no file)

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A

O4 - HKLM\..\Run: [LVCOMS] C:\WINDOWS\system32\LVCOMS.EXE

O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\kefctyhd.dll",forkonce

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [bitComet] "C:\Program Files\BitComet\BitComet.exe" /tray

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1174058076319

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1174062100076

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: hgghige - C:\WINDOWS\

O20 - Winlogon Notify: jkkjh - C:\WINDOWS\

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\msvcrtd.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

 

abraços :D

[Quintas 0]

ah, meu avast, nos ultimos dias ele tem escaneado um monte de e-mails "supostamente" enviados por mim, isso tem diminuido muito a velo do meu pc e da net.acho que o nome do virus ou algo do tipo é icq.com e é causado pelo arquivo C:\WINDOWS\system32\kefctyhd.dllse eu não me engano xDo vundo fix achou esse arquivo e deletou ele, só que depois de algumas horas eu passei o vundo fix novamente e lá estava o arquivo denovo, deletei novamente ontem anoite e hoje de manhã o arquivo estava lá denovo...você tem alguma dica para esse problema? :Dvlw

[jgarcia 1]

Opa Quintas,

 

Vamos lá.

 

Habilite o Windows para mostrar todos os arquivos (até ocultos).

 

1ª Etapa

 

Baixe o Killbox em:

Killbox

 

Baixe, mas não execute ainda.

 

2ª Etapa

 

Faça o seguinte:

 

Vá em Iniciar -->Executar --> digite services.msc e dê OK.

 

Procure o serviço Microsoft security update service.

 

Dê um clique direito nele e vá para Propriedades.

 

Clique em Parar e modifique o Tipo de Inicialização para Desativado.

 

1. Execute o Killbox, clique em Delete on Reboot.

 

2. Copie a lista abaixo em negrito para a área de transferência. Selecione tudo com o auxílio do mouse --> vá até a aba Editar na barra do navegador --> clique em Copiar.

 

C:\WINDOWS\system32\jkkjh.dll

C:\WINDOWS\system32\hgghige.dll

C:\WINDOWS\system32\kefctyhd.dll

c:\windows\system32\msvcrtd.exe

 

3. Retorne ao Killbox. Clique em File > Paste from clipboard. Clique em All Files.

 

4. Aperte em "X". Responda "não" à pergunta.

 

É prudente que você faça a impressão deste documento ou salve-o em um lugar de fácil acesso, pois na próxima etapa entraremos em Modo de Seguro e a conexão à internet não será possível.

 

3ª Etapa

 

Reinicie o computador em Modo Seguro (ao reiniciar aperte a tecla F8 repetidamente até que apareça uma tela preta em DOS e escolha a opção Modo Seguro).

 

Execute o HijackThis, clique em Open the Misc Tools section.

 

Clique em Delete an NT service.

 

Coloque:

 

Microsoft security update service

 

Elimine o serviço.

 

Execute o HijackThis novamente, clique em Do a system scan only e marque:

O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - (no file)

O2 - BHO: (no name) - {A3C9194B-E81B-40EF-88A1-E8FE1CCDB4EE} - C:\WINDOWS\system32\jkkjh.dll (file missing)

O2 - BHO: (no name) - {A6807262-1D7A-44AB-947B-23B71E97915C} - C:\WINDOWS\system32\hgghige.dll (file missing)

O2 - BHO: (no name) - {E05C7083-03C1-4250-BF70-4FB56B1A8E46} - (no file)

O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\kefctyhd.dll",forkonce

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O11 - Options group: [iNTERNATIONAL] International*

O20 - Winlogon Notify: hgghige - C:\WINDOWS\

O20 - Winlogon Notify: jkkjh - C:\WINDOWS\

O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\msvcrtd.exe

Clique em Fix Checked.

 

4ª Etapa

 

Reinicie em Modo Normal.

 

Delete o conteúdo da pasta C:\!Killbox.

 

Poste um novo log do HijackThis.

 

Aguardo retorno.

 

Um abraço.

