[Resolvido!] Problema: Janela no Menu Iniciar fica aparecendo o t

Kyaah · Dezembro 30, 2008

Eu realmente não sei o que pode ter causado isso. Já verifiquei o sistema e nada! Nem o AVG 8.0 e nem o Spybot encontraram problema algum.

O problema é o seguinte:

O Menu Iniciar fica aparecendo e desaparecendo o tempo todo. O cursor do mouse fica se movimentando sozinho de um lado para o outro e seleciona diversas opções, como fechar ou abrir janelas e iniciar programas que estão no Menu Iniciar. Ou tem ocasiões que o mouse some de vez. A pouco tempo além de tudo isso até a pasta do Menu Iniciar tem sido aberta.

Tentei encontrar a causa do problema, e pelo o que pude me lembrar tudo começou depois de ter carregado uma música no site Mp3Tube.net

Também usei o ComboFix [por que andei procurando a solução desse problema e então encontrei um tópico aqui no fórum, com descrição semelhante]. Assim como no outro tópico, o problema parou por um tempo mas voltou de novo.

->://forum.imasters.com.br/index.php?showtopic=296986

Aqui está o log do HijackThis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 07:36:34, on 30/12/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe

C:\Arquivos de programas\Java\jre1.6.0_06\bin\jusched.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\Java\jre1.6.0_06\bin\jucheck.exe

C:\Hijack\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.2.8.7.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [Motive SmartBridge] "C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe" /restart

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_06\bin\jusched.exe"

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')

O4 - Global Startup: Assistente Tecnico Speedy.lnk = C:\Arquivos de programas\Assistente Tecnico Speedy\bin\matcli.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\npjpi160_06.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\npjpi160_06.dll

O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img2.orkut.com/activex/10035/photouploader.cab

O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/binary/MJSS.cab69309.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1197894597015

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{34D32B71-AA3F-49B4-920C-22DB540A4A5B}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

--

End of file - 9125 bytes

DigRam · Janeiro 1, 2009

Boa Tarde! Kyaah

<@> Baixe: < ComboFix.exe > ( ...by sUBs )

<@> Salve-o no Desktop!

<@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

<@> Feche todas as janelas e execute a ferramenta!

<@> Na solicitação: "Negação de garantia de software" --> Clique em Sim!

<@> Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!

<!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.
<!> Salve-a no desktop,renomeada como: Kombo.exe

<!> Ps: Nomeie durante o salvamento,e não após salvá-la!

<!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em Modo de Segurança. <-- Link!

<!> Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

<!> Ps: Evite executar,voluntariamente,esta ferramenta!Siga,àcima,todas as recomendações propostas.

<@> Abrir-se-á a janela Auto Scan. --> Aguarde!

<@> Àfim de completar as remoções,o ComboFix poderá reiniciar o computador.

<@> Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!

<@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

<@> Para parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter!

----------------------

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

Abraços!

Kyaah · Janeiro 2, 2009

Fiz conforme o recomendado e aqui está os relatórios:

Ps: E o problema ainda continua.

Relatório do ComboFix:

ComboFix 08-12-31.01 - Ana Claudia CN 2009-01-01 23:15:02.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.191.62 [GMT -2:00]

Running from: c:\documents and settings\Ana Claudia CN\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated)

.

((((((((((((((((((((((((( Files Created from 2008-12-02 to 2009-01-02 )))))))))))))))))))))))))))))))

.

2009-01-01 23:07 . 2009-01-01 23:07 268 --ah-c--- C:\sqmdata14.sqm

2009-01-01 23:07 . 2009-01-01 23:07 244 --ah-c--- C:\sqmnoopt14.sqm

2009-01-01 22:31 . 2009-01-01 22:31 <DIR> d-------- c:\documents and settings\Ana Claudia CN\Dados de aplicativos\HPAppData

2009-01-01 22:30 . 2009-01-01 22:30 <DIR> d-------- c:\documents and settings\Convidado\Dados de aplicativos\AVGTOOLBAR

2009-01-01 22:30 . 2009-01-01 22:30 <DIR> d-------- c:\documents and settings\Ana Claudia\Dados de aplicativos\AVGTOOLBAR

2009-01-01 22:30 . 2009-01-01 22:30 <DIR> dr------- c:\documents and settings\Ana Claudia CN\Menu Iniciar

2009-01-01 22:30 . 2009-01-01 22:30 <DIR> d-------- c:\documents and settings\Ana Claudia CN\Dados de aplicativos\AVGTOOLBAR

2009-01-01 22:30 . 2009-01-01 22:30 <DIR> d--h----- c:\documents and settings\Ana Claudia CN\Ambiente de rede

