[Resolvido!] Laptop lento na inicialização e carregando programas

fgmiloski · Dezembro 27, 2008

Olá, gostaria de uma ajuda possuo um laptop HP, ultimamente o mesmo se apresenta muito lento

tanto para iniciar quanto quando vou usar alguns programas, alguns filmes ficam travando. Queria

uma ajuda para "limpá-lo". Vale a pena desfragmentar frequentemente? Vale a pena baixar o adaware ou

outro programa? Grato

Pentium M Centrino 1,73 GHz com 1Gb de RAM

HD 80GB

Uso o XP home edition 2002 service pack 3

Antivirus Avast Home 4.8

Spybot

Uso o Opera e o firefox

também o Bitcomet

Aí vai o log

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 09:55:33, on 26/12/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\vVX3000.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Microsoft LifeCam\MSCamS32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Opera\opera.exe

C:\Chico\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"

O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://*.windowsupdate.com

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1211543930656

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{ACD78122-5EE5-4C24-961A-83318F3FDBDA}: NameServer = 10.1.200.1,200.152.98.2

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

--

End of file - 7663 bytes

jgarcia · Dezembro 27, 2008

Opa fgmiloski,

Baixe o ComboFix em:

ComboFix

1) Desabilite o seu anti-vírus temporariamente;

2) Dê um duplo-clique no combofix.exe e aguarde (o processo total demora cerca de 10 minutos);

3) A janela de “NEGAÇÃO DE GARANTIA DO SOFTWARE” abrir-se-á. Leia atentamente o texto contido nesta janela e clique sobre “SIM” para continuar.

PS.: Caso não concorde com os termos clique sobre “NÃO” para sair do software, cabendo lembrar que o processo de desinfecção não será possível sem a continuidade do ComboFix.

4) Outra janela irá abrir, caso a sua máquina não possua o CONSOLE DE RECUPERAÇÃO DO WINDOWS. É recomendável executar a instalação do console ante de dar continuidade ao processo, pois tal ação proporcionará a garantia de que o sistema poderá ser recuperado em caso de problemas durante a varredura.

Clique sobre “SIM” e aguarde, pois o processo de instalação do console dar-se-á automaticamente através do próprio ComboFix. Ele poderá demorar alguns minutos (dependerá da velocidade de sua conexão), portanto seja paciente.

Quando a janela “INSTALANDO O CONSOLE DE RECUPERAÇÃO” aparecer clique em “OK”, depois clique sobre “SIM” para aceitar a licença EULA.

Ao término da instalação do console de recuperação abrir-se-á uma janela avisando que “O CONSOLE DE RECUPERAÇÃO FOI INSTALADA COM SUCESSO”.

Clique sobre “SIM” para continuar a varredura.

5) O ComboFix iniciará o AUTOSCAN (aguarde).

ATENÇÃO: Não clique na janela do ComboFix, nem termine o processo abruptamente enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco).

Ao término do processo a máquina será reiniciada para a emissão do relatório.

6) Ao reiniciar a máquina o ComboFix irá executar o FIND3M para a criação do relatório final da varredura. O log ficará alocado em C:\ComboFix.txt.

7) Reabilite o seu anti-vírus;

8) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta.

OBS.1: Caso apareça uma mensagem avisando que ESTE NÃO É UM APLICATIVO WIN 32 VÁLIDO baixe o ComboFix novamente, mas salve-o em seu Desktop como KomboFix. Em último caso, tente utilizar o ComboFix em MODO SEGURO.

OBS.2: Caso haja um clique sobre a janela do ComboFix em execução, ela irá MAXIMIZAR, sobrepondo-se sobre as demais. Para minimizá-la novamente basta utilizar a combinação ALT + TAB.