[Quintas 0]

é.... sei que parece meio estranho, mas por algum motivo meu pc não entra em modo de segurança, a ultima vez que tentei ele carregou os arquivos certinhos mas quando foi carregar o desktop apareceu uma tela azul com várias coisas escritas e o pc reiniciou... agora a pouco tentei entrar em modo de segurança denovo e ele simplesmente inicia o pc em modo normal... >.<

[jgarcia 1]

é.... sei que parece meio estranho, mas por algum motivo meu pc não entra em modo de segurança, a ultima vez que tentei ele carregou os arquivos certinhos mas quando foi carregar o desktop apareceu uma tela azul com várias coisas escritas e o pc reiniciou... agora a pouco tentei entrar em modo de segurança denovo e ele simplesmente inicia o pc em modo normal... >.<

Quando a tela azul aparecer você deve escolher a opção que se refere ao HD (NÚMEROS). Quando o PC sair desta tela clique na tecla F8 novamente até que apareça a tela preta, onde há várias opções, dentre as quais, a reinicialização em Modo Seguro.

[Quintas 0]

é, eu sei disso, o meu problema é que, eu seleciono modo de segurança, ele carrega, ele começa a iniciar, aparece escrito "modo de segurança" ou algo do tipo nos cantos das telas e ai aparece uma tela azul, de erro, cheia de coisa escrita por 1 segundo e o pc reinicia, depois disso, quando entro em modo normal ele avisa que um erro crítico ocorreu.... >.<

[jgarcia 1]

é, eu sei disso, o meu problema é que, eu seleciono modo de segurança, ele carrega, ele começa a iniciar, aparece escrito "modo de segurança" ou algo do tipo nos cantos das telas e ai aparece uma tela azul, de erro, cheia de coisa escrita por 1 segundo e o pc reinicia, depois disso, quando entro em modo normal ele avisa que um erro crítico ocorreu.... >.<

Execute as ações em Modo Normal. ;)

[Quintas 0]

hehe xD

desculpa o transtorno ai

 

o log:

(quando fui deletar o Microsoft security update service ele disse que não achou o serviço no arquivo...

também não achei o "O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\msvcrtd.exe" no hijackthis)

 

Logfile of HijackThis v1.99.1

Scan saved at 22:00:49, on 13/7/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\BitComet\BitComet.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Veio\Desktop\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.6.14.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A

O4 - HKLM\..\Run: [LVCOMS] C:\WINDOWS\system32\LVCOMS.EXE

O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [bitComet] "C:\Program Files\BitComet\BitComet.exe" /tray

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1174058076319

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1174062100076

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

[jgarcia 1]

Opa Quintas,

 

O seu log está LIMPO. :thumbsup:

 

Para finalizar:

 

1. Desabilite e Reabilite a função de Restauração Automática do XP. Clique aqui para ver como;

 

2. Leia o artigo Cuidados ao navegar na net e saiba como evitar novas infecções.

 

Abraços.

[Quintas 0]

Brigadão pelo apoio cara, valeu mesmo!! :D

[jgarcia 1]

Tópico reaberto a pedido do autor. (jgarcia)

[Quintas 0]

meu computador ainda está com um negócio estranho, o avast fica dizendo que eu estou enviando e-mails e fica escaneando eles, eu não gostaria de parar os escaneamentos e se estou enviando e-mails "spam" também gostaria de parar isso, além do meu pc ficar lento por causa disso...

 

imagem da proteção resdente do avast:

 

 

 

log do hijack:

 

Logfile of HijackThis v1.99.1

Scan saved at 18:42:39, on 19/7/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\BitComet\BitComet.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\Documents and Settings\Veio\Desktop\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.6.14.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A

O4 - HKLM\..\Run: [LVCOMS] C:\WINDOWS\system32\LVCOMS.EXE

O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [bitComet] "C:\Program Files\BitComet\BitComet.exe" /tray

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1174058076319

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1174062100076

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

 

 

 

o que eu preciso fazer? o.o

[jgarcia 1]

Opa Quintas,

 

Baixe o ComboFix em:

ComboFix

 

1) Dê um duplo-clique no combofix.exe e tecle "Y" para prosseguir. O processo vai durar, em média, 10 minutos;

2) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção);

3) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt;

4) Não clique na janela do ComboFix, nem feche clicando no X, enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco);

5) Para parar ou sair do ComboFix, tecle "N";

6) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta.

 

Abraços.