2009-01-01 22:30 . 2009-01-01 22:30 <DIR> d--h----- c:\documents and settings\Ana Claudia CN\Ambiente de impressão

2009-01-01 11:34 . 2009-01-01 11:34 268 --ah-c--- C:\sqmdata13.sqm

2009-01-01 11:34 . 2009-01-01 11:34 244 --ah-c--- C:\sqmnoopt13.sqm

2008-12-31 00:13 . 2008-12-31 00:13 268 --ah-c--- C:\sqmdata12.sqm

2008-12-31 00:13 . 2008-12-31 00:13 244 --ah-c--- C:\sqmnoopt12.sqm

2008-12-30 17:42 . 2008-12-30 17:42 268 --ah-c--- C:\sqmdata11.sqm

2008-12-30 17:42 . 2008-12-30 17:42 244 --ah-c--- C:\sqmnoopt11.sqm

2008-12-30 11:35 . 2008-12-30 11:35 268 --ah-c--- C:\sqmdata10.sqm

2008-12-30 11:35 . 2008-12-30 11:35 244 --ah-c--- C:\sqmnoopt10.sqm

2008-12-30 07:33 . 2009-01-01 22:31 <DIR> d----c--- C:\Hijack

2008-12-30 06:37 . 2009-01-01 22:30 <DIR> d--h----- c:\documents and settings\Ana Claudia CN\Modelos

2008-12-30 06:37 . 2009-01-01 22:31 <DIR> dr------- c:\documents and settings\Ana Claudia CN\Meus documentos

2008-12-30 06:37 . 2009-01-01 22:30 <DIR> dr------- c:\documents and settings\Ana Claudia CN\Favoritos

2008-12-30 06:37 . 2009-01-01 20:55 <DIR> dr-h----- c:\documents and settings\Ana Claudia CN\Dados de aplicativos

2008-12-30 06:37 . 2009-01-01 23:18 <DIR> d--h----- c:\documents and settings\Ana Claudia CN\Configurações locais

2008-12-30 06:37 . 2009-01-01 23:07 <DIR> d-------- c:\documents and settings\Ana Claudia CN

2008-12-29 22:26 . 2008-12-29 22:26 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys

2008-12-29 22:26 . 2008-12-29 22:26 76,040 --a------ c:\windows\system32\drivers\avgtdix.sys

2008-12-29 22:26 . 2008-12-29 22:26 10,520 --a------ c:\windows\system32\avgrsstx.dll

2008-12-29 22:25 . 2008-12-29 22:33 <DIR> d-------- c:\windows\system32\drivers\Avg

2008-12-29 22:25 . 2008-12-29 22:25 <DIR> d----c--- c:\arquivos de programas\AVG

2008-12-29 20:53 . 2008-12-29 22:25 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Avg8

2008-12-29 18:43 . 2008-12-29 18:44 <DIR> d----c--- c:\arquivos de programas\Spybot - Search & Destroy

2008-12-23 05:10 . 2008-12-23 05:10 <DIR> d----c--- C:\CSWARE

2008-12-23 05:01 . 2008-12-23 05:05 <DIR> d----c--- C:\DiviDead

2008-12-15 20:40 . 2008-06-20 08:45 360,320 --a------ c:\windows\system32\drivers\tcpip.sys.ORIGINAL

2008-12-15 20:40 . 2008-06-20 08:45 360,320 --a--c--- c:\windows\system32\dllcache\tcpip.sys.ORIGINAL

2008-12-15 20:38 . 2008-12-15 21:01 <DIR> d----c--- C:\Downloads

2008-12-15 20:37 . 2009-01-01 20:46 <DIR> d----c--- c:\arquivos de programas\BitComet

2008-12-06 02:43 . 2008-12-06 02:47 <DIR> d----c--- c:\arquivos de programas\Badongo

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-02 00:31 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-12-29 20:59 --------- d-----w c:\arquivos de programas\Google

2008-12-15 22:40 360,320 ----a-w c:\windows\system32\drivers\tcpip.sys

2008-12-12 05:08 --------- d-----w c:\documents and settings\Ana Claudia\Dados de aplicativos\LimeWire

2008-12-08 02:23 --------- d--h--w c:\arquivos de programas\InstallShield Installation Information

2008-11-20 17:12 --------- dc----w c:\arquivos de programas\Total Security 2007

2008-11-20 17:09 --------- dc----w c:\arquivos de programas\Glary Utilities

2008-11-18 15:44 --------- d-----w c:\documents and settings\Convidado\Dados de aplicativos\HPAppData