Abraços.

fgmiloski · Dezembro 27, 2008

Valeu Jgarcia,

fiz todas as etapas, foi tudo ok, mas meu laptop não reiniciou, mas aparentemente nao ocorreu nenhum erro durante o processo, ai abaico vai o log

do combofix:

ComboFix 08-12-26.03 - Chico Miloski 2008-12-27 17:33:55.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.669 [GMT -2:00]

Running from: c:\documents and settings\Chico Miloski\Desktop\ComboFix.exe

AV: avast! antivirus 4.8.1296 [VPS 081222-0] *On-access scanning disabled* (Updated)

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

E:\Autorun.inf

.

((((((((((((((((((((((((( Files Created from 2008-11-27 to 2008-12-27 )))))))))))))))))))))))))))))))

.

2008-12-27 17:26 . 2008-12-27 17:26 2,888,367 --a------ c:\program files\ComboFix.exe

2008-12-26 22:00 . 2008-12-26 22:00 <DIR> d-------- c:\program files\iphonebrowser

2008-12-26 21:51 . 2008-12-26 21:51 462,087 --a------ c:\program files\SetupiPhoneBrowser.1.52.zip

2008-12-26 20:25 . 2008-04-14 01:12 159,232 --a------ c:\windows\system32\ptpusd.dll

2008-12-26 20:25 . 2008-04-13 19:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys

2008-12-26 20:25 . 2008-04-13 19:45 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys

2008-12-26 20:25 . 2001-08-17 22:36 5,632 --a------ c:\windows\system32\ptpusb.dll

2008-12-26 08:58 . 2008-12-27 17:27 <DIR> d-------- c:\documents and settings\Chico Miloski\Application Data\Apple Computer

2008-12-26 08:58 . 2008-04-17 13:12 107,368 --a------ c:\windows\system32\GEARAspi.dll

2008-12-26 08:58 . 2008-04-17 13:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys

2008-12-26 08:57 . 2008-12-26 08:57 <DIR> d-------- c:\program files\iPod

2008-12-26 08:56 . 2008-12-26 08:58 <DIR> d-------- c:\program files\iTunes

2008-12-26 08:56 . 2008-12-26 08:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-12-26 08:55 . 2008-12-26 08:55 <DIR> d-------- c:\program files\Bonjour

2008-12-26 08:54 . 2008-12-26 08:55 <DIR> d-------- c:\program files\QuickTime

2008-12-26 08:54 . 2008-12-26 08:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer

2008-12-26 08:53 . 2008-12-26 08:53 <DIR> d-------- c:\program files\Apple Software Update

2008-12-26 08:53 . 2008-11-07 14:23 32,000 --a------ c:\windows\system32\drivers\usbaapl.sys

2008-12-26 08:52 . 2008-12-26 08:57 <DIR> d-------- c:\program files\Common Files\Apple

2008-12-26 08:52 . 2008-12-26 08:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple

2008-12-26 08:44 . 2008-12-26 08:49 68,756,776 --a------ c:\program files\iTunesSetup.exe

2008-12-26 08:40 . 2008-12-26 08:40 <DIR> d-------- c:\documents and settings\Chico Miloski\Application Data\Nokia

2008-12-26 08:39 . 2008-12-26 08:39 <DIR> d-------- c:\program files\DIFX

2008-12-26 08:37 . 2008-12-26 08:37 <DIR> d-------- c:\program files\Common Files\Nokia

2008-12-26 08:35 . 2008-12-26 08:36 <DIR> d-------- c:\program files\Nokia

2008-12-26 08:35 . 2008-12-26 08:37 <DIR> d-------- c:\program files\Common Files\PCSuite

2008-12-26 08:35 . 2008-12-26 08:39 <DIR> d-------- c:\documents and settings\Chico Miloski\Application Data\PC Suite

2008-12-26 08:35 . 2008-12-26 08:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Suite

2008-12-26 08:35 . 2006-05-29 08:26 127,488 --a------ c:\windows\system32\drivers\nmwcd.sys