[Quintas 0]

ai vai xD

 

 

"Veio" - 2007-07-21 12:08:54 - ComboFix 07-07-17.8 - Service Pack 2 NTFS

 

 

(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\WINDOWS\system32\bgewlvlg.exe

C:\WINDOWS\system32\dytnfbqk.exe

C:\WINDOWS\system32\vijhgvgg.exe

C:\WINDOWS\system32\qdwkjrfw.dll

 

 

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

 

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\WINDOWS\system32\xpdx.sys

 

 

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

-------\LEGACY_RUNTIME

-------\xpdx

 

 

((((((((((((((((((((((((( Files Created from 2007-06-21 to 2007-07-21 )))))))))))))))))))))))))))))))

 

 

2007-07-21 12:07 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-07-18 06:48 <DIR> d-------- C:\!KillBox

2007-07-16 22:04 5,386,240 --a------ C:\DOCUME~1\Veio\ntuser.dat

2007-07-13 14:46 <DIR> d-------- C:\Team17

2007-07-13 14:38 <DIR> d-------- C:\DOCUME~1\Veio\APPLIC~1\Ahead

2007-07-10 21:29 35,840 --a------ C:\WINDOWS\system32\2922812ld.exe

2007-07-10 19:42 <DIR> d-------- C:\VundoFix Backups

2007-07-09 19:45 <DIR> d-------- C:\LinhaDefensiva

2007-07-09 17:52 <DIR> d-------- C:\Program Files\Common Files\Skype

2007-07-09 17:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype

2007-07-04 10:03 35,840 --a------ C:\WINDOWS\system32\3226562ld.exe

2007-07-03 10:14 <DIR> d-------- C:\DOCUME~1\Veio\APPLIC~1\Help

2007-07-02 10:43 35,840 --a------ C:\WINDOWS\system32\4338282ld.exe

2007-06-30 12:22 <DIR> d-------- C:\Program Files\uTorrent

2007-06-30 01:13 95,872 --a------ C:\WINDOWS\system32\AvastSS.scr

2007-06-30 01:13 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

2007-06-30 01:13 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

2007-06-30 01:13 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

2007-06-30 01:12 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

2007-06-30 01:12 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

2007-06-30 01:12 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe

2007-06-29 10:35 <DIR> d-------- C:\DOCUME~1\Veio\APPLIC~1\Tibia

2007-06-27 23:18 <DIR> d-------- C:\DOCUME~1\Veio\APPLIC~1\uTorrent

2007-06-26 16:45 <DIR> d-------- C:\Program Files\Valve

2007-06-25 11:03 <DIR> d-------- C:\DOCUME~1\Veio\APPLIC~1\Hamachi

2007-06-25 10:45 25,544 --a------ C:\WINDOWS\system32\drivers\hamachi.sys

2007-06-25 10:45 <DIR> d-------- C:\Program Files\Hamachi

2007-06-22 09:17 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-07-20 17:04:02 2,560 ----a-w C:\WINDOWS\system32\BitCometRes.dll

2007-07-20 17:03:42 -------- d-----w C:\Program Files\BitComet

2007-07-16 17:08:32 -------- d-----w C:\Program Files\EA Games

2007-07-15 21:31:43 -------- d-----w C:\Program Files\eMule

2007-07-11 23:21:22 -------- d-----w C:\Program Files\FlashGet

2007-07-09 20:55:55 -------- d--h--w C:\Program Files\InstallShield Installation Information

2007-07-09 20:53:25 -------- d-----w C:\Program Files\Bleach Online 2

2007-07-08 15:05:20 -------- d-----w C:\Program Files\Skype

2007-07-08 15:04:12 -------- d-----w C:\Program Files\Logitech

2007-07-05 14:12:37 -------- d-----w C:\Program Files\Common Files\InstallShield

2007-07-03 21:33:06 43,280 ----a-w C:\DOCUME~1\Veio\APPLIC~1\GDIPFONTCACHEV1.DAT

2007-07-03 13:10:03 -------- d-----w C:\Program Files\Winamp

2007-07-01 16:56:11 -------- d-----w C:\Program Files\First Star Online 2

2007-06-30 15:22:23 -------- d-----w C:\Program Files\Tibia

2007-06-17 18:30:13 -------- d-----w C:\Program Files\Heroes of Might and Magic III Complete