2008-11-08 19:30 --------- dc----w c:\arquivos de programas\Inter.net

2004-07-22 13:51 3,432,656 -c--a-w c:\arquivos de programas\ManagedDX.CAB

2004-07-20 01:58 1,156,363 -c--a-w c:\arquivos de programas\BDANT.cab

2004-07-20 01:53 976,020 -c--a-w c:\arquivos de programas\BDAXP.cab

2004-07-09 17:17 13,265,040 -c--a-w c:\arquivos de programas\dxnt.cab

2004-07-09 12:13 703,080 -c--a-w c:\arquivos de programas\BDA.cab

2004-07-09 12:13 15,493,481 -c--a-w c:\arquivos de programas\DirectX.cab

2004-07-09 07:08 472,576 -c--a-w c:\arquivos de programas\dxsetup.exe

2004-07-09 07:08 2,242,560 -c--a-w c:\arquivos de programas\dsetup32.dll

2004-07-09 06:03 62,976 -c--a-w c:\arquivos de programas\DSETUP.dll

.

((((((((((((((((((((((((((((( snapshot@2008-12-29_21.01.24,21 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-12-30 00:26:04 26,824 ----a-w c:\windows\system32\drivers\avgmfx86.sys

+ 2009-01-02 00:32:17 703,620 ----a-w c:\windows\system32\Restore\rstrlog.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 25088]

"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-20 68856]

"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Motive SmartBridge"="c:\arquiv~1\ASSIST~1\SMARTB~1\MotiveSB.exe" [2005-04-15 397312]

"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2008-06-05 185896]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]

"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2001-10-28 44032]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]

"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]

"AVG8_TRAY"="c:\arquiv~1\AVG\AVG8\avgtray.exe" [2008-12-29 1261336]

"VTTimer"="VTTimer.exe" [2005-03-08 c:\windows\system32\VTTimer.exe]

"VTTrayp"="VTtrayp.exe" [2005-03-11 c:\windows\system32\VTTrayp.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 25088]

c:\documents and settings\Ana Claudia\Menu Iniciar\Programas\Inicializar\

Adobe Gamma.lnk - c:\arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Assistente Tecnico Speedy.lnk - c:\arquivos de programas\Assistente Tecnico Speedy\bin\matcli.exe [2008-04-09 217088]

HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.ffds"= ffdshow.ax

"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\PTC\\PTC.exe"=

"c:\\Arquivos de programas\\Real\\RealPlayer\\realplay.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"c:\\Arquivos de programas\\BitComet\\BitComet.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgemc.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"19551:TCP"= 19551:TCP:BitComet 19551 TCP

"19551:UDP"= 19551:UDP:BitComet 19551 UDP

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-12-29 97928]

R2 avg8emc;AVG Free8 E-mail Scanner;c:\arquiv~1\AVG\AVG8\avgemc.exe [2008-12-29 875288]

R2 avg8wd;AVG Free8 WatchDog;c:\arquiv~1\AVG\AVG8\avgwdsvc.exe [2008-12-29 231704]

R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-12-29 76040]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

2009-01-02 c:\windows\Tasks\AEB64EFE9189FF7E.job

- c:\docume~1\admini~1\dadosd~1\admint~1\Cool Trust Active.exe []

2008-12-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-220523388-1614895754-682003330-1005.job

- c:\documents and settings\Ana Claudia\Configura []

.

------- Supplementary Scan -------

.

O16 -: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

FF - ProfilePath - c:\documents and settings\Ana Claudia CN\Dados de aplicativos\Mozilla\Firefox\Profiles\w42ib032.default\

FF - component: c:\arquivos de programas\AVG\AVG8\Firefox\components\avgssff.dll

FF - component: c:\arquivos de programas\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npOGAPlugin.dll

ATTENTION: FIREFOX POLICES IS IN FORCE

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-01 23:18:40

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(628)

c:\windows\system32\SETUPAPI.dll

c:\windows\system32\avgrsstx.dll

c:\windows\system32\sfc_os.dll

c:\windows\system32\COMRes.dll

c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(740)

c:\windows\system32\avgrsstx.dll

c:\windows\system32\SETUPAPI.dll

.

Completion time: 2009-01-01 23:21:17

ComboFix-quarantined-files.txt 2009-01-02 01:21:14

ComboFix2.txt 2009-01-01 14:11:18

ComboFix3.txt 2008-12-29 23:02:14

Pre-Run: 18 pasta(s) 19.724.636.160 bytes disponíveis

Post-Run: 18 pasta(s) 19,722,633,216 bytes disponíveis

178 --- E O F --- 2008-10-01 01:55:21

Relatório Atualizado do HijackThis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:27:25, on 1/1/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe

C:\Arquivos de programas\Java\jre1.6.0_06\bin\jusched.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\Assistente Tecnico Speedy\bin\mpbtn.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Java\jre1.6.0_06\bin\jucheck.exe

C:\WINDOWS\explorer.exe

C:\Hijack\HiJackThis.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe