[Resolvido] PC lento, talvez infectado

[Flávio Marquim 0]

Por favor, meu PC está um tanto lento, já uso o antivirus chamado Kaspersky, acho ele muito bom, ele detectou vários virus quando o instalei semana passada, mas creio q ainda estou infectado. Segue meu logo abaixo pra q vcs façam uma análise e me orientem caso esteja mesmo infectado. Desde já, agradeço com um abraço. Flávio Marquim.

 

 

Logfile of HijackThis v1.99.1

Scan saved at 10:45:58, on 16/5/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Oi Velox\Manager\desp2k.exe

C:\Arquivos de programas\Java\jre1.6.0_04\bin\jusched.exe

C:\Arquivos de programas\eMail ID\OEAddOn\OEdmn_3.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

C:\Arquivos de programas\COMODO\Firewall\cmdagent.exe

C:\WINDOWS\system32\cmpe.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Arquivos de programas\SweetIM\Toolbars\Internet Explorer\mgHelper.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: IconixBHOClass Class - {761233B6-F228-49E4-8F6B-668499D4E55A} - C:\Arquivos de programas\eMail ID\IEAddOn\IconixBHO_32.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_04\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [desp2k] C:\Arquivos de programas\Oi Velox\Manager\desp2k.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_04\bin\jusched.exe"

O4 - HKLM\..\Run: [iconixOEAddOn] "C:\Arquivos de programas\eMail ID\OEAddOn\OEdmn_3.exe"

O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [boreDash] C:\DOCUME~1\letinha\DADOSD~1\TRANSL~1\Safe Tray Burn.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O8 - Extra context menu item: &Search - ?p=ZN

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Estatísticas do Antivírus da Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll

O9 - Extra button: (no name) - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Arquivos de programas\eMail ID\IEAddOn\IconixBHO_32.dll

O9 - Extra 'Tools' menuitem: Email ID Preferences - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Arquivos de programas\eMail ID\IEAddOn\IconixBHO_32.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Arquivos de programas\eMail ID\IEAddOn\IconixBHO_32.dll

O9 - Extra 'Tools' menuitem: About Email ID - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Arquivos de programas\eMail ID\IEAddOn\IconixBHO_32.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img2.orkut.com/activex/10035/photouploader.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{58204985-5E4D-44A8-B07A-CF8FBC487F3C}: NameServer = 200.165.132.155,200.165.55.142

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll

O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)

O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Arquivos de programas\COMODO\Firewall\cmdagent.exe

O23 - Service: Context Manager Process Extension (cmpe) - LightComm - C:\WINDOWS\system32\cmpe.exe

[Silas Martins 0]

Baixe o ComboFix e salve na área de trabalho.

 

Feche todos os programas.

Clique duas vezes sobre combofix.exe e tecle (1) logo após aperte Enter para continuar.

O ComboFix irá reiniciar seu computador automaticamente, isto faz parte do processo de remoção.

 

Ao se encerrar, será gerado um log, que vai estar em C:\ComboFix.txt.

 

Atenção:

Não clique em nada enquanto o Combofix estiver rodando, Do contrário seu desktop ficará em branco.

 

Para parar o processo ou sair do ComboFix, tecle "2" e Enter.

 

Aguardo um novo log do HijackThis juntamente com o ComboFix.txt

Aguardo Retorno

[Flávio Marquim 0]

Caro amigo, segui suas orientaçoes e seguem abaixo os logs você solicitou. Espero sua resposta e peço q me oriente, pq a pessoa q utiliza este PC é leiga e não sabe como se defender. O q devo dizera ela pra q evite ao máximo n pegar de novo alguma praga? Agradeço sua atenção, um abraço.

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 11:23:10, on 18/5/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

C:\Arquivos de programas\COMODO\Firewall\cmdagent.exe

C:\WINDOWS\system32\cmpe.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Java\jre1.6.0_04\bin\jusched.exe

C:\Arquivos de programas\eMail ID\OEAddOn\OEdmn_3.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\ativadorXP\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Arquivos de programas\SweetIM\Toolbars\Internet Explorer\mgHelper.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: IconixBHOClass Class - {761233B6-F228-49E4-8F6B-668499D4E55A} - C:\Arquivos de programas\eMail ID\IEAddOn\IconixBHO_32.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_04\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [desp2k] C:\Arquivos de programas\Oi Velox\Manager\desp2k.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_04\bin\jusched.exe"

O4 - HKLM\..\Run: [iconixOEAddOn] "C:\Arquivos de programas\eMail ID\OEAddOn\OEdmn_3.exe"

O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [boreDash] C:\DOCUME~1\letinha\DADOSD~1\TRANSL~1\Safe Tray Burn.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O8 - Extra context menu item: &Search - ?p=ZN

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Estatísticas do Antivírus da Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll

O9 - Extra button: (no name) - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Arquivos de programas\eMail ID\IEAddOn\IconixBHO_32.dll

O9 - Extra 'Tools' menuitem: Email ID Preferences - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Arquivos de programas\eMail ID\IEAddOn\IconixBHO_32.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Arquivos de programas\eMail ID\IEAddOn\IconixBHO_32.dll

O9 - Extra 'Tools' menuitem: About Email ID - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Arquivos de programas\eMail ID\IEAddOn\IconixBHO_32.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img2.orkut.com/activex/10035/photouploader.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{58204985-5E4D-44A8-B07A-CF8FBC487F3C}: NameServer = 200.165.132.155,200.165.55.142

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll

O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)

O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Arquivos de programas\COMODO\Firewall\cmdagent.exe

O23 - Service: Context Manager Process Extension (cmpe) - LightComm - C:\WINDOWS\system32\cmpe.exe

 

 

 

 

 

ComboFix 08-05-15.3 - letinha 2008-05-18 10:57:01.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.159 [GMT -3:00]

Executando de: C:\Documents and Settings\letinha\Desktop\ComboFix.exe

* Resident AV is active

 

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\system32\_000005_.tmp.dll

C:\WINDOWS\system32\drivers\npf.sys

C:\WINDOWS\system32\packet.dll

C:\WINDOWS\system32\pthreadVC.dll

C:\WINDOWS\system32\wpcap.dll

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_NPF

-------\Service_NPF

 

 

((((((((((((((((((((((( Ficheiros criados de 2008-04-18 to 2008-05-18 ))))))))))))))))))))))))))))))))

.

 

2008-05-16 10:45 . 2008-05-16 10:45 <DIR> d-------- C:\hijackthis

2008-05-12 14:50 . 2008-05-12 14:50 <DIR> d-------- C:\Documents and Settings\letinha\Dados de aplicativos\Comodo

2008-05-12 14:50 . 2008-05-12 15:15 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\comodo

2008-05-12 14:50 . 2008-05-12 14:50 <DIR> d-------- C:\Arquivos de programas\COMODO

2008-05-12 14:50 . 2008-05-12 14:50 139,008 --a------ C:\WINDOWS\system32\guard32.dll

2008-05-12 14:50 . 2008-05-12 14:50 87,312 --a------ C:\WINDOWS\system32\drivers\cmdguard.sys

2008-05-12 14:50 . 2008-05-12 14:50 23,824 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys

2008-05-12 13:16 . 2008-05-12 13:16 <DIR> d-------- C:\WINDOWS\Sun

2008-05-08 17:02 . 2008-05-18 11:12 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab

2008-05-08 17:02 . 2008-05-08 17:02 <DIR> d-------- C:\Arquivos de programas\Kaspersky Lab

2008-05-08 17:02 . 2008-05-18 11:13 3,876,128 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat

2008-05-08 17:02 . 2008-05-18 11:14 104,992 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat

2008-05-08 17:02 . 2008-05-08 17:20 96,645 --a------ C:\WINDOWS\system32\drivers\klin.dat

2008-05-08 17:02 . 2008-05-08 17:20 87,941 --a------ C:\WINDOWS\system32\drivers\klick.dat

2008-05-08 17:02 . 2008-05-18 11:11 52,532 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx

2008-05-08 17:02 . 2008-05-18 11:11 10,844 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx

2008-05-06 16:03 . 2008-05-06 16:03 1,192 --a------ C:\WINDOWS\mozver.dat

2008-05-05 07:49 . 2008-05-08 17:26 3,408 --a------ C:\WINDOWS\svchost

2008-05-04 15:10 . 2008-05-08 18:34 <DIR> d-------- C:\Arquivos de programas\GbPluggin

2008-04-28 07:34 . 2008-04-28 07:34 <DIR> d-------- C:\Arquivos de programas\Trans Load Site

2008-04-23 22:39 . 2001-08-17 21:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS

2008-04-21 13:54 . 2008-04-21 13:54 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\SweetIM

2008-04-21 13:54 . 2008-04-21 13:54 <DIR> d-------- C:\Arquivos de programas\SweetIM

2008-04-21 13:26 . 2008-04-21 13:32 <DIR> d-------- C:\Arquivos de programas\Windows Live Safety Center

2008-04-20 22:01 . 2008-04-20 23:19 <DIR> d-------- C:\Arquivos de programas\MessengerPlus! 3

2008-04-20 19:09 . 2001-08-18 06:36 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll

2008-04-20 19:09 . 2001-08-18 06:36 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll

2008-04-20 19:09 . 2001-08-17 22:55 6,144 --a------ C:\WINDOWS\system32\kbd106.dll

2008-04-20 19:09 . 2001-08-17 22:55 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll

2008-04-20 19:09 . 2001-08-17 22:55 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll

2008-04-20 19:09 . 2001-08-17 22:55 5,632 --a------ C:\WINDOWS\system32\kbd103.dll

 

.

((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-10 12:46 --------- d-----w C:\Documents and Settings\letinha\Dados de aplicativos\Lightcomm

2008-05-10 02:17 --------- d-----w C:\Documents and Settings\letinha\Dados de aplicativos\AdobeUM

2008-05-08 21:34 --------- d-----w C:\Arquivos de programas\Circle Developement

2008-05-08 19:58 --------- d-----w C:\Arquivos de programas\Arquivos comuns\eMail ID

2008-05-08 18:49 --------- d-----w C:\Arquivos de programas\eMail ID

2008-05-06 17:52 --------- d-----w C:\Documents and Settings\letinha\Dados de aplicativos\LimeWire

2008-04-28 10:35 --------- d-----w C:\Documents and Settings\letinha\Dados de aplicativos\Trans Load Site

2008-04-28 10:34 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\aim rect help creative

2008-04-24 11:56 --------- d-----w C:\Arquivos de programas\Messenger Plus! Live

2008-04-09 01:15 51,200 ----a-w C:\Arquivos de programas\A_POUCO_C...doc

2008-04-09 01:15 114,688 ----a-w C:\Arquivos de programas\A_DOENÇA_...ppt

2008-04-09 01:14 --------- d-----w C:\Documents and Settings\letinha\Dados de aplicativos\eMail ID

2008-04-09 01:12 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\eMail ID

2008-04-09 01:11 3,760,200 ----a-w C:\Arquivos de programas\TrendSetup.exe

2008-04-07 13:18 --------- d-----w C:\Arquivos de programas\Google

2008-04-07 13:15 --------- d-----w C:\Arquivos de programas\Windows Live

2008-04-07 13:14 --------- d-----w C:\Arquivos de programas\Windows Live Toolbar

2008-04-07 11:36 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-04-07 11:34 --------- d-----w C:\Arquivos de programas\Spybot - Search & Destroy

2008-04-07 11:29 691,545 ----a-w C:\WINDOWS\unins000.exe

2008-03-29 17:49 --------- d-----w C:\Arquivos de programas\LimeWire

2008-03-29 01:51 --------- d-----w C:\Arquivos de programas\Java

2008-03-29 01:44 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Java

2008-03-28 21:23 --------- d-----w C:\Arquivos de programas\eMule

.

 

------- Sigcheck -------

 

2004-08-03 21:45 14336 5de3e7b6f7624552f2f06664f110820d C:\WINDOWS\system32\svchost.exe

2004-08-03 21:45 14336 5de3e7b6f7624552f2f06664f110820d C:\WINDOWS\system32\dllcache\svchost.exe

 

2004-08-03 21:45 82944 a5163442377d3c305bbff612f80047d7 C:\WINDOWS\system32\ws2_32.dll

2004-08-03 21:45 82944 a5163442377d3c305bbff612f80047d7 C:\WINDOWS\system32\dllcache\ws2_32.dll

 

2004-08-03 21:45 504320 6f7bde7a1126debf0cc359a54953efc1 C:\WINDOWS\system32\winlogon.exe

2004-08-03 21:45 504320 6f7bde7a1126debf0cc359a54953efc1 C:\WINDOWS\system32\dllcache\winlogon.exe

 

2004-08-03 20:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\dllcache\ndis.sys

2004-08-03 20:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys

 

2004-08-03 20:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\dllcache\ip6fw.sys

2004-08-03 20:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys

 

2004-08-03 21:45 108544 cc73c4430c2fc27fde16a0a4e3678148 C:\WINDOWS\system32\services.exe

2004-08-03 21:45 108544 cc73c4430c2fc27fde16a0a4e3678148 C:\WINDOWS\system32\dllcache\services.exe

 

2004-08-03 21:45 13312 35c6463b3c5f62d2b20c953b6e1538e9 C:\WINDOWS\system32\lsass.exe

2004-08-03 21:45 13312 35c6463b3c5f62d2b20c953b6e1538e9 C:\WINDOWS\system32\dllcache\lsass.exe

 

2004-08-03 21:45 15360 f40bc97996b8e53799eef1d63996674b C:\WINDOWS\system32\ctfmon.exe

2004-08-03 21:45 15360 f40bc97996b8e53799eef1d63996674b C:\WINDOWS\system32\dllcache\ctfmon.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{EEE6C35B-6118-11DC-9C72-001320C79847}"= C:\Arquivos de programas\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2008-03-27 14:12 1164600]

 

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]

[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]

[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]

[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 21:45 15360]

"BoreDash"="C:\DOCUME~1\letinha\DADOSD~1\TRANSL~1\Safe Tray Burn.exe" [2008-04-28 07:33 403456]

"SpybotSD TeaTimer"="C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SkyTel"="SkyTel.EXE" [2006-05-16 07:04 2879488 C:\WINDOWS\SkyTel.exe]

"desp2k"="C:\Arquivos de programas\Oi Velox\Manager\desp2k.exe" [2006-08-03 16:05 65536]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]

"IconixOEAddOn"="C:\Arquivos de programas\eMail ID\OEAddOn\OEdmn_3.exe" [2008-04-07 14:15 281872]

"AVP"="C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2007-01-29 23:02 200768]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 21:45 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.ffds"= ffdshow.ax

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\Samsung\\Samsung PC Studio\\PIM & File Manager 2.0\\PCStudio.exe"=

"C:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

 

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-05-12 14:50]

R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-05-12 14:50]

R2 cmpe;Context Manager Process Extension;C:\WINDOWS\system32\cmpe.exe [2007-02-26 11:11]

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS [2002-06-10 00:09]

S3 ss_bus;Samsung Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2004-09-18 03:04]

S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2004-09-18 03:05]

S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2004-09-18 03:05]

 

.

Conte£do da pasta 'Tarefas Agendadas'

"2008-05-18 14:00:00 C:\WINDOWS\Tasks\A63B4ED69184C802.job"

- c:\docume~1\letinha\dadosd~1\transl~1\FileFirstHope.exe

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-18 11:12:57

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializ veis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Arquivos de programas\COMODO\Firewall\cmdagent.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

.

**************************************************************************

.

Tempo para conclusÆo: 2008-05-18 11:20:21 - machine was rebooted

ComboFix-quarantined-files.txt 2008-05-18 14:20:09

 

Pre-Run: 150,052,433,920 bytes disponíveis

Post-Run: 150,034,395,136 bytes dispon¡veis

 

167 --- E O F --- 2008-05-16 14:33:43

[Silas Martins 0]

Execute o HijackThis, e selecione as linhas:

O4 - HKCU\..\Run: [boreDash] C:\DOCUME~1\letinha\DADOSD~1\TRANSL~1\Safe Tray Burn.exe

O8 - Extra context menu item: &Search - ?p=ZN

Clique em Fix Checked

Feito isso Reinicie em modo normal e gere um novo log do Hijackthis.

 

Aguardo retorno.