2007-06-15 01:34:58 -------- d-----w C:\Program Files\Canon

2007-06-15 01:33:45 -------- d-----w C:\Program Files\Ulead Systems

2007-06-15 01:01:41 2,272 ----a-w C:\WINDOWS\system32\w95inf16.dll

2007-06-15 01:01:40 4,608 ----a-w C:\WINDOWS\system32\w95inf32.dll

2007-06-15 01:00:23 -------- d-----w C:\Program Files\Common Files\Logitech

2007-06-11 01:23:19 -------- d-----w C:\Program Files\Dofus

2007-06-11 01:20:04 -------- d-----w C:\Program Files\SoMX_093_full_5

2007-06-10 23:07:17 -------- d-----w C:\Program Files\Graal

2007-06-06 01:20:57 -------- d-----w C:\Program Files\BitComet Accelerator

2007-06-04 04:16:45 -------- d-----w C:\Program Files\LevelUpGames

2007-05-27 04:48:08 -------- d-----w C:\Program Files\BlueByte

2007-05-27 04:47:28 -------- d-----w C:\DOCUME~1\Veio\APPLIC~1\InterTrust

2007-05-27 03:35:12 -------- d-----w C:\DOCUME~1\Veio\APPLIC~1\DivX

2007-05-26 14:11:02 -------- d-----w C:\Program Files\DivX

2007-05-25 14:05:36 -------- d-----w C:\Program Files\MSXML 4.0

2007-05-22 14:54:29 -------- d-----w C:\Program Files\Alwil Software

2007-05-21 04:40:28 -------- d-----w C:\Program Files\Heroes of First Star PC

2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll

2007-05-12 18:21:46 671 ----a-w C:\WINDOWS\mozver.dat

2007-05-11 17:54:15 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe

2007-05-11 04:37:15 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll

2007-05-11 04:37:15 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll

2007-05-11 04:37:15 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll

2007-05-11 04:37:15 740,442 ----a-w C:\WINDOWS\system32\DivX.dll

2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll

2007-04-23 00:15:29 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll

2007-04-23 00:15:24 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe

2007-04-23 00:15:24 116,472 ------w C:\WINDOWS\system32\pxcpyi64.exe

2007-04-23 00:15:18 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll

2007-04-23 00:15:18 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll

2007-04-23 00:02:34 73,728 ----a-w C:\WINDOWS\system32\dpl100.dll

2007-04-23 00:02:34 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll

2007-04-23 00:02:33 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll

2007-04-23 00:02:31 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll

2007-04-23 00:02:31 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll

2007-04-23 00:02:31 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll

2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll

2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll

2007-04-23 00:01:47 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll

2007-04-23 00:01:46 124,472 ----a-w C:\WINDOWS\system32\DivXCodecUpdateChecker.exe

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

2001-04-16 16:39 37808 --------- C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]

2007-03-12 17:02 751144 --a------ C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]

2007-05-16 06:03 94308 --a------ C:\Program Files\FlashGet\jccatch.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]

2007-07-04 13:28 513336 --a------ C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

2005-05-31 03:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

2006-08-31 20:33 322368 --a------ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

c:\program files\google\googletoolbar2.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]

2007-05-16 02:05 163840 --a------ C:\Program Files\FlashGet\getflash.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 20:20]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-04-21 18:38]

"PE2CKFNT SE"="C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe" [1998-07-03 12:51]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 12:42]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]

"BitComet"="C:\Program Files\BitComet\BitComet.exe" [2007-07-19 04:28]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:56]

 

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Photo Express Calendar Checker SE.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Photo Express Calendar Checker SE.lnk

backup=C:\WINDOWS\pss\Photo Express Calendar Checker SE.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Reality Fusion GameCam SE.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Reality Fusion GameCam SE.lnk

backup=C:\WINDOWS\pss\Reality Fusion GameCam SE.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

"C:\Program Files\iTunes\iTunesHelper.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"iPod Service"=3 (0x3)

"gusvc"=3 (0x3)

 

 

Contents of the 'Scheduled Tasks' folder

2007-07-21 14:49:16 C:\WINDOWS\tasks\MP Scheduled Scan.job

 

**************************************************************************

 

catchme 0.3.1040 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-07-21 12:12:59

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden registry entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

Completion time: 2007-07-21 12:15:01 - machine was rebooted

C:\ComboFix-quarantined-files.txt ... 2007-07-21 12:14

 

--- E O F ---

[jgarcia 1]

Opa Quintas,

 

Vamos lá.

 

1ª Etapa

 

1. Execute o Killbox, clique em Delete on Reboot.

 

2. Copie a lista abaixo em negrito para a área de transferência. Selecione tudo com o auxílio do mouse --> vá até a aba Editar na barra do navegador --> clique em Copiar.

