[Arquivado] Barra de tarefas trava

[curseknight 0]

Vou citar os problemas, que apareceram DO NADA:

 

1- Quando o pc inicia, a barra de tarefas está travada. Não dá para clicar nela.

2- Quando eu fecho o explorer.exe e executo ele novamente, a barra de tarefas fica normal, porém trava após 3 segundos.

3- O Internet Explorer não carrega páginas da web, porém outros browsers carregam.

4- Quando vou fazer log no HiJackThis, o mesmo trava durante o log.

5- No modo de segurança tudo fica normal.

6- Alguns programas, como o Windows Live Messenger, não funcionam.

7- Meu avast detectou um vírus na memória, o qual foi excluído e não houve melhora apresentada.

 

EMBORA EU NÃO CONSIGA FAZER LOGS DO HIJACKTHIS EM MODO NORMAL, CONSEGUI FAZER EM MODO DE SEGURANÇA, SEGUE O LOG:

 

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 22:26:44, on 30/10/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: Safe mode with network supportRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Arquivos de programas\Windows Defender\MsMpEng.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\igfxsrvc.exeC:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exeC:\Documents and Settings\User\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exeC:\Documents and Settings\User\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exeC:\WINDOWS\system32\ctfmon.exeC:\Documents and Settings\User\Meus documentos\HiJackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.habbo.com.br/R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: CodecPlugin Class - {098716A9-0310-4CBE-BD64-B790A9761158} - C:\WINDOWS\system32\RichVideoCodec.dll (file missing)O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Arquivos de programas\Winamp Toolbar\winamptb.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: Easy Gif Animator Toolbar Helper - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Arquivos de programas\Easy Gif Animator Extension\v3.3.0.1\EasyGifAnimator_Toolbar.dllO2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdm2.dllO3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Arquivos de programas\Winamp Toolbar\winamptb.dllO3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - C:\Arquivos de programas\Easy Gif Animator Extension\v3.3.0.1\EasyGifAnimator_Toolbar.dllO4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [SkyTel] SkyTel.EXEO4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exeO4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXEO4 - HKLM\..\Run: [Windows Defender] "C:\Arquivos de programas\Windows Defender\MSASCui.exe" -hideO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe"O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Arquivos de programas\USB Disk Win98 Driver\Res.EXEO4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"O4 - HKLM\..\Run: [Media Codec Update Service] C:\Arquivos de programas\Essentials Codec Pack\update.exe -silentO4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Arquivos de programas\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobsO4 - HKLM\..\Run: [\\MICRO-02\EPSON Stylus C45 Series (cópia 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.EXE /P44 "\\MICRO-02\EPSON Stylus C45 Series (cópia 1)" /O6 "USB001" /M "Stylus C45"O4 - HKLM\..\Run: [Auto EPSON Stylus C45 Series (cópia 1) em MICRO-02] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.EXE /P50 "Auto EPSON Stylus C45 Series (cópia 1) em MICRO-02" /O21 "\\MICRO-02\Impressora" /M "Stylus C45"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Free Download Manager] C:\Arquivos de programas\Free Download Manager\fdm.exe -autorunO4 - HKCU\..\Run: [Orb] "C:\Arquivos de programas\Winamp Remote\bin\OrbTray.exe" /backgroundO4 - HKCU\..\Run: [AlcoholAutomount] "C:\Arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" /automountO4 - HKCU\..\Run: [Alg] C:\Windows\alg.exeO4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\User\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /cO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Startup: MSN Pictures Displayer.lnk = C:\Arquivos de programas\MSN Pictures Displayer\MSN Pictures Displayer.exeO4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXEO4 - Global Startup: WinZip Quick Pick.lnk = C:\Arquivos de programas\WinZip\WZQKPICK.EXEO8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htmO8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htmO8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Dados de aplicativos\Winamp Toolbar\ieToolbar\resources\en-US\local\search.htmlO8 - Extra context menu item: Baixar com o FDM - file://C:\Arquivos de programas\Free Download Manager\dllink.htmO8 - Extra context menu item: Baixar tudo com o FDM - file://C:\Arquivos de programas\Free Download Manager\dlall.htmO8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htmO8 - Extra context menu item: Download selecionado pelo FDM - file://C:\Arquivos de programas\Free Download Manager\dlselected.htmO8 - Extra context menu item: Download video with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htmO8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exeO14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.aspO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabO23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exeO23 - Service: Windows Network Data Management System Service (BNDMSS) - Unknown owner - C:\WINDOWS\system32\bndmss.exeO23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exeO23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exeO23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exeO23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe

[jgarcia 1]

Opa curseknight,

 

Baixe o ComboFix em:

ComboFix

 

1) Desabilite o seu anti-vírus temporariamente;

 

2) Dê um duplo-clique no combofix.exe e aguarde (o processo total demora cerca de 10 minutos);

 

3) A janela de “NEGAÇÃO DE GARANTIA DO SOFTWARE” abrir-se-á. Leia atentamente o texto contido nesta janela e clique sobre “SIM” para continuar.

 

PS.: Caso não concorde com os termos clique sobre “NÃO” para sair do software, cabendo lembrar que o processo de desinfecção não será possível sem a continuidade do ComboFix.

 

4) Outra janela irá abrir, caso a sua máquina não possua o CONSOLE DE RECUPERAÇÃO DO WINDOWS. É recomendável executar a instalação do console ante de dar continuidade ao processo, pois tal ação proporcionará a garantia de que o sistema poderá ser recuperado em caso de problemas durante a varredura.

 

Clique sobre “SIM” e aguarde, pois o processo de instalação do console dar-se-á automaticamente através do próprio ComboFix. Ele poderá demorar alguns minutos (dependerá da velocidade de sua conexão), portanto seja paciente.

 

Quando a janela “INSTALANDO O CONSOLE DE RECUPERAÇÃO” aparecer clique em “OK”, depois clique sobre “SIM” para aceitar a licença EULA.

 

Ao término da instalação do console de recuperação abrir-se-á uma janela avisando que “O CONSOLE DE RECUPERAÇÃO FOI INSTALADA COM SUCESSO”.

 

Clique sobre “SIM” para continuar a varredura.

 

5) O ComboFix iniciará o AUTOSCAN (aguarde).

 

ATENÇÃO: Não clique na janela do ComboFix, nem termine o processo abruptamente enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco).

 

Ao término do processo a máquina será reiniciada para a emissão do relatório.

 

6) Ao reiniciar a máquina o ComboFix irá executar o FIND3M para a criação do relatório final da varredura. O log ficará alocado em C:\ComboFix.txt.

 

7) Reabilite o seu anti-vírus;

 

8) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta.

 

OBS.1: Caso apareça uma mensagem avisando que ESTE NÃO É UM APLICATIVO WIN 32 VÁLIDO baixe o ComboFix novamente, mas salve-o em seu Desktop como KomboFix. Em último caso, tente utilizar o ComboFix em MODO SEGURO.

 

OBS.2: Caso haja um clique sobre a janela do ComboFix em execução, ela irá MAXIMIZAR, sobrepondo-se sobre as demais. Para minimizá-la novamente basta utilizar a combinação ALT + TAB.

 

Abraços.

[curseknight 0]

Fico muito grato pela ajuda, problema resolvido!

 

De todo modo aí vai o log, veja se está limpo:

 