 

 

OBS: Bom sobre orientação a esta pessoa que você citou eu diria, para não clicar em "videos" que aparecem no orkut, nem em links do orkut pois em sua grande maioria são maliciosos, deve se evitar entrar em sites desconhecidos. Se possível peça a ela que instale o plug-in do siteadvisor www.siteadvisor.com que tem três cores: Verde site que não oferece riscos, amarelo site com links apontando para sites maliciosos, vermelho site que contem ad-ware ou phishing.

Recusar arquivos de reconhecidos de contatos do msn.

Fazendo isso ele estará livre de grande parte das pragas.

[Flávio Marquim 0]

Carissímo, eu tinha passado pro pessoal aqui exatamente as mesmas dicas q você me falou ontem. Só havia esquecido do siteadvisor, o qual considero muito bom, já o conheço. Grato pelas dicas q só vieram reforçar o q eu já tinha dito aqui. Bem, segue abaixo o novo logo pra você verificar. Aguardo nova resposta sua. Abraço.

 

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 18:48:45, on 19/5/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Java\jre1.6.0_04\bin\jusched.exe

C:\Arquivos de programas\eMail ID\OEAddOn\OEdmn_3.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

C:\WINDOWS\system32\cmpe.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\ativadorXP\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Arquivos de programas\SweetIM\Toolbars\Internet Explorer\mgHelper.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: IconixBHOClass Class - {761233B6-F228-49E4-8F6B-668499D4E55A} - C:\Arquivos de programas\eMail ID\IEAddOn\IconixBHO_32.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_04\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [desp2k] C:\Arquivos de programas\Oi Velox\Manager\desp2k.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_04\bin\jusched.exe"

O4 - HKLM\..\Run: [iconixOEAddOn] "C:\Arquivos de programas\eMail ID\OEAddOn\OEdmn_3.exe"

O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Estatísticas do Antivírus da Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll

O9 - Extra button: (no name) - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Arquivos de programas\eMail ID\IEAddOn\IconixBHO_32.dll

O9 - Extra 'Tools' menuitem: Email ID Preferences - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Arquivos de programas\eMail ID\IEAddOn\IconixBHO_32.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Arquivos de programas\eMail ID\IEAddOn\IconixBHO_32.dll

O9 - Extra 'Tools' menuitem: About Email ID - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Arquivos de programas\eMail ID\IEAddOn\IconixBHO_32.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img2.orkut.com/activex/10035/photouploader.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{58204985-5E4D-44A8-B07A-CF8FBC487F3C}: NameServer = 200.165.132.155,200.165.55.142

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O20 - AppInit_DLLs:

O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)

O23 - Service: Context Manager Process Extension (cmpe) - LightComm - C:\WINDOWS\system32\cmpe.exe

[Silas Martins 0]

Abra o bloco de notas e cole a linha abaixo:

salve como teste.txt o local para ser salvo fica a sua escolha.

 

Vá ao Online Malware scan clique em arquivo vá até o arquivo teste.txt depois de selecionado clique em Submit

Poste o resultado aqui, juntamente com um novo log do hijackthis

 

Aguardo o retorno

[Flávio Marquim 0]

Seguem os logs q você me pediu. Não s se colei certo o log do Online malware scan, mas acho q vais entender. Aguardo resposta e obrigado.

 

 

Service load: 0% 100%

 

File: teste.txt

Status: OK

MD5: 7991a459784fa58472b7c893615675a8

Packers detected: -

 

 

Scanner results

 

Scan taken on 22 May 2008 14:19:19 (GMT)

A-Squared Found nothing

AntiVir Found nothing

ArcaVir Found nothing

Avast Found nothing

AVG Antivirus Found nothing

BitDefender Found nothing

ClamAV Found nothing

CPsecure Found nothing

Dr.Web Found nothing

F-Prot Antivirus Found nothing

F-Secure Anti-Virus Found nothing

Fortinet Found nothing

Ikarus Found nothing

Kaspersky Anti-Virus Found nothing

NOD32 Found nothing

Norman Virus Control Found nothing

Panda Antivirus Found nothing

Sophos Antivirus Found nothing

VirusBuster Found nothing

VBA32 Found nothing

 

 