2008-12-26 08:35 . 2006-05-29 08:26 50,688 --a------ c:\windows\system32\nmwcdcls.dll

2008-12-26 08:35 . 2006-05-29 08:26 30,720 --a------ c:\windows\system32\nmwcdcocls.dll

2008-12-26 08:35 . 2006-05-29 08:26 13,312 --a------ c:\windows\system32\drivers\nmwcdcm.sys

2008-12-26 08:35 . 2006-05-29 08:26 13,312 --a------ c:\windows\system32\drivers\nmwcdcj.sys

2008-12-26 08:35 . 2006-05-29 08:26 8,704 --a------ c:\windows\system32\drivers\nmwcdc.sys

2008-12-26 08:35 . 2006-05-29 08:26 4,608 --a------ c:\windows\system32\nmwcdlog.dll

2008-12-26 08:34 . 2008-12-26 08:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\Downloaded Installations

2008-12-16 21:25 . 2008-12-16 21:24 410,984 --a------ c:\windows\system32\deploytk.dll

2008-12-09 17:49 . 2008-12-09 17:49 <DIR> d-------- C:\Mosby

2008-12-08 22:59 . 2008-12-08 22:59 <DIR> d-------- c:\documents and settings\Chico Miloski\Application Data\Desktopicon

2008-12-05 17:04 . 2008-12-05 17:04 <DIR> d-------- c:\program files\MSECache

2008-12-05 16:57 . 2008-12-05 17:04 28,868,320 --a------ c:\program files\FileFormatConverters.exe

2008-11-27 18:02 . 2008-11-27 18:04 2,972,736 --a------ c:\program files\ccsetup214.exe

2008-11-27 14:45 . 2008-11-27 14:47 <DIR> d---s---- c:\documents and settings\Administrator

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-26 11:18 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2008-12-24 00:07 --------- d-----w c:\documents and settings\Chico Miloski\Application Data\LimeWire

2008-12-16 23:23 --------- d-----w c:\program files\Java

2008-12-05 19:17 55,768 ----a-w c:\documents and settings\Chico Miloski\Application Data\GDIPFONTCACHEV1.DAT

2008-11-13 14:47 487,584 ----a-w c:\program files\ChromeSetup.exe

2008-11-12 02:20 --------- d-----w c:\program files\MSXML 4.0

2008-11-10 22:41 --------- d-----w c:\program files\Spybot - Search & Destroy

2008-11-10 21:43 --------- d-----w c:\documents and settings\All Users\Application Data\Age of Empires 3

2008-11-10 21:06 --------- d--h--w c:\program files\InstallShield Installation Information

2008-11-10 20:34 --------- d-----w c:\program files\Microsoft Games

2008-11-06 17:46 --------- d-----w c:\documents and settings\Chico Miloski\Application Data\Media Player Classic

2008-11-05 16:42 --------- d-----w c:\documents and settings\All Users\Application Data\TechSmith

2008-11-05 16:41 --------- d-----w c:\program files\TechSmith

2008-11-05 16:41 --------- d-----w c:\program files\Common Files\TechSmith Shared