ComboFix 08-11-03.06 - User 2008-11-04 17:11:25.1 - NTFSx86 NETWORKMicrosoft Windows XP Professional  5.1.2600.3.1252.1.1046.18.582 [GMT -2:00]Executando de: c:\documents and settings\User\Meus documentos\KomboFix.exe.(((((((((((((((((((((((((((((((((((((   Outras Exclusões   ))))))))))))))))))))))))))))))))))))))))))))))))))).c:\documents and settings\All Users\Documentos\_desktop.inic:\documents and settings\All Users\Documentos\FINAUFANTASI8\_desktop.inic:\documents and settings\All Users\Documentos\Meus vídeos\_desktop.inic:\documents and settings\All Users\Documentos\Minhas imagens\_desktop.inic:\documents and settings\All Users\Documentos\Minhas imagens\Amostras de imagens\_desktop.inic:\documents and settings\All Users\Documentos\Minhas músicas\_desktop.inic:\documents and settings\All Users\Documentos\Minhas músicas\Amostra de música\_desktop.inic:\documents and settings\All Users\Documentos\Minhas músicas\My Playlists\_desktop.inic:\documents and settings\All Users\Documentos\Minhas músicas\Sample Playlists\_desktop.inic:\documents and settings\All Users\Documentos\Minhas músicas\Sample Playlists\[u]0[/u]00D4621\_desktop.inic:\documents and settings\All Users\Documentos\Recorded Audio\_desktop.inic:\documents and settings\All Users\Documentos\Recorded TV\_desktop.inic:\documents and settings\All Users\Documentos\Stardock\_desktop.inic:\documents and settings\All Users\Documentos\TRAMPOS COMPARTILHADOS\_desktop.inic:\documents and settings\All Users\Documentos\TRAMPOS COMPARTILHADOS\FARRAPOS IMPORTANTE\_desktop.inic:\documents and settings\All Users\Documentos\TRAMPOS COMPARTILHADOS\PTERIDOFITAS\_desktop.inic:\windows\alg.exe.(((((((((((((((((((((((((((((((((((((((   Drivers/Serviços   ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Legacy_BNDMSS-------\Service_BNDMSS((((((((((((((((   Arquivos/Ficheiros criados de 2008-10-04 to 2008-11-04  )))))))))))))))))))))))))))).2010-01-25 13:29 . 2010-01-25 13:29	<DIR>	d--------	c:\documents and settings\User\Dados de aplicativos\AdobeUM2010-01-25 13:28 . 2010-01-25 13:28	<DIR>	d--------	c:\windows\Cache2010-01-25 13:24 . 2010-01-25 13:24	<DIR>	d--------	c:\documents and settings\User\Dados de aplicativos\Symantec2010-01-25 13:23 . 2008-04-03 20:10	<DIR>	d--------	c:\documents and settings\All Users\Dados de aplicativos\Symantec2008-11-04 15:19 . 2008-11-04 16:12	<DIR>	d--------	c:\documents and settings\User\Dados de aplicativos\TibiaTestserver2008-11-04 15:01 . 2008-11-04 15:01	<DIR>	d--------	c:\arquivos de programas\TibiaTestserver8312008-11-02 17:39 . 2008-11-02 17:39	<DIR>	d--------	c:\documents and settings\User\Dados de aplicativos\Goodsol2008-11-02 17:39 . 2008-11-02 17:46	<DIR>	d--------	c:\arquivos de programas\FreeCell Wizard2008-11-01 22:41 . 2008-11-01 22:41	<DIR>	d--------	c:\arquivos de programas\CCleaner2008-11-01 22:33 . 2008-11-01 22:33	<DIR>	d--------	c:\arquivos de programas\Marcos Velasco Security2008-11-01 21:36 . 2008-11-01 21:36	552	--a------	c:\windows\system32\d3d8caps.dat2008-10-30 22:41 . 2008-11-01 21:27	<DIR>	d--------	C:\!KillBox2008-10-30 22:31 . 2008-11-04 16:26	664	--a------	c:\windows\system32\d3d9caps.dat2008-10-29 17:06 . 2008-10-29 17:06	30,720	-r-hs----	c:\windows\system32\bndmss.exe2008-10-28 22:10 . 2008-10-28 22:10	244	--ah-----	C:\sqmnoopt06.sqm2008-10-28 22:10 . 2008-10-28 22:10	244	--ah-----	C:\sqmnoopt05.sqm2008-10-28 22:10 . 2008-10-28 22:10	232	--ah-----	C:\sqmdata06.sqm2008-10-28 22:10 . 2008-10-28 22:10	232	--ah-----	C:\sqmdata05.sqm2008-10-26 13:07 . 2008-10-26 13:07	<DIR>	d--------	c:\arquivos de programas\Tibia8__202008-10-25 20:52 . 2008-10-25 21:07	<DIR>	d--------	c:\documents and settings\User\Dados de aplicativos\sqlitestudio2008-10-25 18:16 . 2008-10-25 20:36	<DIR>	d--------	c:\arquivos de programas\Tibia8__222008-10-24 19:37 . 2008-10-24 19:38	<DIR>	d--------	c:\arquivos de programas\Hamachi2008-10-24 13:03 . 2008-10-15 14:36	337,408	-----c---	c:\windows\system32\dllcache\netapi32.dll2008-10-21 17:36 . 2008-10-21 17:36	<DIR>	d--------	c:\arquivos de programas\DIFX2008-10-21 17:29 . 