Statistics

Last file scanned at least one scanner reported something about: MapHack.exe (MD5: 6b03482d933626cb24659b4c67a0a91a, size: 356352 bytes), detected by:

 

Scanner Malware name

A-Squared X

AntiVir X

ArcaVir X

Avast X

AVG Antivirus Downloader.Banload

BitDefender X

ClamAV X

CPsecure X

Dr.Web X

F-Prot Antivirus X

F-Secure Anti-Virus X

Fortinet X

Ikarus BehavesLike.Win32.FileInfector

Kaspersky Anti-Virus X

NOD32 X

Norman Virus Control X

Panda Antivirus X

Sophos Antivirus X

VirusBuster X

VBA32 X

 

 

 

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 11:23:39, on 22/5/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Java\jre1.6.0_04\bin\jusched.exe

C:\Arquivos de programas\eMail ID\OEAddOn\OEdmn_3.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

C:\Arquivos de programas\SiteAdvisor\6253\SiteAdv.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

C:\WINDOWS\system32\cmpe.exe

C:\Arquivos de programas\SiteAdvisor\6253\SAService.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\ativadorXP\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Arquivos de programas\SweetIM\Toolbars\Internet Explorer\mgHelper.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Arquivos de programas\SiteAdvisor\6253\SiteAdv.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: IconixBHOClass Class - {761233B6-F228-49E4-8F6B-668499D4E55A} - C:\Arquivos de programas\eMail ID\IEAddOn\IconixBHO_32.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_04\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Arquivos de programas\SiteAdvisor\6253\SiteAdv.dll

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [desp2k] C:\Arquivos de programas\Oi Velox\Manager\desp2k.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_04\bin\jusched.exe"

O4 - HKLM\..\Run: [iconixOEAddOn] "C:\Arquivos de programas\eMail ID\OEAddOn\OEdmn_3.exe"

O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"

O4 - HKLM\..\Run: [siteAdvisor] C:\Arquivos de programas\SiteAdvisor\6253\SiteAdv.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Estatísticas do Antivírus da Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll

O9 - Extra button: (no name) - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Arquivos de programas\eMail ID\IEAddOn\IconixBHO_32.dll

O9 - Extra 'Tools' menuitem: Email ID Preferences - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Arquivos de programas\eMail ID\IEAddOn\IconixBHO_32.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Arquivos de programas\eMail ID\IEAddOn\IconixBHO_32.dll

O9 - Extra 'Tools' menuitem: About Email ID - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Arquivos de programas\eMail ID\IEAddOn\IconixBHO_32.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img2.orkut.com/activex/10035/photouploader.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{58204985-5E4D-44A8-B07A-CF8FBC487F3C}: NameServer = 200.165.132.155,200.165.55.142

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Arquivos de programas\SiteAdvisor\6253\SiteAdv.dll

O20 - AppInit_DLLs:

O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)

O23 - Service: Context Manager Process Extension (cmpe) - LightComm - C:\WINDOWS\system32\cmpe.exe

O23 - Service: Serviço SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Arquivos de programas\SiteAdvisor\6253\SAService.exe

[Silas Martins 0]

Siga as instruções abaixo:

 

Baixe o Killbox

Execute o KillBox,clique em Delete on Reboot.

Copie a lista abaixo:

C:\Arquivos de programas\eMail ID\OEAddOn\OEdmn_3.exe

 

Vá ao Killbox.E clique em File > Paste from clipboard. Clique em All Files.

 

Pressione "X". Responda "NÃO" à pergunta.

 

Reinicie

o computador em Modo Seguro (após reiniciar aperte a tecla F8 repetidamente até aparecer uma tela preta em DOS e escolha Modo Seguro).

 

Execute o HijackThis, clique em Do a system scan only e selecione as linhas:

O4 - HKLM\..\Run: [iconixOEAddOn] "C:\Arquivos de programas\eMail ID\OEAddOn\OEdmn_3.exe"

O9 - Extra button: (no name) - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Arquivos de programas\eMail ID\IEAddOn\IconixBHO_32.dll

O9 - Extra 'Tools' menuitem: About Email ID - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Arquivos de programas\eMail ID\IEAddOn\IconixBHO_32.dll

O20 - AppInit_DLLs:

Clique em Fix Checked

Feito isso Reinicie em modo normal e gere um novo log do Hijackthis.