 

C:\WINDOWS\system32\bgewlvlg.exe

C:\WINDOWS\system32\dytnfbqk.exe

C:\WINDOWS\system32\vijhgvgg.exe

C:\WINDOWS\system32\qdwkjrfw.dll

C:\WINDOWS\system32\2922812ld.exe

C:\WINDOWS\system32\3226562ld.exe

C:\WINDOWS\system32\4338282ld.exe

 

3. Retorne ao Killbox. Clique em File > Paste from clipboard. Clique em All Files.

 

4. Aperte em "X". Responda "não" à pergunta.

 

2ª Etapa

 

Reinicie em Modo Normal.

 

Delete o conteúdo da pasta C:\!Killbox.

 

Poste novos logs do ComboFix e HijackThis.

 

Aguardo retorno.

 

Um abraço.

[Quintas 0]

ai vai :)

 

combo fix:

 

"Veio" - 2007-07-23 23:37:09 - ComboFix 07-07-17.8 - Service Pack 2 NTFS

 

 

((((((((((((((((((((((((( Files Created from 2007-06-24 to 2007-07-24 )))))))))))))))))))))))))))))))

 

 

2007-07-21 17:36 <DIR> d-------- C:\DOCUME~1\Veio\APPLIC~1\Ethereal

2007-07-21 12:07 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-07-18 06:48 <DIR> d-------- C:\!KillBox

2007-07-16 22:04 5,386,240 --a------ C:\DOCUME~1\Veio\ntuser.dat

2007-07-13 14:46 <DIR> d-------- C:\Team17

2007-07-13 14:38 <DIR> d-------- C:\DOCUME~1\Veio\APPLIC~1\Ahead

2007-07-10 19:42 <DIR> d-------- C:\VundoFix Backups

2007-07-09 19:45 <DIR> d-------- C:\LinhaDefensiva

2007-07-09 17:52 <DIR> d-------- C:\Program Files\Common Files\Skype

2007-07-09 17:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype

2007-07-03 10:14 <DIR> d-------- C:\DOCUME~1\Veio\APPLIC~1\Help

2007-06-30 12:22 <DIR> d-------- C:\Program Files\uTorrent

2007-06-30 01:13 95,872 --a------ C:\WINDOWS\system32\AvastSS.scr

2007-06-30 01:13 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

2007-06-30 01:13 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

2007-06-30 01:13 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

2007-06-30 01:12 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

2007-06-30 01:12 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

2007-06-30 01:12 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe

2007-06-29 10:35 <DIR> d-------- C:\DOCUME~1\Veio\APPLIC~1\Tibia

2007-06-27 23:18 <DIR> d-------- C:\DOCUME~1\Veio\APPLIC~1\uTorrent

2007-06-26 16:45 <DIR> d-------- C:\Program Files\Valve

2007-06-25 11:03 <DIR> d-------- C:\DOCUME~1\Veio\APPLIC~1\Hamachi

2007-06-25 10:45 25,544 --a------ C:\WINDOWS\system32\drivers\hamachi.sys

2007-06-25 10:45 <DIR> d-------- C:\Program Files\Hamachi

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-07-24 00:19:43 -------- d-----w C:\Program Files\First Star Online 3

2007-07-20 17:04:02 2,560 ----a-w C:\WINDOWS\system32\BitCometRes.dll

2007-07-20 17:03:42 -------- d-----w C:\Program Files\BitComet

2007-07-16 17:08:32 -------- d-----w C:\Program Files\EA Games

2007-07-15 21:31:43 -------- d-----w C:\Program Files\eMule

2007-07-11 23:21:22 -------- d-----w C:\Program Files\FlashGet

2007-07-09 20:55:55 -------- d--h--w C:\Program Files\InstallShield Installation Information

2007-07-09 20:53:25 -------- d-----w C:\Program Files\Bleach Online 2

2007-07-08 15:05:20 -------- d-----w C:\Program Files\Skype

2007-07-08 15:04:12 -------- d-----w C:\Program Files\Logitech

2007-07-05 14:12:37 -------- d-----w C:\Program Files\Common Files\InstallShield

2007-07-03 21:33:06 43,280 ----a-w C:\DOCUME~1\Veio\APPLIC~1\GDIPFONTCACHEV1.DAT

2007-07-03 13:10:03 -------- d-----w C:\Program Files\Winamp

2007-07-01 16:56:11 -------- d-----w C:\Program Files\First Star Online 2

2007-06-30 15:22:23 -------- d-----w C:\Program Files\Tibia

2007-06-17 18:30:13 -------- d-----w C:\Program Files\Heroes of Might and Magic III Complete