2008-10-21 17:29	<DIR>	d--------	c:\windows\tiinst2008-10-21 17:19 . 2006-06-23 07:54	180,608	---------	c:\windows\system32\drivers\RTL8187.SYS2008-10-18 13:05 . 2008-10-18 13:05	<DIR>	d--------	c:\arquivos de programas\Telefonica2008-10-18 13:05 . 2003-03-18 15:02	45,056	--a------	c:\windows\system32\msxml4a.dll2008-10-18 13:05 . 2003-03-18 15:02	24,576	--a------	c:\windows\system32\msxml3a.dll2008-10-17 15:43 . 2008-11-01 22:23	<DIR>	d--------	c:\arquivos de programas\CyberScript322008-10-16 21:19 . 2008-10-16 21:20	<DIR>	d--------	c:\windows\system32\Adobe2008-10-14 18:48 . 2008-09-15 13:26	1,846,528	-----c---	c:\windows\system32\dllcache\win32k.sys2008-10-14 18:48 . 2008-09-08 08:41	333,824	-----c---	c:\windows\system32\dllcache\srv.sys2008-10-14 18:47 . 2008-08-14 11:24	2,193,408	-----c---	c:\windows\system32\dllcache\ntoskrnl.exe2008-10-14 18:47 . 2008-08-14 11:24	2,149,376	-----c---	c:\windows\system32\dllcache\ntkrnlmp.exe2008-10-14 18:47 . 2008-08-14 11:24	2,070,272	-----c---	c:\windows\system32\dllcache\ntkrnlpa.exe2008-10-14 18:47 . 2008-08-14 11:24	2,028,032	-----c---	c:\windows\system32\dllcache\ntkrpamp.exe2008-10-13 20:57 . 2008-10-13 21:05	<DIR>	d--------	c:\documents and settings\User\Dados de aplicativos\IconChanger2008-10-13 20:55 . 2008-10-13 20:55	<DIR>	d--------	c:\arquivos de programas\IconChanger2008-10-13 20:41 . 2008-10-13 20:41	<DIR>	d--------	c:\documents and settings\User\Dados de aplicativos\Axialis2008-10-13 20:40 . 2008-10-13 20:40	<DIR>	d--------	c:\arquivos de programas\Axialis2008-10-13 20:24 . 2008-10-13 20:24	<DIR>	d--------	c:\arquivos de programas\ExeIco2008-10-13 20:24 . 2008-10-13 20:24	22	--a------	c:\windows\system32\mseixml.sei2008-10-13 20:24 . 2008-10-13 20:24	22	--a------	c:\windows\mseixml.sei2008-10-13 20:11 . 2008-10-13 20:11	<DIR>	d--------	c:\arquivos de programas\Pixelformer2008-10-12 18:50 . 2008-10-12 18:50	<DIR>	d--------	c:\arquivos de programas\Tibia8002008-10-06 17:02 . 2008-10-06 17:02	<DIR>	d--------	c:\documents and settings\All Users\Dados de aplicativos\Apple Computer2008-10-06 17:02 . 2008-10-06 17:02	<DIR>	d--------	c:\arquivos de programas\QT Lite2008-10-06 17:02 . 2008-09-06 16:09	90,112	--a------	c:\windows\system32\QuickTimeVR.qtx2008-10-06 17:02 . 2008-09-06 16:09	57,344	--a------	c:\windows\system32\QuickTime.qts.(((((((((((((((((((((((((((((((((((((   Relatório Find3M   )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-11-04 19:12	---------	d-----w	c:\documents and settings\User\Dados de aplicativos\Free Download Manager2008-11-03 22:47	---------	d---a-w	c:\documents and settings\All Users\Dados de aplicativos\TEMP2008-11-02 01:59	---------	d-----w	c:\arquivos de programas\TibiaBot NG2008-11-02 00:42	---------	d-----w	c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy2008-11-01 23:00	721,920	----a-w	c:\windows\system32\ntdll.dll2008-10-24 23:58	---------	d-----w	c:\documents and settings\User\Dados de aplicativos\Hamachi2008-10-24 21:37	25,280	----a-w	c:\windows\system32\drivers\hamachi.sys2008-10-21 19:30	---------	d--h--w	c:\arquivos de programas\InstallShield Installation Information2008-10-14 14:00	---------	d-----w	c:\arquivos de programas\Tibia8312008-09-29 00:08	---------	d-----w	c:\arquivos de programas\OnGame2008-09-28 01:58	288	----a-w	c:\arquivos de programas\NyxLauncherEnc.xfs2008-09-25 13:05	---------	d-----w	c:\arquivos de programas\Dofus2008-09-23 23:29	---------	d-----w	c:\documents and settings\User\Dados de aplicativos\Tibia2008-09-23 19:43	---------	d-----w	c:\arquivos de programas\TibiaBR Cam Lite2008-09-23 15:33	---------	d-----w	c:\arquivos de programas\TibiaBot NG4772008-09-23 15:32	---------	d-----w	c:\arquivos de programas\TibiaBot NG4792008-09-23 15:30	---------	d-----w	c:\arquivos de programas\TibiaBot NG4552008-09-23 15:25	---------	d-----w	c:\arquivos de programas\PowerHEX2008-09-22 20:10	---------	d-----w	c:\arquivos de programas\WinHex2008-09-22 19:59	---------	d-----w	c:\arquivos de programas\FlexHEX2008-09-22 19:53	---------	d-----w	c:\arquivos de programas\GroovyHexEditor2008-09-22 19:50	---------	d-----w	c:\arquivos de programas\HexCmp2008-09-22 19:06	---------	d-----w	c:\arquivos de programas\Genkisoft TurboHex2008-09-15 15:26	1,846,528	----a-w	c:\windows\system32\win32k.sys2008-09-10 02:37	---------	d-----w	c:\arquivos de programas\Easy GIF Animator2008-09-10 02:28	234,417	----a-w	c:\windows\EasyGifAnimator_Toolbar_Uninstaller_8921.exe2008-09-10 02:28	---------	d-----w	c:\arquivos de programas\Easy Gif Animator Extension2008-09-08 10:41	333,824	----a-w	c:\windows\system32\drivers\srv.sys2008-08-26 08:11	826,368	----a-w	c:\windows\system32\wininet.dll2008-08-14 13:24	2,149,376	----a-w	c:\windows\system32\ntoskrnl.exe2008-08-14 13:24	2,028,032	----a-w	c:\windows\system32\ntkrnlpa.exe2008-08-10 21:14	4,094	----a-w	c:\windows\system32\tmp.reg2008-08-09 18:37	82,432	----a-w	c:\windows\system32\404Fix.exe2008-05-31 16:43	37,729,090	----a-w	c:\arquivos de programas\Sound.xfs2008-05-12 23:58	411,248	----a-w	c:\arquivos de programas\FLV PlayerRCSetup.exe2008-04-19 15:30	906,304	----a-w	c:\windows\inf\isprnt.exe2007-03-19 12:11	77,209	----a-w	c:\arquivos de programas\Fireworks CS3 Read Me.pdf2004-07-08 09:57	568,832	----a-w	c:\arquivos de programas\pic_editor_v21.exe2004-06-04 00:11	737	----a-w	c:\arquivos de programas\layout.bin2004-06-04 00:11	127,138,500	----a-w	c:\arquivos de programas\data2.cab2004-06-04 00:10	577,634	----a-w	c:\arquivos de programas\data1.hdr2004-06-04 00:10	392,284	----a-w	c:\arquivos de programas\setup.boot2004-06-04 00:10	11,642,103	----a-w	c:\arquivos de programas\data1.cab2004-06-04 00:09	480	----a-w	c:\arquivos de programas\setup.ini2004-06-04 00:09	338,304	----a-w	c:\arquivos de programas\setup.inx2004-06-03 22:25	720,056	----a-w	c:\arquivos de programas\setup.bmp2004-06-03 22:25	2,902	----a-w	c:\arquivos de programas\Abcpy.ini2002-12-05 18:16	418,296	----a-w	c:\arquivos de programas\engine32.cab2002-12-02 19:33	107,512	----a-w	c:\arquivos de programas\setup.exe2002-10-23 21:32	243,858	----a-w	c:\arquivos de programas\setup.skin2007-03-09 08:12	27,648	--sha-w	c:\windows\system32\AVSredirect.dll2008-07-12 13:00	32,768	--sha-w	c:\windows\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\MSHist012008071220080713\index.dat.((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))..*Nota* entradas vazias e legítimas por defeito não são mostradas.REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]"Free Download Manager"="c:\arquivos de programas\Free Download Manager\fdm.exe" [2008-02-25 2465839]"AlcoholAutomount"="c:\arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-20 217544]"Google Update"="c:\documents and settings\User\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2008-10-18 133104][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]"avast!"="c:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]"USB Storage Toolbox"="c:\arquivos de programas\USB Disk Win98 Driver\Res.EXE" [2005-09-14 65536]"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]"Media Codec Update Service"="c:\arquivos de programas\Essentials Codec Pack\update.exe" [2007-04-08 303104]"BootSkin Startup Jobs"="c:\arquivos de programas\Stardock\WinCustomize\BootSkin\BootSkin.exe" [2004-04-26 270336]"\\MICRO-02\EPSON Stylus C45 Series (cópia 1)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.EXE" [2004-01-14 99840]"Auto EPSON Stylus C45 Series (cópia 1) em MICRO-02"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.EXE" [2004-01-14 99840]"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 c:\windows\RTHDCPL.EXE][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]"DWQueuedReporting"="c:\arquiv~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]c:\documents and settings\User\Menu Iniciar\Programas\Inicializar\MSN Pictures Displayer.lnk - c:\arquivos de programas\MSN Pictures Displayer\MSN Pictures Displayer.exe [2008-05-25 4561920]c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Microsoft Office.lnk - c:\arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]WinZip Quick Pick.lnk - c:\arquivos de programas\WinZip\WZQKPICK.EXE [2008-02-08 394856][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"aux"= ctwdm32.dll"msacm.iac2"= c:\progra~1\REPLAY~1\iac25_32.axHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusOverride"=dword:00000001"FirewallOverride"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"="c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"="c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"="c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"="c:\\WINDOWS\\system32\\bndmss.exe"="c:\\Arquivos de programas\\OnGame\\GunBoundWC\\GunBound.gme"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"9420:TCP"= 9420:TCP:Red Swoosh"5000:UDP"= 5000:UDP:Red Swoosh"3306:TCP"= 3306:TCP:TFS ZortyR1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-07-19 78416]R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]R2 sbbotdi;sbbotdi;c:\arquiv~1\SPEEDB~1\sbbotdi.sys [2008-05-02 35584]R2 VideoAcceleratorService;VideoAcceleratorService;c:\arquiv~1\SPEEDB~1\VideoAcceleratorService.exe [2008-05-02 280184].Conteúdo da pasta 'Tarefas Agendadas'2008-11-02 c:\windows\Tasks\GoogleUpdateTaskUser.job- c:\documents and settings\User\Configura []2008-11-04 c:\windows\Tasks\MP Scheduled Scan.job- c:\arquivos de programas\Windows Defender\MpCmdRun.exe [2006-11-03 20:20].- - - - ORFÃOS REMOVIDOS - - - -HKCU-Run-Alg - c:\windows\alg.exeHKCU-Run-fsm - (no file).------- Scan Suplementar -------.FireFox -: Profile - c:\documents and settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\lwaeddd1.default\FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.tibiabr.com/FF -: plugin - c:\arquivos de programas\Mozilla Firefox\plugins\np_gp.dllFF -: plugin - c:\arquivos de programas\Mozilla Firefox\plugins\NPBILLARD8.dllFF -: plugin - c:\arquivos de programas\Mozilla Firefox\plugins\NPBOARDS.dllFF -: plugin - c:\arquivos de programas\Mozilla Firefox\plugins\NPCARDS.dllFF -: plugin - c:\arquivos de programas\Mozilla Firefox\plugins\NPDARTS.dllFF -: plugin - c:\arquivos de programas\Mozilla Firefox\plugins\NPDOMINO.dllFF -: plugin - c:\arquivos de programas\Mozilla Firefox\plugins\NPNAVY.dllFF -: plugin - c:\arquivos de programas\Mozilla Firefox\plugins\NPPOKER.dllFF -: plugin - c:\arquivos de programas\Mozilla Firefox\plugins\NPSNOOKER.dllFF -: plugin - c:\arquivos de programas\Mozilla Firefox\plugins\NPWORDS.dllFF -: plugin - c:\documents and settings\User\Configurações locais\Dados de aplicativos\Google\Update\1.2.131.25\npGoogleOneClick6.dll.**************************************************************************catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-11-04 17:13:42Windows 5.1.2600 Service Pack 3 NTFSProcurando processos ocultos ...Procurando entradas auto inicializáveis ocultas ...Procurando ficheiros/arquivos ocultos ...Varredura completada com sucessoarquivos/ficheiros ocultos: 0**************************************************************************.------------------------ Outros Processos em Execução ------------------------.c:\arquivos de programas\Windows Defender\MsMpEng.exec:\arquivos de programas\Alwil Software\Avast4\aswUpdSv.exec:\arquivos de programas\Alwil Software\Avast4\ashServ.exec:\arquivos de programas\Bonjour\mDNSResponder.exec:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exec:\arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exec:\windows\system32\wdfmgr.exec:\arquivos de programas\Alwil Software\Avast4\ashMaiSv.exec:\arquivos de programas\Alwil Software\Avast4\ashWebSv.exec:\arquiv~1\SPEEDB~1\VideoAcceleratorEngine.exe.**************************************************************************.Tempo para conclusão: 2008-11-04 17:18:54 - Máquina reiniciouComboFix-quarantined-files.txt  2008-11-04 19:18:50Pré-execução: 17 pasta(s) 219.485.319.168 bytes disponíveisPós execução: 17 pasta(s) 218,347,401,216 bytes disponíveisWindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsmulti(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer260	--- E O F ---	2008-10-29 10:37:54