 

Aguardo retorno.

[Flávio Marquim 0]

Segue novo log como pediu-me. Aguardo instruções. Obrigado.

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 10:43:37, on 23/5/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Java\jre1.6.0_04\bin\jusched.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

C:\Arquivos de programas\SiteAdvisor\6253\SiteAdv.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

C:\WINDOWS\system32\cmpe.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\ativadorXP\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Arquivos de programas\SweetIM\Toolbars\Internet Explorer\mgHelper.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Arquivos de programas\SiteAdvisor\6261\SiteAdv.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: IconixBHOClass Class - {761233B6-F228-49E4-8F6B-668499D4E55A} - C:\Arquivos de programas\eMail ID\IEAddOn\IconixBHO_32.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_04\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Arquivos de programas\SiteAdvisor\6261\SiteAdv.dll

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [desp2k] C:\Arquivos de programas\Oi Velox\Manager\desp2k.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_04\bin\jusched.exe"

O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"

O4 - HKLM\..\Run: [siteAdvisor] C:\Arquivos de programas\SiteAdvisor\6253\SiteAdv.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Estatísticas do Antivírus da Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll

O9 - Extra button: (no name) - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Arquivos de programas\eMail ID\IEAddOn\IconixBHO_32.dll

O9 - Extra 'Tools' menuitem: Email ID Preferences - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Arquivos de programas\eMail ID\IEAddOn\IconixBHO_32.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img2.orkut.com/activex/10035/photouploader.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{58204985-5E4D-44A8-B07A-CF8FBC487F3C}: NameServer = 200.165.132.155,200.165.55.142

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Arquivos de programas\SiteAdvisor\6261\SiteAdv.dll

O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)

O23 - Service: Context Manager Process Extension (cmpe) - LightComm - C:\WINDOWS\system32\cmpe.exe

 

 

 

Segue novo log como pediu-me. Aguardo instruções. Obrigado.

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 10:43:37, on 23/5/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Java\jre1.6.0_04\bin\jusched.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

C:\Arquivos de programas\SiteAdvisor\6253\SiteAdv.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

C:\WINDOWS\system32\cmpe.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\ativadorXP\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Arquivos de programas\SweetIM\Toolbars\Internet Explorer\mgHelper.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Arquivos de programas\SiteAdvisor\6261\SiteAdv.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: IconixBHOClass Class - {761233B6-F228-49E4-8F6B-668499D4E55A} - C:\Arquivos de programas\eMail ID\IEAddOn\IconixBHO_32.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_04\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Arquivos de programas\SiteAdvisor\6261\SiteAdv.dll

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [desp2k] C:\Arquivos de programas\Oi Velox\Manager\desp2k.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_04\bin\jusched.exe"

O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"

O4 - HKLM\..\Run: [siteAdvisor] C:\Arquivos de programas\SiteAdvisor\6253\SiteAdv.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Estatísticas do Antivírus da Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll

O9 - Extra button: (no name) - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Arquivos de programas\eMail ID\IEAddOn\IconixBHO_32.dll

O9 - Extra 'Tools' menuitem: Email ID Preferences - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Arquivos de programas\eMail ID\IEAddOn\IconixBHO_32.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img2.orkut.com/activex/10035/photouploader.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{58204985-5E4D-44A8-B07A-CF8FBC487F3C}: NameServer = 200.165.132.155,200.165.55.142

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Arquivos de programas\SiteAdvisor\6261\SiteAdv.dll

O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)

O23 - Service: Context Manager Process Extension (cmpe) - LightComm - C:\WINDOWS\system32\cmpe.exe

[Silas Martins 0]

Log Limpo

O problema foi resolvido? se sim ou não responda

 

Aguardo Retorno

[Flávio Marquim 0]

Desculpe a demora em respostar, motivo de viagem. bem, o problema realmente ficou resolvido, o pc está muito melhor agora. Só tenho a lhe agradecer pela força. Obrigado.

[Silas Martins 0]

Caso Resolvido

[Mário Monteiro 179]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto é necessário enviar uma Mensagem Privada para um Moderador com um link para o tópico.