[Resolvido] Iexplore.exe abrindo toda hora e pc lento

[leandro'lf 0]

Estou com um problema no meu pc, o iexplore.exe abre toda hora e tenho que ficar clicando na janela que estou usando toda hora. E ultimamente meu pc anda muito lerdo, nao sei se é problema na memória RAM. Mas se conseguirem me ajudar.

 

Aqui um log do meu pc do HijackThis:

 

Logfile of HijackThis v1.99.1

Scan saved at 18:20:32, on 21/5/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Arquivos de programas\SiteAdvisor\6253\SiteAdv.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\SiteAdvisor\6253\SAService.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Teamspeak2_RC2\server_windows.exe

C:\Arquivos de programas\Steam\Steam.exe

C:\Arquivos de programas\Free Downloads Accelerator\0.999\fdaagent.exe

C:\WINDOWS\system32\xvyu5i4c.exe

C:\Arquivos de programas\Asprate\Tibia Multi IP Changer\Tibia MULTI-ip changer.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Program Files\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Arquivos de programas\SiteAdvisor\6253\SiteAdv.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: IE 4.x-6.x BHO for Free Downloads Accelerator - {98DE779A-2364-4293-AB71-2B97C61C4640} - C:\ARQUIV~1\FREEDO~1\0.999\fdahlp.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Arquivos de programas\SiteAdvisor\6253\SiteAdv.dll

O3 - Toolbar: FDA Bar - {9595C62C-76C6-49A6-9BDA-3253DD7A34FF} - C:\Arquivos de programas\Free Downloads Accelerator\0.999\fdabar.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [siteAdvisor] C:\Arquivos de programas\SiteAdvisor\6253\SiteAdv.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Download with Free Downloads Accelerator - C:\Arquivos de programas\Free Downloads Accelerator\0.999\fdaie.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1200424221406

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1201204891156

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{4C6D3F58-92B3-4047-A5C6-3339BC3F58D0}: NameServer = 200.204.0.10 200.204.0.10

O17 - HKLM\System\CS1\Services\Tcpip\..\{4C6D3F58-92B3-4047-A5C6-3339BC3F58D0}: NameServer = 200.204.0.10 200.204.0.10

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Arquivos de programas\SiteAdvisor\6253\SiteAdv.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Serviço SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Arquivos de programas\SiteAdvisor\6253\SAService.exe

 

 

 

 

Aguardo a ajuda. Obrigado =D.

[Silas Martins 0]

Siga as instruções abaixo:

 

Baixe o Killbox

Execute o KillBox,clique em Delete on Reboot.

Copie a lista abaixo:

C:\WINDOWS\system32\xvyu5i4c.exe

 

Vá ao Killbox.E clique em File > Paste from clipboard. Clique em All Files.

 

Pressione "X". Responda "NÃO" à pergunta.

Reinicie

o computador em Modo Seguro (após reiniciar aperte a tecla F8 repetidamente até aparecer uma tela preta em DOS e escolha Modo Seguro).

 

Execute o HijackThis, clique em Do a system scan only e selecione as linhas:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Clique em Fix Checked

Feito isso Reinicie em modo normal e gere um novo log do Hijackthis.

 

Aguardo retorno.

[leandro'lf 0]

Aeee fiz tudo

 

ta ae o log:

 

Logfile of HijackThis v1.99.1

Scan saved at 20:31:50, on 21/5/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Arquivos de programas\SiteAdvisor\6253\SiteAdv.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\SiteAdvisor\6253\SAService.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Free Downloads Accelerator\0.999\fdaagent.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Program Files\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Arquivos de programas\SiteAdvisor\6253\SiteAdv.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: IE 4.x-6.x BHO for Free Downloads Accelerator - {98DE779A-2364-4293-AB71-2B97C61C4640} - C:\ARQUIV~1\FREEDO~1\0.999\fdahlp.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Arquivos de programas\SiteAdvisor\6253\SiteAdv.dll

O3 - Toolbar: FDA Bar - {9595C62C-76C6-49A6-9BDA-3253DD7A34FF} - C:\Arquivos de programas\Free Downloads Accelerator\0.999\fdabar.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [siteAdvisor] C:\Arquivos de programas\SiteAdvisor\6253\SiteAdv.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Download with Free Downloads Accelerator - C:\Arquivos de programas\Free Downloads Accelerator\0.999\fdaie.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1200424221406

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1201204891156

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{4C6D3F58-92B3-4047-A5C6-3339BC3F58D0}: NameServer = 200.204.0.10 200.204.0.10

O17 - HKLM\System\CS1\Services\Tcpip\..\{4C6D3F58-92B3-4047-A5C6-3339BC3F58D0}: NameServer = 200.204.0.10 200.204.0.10

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Arquivos de programas\SiteAdvisor\6253\SiteAdv.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Serviço SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Arquivos de programas\SiteAdvisor\6253\SAService.exe

[Silas Martins 0]

Log Limpo

Caso o problema tenha sido solucionado relate, caso não avise.

[leandro'lf 0]

tipo

resolveu em parte..o pc continua abrindo site de propaganda do nada!

como tiro isso?

[Silas Martins 0]

Baixe o ComboFix e salve na área de trabalho.

 

Feche todos os programas.

Clique duas vezes sobre combofix.exe e tecle (1) logo após aperte Enter para continuar.

O ComboFix irá reiniciar seu computador automaticamente, isto faz parte do processo de remoção.

 

Ao se encerrar, será gerado um log, que vai estar em C:\ComboFix.txt.

 

Atenção:

Não clique em nada enquanto o Combofix estiver rodando, Do contrário seu desktop ficará em branco.

 

Para parar o processo ou sair do ComboFix, tecle "2" e Enter.

 

Aguardo um novo log do HijackThis juntamente com o ComboFix.txt

 

 

Aguardo Retorno

[leandro'lf 0]

Fiz tudo

 

ta ai o log do HijackThis:

 

 

Logfile of HijackThis v1.99.1

Scan saved at 12:42:58, on 22/5/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\SiteAdvisor\6253\SiteAdv.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Free Downloads Accelerator\0.999\fdaagent.exe

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\SiteAdvisor\6253\SAService.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\system32\xvyu5i4c.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Program Files\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Arquivos de programas\SiteAdvisor\6253\SiteAdv.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: IE 4.x-6.x BHO for Free Downloads Accelerator - {98DE779A-2364-4293-AB71-2B97C61C4640} - C:\ARQUIV~1\FREEDO~1\0.999\fdahlp.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Arquivos de programas\SiteAdvisor\6253\SiteAdv.dll

O3 - Toolbar: FDA Bar - {9595C62C-76C6-49A6-9BDA-3253DD7A34FF} - C:\Arquivos de programas\Free Downloads Accelerator\0.999\fdabar.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [siteAdvisor] C:\Arquivos de programas\SiteAdvisor\6253\SiteAdv.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Download with Free Downloads Accelerator - C:\Arquivos de programas\Free Downloads Accelerator\0.999\fdaie.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1200424221406

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1201204891156

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{4C6D3F58-92B3-4047-A5C6-3339BC3F58D0}: NameServer = 200.204.0.10 200.204.0.10

O17 - HKLM\System\CS1\Services\Tcpip\..\{4C6D3F58-92B3-4047-A5C6-3339BC3F58D0}: NameServer = 200.204.0.10 200.204.0.10

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Arquivos de programas\SiteAdvisor\6253\SiteAdv.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Serviço SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Arquivos de programas\SiteAdvisor\6253\SAService.exe

 

 

 

 

Combofix.txt:

 

ComboFix 08-05-21.2 - Winxp 2008-05-22 12:35:54.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.1526 [GMT -3:00]

Executando de: C:\Documents and Settings\Winxp\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\system32\systeminfo3.dll

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-04-22 to 2008-05-22 ))))))))))))))))))))))))))))))))

.

 

2008-05-21 21:17 . 2008-05-22 03:33 30,722 --a------ C:\WINDOWS\system32\xvyu5i4c.exe

2008-05-21 19:55 . 2008-05-21 19:56 <DIR> d-------- C:\!KillBox

2008-05-18 13:50 . 2008-05-18 13:50 <DIR> d-------- C:\Documents and Settings\Winxp\Dados de aplicativos\Tibia

2008-05-18 13:43 . 2008-05-18 13:43 <DIR> d-------- C:\Arquivos de programas\Asprate

2008-05-17 23:58 . 2008-05-17 23:58 <DIR> d-------- C:\Documents and Settings\Winxp\Dados de aplicativos\Vso

2008-05-17 23:58 . 2008-05-17 23:58 81,920 --a------ C:\Documents and Settings\Winxp\Dados de aplicativos\ezpinst.exe

2008-05-17 23:58 . 2008-05-17 23:58 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys

2008-05-17 23:58 . 2008-05-17 23:58 47,360 --a------ C:\Documents and Settings\Winxp\Dados de aplicativos\pcouffin.sys

2008-05-17 23:57 . 2008-05-17 23:57 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\DVDXStudio

2008-05-17 23:57 . 2008-05-17 23:57 <DIR> d-------- C:\Arquivos de programas\CloneDVD

2008-05-16 19:27 . 2008-05-17 12:35 <DIR> d-------- C:\LinhaDefensiva

2008-05-15 20:14 . 2008-05-20 21:42 244 --ah----- C:\sqmnoopt19.sqm

2008-05-15 20:14 . 2008-05-20 21:42 232 --ah----- C:\sqmdata19.sqm

2008-05-15 20:13 . 2008-05-20 18:26 244 --ah----- C:\sqmnoopt18.sqm

2008-05-15 20:13 . 2008-05-20 18:26 232 --ah----- C:\sqmdata18.sqm

2008-05-15 20:12 . 2008-05-19 22:38 244 --ah----- C:\sqmnoopt17.sqm

2008-05-15 20:12 . 2008-05-19 22:38 232 --ah----- C:\sqmdata17.sqm

2008-05-15 20:11 . 2008-05-18 02:26 244 --ah----- C:\sqmnoopt16.sqm

2008-05-15 20:11 . 2008-05-18 02:26 232 --ah----- C:\sqmdata16.sqm

2008-05-15 20:10 . 2008-05-18 02:24 244 --ah----- C:\sqmnoopt15.sqm

2008-05-15 20:10 . 2008-05-17 13:04 244 --ah----- C:\sqmnoopt14.sqm

2008-05-15 20:10 . 2008-05-18 02:24 232 --ah----- C:\sqmdata15.sqm

2008-05-15 20:10 . 2008-05-17 13:04 232 --ah----- C:\sqmdata14.sqm

2008-05-15 20:09 . 2008-05-17 13:04 244 --ah----- C:\sqmnoopt13.sqm

2008-05-15 20:09 . 2008-05-17 13:04 232 --ah----- C:\sqmdata13.sqm

2008-05-15 20:08 . 2008-05-17 12:58 172 --ah----- C:\sqmnoopt12.sqm

2008-05-15 20:08 . 2008-05-17 12:58 172 --ah----- C:\sqmdata12.sqm

2008-05-15 20:07 . 2008-05-17 12:57 244 --ah----- C:\sqmnoopt11.sqm

2008-05-15 20:07 . 2008-05-17 12:57 232 --ah----- C:\sqmdata11.sqm

2008-05-15 20:06 . 2008-05-17 12:39 244 --ah----- C:\sqmnoopt10.sqm

2008-05-15 20:06 . 2008-05-17 12:39 244 --ah----- C:\sqmnoopt09.sqm

2008-05-15 20:06 . 2008-05-17 12:39 232 --ah----- C:\sqmdata10.sqm

2008-05-15 20:06 . 2008-05-17 12:39 232 --ah----- C:\sqmdata09.sqm

2008-05-15 20:05 . 2008-05-17 12:39 244 --ah----- C:\sqmnoopt08.sqm

2008-05-15 20:05 . 2008-05-17 12:39 232 --ah----- C:\sqmdata08.sqm

2008-05-15 20:04 . 2008-05-17 12:39 244 --ah----- C:\sqmnoopt07.sqm

2008-05-15 20:04 . 2008-05-17 12:39 232 --ah----- C:\sqmdata07.sqm

2008-05-15 20:03 . 2008-05-17 12:38 244 --ah----- C:\sqmnoopt06.sqm

2008-05-15 20:03 . 2008-05-17 12:38 244 --ah----- C:\sqmnoopt05.sqm

2008-05-15 20:03 . 2008-05-17 12:38 232 --ah----- C:\sqmdata06.sqm

2008-05-15 20:03 . 2008-05-17 12:38 232 --ah----- C:\sqmdata05.sqm

2008-05-15 20:02 . 2008-05-17 12:38 244 --ah----- C:\sqmnoopt04.sqm

2008-05-15 20:02 . 2008-05-17 12:38 232 --ah----- C:\sqmdata04.sqm

2008-05-15 20:01 . 2008-05-17 12:38 244 --ah----- C:\sqmnoopt03.sqm

2008-05-15 20:01 . 2008-05-17 12:37 244 --ah----- C:\sqmnoopt02.sqm

2008-05-15 20:01 . 2008-05-17 12:38 232 --ah----- C:\sqmdata03.sqm

2008-05-15 20:01 . 2008-05-17 12:37 232 --ah----- C:\sqmdata02.sqm

2008-05-15 20:00 . 2008-05-15 20:00 <DIR> dr------- C:\Documents and Settings\NetworkService\Favoritos

2008-05-15 20:00 . 2008-05-22 12:36 <DIR> d-------- C:\Documents and Settings\NetworkService\Dados de aplicativos\MEGAUPLOADTOOLBAR

2008-05-15 20:00 . 2008-05-17 12:37 244 --ah----- C:\sqmnoopt01.sqm

2008-05-15 20:00 . 2008-05-17 12:37 232 --ah----- C:\sqmdata01.sqm

2008-05-14 00:47 . 2008-05-14 00:46 29,248 --a------ C:\WINDOWS\system32\6737oOtO.exe

2008-05-06 12:56 . 2008-05-06 12:56 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Adobe

2008-05-01 16:27 . 2008-05-01 16:27 <DIR> d-------- C:\WINDOWS\system32\Adobe

2008-04-22 23:34 . 2008-05-13 20:15 <DIR> d-------- C:\Arquivos de programas\TibiaBot NG 4.7.0

2008-04-22 23:24 . 2008-04-22 23:32 <DIR> d-------- C:\Arquivos de programas\TibiaBot NG

2008-04-22 22:00 . 2008-04-22 23:32 <DIR> d-------- C:\Arquivos de programas\PowerHEX

2008-04-22 22:00 . 2008-04-22 22:00 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Thraex Software

2008-04-22 22:00 . 2008-04-22 22:00 165,404 --a------ C:\WINDOWS\PowerHEX Uninstaller.exe

2008-04-22 16:07 . 2008-04-27 11:04 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-04-22 16:07 . 2008-04-22 16:07 1,409 --a------ C:\WINDOWS\QTFont.for

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-22 06:55 --------- d---a-w C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-05-22 06:42 --------- d-----w C:\Documents and Settings\Winxp\Dados de aplicativos\MegauploadToolbar

2008-05-22 03:00 --------- d-----w C:\Arquivos de programas\Steam

2008-05-21 23:32 --------- d-----w C:\Arquivos de programas\Teamspeak2_RC2

2008-05-18 05:32 --------- d-----w C:\Documents and Settings\Winxp\Dados de aplicativos\LimeWire

2008-05-17 15:57 --------- d-----w C:\Arquivos de programas\Messenger Plus! Live

2008-05-17 15:55 --------- d-----w C:\Arquivos de programas\Windows Live

2008-05-16 22:39 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-05-16 22:07 --------- d-----w C:\Arquivos de programas\KeyScrambler

2008-05-16 00:29 --------- d-----w C:\Documents and Settings\NetworkService\Dados de aplicativos\SiteAdvisor

2008-05-14 03:30 --------- d-----w C:\Arquivos de programas\MegauploadToolbar

2008-04-26 19:16 --------- d-----w C:\Arquivos de programas\Tibia

2008-04-10 01:08 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-04-10 01:08 --------- d-----w C:\Documents and Settings\Winxp\Dados de aplicativos\OLYMPUS

2008-04-10 01:07 --------- d-----w C:\Arquivos de programas\OLYMPUS

2008-04-10 01:05 --------- d-----w C:\Arquivos de programas\PIXELA

2008-03-31 00:47 --------- d-----w C:\Arquivos de programas\LimeWire

2008-03-31 00:35 --------- d-----w C:\Arquivos de programas\Kazaa Lite K++

2008-03-29 04:55 --------- d-----w C:\Arquivos de programas\MSXML 4.0

2008-03-27 23:46 --------- d-----w C:\Arquivos de programas\K-Lite

2008-03-24 05:08 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\SiteAdvisor

2008-03-24 02:55 --------- d-----w C:\Arquivos de programas\SystemRequirementsLab

2008-03-23 15:30 --------- d-----w C:\Arquivos de programas\Valve

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

"swg"="C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-15 16:02 68856]

"MsnMsgr"="C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"!AVG Anti-Spyware"="C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2008-01-15 15:38 6731312]

"SiteAdvisor"="C:\Arquivos de programas\SiteAdvisor\6253\SiteAdv.exe" [2007-12-04 18:03 36640]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.I420"= i420vfw.dll

"vidc.iv41"= ir41_32.dll

"msacm.iac2"= C:\WINDOWS\system32\iac25_32. ax

"VIDC.VP40"= vp4vfw.dll

"vidc.X264"= x264vfw.dll

"VIDC.DRAW"= DVIDEO.DLL

"VIDC.YV12"= yv12vfw.dll

"VIDC.MSUD"= msulvc05.dll

"VIDC.MJPG"= pvmjpg21.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Shutdown\0\0]

"Script"=C:\Documents and Settings\Winxp\Desktop\ntosboot.bat

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-01-11 22:16 39792 C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]

-ra------ 2005-06-30 02:16 88203 C:\WINDOWS\AGRSMMSG.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]

--------- 2004-10-27 14:21 61952 C:\WINDOWS\system32\HdAShCut.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--------- 2004-08-03 23:56 1667584 C:\Arquivos de programas\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2007-10-18 11:34 5724184 C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]

--a------ 2006-12-01 21:28 95800 C:\Arquivos de programas\OLYMPUS\OLYMPUS Master 2\MMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-03-20 11:48 77824 C:\Arquivos de programas\QuickTime\qttask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]

--a------ 2005-09-07 14:35 716800 C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]

-ra------ 2005-05-20 06:11 925696 C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

--a------ 2008-03-31 13:33 1271032 c:\arquivos de programas\steam\steam.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2007-09-25 00:11 132496 C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

--a------ 2008-01-15 16:02 68856 C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sXe Injected]

--a------ 2008-02-03 23:57 507392 C:\Arquivos de programas\sXe Injected\sXe Injected.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\WINDOWS\\system32\\dpvsetup.exe"=

"C:\\Documents and Settings\\Winxp\\Desktop\\GuSTop.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de programas\\Valve\\hl.exe"=

"C:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"C:\\Arquivos de programas\\Kazaa Lite K++\\KazaaLite.kpp"=

"C:\\Arquivos de programas\\Steam\\steamapps\\mdkzinho\\counter-strike\\hl.exe"=

"C:\\Arquivos de programas\\Steam\\Steam.exe"=

"C:\\Arquivos de programas\\Steam\\steamapps\\mdkzinho\\day of defeat\\hl.exe"=

"C:\\Arquivos de programas\\Steam\\steamapps\\mdkzinho\\deathmatch classic\\hl.exe"=

"C:\\Arquivos de programas\\K-Lite\\kazaa.core"=

"C:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"C:\\Arquivos de programas\\Teamspeak2_RC2\\server_windows.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Documents and Settings\\Winxp\\Meus documentos\\Age Of Empires II\\empires2.exe"=

"C:\\WINDOWS\\system32\\dplaysvr.exe"=

"C:\\Documents and Settings\\Winxp\\Meus documentos\\Age Of Empires II\\age2_x1.exe"=

 

S3 ddsxeiservice;ddsxeiservice2;C:\Arquivos de programas\sXe Injected\ddsxei.sys [2008-02-03 23:51]

 

*Newly Created Service* - CATCHME

.

Conteúdo da pasta 'Tarefas Agendadas'

"2008-05-22 03:32:01 C:\WINDOWS\Tasks\At1.job"

- C:\WINDOWS\system32\6737oOtO.exe

"2008-05-14 03:47:27 C:\WINDOWS\Tasks\At10.job"

- C:\WINDOWS\system32\6737oOtO.exe

"2008-05-17 13:00:01 C:\WINDOWS\Tasks\At11.job"

- C:\WINDOWS\system32\6737oOtO.exe

"2008-05-22 14:00:01 C:\WINDOWS\Tasks\At12.job"

- C:\WINDOWS\system32\6737oOtO.exe

"2008-05-22 15:00:01 C:\WINDOWS\Tasks\At13.job"

- C:\WINDOWS\system32\6737oOtO.exe

"2008-05-19 16:00:01 C:\WINDOWS\Tasks\At14.job"

- C:\WINDOWS\system32\6737oOtO.exe

"2008-05-21 17:00:01 C:\WINDOWS\Tasks\At15.job"

- C:\WINDOWS\system32\6737oOtO.exe

"2008-05-21 18:00:01 C:\WINDOWS\Tasks\At16.job"

- C:\WINDOWS\system32\6737oOtO.exe

"2008-05-21 19:00:01 C:\WINDOWS\Tasks\At17.job"

- C:\WINDOWS\system32\6737oOtO.exe

"2008-05-21 20:00:01 C:\WINDOWS\Tasks\At18.job"

- C:\WINDOWS\system32\6737oOtO.exe

"2008-05-21 21:00:01 C:\WINDOWS\Tasks\At19.job"

- C:\WINDOWS\system32\6737oOtO.exe

"2008-05-22 04:00:01 C:\WINDOWS\Tasks\At2.job"

- C:\WINDOWS\system32\6737oOtO.exe

"2008-05-21 22:00:01 C:\WINDOWS\Tasks\At20.job"

- C:\WINDOWS\system32\6737oOtO.exe

"2008-05-21 23:00:01 C:\WINDOWS\Tasks\At21.job"

- C:\WINDOWS\system32\6737oOtO.exe

"2008-05-22 00:00:01 C:\WINDOWS\Tasks\At22.job"

- C:\WINDOWS\system32\6737oOtO.exe

"2008-05-22 01:00:01 C:\WINDOWS\Tasks\At23.job"

- C:\WINDOWS\system32\6737oOtO.exe

"2008-05-22 02:00:01 C:\WINDOWS\Tasks\At24.job"

- C:\WINDOWS\system32\6737oOtO.exe

"2008-05-22 03:51:05 C:\WINDOWS\Tasks\At25.job"

- C:\WINDOWS\system32\xvyu5i4c.exe

"2008-05-22 04:00:05 C:\WINDOWS\Tasks\At26.job"

- C:\WINDOWS\system32\xvyu5i4c.exe

"2008-05-22 05:00:05 C:\WINDOWS\Tasks\At27.job"

- C:\WINDOWS\system32\xvyu5i4c.exe

"2008-05-22 06:00:05 C:\WINDOWS\Tasks\At28.job"

- C:\WINDOWS\system32\xvyu5i4c.exe

"2008-05-19 07:00:05 C:\WINDOWS\Tasks\At29.job"

- C:\WINDOWS\system32\xvyu5i4c.exe

"2008-05-22 05:00:01 C:\WINDOWS\Tasks\At3.job"

- C:\WINDOWS\system32\6737oOtO.exe

"2008-05-19 08:00:05 C:\WINDOWS\Tasks\At30.job"

- C:\WINDOWS\system32\xvyu5i4c.exe

"2008-05-19 09:00:05 C:\WINDOWS\Tasks\At31.job"

- C:\WINDOWS\system32\xvyu5i4c.exe

"2008-05-15 16:14:04 C:\WINDOWS\Tasks\At32.job"

- C:\WINDOWS\system32\xvyu5i4c.exe

"2008-05-15 16:14:04 C:\WINDOWS\Tasks\At33.job"

- C:\WINDOWS\system32\xvyu5i4c.exe

"2008-05-15 16:14:04 C:\WINDOWS\Tasks\At34.job"

- C:\WINDOWS\system32\xvyu5i4c.exe

"2008-05-17 14:01:27 C:\WINDOWS\Tasks\At35.job"

- C:\WINDOWS\system32\xvyu5i4c.exe

"2008-05-22 14:00:00 C:\WINDOWS\Tasks\At36.job"

- C:\WINDOWS\system32\xvyu5i4c.exe

"2008-05-22 15:00:05 C:\WINDOWS\Tasks\At37.job"

- C:\WINDOWS\system32\xvyu5i4c.exe

"2008-05-19 21:04:46 C:\WINDOWS\Tasks\At38.job"

- C:\WINDOWS\system32\xvyu5i4c.exe

"2008-05-21 21:38:48 C:\WINDOWS\Tasks\At39.job"

- C:\WINDOWS\system32\xvyu5i4c.exe

"2008-05-22 06:00:01 C:\WINDOWS\Tasks\At4.job"

- C:\WINDOWS\system32\6737oOtO.exe

"2008-05-21 18:00:05 C:\WINDOWS\Tasks\At40.job"

- C:\WINDOWS\system32\xvyu5i4c.exe

"2008-05-21 19:00:05 C:\WINDOWS\Tasks\At41.job"

- C:\WINDOWS\system32\xvyu5i4c.exe

"2008-05-21 20:00:05 C:\WINDOWS\Tasks\At42.job"

- C:\WINDOWS\system32\xvyu5i4c.exe

"2008-05-21 21:00:05 C:\WINDOWS\Tasks\At43.job"

- C:\WINDOWS\system32\xvyu5i4c.exe

"2008-05-21 22:00:41 C:\WINDOWS\Tasks\At44.job"

- C:\WINDOWS\system32\xvyu5i4c.exe

"2008-05-21 23:00:00 C:\WINDOWS\Tasks\At45.job"

- C:\WINDOWS\system32\xvyu5i4c.exe

"2008-05-22 00:00:00 C:\WINDOWS\Tasks\At46.job"

- C:\WINDOWS\system32\xvyu5i4c.exe

"2008-05-22 01:00:05 C:\WINDOWS\Tasks\At47.job"

- C:\WINDOWS\system32\xvyu5i4c.exe

"2008-05-22 02:00:05 C:\WINDOWS\Tasks\At48.job"

- C:\WINDOWS\system32\xvyu5i4c.exe

"2008-05-19 07:00:01 C:\WINDOWS\Tasks\At5.job"

- C:\WINDOWS\system32\6737oOtO.exe

"2008-05-19 08:00:01 C:\WINDOWS\Tasks\At6.job"

- C:\WINDOWS\system32\6737oOtO.exe

"2008-05-19 09:00:01 C:\WINDOWS\Tasks\At7.job"

- C:\WINDOWS\system32\6737oOtO.exe

"2008-05-14 03:47:27 C:\WINDOWS\Tasks\At8.job"

- C:\WINDOWS\system32\6737oOtO.exe

"2008-05-14 03:47:27 C:\WINDOWS\Tasks\At9.job"

- C:\WINDOWS\system32\6737oOtO.exe

"2008-05-22 14:52:00 C:\WINDOWS\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job"

- C:\Arquivos de programas\Windows Live Toolbar\MSNTBUP.EXE

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-22 12:38:45

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-05-22 12:40:57

ComboFix-quarantined-files.txt 2008-05-22 15:40:29

 

Pre-Run: 141,373,861,888 bytes disponíveis

Post-Run: 141,842,784,256 bytes disponíveis

 

300

 

 

 

 

 

 

Problema ainda continua..voltou desde como era ontem =/

[Silas Martins 0]

Selecione e copie o texto abaixo, Abra o Bloco de notas e copie a entrada abaixo citada:

C:\WINDOWS\system32\xvyu5i4c.exe

 

Salve então, na área de trabalho, com o nome de CFScript.txt

 

Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo.

 

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

 

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

 

Quando acabar, será gerado um log, que estará em C:\ComboFix.txt. Poste-o juntamente com o novo log do hijackthis

[leandro'lf 0]

Log do HijackThis:

 

 

Logfile of HijackThis v1.99.1

Scan saved at 00:34:22, on 23/5/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Arquivos de programas\SiteAdvisor\6253\SiteAdv.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\SiteAdvisor\6253\SAService.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\system32\xvyu5i4c.exe

C:\Arquivos de programas\Free Downloads Accelerator\0.999\fdaagent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Program Files\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Arquivos de programas\SiteAdvisor\6253\SiteAdv.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: IE 4.x-6.x BHO for Free Downloads Accelerator - {98DE779A-2364-4293-AB71-2B97C61C4640} - C:\ARQUIV~1\FREEDO~1\0.999\fdahlp.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Arquivos de programas\SiteAdvisor\6253\SiteAdv.dll

O3 - Toolbar: FDA Bar - {9595C62C-76C6-49A6-9BDA-3253DD7A34FF} - C:\Arquivos de programas\Free Downloads Accelerator\0.999\fdabar.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [siteAdvisor] C:\Arquivos de programas\SiteAdvisor\6253\SiteAdv.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Download with Free Downloads Accelerator - C:\Arquivos de programas\Free Downloads Accelerator\0.999\fdaie.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1200424221406

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1201204891156

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{4C6D3F58-92B3-4047-A5C6-3339BC3F58D0}: NameServer = 200.204.0.10 200.204.0.10

O17 - HKLM\System\CS1\Services\Tcpip\..\{4C6D3F58-92B3-4047-A5C6-3339BC3F58D0}: NameServer = 200.204.0.10 200.204.0.10

O17 - HKLM\System\CS2\Services\Tcpip\..\{4C6D3F58-92B3-4047-A5C6-3339BC3F58D0}: NameServer = 200.204.0.10 200.204.0.10

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Arquivos de programas\SiteAdvisor\6253\SiteAdv.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Serviço SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Arquivos de programas\SiteAdvisor\6253\SAService.exe

 

Combofix Log:

 

ComboFix 08-05-21.2 - Winxp 2008-05-23 0:27:58.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.1511 [GMT -3:00]

Executando de: C:\Documents and Settings\Winxp\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Winxp\Desktop\CFScript.txt

* Criado um novo ponto de restauro

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((( Ficheiros criados de 2008-04-23 to 2008-05-23 ))))))))))))))))))))))))))))))))

.

 

2008-05-21 21:17 . 2008-05-22 03:33 30,722 --a------ C:\WINDOWS\system32\xvyu5i4c.exe_

2008-05-21 21:17 . 2008-05-23 00:11 30,722 --a------ C:\WINDOWS\system32\xvyu5i4c.exe

2008-05-21 19:55 . 2008-05-21 19:56 <DIR> d-------- C:\!KillBox

2008-05-18 13:50 . 2008-05-18 13:50 <DIR> d-------- C:\Documents and Settings\Winxp\Dados de aplicativos\Tibia

2008-05-18 13:43 . 2008-05-18 13:43 <DIR> d-------- C:\Arquivos de programas\Asprate

2008-05-17 23:58 . 2008-05-17 23:58 <DIR> d-------- C:\Documents and Settings\Winxp\Dados de aplicativos\Vso

2008-05-17 23:58 . 2008-05-17 23:58 81,920 --a------ C:\Documents and Settings\Winxp\Dados de aplicativos\ezpinst.exe

2008-05-17 23:58 . 2008-05-17 23:58 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys

2008-05-17 23:58 . 2008-05-17 23:58 47,360 --a------ C:\Documents and Settings\Winxp\Dados de aplicativos\pcouffin.sys

2008-05-17 23:57 . 2008-05-17 23:57 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\DVDXStudio

2008-05-17 23:57 . 2008-05-17 23:57 <DIR> d-------- C:\Arquivos de programas\CloneDVD

2008-05-16 19:27 . 2008-05-17 12:35 <DIR> d-------- C:\LinhaDefensiva

2008-05-15 20:14 . 2008-05-20 21:42 244 --ah----- C:\sqmnoopt19.sqm

2008-05-15 20:14 . 2008-05-20 21:42 232 --ah----- C:\sqmdata19.sqm

2008-05-15 20:13 . 2008-05-20 18:26 244 --ah----- C:\sqmnoopt18.sqm

2008-05-15 20:13 . 2008-05-20 18:26 232 --ah----- C:\sqmdata18.sqm

2008-05-15 20:12 . 2008-05-19 22:38 244 --ah----- C:\sqmnoopt17.sqm

2008-05-15 20:12 . 2008-05-19 22:38 232 --ah----- C:\sqmdata17.sqm

2008-05-15 20:11 . 2008-05-18 02:26 244 --ah----- C:\sqmnoopt16.sqm

2008-05-15 20:11 . 2008-05-18 02:26 232 --ah----- C:\sqmdata16.sqm

2008-05-15 20:10 . 2008-05-18 02:24 244 --ah----- C:\sqmnoopt15.sqm

2008-05-15 20:10 . 2008-05-17 13:04 244 --ah----- C:\sqmnoopt14.sqm

2008-05-15 20:10 . 2008-05-18 02:24 232 --ah----- C:\sqmdata15.sqm

2008-05-15 20:10 . 2008-05-17 13:04 232 --ah----- C:\sqmdata14.sqm

2008-05-15 20:09 . 2008-05-17 13:04 244 --ah----- C:\sqmnoopt13.sqm

2008-05-15 20:09 . 2008-05-17 13:04 232 --ah----- C:\sqmdata13.sqm

2008-05-15 20:08 . 2008-05-17 12:58 172 --ah----- C:\sqmnoopt12.sqm

2008-05-15 20:08 . 2008-05-17 12:58 172 --ah----- C:\sqmdata12.sqm

2008-05-15 20:07 . 2008-05-17 12:57 244 --ah----- C:\sqmnoopt11.sqm

2008-05-15 20:07 . 2008-05-17 12:57 232 --ah----- C:\sqmdata11.sqm

2008-05-15 20:06 . 2008-05-17 12:39 244 --ah----- C:\sqmnoopt10.sqm

2008-05-15 20:06 . 2008-05-17 12:39 244 --ah----- C:\sqmnoopt09.sqm

2008-05-15 20:06 . 2008-05-17 12:39 232 --ah----- C:\sqmdata10.sqm

2008-05-15 20:06 . 2008-05-17 12:39 232 --ah----- C:\sqmdata09.sqm

2008-05-15 20:05 . 2008-05-17 12:39 244 --ah----- C:\sqmnoopt08.sqm

2008-05-15 20:05 . 2008-05-17 12:39 232 --ah----- C:\sqmdata08.sqm

2008-05-15 20:04 . 2008-05-17 12:39 244 --ah----- C:\sqmnoopt07.sqm

2008-05-15 20:04 . 2008-05-17 12:39 232 --ah----- C:\sqmdata07.sqm

2008-05-15 20:03 . 2008-05-17 12:38 244 --ah----- C:\sqmnoopt06.sqm

2008-05-15 20:03 . 2008-05-17 12:38 244 --ah----- C:\sqmnoopt05.sqm

2008-05-15 20:03 . 2008-05-17 12:38 232 --ah----- C:\sqmdata06.sqm

2008-05-15 20:03 . 2008-05-17 12:38 232 --ah----- C:\sqmdata05.sqm

2008-05-15 20:02 . 2008-05-17 12:38 244 --ah----- C:\sqmnoopt04.sqm

2008-05-15 20:02 . 2008-05-17 12:38 232 --ah----- C:\sqmdata04.sqm

2008-05-15 20:01 . 2008-05-23 00:28 244 --ah----- C:\sqmnoopt03.sqm

2008-05-15 20:01 . 2008-05-22 12:48 244 --ah----- C:\sqmnoopt02.sqm

2008-05-15 20:01 . 2008-05-23 00:28 232 --ah----- C:\sqmdata03.sqm

2008-05-15 20:01 . 2008-05-22 12:48 232 --ah----- C:\sqmdata02.sqm

2008-05-15 20:00 . 2008-05-15 20:00 <DIR> dr------- C:\Documents and Settings\NetworkService\Favoritos

2008-05-15 20:00 . 2008-05-23 00:28 <DIR> d-------- C:\Documents and Settings\NetworkService\Dados de aplicativos\MEGAUPLOADTOOLBAR

2008-05-15 20:00 . 2008-05-22 12:47 244 --ah----- C:\sqmnoopt01.sqm

2008-05-15 20:00 . 2008-05-22 12:47 232 --ah----- C:\sqmdata01.sqm

2008-05-14 00:47 . 2008-05-14 00:46 29,248 --a------ C:\WINDOWS\system32\6737oOtO.exe

2008-05-06 12:56 . 2008-05-06 12:56 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Adobe

2008-05-01 16:27 . 2008-05-01 16:27 <DIR> d-------- C:\WINDOWS\system32\Adobe

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-23 03:10 --------- d-----w C:\Documents and Settings\Winxp\Dados de aplicativos\MegauploadToolbar

2008-05-22 20:27 --------- d-----w C:\Arquivos de programas\Google

2008-05-22 16:52 --------- d---a-w C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-05-22 03:00 --------- d-----w C:\Arquivos de programas\Steam

2008-05-21 23:32 --------- d-----w C:\Arquivos de programas\Teamspeak2_RC2

2008-05-18 05:32 --------- d-----w C:\Documents and Settings\Winxp\Dados de aplicativos\LimeWire

2008-05-17 15:57 --------- d-----w C:\Arquivos de programas\Messenger Plus! Live

2008-05-17 15:55 --------- d-----w C:\Arquivos de programas\Windows Live

2008-05-16 22:39 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-05-16 22:07 --------- d-----w C:\Arquivos de programas\KeyScrambler

2008-05-16 00:29 --------- d-----w C:\Documents and Settings\NetworkService\Dados de aplicativos\SiteAdvisor

2008-05-14 03:30 --------- d-----w C:\Arquivos de programas\MegauploadToolbar

2008-05-13 23:15 --------- d-----w C:\Arquivos de programas\TibiaBot NG 4.7.0

2008-04-26 19:16 --------- d-----w C:\Arquivos de programas\Tibia

2008-04-23 02:32 --------- d-----w C:\Arquivos de programas\TibiaBot NG

2008-04-23 02:32 --------- d-----w C:\Arquivos de programas\PowerHEX

2008-04-23 01:00 165,404 ----a-w C:\WINDOWS\PowerHEX Uninstaller.exe

2008-04-23 01:00 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Thraex Software

2008-04-10 01:08 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-04-10 01:08 --------- d-----w C:\Documents and Settings\Winxp\Dados de aplicativos\OLYMPUS

2008-04-10 01:07 --------- d-----w C:\Arquivos de programas\OLYMPUS

2008-04-10 01:05 --------- d-----w C:\Arquivos de programas\PIXELA

2008-03-31 00:47 --------- d-----w C:\Arquivos de programas\LimeWire

2008-03-31 00:35 --------- d-----w C:\Arquivos de programas\Kazaa Lite K++

2008-03-29 04:55 --------- d-----w C:\Arquivos de programas\MSXML 4.0

2008-03-27 23:46 --------- d-----w C:\Arquivos de programas\K-Lite

2008-03-24 05:08 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\SiteAdvisor

2008-03-24 02:55 --------- d-----w C:\Arquivos de programas\SystemRequirementsLab

2008-03-23 15:30 --------- d-----w C:\Arquivos de programas\Valve

.

 

((((((((((((((((((((((((((((( snapshot@2008-05-22_12.40.17,70 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-05-22 13:12:54 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-05-23 01:52:52 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-05-22 20:27:48 26,694 ----a-r C:\WINDOWS\Installer\{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}\ARPPRODUCTICON.exe

+ 2008-05-22 20:27:48 26,694 ----a-r C:\WINDOWS\Installer\{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe

+ 2008-05-22 20:27:48 26,694 ----a-r C:\WINDOWS\Installer\{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}\googleearth.exe1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe

+ 2008-05-22 20:27:48 26,694 ----a-r C:\WINDOWS\Installer\{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe

+ 2008-05-22 20:27:48 26,694 ----a-r C:\WINDOWS\Installer\{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe

+ 2008-05-22 20:27:48 26,694 ----a-r C:\WINDOWS\Installer\{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}\UNINST_Uninstall_G_408FFBEED62349E08B232864A94D2864.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

"swg"="C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-15 16:02 68856]

"MsnMsgr"="C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"!AVG Anti-Spyware"="C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2008-01-15 15:38 6731312]

"SiteAdvisor"="C:\Arquivos de programas\SiteAdvisor\6253\SiteAdv.exe" [2007-12-04 18:03 36640]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.I420"= i420vfw.dll

"vidc.iv41"= ir41_32.dll

"msacm.iac2"= C:\WINDOWS\system32\iac25_32. ax

"VIDC.VP40"= vp4vfw.dll

"vidc.X264"= x264vfw.dll

"VIDC.DRAW"= DVIDEO.DLL

"VIDC.YV12"= yv12vfw.dll

"VIDC.MSUD"= msulvc05.dll

"VIDC.MJPG"= pvmjpg21.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Shutdown\0\0]

"Script"=C:\Documents and Settings\Winxp\Desktop\ntosboot.bat

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-01-11 22:16 39792 C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]

-ra------ 2005-06-30 02:16 88203 C:\WINDOWS\AGRSMMSG.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]

--------- 2004-10-27 14:21 61952 C:\WINDOWS\system32\HdAShCut.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--------- 2004-08-03 23:56 1667584 C:\Arquivos de programas\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2007-10-18 11:34 5724184 C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]

--a------ 2006-12-01 21:28 95800 C:\Arquivos de programas\OLYMPUS\OLYMPUS Master 2\MMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-03-20 11:48 77824 C:\Arquivos de programas\QuickTime\qttask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]

--a------ 2005-09-07 14:35 716800 C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]

-ra------ 2005-05-20 06:11 925696 C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

--a------ 2008-03-31 13:33 1271032 c:\arquivos de programas\steam\steam.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2007-09-25 00:11 132496 C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

--a------ 2008-01-15 16:02 68856 C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sXe Injected]

--a------ 2008-02-03 23:57 507392 C:\Arquivos de programas\sXe Injected\sXe Injected.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\WINDOWS\\system32\\dpvsetup.exe"=

"C:\\Documents and Settings\\Winxp\\Desktop\\GuSTop.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de programas\\Valve\\hl.exe"=

"C:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"C:\\Arquivos de programas\\Kazaa Lite K++\\KazaaLite.kpp"=

"C:\\Arquivos de programas\\Steam\\steamapps\\mdkzinho\\counter-strike\\hl.exe"=

"C:\\Arquivos de programas\\Steam\\Steam.exe"=

"C:\\Arquivos de programas\\Steam\\steamapps\\mdkzinho\\day of defeat\\hl.exe"=

"C:\\Arquivos de programas\\Steam\\steamapps\\mdkzinho\\deathmatch classic\\hl.exe"=

"C:\\Arquivos de programas\\K-Lite\\kazaa.core"=

"C:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"C:\\Arquivos de programas\\Teamspeak2_RC2\\server_windows.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Documents and Settings\\Winxp\\Meus documentos\\Age Of Empires II\\empires2.exe"=

"C:\\WINDOWS\\system32\\dplaysvr.exe"=

"C:\\Documents and Settings\\Winxp\\Meus documentos\\Age Of Empires II\\age2_x1.exe"=

 

S3 ddsxeiservice;ddsxeiservice2;C:\Arquivos de programas\sXe Injected\ddsxei.sys [2008-02-03 23:51]

 

.

Conteúdo da pasta 'Tarefas Agendadas'

"2008-05-22 03:32:01 C:\WINDOWS\Tasks\At1.job"

- C:\WINDOWS\system32\6737oOtO.exe

"2008-05-14 03:47:27 C:\WINDOWS\Tasks\At10.job"

- C:\WINDOWS\system32\6737oOtO.exe

"2008-05-17 13:00:01 C:\WINDOWS\Tasks\At11.job"

- C:\WINDOWS\system32\6737oOtO.exe

"2008-05-22 14:00:01 C:\WINDOWS\Tasks\At12.job"

- C:\WINDOWS\system32\6737oOtO.exe

"2008-05-22 15:00:01 C:\WINDOWS\Tasks\At13.job"

- C:\WINDOWS\system32\6737oOtO.exe

"2008-05-22 16:00:01 C:\WINDOWS\Tasks\At14.job"

- C:\WINDOWS\system32\6737oOtO.exe

"2008-05-22 17:00:01 C:\WINDOWS\Tasks\At15.job"

- C:\WINDOWS\system32\6737oOtO.exe

"2008-05-22 18:00:01 C:\WINDOWS\Tasks\At16.job"

- C:\WINDOWS\system32\6737oOtO.exe

"2008-05-22 19:00:01 C:\WINDOWS\Tasks\At17.job"

- C:\WINDOWS\system32\6737oOtO.exe

"2008-05-22 20:00:01 C:\WINDOWS\Tasks\At18.job"

- C:\WINDOWS\system32\6737oOtO.exe

"2008-05-22 21:00:01 C:\WINDOWS\Tasks\At19.job"

- C:\WINDOWS\system32\6737oOtO.exe

"2008-05-22 04:00:01 C:\WINDOWS\Tasks\At2.job"

- C:\WINDOWS\system32\6737oOtO.exe

"2008-05-22 22:00:01 C:\WINDOWS\Tasks\At20.job"

- C:\WINDOWS\system32\6737oOtO.exe

"2008-05-22 23:00:01 C:\WINDOWS\Tasks\At21.job"

- C:\WINDOWS\system32\6737oOtO.exe

"2008-05-23 00:00:01 C:\WINDOWS\Tasks\At22.job"

- C:\WINDOWS\system32\6737oOtO.exe

"2008-05-23 01:00:01 C:\WINDOWS\Tasks\At23.job"

- C:\WINDOWS\system32\6737oOtO.exe

"2008-05-23 02:00:01 C:\WINDOWS\Tasks\At24.job"

- C:\WINDOWS\system32\6737oOtO.exe

"2008-05-22 03:51:05 C:\WINDOWS\Tasks\At25.job"

- C:\WINDOWS\system32\xvyu5i4c.exe

"2008-05-22 04:00:05 C:\WINDOWS\Tasks\At26.job"

- C:\WINDOWS\system32\xvyu5i4c.exe

"2008-05-22 05:00:05 C:\WINDOWS\Tasks\At27.job"

- C:\WINDOWS\system32\xvyu5i4c.exe

"2008-05-22 06:00:05 C:\WINDOWS\Tasks\At28.job"

- C:\WINDOWS\system32\xvyu5i4c.exe

"2008-05-19 07:00:05 C:\WINDOWS\Tasks\At29.job"

- C:\WINDOWS\system32\xvyu5i4c.exe

"2008-05-22 05:00:01 C:\WINDOWS\Tasks\At3.job"

- C:\WINDOWS\system32\6737oOtO.exe

"2008-05-19 08:00:05 C:\WINDOWS\Tasks\At30.job"

- C:\WINDOWS\system32\xvyu5i4c.exe

"2008-05-19 09:00:05 C:\WINDOWS\Tasks\At31.job"

- C:\WINDOWS\system32\xvyu5i4c.exe

"2008-05-15 16:14:04 C:\WINDOWS\Tasks\At32.job"

- C:\WINDOWS\system32\xvyu5i4c.exe

"2008-05-15 16:14:04 C:\WINDOWS\Tasks\At33.job"

- C:\WINDOWS\system32\xvyu5i4c.exe

"2008-05-15 16:14:04 C:\WINDOWS\Tasks\At34.job"

- C:\WINDOWS\system32\xvyu5i4c.exe

"2008-05-17 14:01:27 C:\WINDOWS\Tasks\At35.job"

- C:\WINDOWS\system32\xvyu5i4c.exe

"2008-05-22 15:54:45 C:\WINDOWS\Tasks\At36.job"

- C:\WINDOWS\system32\xvyu5i4c.exe

"2008-05-22 15:00:05 C:\WINDOWS\Tasks\At37.job"

- C:\WINDOWS\system32\xvyu5i4c.exe

"2008-05-23 01:51:13 C:\WINDOWS\Tasks\At38.job"

- C:\WINDOWS\system32\xvyu5i4c.exe

"2008-05-22 17:00:05 C:\WINDOWS\Tasks\At39.job"

- C:\WINDOWS\system32\xvyu5i4c.exe

"2008-05-22 06:00:01 C:\WINDOWS\Tasks\At4.job"

- C:\WINDOWS\system32\6737oOtO.exe

"2008-05-22 18:00:05 C:\WINDOWS\Tasks\At40.job"

- C:\WINDOWS\system32\xvyu5i4c.exe

"2008-05-22 19:00:05 C:\WINDOWS\Tasks\At41.job"

- C:\WINDOWS\system32\xvyu5i4c.exe

"2008-05-22 20:00:05 C:\WINDOWS\Tasks\At42.job"

- C:\WINDOWS\system32\xvyu5i4c.exe

"2008-05-22 21:00:05 C:\WINDOWS\Tasks\At43.job"

- C:\WINDOWS\system32\xvyu5i4c.exe

"2008-05-22 22:00:05 C:\WINDOWS\Tasks\At44.job"

- C:\WINDOWS\system32\xvyu5i4c.exe

"2008-05-22 23:00:05 C:\WINDOWS\Tasks\At45.job"

- C:\WINDOWS\system32\xvyu5i4c.exe

"2008-05-23 00:00:05 C:\WINDOWS\Tasks\At46.job"

- C:\WINDOWS\system32\xvyu5i4c.exe

"2008-05-23 01:00:05 C:\WINDOWS\Tasks\At47.job"

- C:\WINDOWS\system32\xvyu5i4c.exe

"2008-05-23 02:00:00 C:\WINDOWS\Tasks\At48.job"

- C:\WINDOWS\system32\xvyu5i4c.exe

"2008-05-19 07:00:01 C:\WINDOWS\Tasks\At5.job"

- C:\WINDOWS\system32\6737oOtO.exe

"2008-05-19 08:00:01 C:\WINDOWS\Tasks\At6.job"

- C:\WINDOWS\system32\6737oOtO.exe

"2008-05-19 09:00:01 C:\WINDOWS\Tasks\At7.job"

- C:\WINDOWS\system32\6737oOtO.exe

"2008-05-14 03:47:27 C:\WINDOWS\Tasks\At8.job"

- C:\WINDOWS\system32\6737oOtO.exe

"2008-05-14 03:47:27 C:\WINDOWS\Tasks\At9.job"

- C:\WINDOWS\system32\6737oOtO.exe

"2008-05-23 02:52:00 C:\WINDOWS\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job"

- C:\Arquivos de programas\Windows Live Toolbar\MSNTBUP.EXE

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-23 00:29:59

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-05-23 0:31:33

ComboFix-quarantined-files.txt 2008-05-23 03:31:24

ComboFix2.txt 2008-05-22 15:40:58

 

Pre-Run: 141,666,836,480 bytes disponíveis

Post-Run: 141,789,540,352 bytes disponíveis

 

308

 

 

 

 

 

o combofix nao reiniciou meu pc em nenhum momento

[Silas Martins 0]

baixe o WornFix em: http://slynux.org/downloads/Worm-fix.exe.zip

Salve-o na área de trabalho, descompacte-o e execute o fix.exe worn e selecione a entrada abaixo após

C:\WINDOWS\system32\xvyu5i4c.exe

clique em remover

[leandro'lf 0]

axo q eu fiz..nao sei se selecionei certo

 

poderia me explicar apenas pra eu confirmar?

 

 

 

e após isso ja me diga o proximo passo por favor

 

obrigado

[Silas Martins 0]

Boma função do worn.fix é tirar o arquivo na marra.

O que você fez foi buscar o arquivo e deleta-lo. só.

[leandro'lf 0]

ok...fiz o seguinte...cliquei sobre o arquivo C:\WINDOWS\system32\xvyu5i4c.exe e executei o worn.fix mais o arquivo continuou lá. apos isso deletei o xvyu5i4c.exe e executei o worn.fix

o xvyu5i4c.exe nao esta mais no pc...qual eh o proximo passo?

 

ps. ele reapareceu no meu pc do nada

[Silas Martins 0]

Baixe o Bankerfix.

desative o seu antivírus temporariamente, para não haver conflitos e para uma melhor detecção.

Clique duas vezes sobre bankerfix.exe, dê o Enter e espere ele terminar. Ao terminar, leia a mensagem na tela e aperte Enter novamente.

 

Habilite o seu antivírus. e gere um novo log do hijackthis.

 

Aguardo o Retorno

[leandro'lf 0]

Logfile of HijackThis v1.99.1

Scan saved at 15:14:28, on 26/5/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\SiteAdvisor\6261\SiteAdv.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Free Downloads Accelerator\0.999\fdaagent.exe

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\SiteAdvisor\6261\SAService.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\system32\xvyu5i4c.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Program Files\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Arquivos de programas\SiteAdvisor\6261\SiteAdv.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: IE 4.x-6.x BHO for Free Downloads Accelerator - {98DE779A-2364-4293-AB71-2B97C61C4640} - C:\ARQUIV~1\FREEDO~1\0.999\fdahlp.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Arquivos de programas\SiteAdvisor\6261\SiteAdv.dll

O3 - Toolbar: FDA Bar - {9595C62C-76C6-49A6-9BDA-3253DD7A34FF} - C:\Arquivos de programas\Free Downloads Accelerator\0.999\fdabar.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [siteAdvisor] "C:\Arquivos de programas\SiteAdvisor\6261\SiteAdv.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Download with Free Downloads Accelerator - C:\Arquivos de programas\Free Downloads Accelerator\0.999\fdaie.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1200424221406

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1201204891156

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{4C6D3F58-92B3-4047-A5C6-3339BC3F58D0}: NameServer = 200.204.0.10 200.204.0.10

O17 - HKLM\System\CS1\Services\Tcpip\..\{4C6D3F58-92B3-4047-A5C6-3339BC3F58D0}: NameServer = 200.204.0.10 200.204.0.10

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Arquivos de programas\SiteAdvisor\6261\SiteAdv.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Serviço SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Arquivos de programas\SiteAdvisor\6261\SAService.exe

 

 

continua =/

[Silas Martins 0]

elecione e copie o texto abaixo, Abra o Bloco de notas e copie a entrada abaixo citada:

File::

C:\WINDOWS\system32\xvyu5i4c.exe

C:\WINDOWS\Tasks\At1.job"

C:\WINDOWS\Tasks\At10.job"

C:\WINDOWS\Tasks\At11.job"

C:\WINDOWS\Tasks\At11.job

C:\WINDOWS\Tasks\At12.job

C:\WINDOWS\Tasks\At13.job

C:\WINDOWS\Tasks\At14.job

C:\WINDOWS\Tasks\At15.job

C:\WINDOWS\Tasks\At16.job

C:\WINDOWS\Tasks\At17.job

C:\WINDOWS\Tasks\At18.job

C:\WINDOWS\Tasks\At19.job

C:\WINDOWS\Tasks\At2.job

C:\WINDOWS\Tasks\At20.job

C:\WINDOWS\Tasks\At21.job

C:\WINDOWS\Tasks\At22.job

C:\WINDOWS\Tasks\At23.job

C:\WINDOWS\Tasks\At24.job

C:\WINDOWS\Tasks\At25.job

C:\WINDOWS\Tasks\At26.job

C:\WINDOWS\Tasks\At27.job

C:\WINDOWS\Tasks\At28.job

C:\WINDOWS\Tasks\At29.job

C:\WINDOWS\Tasks\At3.job

C:\WINDOWS\Tasks\At30.job

C:\WINDOWS\Tasks\At31.job

C:\WINDOWS\Tasks\At32.job

C:\WINDOWS\Tasks\At33.job

C:\WINDOWS\Tasks\At34.job

C:\WINDOWS\Tasks\At35.job

C:\WINDOWS\Tasks\At36.job

C:\WINDOWS\Tasks\At37.job

C:\WINDOWS\Tasks\At38.job

C:\WINDOWS\Tasks\At39.job

C:\WINDOWS\Tasks\At4.job

C:\WINDOWS\Tasks\At40.job

C:\WINDOWS\Tasks\At41.job

C:\WINDOWS\Tasks\At42.job

C:\WINDOWS\Tasks\At43.job

C:\WINDOWS\Tasks\At44.job

C:\WINDOWS\Tasks\At45.job

C:\WINDOWS\Tasks\At46.job

C:\WINDOWS\Tasks\At47.job

C:\WINDOWS\Tasks\At48.job

C:\WINDOWS\Tasks\At5.job

C:\WINDOWS\Tasks\At6.job

C:\WINDOWS\Tasks\At7.job

C:\WINDOWS\Tasks\At8.job

C:\WINDOWS\Tasks\At9.job

 

Salve então, na área de trabalho, com o nome de CFScript.txt

 

Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo.

 

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

 

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

 

Quando acabar, será gerado um log, que estará em C:\ComboFix.txt. Poste-o juntamente com o novo log do hijackthis

[leandro'lf 0]

Combofix.txt

 

 

ComboFix 08-05-21.2 - Winxp 2008-05-27 17:47:41.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.1498 [GMT -3:00]

Executando de: C:\Documents and Settings\Winxp\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Winxp\Desktop\CFScript.txt

* Criado um novo ponto de restauro

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

 

FILE ::

C:\WINDOWS\system32\xvyu5i4c.exe

C:\WINDOWS\Tasks\At1.job"

C:\WINDOWS\Tasks\At10.job"

C:\WINDOWS\Tasks\At11.job

C:\WINDOWS\Tasks\At11.job"

C:\WINDOWS\Tasks\At12.job

C:\WINDOWS\Tasks\At13.job

C:\WINDOWS\Tasks\At14.job

C:\WINDOWS\Tasks\At15.job

C:\WINDOWS\Tasks\At16.job

C:\WINDOWS\Tasks\At17.job

C:\WINDOWS\Tasks\At18.job

C:\WINDOWS\Tasks\At19.job

C:\WINDOWS\Tasks\At2.job

C:\WINDOWS\Tasks\At20.job

C:\WINDOWS\Tasks\At21.job

C:\WINDOWS\Tasks\At22.job

C:\WINDOWS\Tasks\At23.job

C:\WINDOWS\Tasks\At24.job

C:\WINDOWS\Tasks\At25.job

C:\WINDOWS\Tasks\At26.job

C:\WINDOWS\Tasks\At27.job

C:\WINDOWS\Tasks\At28.job

C:\WINDOWS\Tasks\At29.job

C:\WINDOWS\Tasks\At3.job

C:\WINDOWS\Tasks\At30.job

C:\WINDOWS\Tasks\At31.job

C:\WINDOWS\Tasks\At32.job

C:\WINDOWS\Tasks\At33.job

C:\WINDOWS\Tasks\At34.job

C:\WINDOWS\Tasks\At35.job

C:\WINDOWS\Tasks\At36.job

C:\WINDOWS\Tasks\At37.job

C:\WINDOWS\Tasks\At38.job

C:\WINDOWS\Tasks\At39.job

C:\WINDOWS\Tasks\At4.job

C:\WINDOWS\Tasks\At40.job

C:\WINDOWS\Tasks\At41.job

C:\WINDOWS\Tasks\At42.job

C:\WINDOWS\Tasks\At43.job

C:\WINDOWS\Tasks\At44.job

C:\WINDOWS\Tasks\At45.job

C:\WINDOWS\Tasks\At46.job

C:\WINDOWS\Tasks\At47.job

C:\WINDOWS\Tasks\At48.job

C:\WINDOWS\Tasks\At5.job

C:\WINDOWS\Tasks\At6.job

C:\WINDOWS\Tasks\At7.job

C:\WINDOWS\Tasks\At8.job

C:\WINDOWS\Tasks\At9.job

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\system32\xvyu5i4c.exe

C:\WINDOWS\Tasks\At1.job

C:\WINDOWS\Tasks\At10.job

C:\WINDOWS\Tasks\At11.job

C:\WINDOWS\Tasks\At12.job

C:\WINDOWS\Tasks\At13.job

C:\WINDOWS\Tasks\At14.job

C:\WINDOWS\Tasks\At15.job

C:\WINDOWS\Tasks\At16.job

C:\WINDOWS\Tasks\At17.job

C:\WINDOWS\Tasks\At18.job

C:\WINDOWS\Tasks\At19.job

C:\WINDOWS\Tasks\At2.job

C:\WINDOWS\Tasks\At20.job

C:\WINDOWS\Tasks\At21.job

C:\WINDOWS\Tasks\At22.job

C:\WINDOWS\Tasks\At23.job

C:\WINDOWS\Tasks\At24.job

C:\WINDOWS\Tasks\At25.job

C:\WINDOWS\Tasks\At26.job

C:\WINDOWS\Tasks\At27.job

C:\WINDOWS\Tasks\At28.job

C:\WINDOWS\Tasks\At29.job

C:\WINDOWS\Tasks\At3.job

C:\WINDOWS\Tasks\At30.job

C:\WINDOWS\Tasks\At31.job

C:\WINDOWS\Tasks\At32.job

C:\WINDOWS\Tasks\At33.job

C:\WINDOWS\Tasks\At34.job

C:\WINDOWS\Tasks\At35.job

C:\WINDOWS\Tasks\At36.job

C:\WINDOWS\Tasks\At37.job

C:\WINDOWS\Tasks\At38.job

C:\WINDOWS\Tasks\At39.job

C:\WINDOWS\Tasks\At4.job

C:\WINDOWS\Tasks\At40.job

C:\WINDOWS\Tasks\At41.job

C:\WINDOWS\Tasks\At42.job

C:\WINDOWS\Tasks\At43.job

C:\WINDOWS\Tasks\At44.job

C:\WINDOWS\Tasks\At45.job

C:\WINDOWS\Tasks\At46.job

C:\WINDOWS\Tasks\At47.job

C:\WINDOWS\Tasks\At48.job

C:\WINDOWS\Tasks\At5.job

C:\WINDOWS\Tasks\At6.job

C:\WINDOWS\Tasks\At7.job

C:\WINDOWS\Tasks\At8.job

C:\WINDOWS\Tasks\At9.job

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-04-27 to 2008-05-27 ))))))))))))))))))))))))))))))))

.

 

2008-05-21 19:55 . 2008-05-24 00:28 <DIR> d-------- C:\!KillBox

2008-05-18 13:50 . 2008-05-24 22:02 <DIR> d-------- C:\Documents and Settings\Winxp\Dados de aplicativos\Tibia

2008-05-18 13:43 . 2008-05-18 13:43 <DIR> d-------- C:\Arquivos de programas\Asprate

2008-05-17 23:58 . 2008-05-17 23:58 <DIR> d-------- C:\Documents and Settings\Winxp\Dados de aplicativos\Vso

2008-05-17 23:58 . 2008-05-17 23:58 81,920 --a------ C:\Documents and Settings\Winxp\Dados de aplicativos\ezpinst.exe

2008-05-17 23:58 . 2008-05-17 23:58 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys

2008-05-17 23:58 . 2008-05-17 23:58 47,360 --a------ C:\Documents and Settings\Winxp\Dados de aplicativos\pcouffin.sys

2008-05-17 23:57 . 2008-05-17 23:57 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\DVDXStudio

2008-05-17 23:57 . 2008-05-17 23:57 <DIR> d-------- C:\Arquivos de programas\CloneDVD

2008-05-16 19:27 . 2008-05-26 14:26 <DIR> d-------- C:\LinhaDefensiva

2008-05-15 20:14 . 2008-05-20 21:42 244 --ah----- C:\sqmnoopt19.sqm

2008-05-15 20:14 . 2008-05-20 21:42 232 --ah----- C:\sqmdata19.sqm

2008-05-15 20:13 . 2008-05-20 18:26 244 --ah----- C:\sqmnoopt18.sqm

2008-05-15 20:13 . 2008-05-20 18:26 232 --ah----- C:\sqmdata18.sqm

2008-05-15 20:12 . 2008-05-19 22:38 244 --ah----- C:\sqmnoopt17.sqm

2008-05-15 20:12 . 2008-05-19 22:38 232 --ah----- C:\sqmdata17.sqm

2008-05-15 20:11 . 2008-05-18 02:26 244 --ah----- C:\sqmnoopt16.sqm

2008-05-15 20:11 . 2008-05-18 02:26 232 --ah----- C:\sqmdata16.sqm

2008-05-15 20:10 . 2008-05-18 02:24 244 --ah----- C:\sqmnoopt15.sqm

2008-05-15 20:10 . 2008-05-17 13:04 244 --ah----- C:\sqmnoopt14.sqm

2008-05-15 20:10 . 2008-05-18 02:24 232 --ah----- C:\sqmdata15.sqm

2008-05-15 20:10 . 2008-05-17 13:04 232 --ah----- C:\sqmdata14.sqm

2008-05-15 20:09 . 2008-05-27 16:04 244 --ah----- C:\sqmnoopt13.sqm

2008-05-15 20:09 . 2008-05-27 16:04 232 --ah----- C:\sqmdata13.sqm

2008-05-15 20:08 . 2008-05-25 23:39 244 --ah----- C:\sqmnoopt12.sqm

2008-05-15 20:08 . 2008-05-25 23:39 232 --ah----- C:\sqmdata12.sqm

2008-05-15 20:07 . 2008-05-25 23:13 244 --ah----- C:\sqmnoopt11.sqm

2008-05-15 20:07 . 2008-05-25 23:13 232 --ah----- C:\sqmdata11.sqm

2008-05-15 20:06 . 2008-05-25 19:15 244 --ah----- C:\sqmnoopt10.sqm

2008-05-15 20:06 . 2008-05-25 19:14 244 --ah----- C:\sqmnoopt09.sqm

2008-05-15 20:06 . 2008-05-25 19:15 232 --ah----- C:\sqmdata10.sqm

2008-05-15 20:06 . 2008-05-25 19:14 232 --ah----- C:\sqmdata09.sqm

2008-05-15 20:05 . 2008-05-25 19:14 244 --ah----- C:\sqmnoopt08.sqm

2008-05-15 20:05 . 2008-05-25 19:14 232 --ah----- C:\sqmdata08.sqm

2008-05-15 20:04 . 2008-05-24 03:20 244 --ah----- C:\sqmnoopt07.sqm

2008-05-15 20:04 . 2008-05-24 03:20 232 --ah----- C:\sqmdata07.sqm

2008-05-15 20:03 . 2008-05-23 01:00 244 --ah----- C:\sqmnoopt06.sqm

2008-05-15 20:03 . 2008-05-23 00:33 244 --ah----- C:\sqmnoopt05.sqm

2008-05-15 20:03 . 2008-05-23 01:00 232 --ah----- C:\sqmdata06.sqm

2008-05-15 20:03 . 2008-05-23 00:33 232 --ah----- C:\sqmdata05.sqm

2008-05-15 20:02 . 2008-05-23 00:33 244 --ah----- C:\sqmnoopt04.sqm

2008-05-15 20:02 . 2008-05-23 00:33 232 --ah----- C:\sqmdata04.sqm

2008-05-15 20:01 . 2008-05-23 00:28 244 --ah----- C:\sqmnoopt03.sqm

2008-05-15 20:01 . 2008-05-22 12:48 244 --ah----- C:\sqmnoopt02.sqm

2008-05-15 20:01 . 2008-05-23 00:28 232 --ah----- C:\sqmdata03.sqm

2008-05-15 20:01 . 2008-05-22 12:48 232 --ah----- C:\sqmdata02.sqm

2008-05-15 20:00 . 2008-05-15 20:00 <DIR> dr------- C:\Documents and Settings\NetworkService\Favoritos

2008-05-15 20:00 . 2008-05-27 16:00 <DIR> d-------- C:\Documents and Settings\NetworkService\Dados de aplicativos\MEGAUPLOADTOOLBAR

2008-05-15 20:00 . 2008-05-22 12:47 244 --ah----- C:\sqmnoopt01.sqm

2008-05-15 20:00 . 2008-05-22 12:47 232 --ah----- C:\sqmdata01.sqm

2008-05-14 00:47 . 2008-05-14 00:46 29,248 --a------ C:\WINDOWS\system32\6737oOtO.exe

2008-05-06 12:56 . 2008-05-06 12:56 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Adobe

2008-05-01 16:27 . 2008-05-01 16:27 <DIR> d-------- C:\WINDOWS\system32\Adobe

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-27 19:41 --------- d-----w C:\Documents and Settings\Winxp\Dados de aplicativos\MegauploadToolbar

2008-05-27 18:08 --------- d---a-w C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-05-26 03:27 --------- d-----w C:\Documents and Settings\NetworkService\Dados de aplicativos\SiteAdvisor

2008-05-25 22:53 --------- d-----w C:\Arquivos de programas\Steam

2008-05-25 17:05 --------- d-----w C:\Arquivos de programas\Teamspeak2_RC2

2008-05-25 05:45 --------- d-----w C:\Arquivos de programas\DOSBox-0.72

2008-05-25 04:13 --------- d-----w C:\Arquivos de programas\SiteAdvisor

2008-05-22 20:27 --------- d-----w C:\Arquivos de programas\Google

2008-05-18 05:32 --------- d-----w C:\Documents and Settings\Winxp\Dados de aplicativos\LimeWire

2008-05-17 15:57 --------- d-----w C:\Arquivos de programas\Messenger Plus! Live

2008-05-17 15:55 --------- d-----w C:\Arquivos de programas\Windows Live

2008-05-16 22:39 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-05-16 22:07 --------- d-----w C:\Arquivos de programas\KeyScrambler

2008-05-14 03:30 --------- d-----w C:\Arquivos de programas\MegauploadToolbar

2008-05-13 23:15 --------- d-----w C:\Arquivos de programas\TibiaBot NG 4.7.0

2008-04-26 19:16 --------- d-----w C:\Arquivos de programas\Tibia

2008-04-23 02:32 --------- d-----w C:\Arquivos de programas\TibiaBot NG

2008-04-23 02:32 --------- d-----w C:\Arquivos de programas\PowerHEX

2008-04-23 01:00 165,404 ----a-w C:\WINDOWS\PowerHEX Uninstaller.exe

2008-04-23 01:00 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Thraex Software

2008-04-10 01:08 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-04-10 01:08 --------- d-----w C:\Documents and Settings\Winxp\Dados de aplicativos\OLYMPUS

2008-04-10 01:07 --------- d-----w C:\Arquivos de programas\OLYMPUS

2008-04-10 01:05 --------- d-----w C:\Arquivos de programas\PIXELA

2008-03-31 00:47 --------- d-----w C:\Arquivos de programas\LimeWire

2008-03-31 00:35 --------- d-----w C:\Arquivos de programas\Kazaa Lite K++

2008-03-29 04:55 --------- d-----w C:\Arquivos de programas\MSXML 4.0

2008-03-27 23:46 --------- d-----w C:\Arquivos de programas\K-Lite

.

 

((((((((((((((((((((((((((((( snapshot@2008-05-22_12.40.17,70 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-05-22 13:12:54 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-05-27 16:00:00 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-05-22 20:27:48 26,694 ----a-r C:\WINDOWS\Installer\{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}\ARPPRODUCTICON.exe

+ 2008-05-22 20:27:48 26,694 ----a-r C:\WINDOWS\Installer\{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe

+ 2008-05-22 20:27:48 26,694 ----a-r C:\WINDOWS\Installer\{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}\googleearth.exe1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe

+ 2008-05-22 20:27:48 26,694 ----a-r C:\WINDOWS\Installer\{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe

+ 2008-05-22 20:27:48 26,694 ----a-r C:\WINDOWS\Installer\{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe

+ 2008-05-22 20:27:48 26,694 ----a-r C:\WINDOWS\Installer\{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}\UNINST_Uninstall_G_408FFBEED62349E08B232864A94D2864.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

"swg"="C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-15 16:02 68856]

"MsnMsgr"="C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

"MSMSGS"="C:\Arquivos de programas\Messenger\msmsgs.exe" [2004-08-03 23:56 1667584]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"!AVG Anti-Spyware"="C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2008-01-15 15:38 6731312]

"SiteAdvisor"="C:\Arquivos de programas\SiteAdvisor\6261\SiteAdv.exe" [2007-12-04 18:03 36640]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.I420"= i420vfw.dll

"vidc.iv41"= ir41_32.dll

"msacm.iac2"= C:\WINDOWS\system32\iac25_32. ax

"VIDC.VP40"= vp4vfw.dll

"vidc.X264"= x264vfw.dll

"VIDC.DRAW"= DVIDEO.DLL

"VIDC.YV12"= yv12vfw.dll

"VIDC.MSUD"= msulvc05.dll

"VIDC.MJPG"= pvmjpg21.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Shutdown\0\0]

"Script"=C:\Documents and Settings\Winxp\Desktop\ntosboot.bat

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-01-11 22:16 39792 C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]

-ra------ 2005-06-30 02:16 88203 C:\WINDOWS\AGRSMMSG.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]

--------- 2004-10-27 14:21 61952 C:\WINDOWS\system32\HdAShCut.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--------- 2004-08-03 23:56 1667584 C:\Arquivos de programas\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2007-10-18 11:34 5724184 C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]

--a------ 2006-12-01 21:28 95800 C:\Arquivos de programas\OLYMPUS\OLYMPUS Master 2\MMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-03-20 11:48 77824 C:\Arquivos de programas\QuickTime\qttask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]

--a------ 2005-09-07 14:35 716800 C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]

-ra------ 2005-05-20 06:11 925696 C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

--a------ 2008-03-31 13:33 1271032 c:\arquivos de programas\steam\steam.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2007-09-25 00:11 132496 C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

--a------ 2008-01-15 16:02 68856 C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sXe Injected]

--a------ 2008-02-03 23:57 507392 C:\Arquivos de programas\sXe Injected\sXe Injected.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\WINDOWS\\system32\\dpvsetup.exe"=

"C:\\Documents and Settings\\Winxp\\Desktop\\GuSTop.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de programas\\Valve\\hl.exe"=

"C:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"C:\\Arquivos de programas\\Kazaa Lite K++\\KazaaLite.kpp"=

"C:\\Arquivos de programas\\Steam\\steamapps\\mdkzinho\\counter-strike\\hl.exe"=

"C:\\Arquivos de programas\\Steam\\Steam.exe"=

"C:\\Arquivos de programas\\Steam\\steamapps\\mdkzinho\\day of defeat\\hl.exe"=

"C:\\Arquivos de programas\\Steam\\steamapps\\mdkzinho\\deathmatch classic\\hl.exe"=

"C:\\Arquivos de programas\\K-Lite\\kazaa.core"=

"C:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"C:\\Arquivos de programas\\Teamspeak2_RC2\\server_windows.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Documents and Settings\\Winxp\\Meus documentos\\Age Of Empires II\\empires2.exe"=

"C:\\WINDOWS\\system32\\dplaysvr.exe"=

"C:\\Documents and Settings\\Winxp\\Meus documentos\\Age Of Empires II\\age2_x1.exe"=

 

S3 ddsxeiservice;ddsxeiservice2;C:\Arquivos de programas\sXe Injected\ddsxei.sys [2008-02-03 23:51]

 

.

Conteúdo da pasta 'Tarefas Agendadas'

"2008-05-27 19:52:00 C:\WINDOWS\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job"

- C:\Arquivos de programas\Windows Live Toolbar\MSNTBUP.EXE

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-27 17:49:51

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-05-27 17:51:11

ComboFix-quarantined-files.txt 2008-05-27 20:50:52

ComboFix2.txt 2008-05-23 03:31:34

ComboFix3.txt 2008-05-22 15:40:58

 

Pre-Run: 141,567,209,472 bytes disponíveis

Post-Run: 141,779,128,320 bytes disponíveis

 

314

 

 

 

 

Hijackthis log:

 

 

Logfile of HijackThis v1.99.1

Scan saved at 17:53:55, on 27/5/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\SiteAdvisor\6261\SiteAdv.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Free Downloads Accelerator\0.999\fdaagent.exe

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\SiteAdvisor\6261\SAService.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Program Files\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Arquivos de programas\SiteAdvisor\6261\SiteAdv.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: IE 4.x-6.x BHO for Free Downloads Accelerator - {98DE779A-2364-4293-AB71-2B97C61C4640} - C:\ARQUIV~1\FREEDO~1\0.999\fdahlp.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Arquivos de programas\SiteAdvisor\6261\SiteAdv.dll

O3 - Toolbar: FDA Bar - {9595C62C-76C6-49A6-9BDA-3253DD7A34FF} - C:\Arquivos de programas\Free Downloads Accelerator\0.999\fdabar.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [siteAdvisor] "C:\Arquivos de programas\SiteAdvisor\6261\SiteAdv.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Download with Free Downloads Accelerator - C:\Arquivos de programas\Free Downloads Accelerator\0.999\fdaie.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1200424221406

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1201204891156

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{4C6D3F58-92B3-4047-A5C6-3339BC3F58D0}: NameServer = 200.204.0.10 200.204.0.10

O17 - HKLM\System\CS1\Services\Tcpip\..\{4C6D3F58-92B3-4047-A5C6-3339BC3F58D0}: NameServer = 200.204.0.10 200.204.0.10

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Arquivos de programas\SiteAdvisor\6261\SiteAdv.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Serviço SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Arquivos de programas\SiteAdvisor\6261\SAService.exe

[Silas Martins 0]

Log limpo

O problema ainda persiste?

[leandro'lf 0]

por enquanto axo que resolveu =D

 

muito obrigado!

 

 

só uma duvida...o meu pc nao ta quase nada usado..mais mesmo assim ele eh muito lento .. e nao executa mais o mesmo numero de programas ao mesmo tempo como antes...será que é problema na memoria ram?

tenho 2 gb de ram e mal posso rodar um jogo junto com msn !

[Silas Martins 0]

Isso pode estar ligado a sua placa de vídeo ou até mesmo o número de programas que iniciam junto com Windows, principalmente se for Vista pois só o Vista consome 512mb de RAM