2008-11-05 16:33 39,138,304 ----a-w c:\program files\camtasia.msi

2008-11-05 16:07 1,364,995 ----a-w c:\program files\CamStudio20.exe

2008-11-04 18:22 --------- d-----w c:\program files\URUSoft

2008-10-30 18:43 --------- d-----w c:\program files\K-Lite Codec Pack

2008-10-28 16:52 --------- d-----w c:\program files\Opera

2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll

2008-10-21 20:06 9,659,828 ----a-w c:\program files\CamStudio.exe

2008-10-21 18:14 162,816 ----a-w c:\windows\system32\fmod.dll

2008-10-21 17:43 11,523,750 ----a-w c:\program files\qqvideo17.exe

2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll

2008-10-16 16:13 202,776 ----a-w c:\windows\system32\wuweb.dll

2008-10-16 16:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll

2008-10-16 16:12 561,688 ----a-w c:\windows\system32\wuapi.dll

2008-10-16 16:12 323,608 ----a-w c:\windows\system32\wucltui.dll

2008-10-16 16:09 92,696 ----a-w c:\windows\system32\cdm.dll

2008-10-16 16:09 51,224 ----a-w c:\windows\system32\wuauclt.exe

2008-10-16 16:09 43,544 ----a-w c:\windows\system32\wups2.dll

2008-10-16 16:08 34,328 ----a-w c:\windows\system32\wups.dll

2008-10-16 16:06 268,648 ----a-w c:\windows\system32\mucltui.dll

2008-10-16 16:06 208,744 ----a-w c:\windows\system32\muweb.dll

2008-10-06 18:44 8,929,896 ----a-w c:\program files\Opera_952_10108_in.exe

2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll

2008-09-30 18:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll

2008-07-16 21:39 85,779,656 ----a-w c:\program files\OneNote.exe

2008-07-16 21:31 5,808,057 ----a-w c:\program files\aTubeCatcher_1_0_236_setup.exe

2008-07-16 21:09 32,334,608 ----a-w c:\program files\OneNote2003SP2-KB887619-FullFile-ENU.exe

2008-07-10 14:57 8,323,636 -c--a-w c:\program files\aMSN-0.97.1-windows-installer.exe

2008-05-24 17:36 2,915,697 ----a-w c:\program files\wrar371br.exe

2008-05-23 18:55 7,467,056 ----a-w c:\program files\spybotsd15.exe

2008-05-23 18:48 9,352,392 ----a-w c:\program files\Install_MSN_Messenger.exe

2008-05-23 18:43 2,400,784 ----a-w c:\program files\WLinstaller.exe

2008-05-23 18:41 4,502,280 ----a-w c:\program files\LimeWireWin.exe

2008-05-23 18:35 5,742,544 ----a-w c:\program files\bitcomet_setup.exe

2008-05-23 18:31 9,730,075 ----a-w c:\program files\vlc-0.8.6f-win32.exe

2008-05-23 18:13 23,124,872 ----a-w c:\program files\setupporpro.exe

2008-05-23 18:12 5,840,544 ----a-w c:\program files\Firefox Setup 2.0.0.14.exe

2004-03-19 13:53 1,107,022 ----a-w c:\program files\SubtitleWorkshop251.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]

"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 98394]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-14 1015808]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-01-22 155648]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-01-22 126976]

"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-11-05 233534]

"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-16 136600]

"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-14 102400]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]

"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]

"VX3000"="c:\windows\vVX3000.exe" [2007-04-10 709992]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\BitComet\\BitComet.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Program Files\\aMSN\\bin\\wish.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=

"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=

"c:\\WINDOWS\\system32\\javaw.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"8994:TCP"= 8994:TCP:BitComet 8994 TCP

"8994:UDP"= 8994:UDP:BitComet 8994 UDP

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-05-23 111184]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-05-23 20560]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9fa8362a-2b61-11dd-8ee1-00c09ff8909d}]

\Shell\AutoRun\command - F:\gkguss.exe

\Shell\explore\Command - F:\gkguss.exe

\Shell\open\Command - F:\gkguss.exe

*Newly Created Service* - PROCEXP90

.

Contents of the 'Scheduled Tasks' folder

2008-12-27 c:\windows\Tasks\GoogleUpdateTaskUser.job

- c:\documents and settings\Chico Miloski\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-13 12:48]

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = *.local

IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

TCP: {ACD78122-5EE5-4C24-961A-83318F3FDBDA} = 10.1.200.1,200.152.98.2

c:\windows\Downloaded Program Files\gbpdist.dll - O16 -: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931}

hxxps://www14.bancobrasil.com.br/plugin/GbpDist.cab

c:\windows\Downloaded Program Files\gbpdist.inf

FF - ProfilePath - c:\documents and settings\Chico Miloski\Application Data\Mozilla\Firefox\Profiles\vqpo4lbt.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.periodicos.capes.gov.br

FF - prefs.js: network.proxy.http - acessocapes.cremerj.org.br

FF - prefs.js: network.proxy.http_port - 3128

FF - prefs.js: network.proxy.type - 1

FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll

FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll

FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll

FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-27 17:36:12

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????4?7?1?4??p???? ?,?B?????????????hLC? ??????

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-12-27 17:37:57

ComboFix-quarantined-files.txt 2008-12-27 19:37:36

Pre-Run: 34.855.239.680 bytes free

Post-Run: 34,850,197,504 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

215 --- E O F --- 2008-12-18 02:24:22

jgarcia · Dezembro 28, 2008

Opa fgmiloski,

Siga as instruções:

1. Abra o Bloco de Notas -> Copie (Control + C) e Cole (Control + V) todo o texto incluído no "Quote":

File::
F:\gkguss.exe

Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9fa8362a-2b61-11dd-8ee1-00c09ff8909d}]

ATENÇÃO: O script acima foi elaborado especificamente para a infecção contida neste computador. Utilizá-lo em outra máquina poderá originar graves problemas ao usuário.

2. Salve o arquivo como CFScript.txt;

3. Tal como exemplificado na foto abaixo, arraste o arquivo CFScript.txt para o ComboFix.exe.

4. Ao término do processo a ferramenta irá gerar um log. Poste-o (C:\ComboFix.txt) em sua próxima resposta, juntamente com um novo log do HijackThis.

Abraços.

PS.: Execute a ação com o Pendrive conectado ao PC.

fgmiloski · Dezembro 30, 2008

Olá Jgarcia,

mais uma vez obrigado pela ajuda

ai vai o log do combofix:

ComboFix 08-12-29.02 - Chico Miloski 2008-12-30 20:39:42.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.656 [GMT -2:00]

Running from: c:\documents and settings\Chico Miloski\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Chico Miloski\Desktop\CFScript.txt

AV: avast! antivirus 4.8.1296 [VPS 081227-0] *On-access scanning disabled* (Updated)

* Created a new restore point

FILE ::

F:\gkguss.exe

.

((((((((((((((((((((((((( Files Created from 2008-11-28 to 2008-12-30 )))))))))))))))))))))))))))))))

.

2008-12-27 22:51 . 2008-12-27 22:51 <DIR> d-------- C:\divx

2008-12-27 22:42 . 2008-11-21 19:47 129,784 --------- c:\windows\system32\pxafs.dll

2008-12-27 22:42 . 2008-11-21 19:47 120,056 --------- c:\windows\system32\pxcpyi64.exe

2008-12-27 22:42 . 2008-11-21 19:47 118,520 --------- c:\windows\system32\pxinsi64.exe

2008-12-27 22:42 . 2008-11-21 19:47 9,464 --------- c:\windows\system32\drivers\cdralw2k.sys

2008-12-27 22:42 . 2008-11-21 19:47 9,336 --------- c:\windows\system32\drivers\cdr4_xp.sys

2008-12-27 22:40 . 2008-12-27 22:43 <DIR> d-------- c:\program files\DivX

2008-12-27 21:11 . 2008-12-27 21:11 <DIR> d-------- c:\documents and settings\Chico Miloski\Phone Browser

2008-12-27 21:11 . 2008-12-27 21:11 <DIR> d-------- c:\documents and settings\Chico Miloski\Application Data\DataLayer

2008-12-27 18:24 . 2008-12-27 18:40 457 --a------ c:\windows\cdplayer.ini

2008-12-27 18:23 . 2008-12-27 18:23 <DIR> d-------- c:\program files\FreeRIP3

2008-12-27 18:23 . 2008-12-27 18:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\FreeRIP