2007-06-15 01:34:58 -------- d-----w C:\Program Files\Canon

2007-06-15 01:33:45 -------- d-----w C:\Program Files\Ulead Systems

2007-06-15 01:01:41 2,272 ----a-w C:\WINDOWS\system32\w95inf16.dll

2007-06-15 01:01:40 4,608 ----a-w C:\WINDOWS\system32\w95inf32.dll

2007-06-15 01:00:23 -------- d-----w C:\Program Files\Common Files\Logitech

2007-06-11 01:23:19 -------- d-----w C:\Program Files\Dofus

2007-06-11 01:20:04 -------- d-----w C:\Program Files\SoMX_093_full_5

2007-06-10 23:07:17 -------- d-----w C:\Program Files\Graal

2007-06-06 01:20:57 -------- d-----w C:\Program Files\BitComet Accelerator

2007-06-04 04:16:45 -------- d-----w C:\Program Files\LevelUpGames

2007-05-27 04:48:08 -------- d-----w C:\Program Files\BlueByte

2007-05-27 04:47:28 -------- d-----w C:\DOCUME~1\Veio\APPLIC~1\InterTrust

2007-05-27 03:35:12 -------- d-----w C:\DOCUME~1\Veio\APPLIC~1\DivX

2007-05-26 14:11:02 -------- d-----w C:\Program Files\DivX

2007-05-25 14:05:36 -------- d-----w C:\Program Files\MSXML 4.0

2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll

2007-05-12 18:21:46 671 ----a-w C:\WINDOWS\mozver.dat

2007-05-11 17:54:15 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe

2007-05-11 04:37:15 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll

2007-05-11 04:37:15 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll

2007-05-11 04:37:15 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll

2007-05-11 04:37:15 740,442 ----a-w C:\WINDOWS\system32\DivX.dll

2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

2001-04-16 16:39 37808 --------- C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]

2007-03-12 17:02 751144 --a------ C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]

2007-05-16 06:03 94308 --a------ C:\Program Files\FlashGet\jccatch.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]

2007-07-04 13:28 513336 --a------ C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

2005-05-31 03:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

2006-08-31 20:33 322368 --a------ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

c:\program files\google\googletoolbar2.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]

2007-05-16 02:05 163840 --a------ C:\Program Files\FlashGet\getflash.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 20:20]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-04-21 18:38]

"PE2CKFNT SE"="C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe" [1998-07-03 12:51]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 12:42]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]

"BitComet"="C:\Program Files\BitComet\BitComet.exe" [2007-07-19 04:28]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:56]

 

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Photo Express Calendar Checker SE.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Photo Express Calendar Checker SE.lnk

backup=C:\WINDOWS\pss\Photo Express Calendar Checker SE.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Reality Fusion GameCam SE.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Reality Fusion GameCam SE.lnk

backup=C:\WINDOWS\pss\Reality Fusion GameCam SE.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

"C:\Program Files\iTunes\iTunesHelper.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"iPod Service"=3 (0x3)

"gusvc"=3 (0x3)

 

 

Contents of the 'Scheduled Tasks' folder

2007-07-24 02:37:13 C:\WINDOWS\tasks\MP Scheduled Scan.job

 

**************************************************************************

 

catchme 0.3.1040 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-07-23 23:39:22

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden registry entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

Completion time: 2007-07-23 23:40:13

C:\ComboFix-quarantined-files.txt ... 2007-07-23 23:39

C:\ComboFix2.txt ... 2007-07-21 12:15

 

--- E O F ---

 

 

 

 

HijackThis:

 

Logfile of HijackThis v1.99.1

Scan saved at 23:40:38, on 23/7/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\BitComet\BitComet.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\cmd.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Documents and Settings\Veio\Desktop\HijackThis.exe

C:\ComboFix\nircmd.cfexe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [bitComet] "C:\Program Files\BitComet\BitComet.exe" /tray

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1174058076319

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1174062100076

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

[jgarcia 1]

Opa Quintas,

 

O seus logs estão LIMPOS. :thumbsup:

 

Para finalizar:

 

1. Desabilite e Reabilite a função de Restauração Automática do XP. Clique aqui para ver como;

 

2. Leia o artigo Cuidados ao navegar na net e saiba como evitar novas infecções.

 

Abraços.

[Quintas 0]

aew jgarciavlw denovo xDagora não apareceu mais o problema :)tbm mandei minha irmã ler os tópicos sobre segurança :Dvlw mesmo pelo apoio :)