 

E tenho outro problema que não tem nada a ver com esse. Posso postá-lo nesse tópico?

[jgarcia 1]

Opa curseknight,

 

Poste um novo log do ComboFix.

 

Abraços.

 

PS.: Desculpe a demora, pois o tempo anda curto. :(

[curseknight 0]

Fiz um novo log do Hijackthis em modo normal (agora tudo está funcionando):

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 09:48:08, on 18/11/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\USB Disk Win98 Driver\Res.EXE

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.EXE

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.EXE

C:\Arquivos de programas\Winamp\winampa.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\User\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

C:\Arquivos de programas\WinZip\WZQKPICK.EXE

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jucheck.exe

C:\Documents and Settings\User\Meus documentos\FIXBOX\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.habbo.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Easy Gif Animator Toolbar Helper - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Arquivos de programas\Easy Gif Animator Extension\v3.3.0.1\EasyGifAnimator_Toolbar.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdm2.dll

O3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - C:\Arquivos de programas\Easy Gif Animator Extension\v3.3.0.1\EasyGifAnimator_Toolbar.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [uSB Storage Toolbox] C:\Arquivos de programas\USB Disk Win98 Driver\Res.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [Media Codec Update Service] C:\Arquivos de programas\Essentials Codec Pack\update.exe -silent

O4 - HKLM\..\Run: [bootSkin Startup Jobs] "C:\Arquivos de programas\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs

O4 - HKLM\..\Run: [\\MICRO-02\EPSON Stylus C45 Series (cópia 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.EXE /P44 "\\MICRO-02\EPSON Stylus C45 Series (cópia 1)" /O6 "USB001" /M "Stylus C45"

O4 - HKLM\..\Run: [Auto EPSON Stylus C45 Series (cópia 1) em MICRO-02] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.EXE /P50 "Auto EPSON Stylus C45 Series (cópia 1) em MICRO-02" /O21 "\\MICRO-02\Impressora" /M "Stylus C45"

O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Free Download Manager] C:\Arquivos de programas\Free Download Manager\fdm.exe -autorun

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\User\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: MSN Pictures Displayer.lnk = C:\Arquivos de programas\MSN Pictures Displayer\MSN Pictures Displayer.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Arquivos de programas\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: Baixar com o FDM - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: Baixar tudo com o FDM - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selecionado pelo FDM - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

 

--

End of file - 8951 bytes

[jgarcia 1]

Opa curseknight,

 

Sugiro que você poste um novo log do ComboFix, pois muitas entradas de malwares não aparecem no log do HijackThis.

 

Abraços.

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.