[Resolvido] Gerenciador de tarefas inacessivel

[William Cairo 0]

Caros amigos, eu estava com o tal do virus csrcs.exe, que meu antivirus AVIRA detectava, mas nao conseguia eliminar de jeito nenhum. Percebi que quando eu pressionava CTRL+ALT+DEL o gerenciador de tarefas nao entrava mais.

Fui no Regedit e tirei as referencias deste danado de lá, tomando aquele cuidado pra nao remover o explorer.exe que fica na mesma linha de comando dele.

APARENTEMENTE o virus não tá mais ativo, pois o avira nao o detecta mais. Porém o gerenciador de tarefas ainda nao entra. E o windows esta muito mais lento que o normal, principalmente a Internet.

Obs.: Pc processador Phenom II X3 710, 4GB Ram DDR2 1066, 3MB/s de internet.

Obs.2: Uso o Windows XP SP3 versão Portugues de Portugal, pois acho ele bem estavel.

Criei um log com o Hijackthis para alguem poder me ajudar, se possivel, como está a seguir:

____________________________________

Logfile of HijackThis v1.99.1

Scan saved at 23:05:48, on 30/1/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16945)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Programas\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programas\Avira\AntiVir Desktop\sched.exe

C:\Programas\Avira\AntiVir Desktop\avguard.exe

C:\Programas\Java\jre6\bin\jqs.exe

C:\Programas\Google\Update\1.2.183.13\GoogleCrashHandler.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Programas\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\qttask.exe

C:\Programas\Lavasoft\Ad-Aware\AAWTray.exe

C:\Programas\Java\jre6\bin\jusched.exe

C:\WINDOWS\VM_STI.EXE

C:\Programas\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Programas\Ficheiros comuns\InstallShield\UpdateService\issch.exe

C:\Programas\DAEMON Tools Lite\daemon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programas\LG Soft India\forteManager\bin\Monitor.exe

C:\Programas\Logitech\SetPoint\SetPoint.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Programas\Ficheiros comuns\Logishrd\KHAL2\KHALMNPR.EXE

C:\Documents and Settings\william\Definições locais\Application Data\Google\Chrome\Application\chrome.exe

C:\Programas\NitroPC\NitroPC.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.ask.com?o=15183&l=dis

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programas\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programas\Ask.com\GenericAskToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programas\Ask.com\GenericAskToolbar.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [avgnt] "C:\Programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Ad-Watch] C:\Programas\Lavasoft\Ad-Aware\AAWTray.exe

O4 - HKLM\..\Run: [Google Updater] "C:\Programas\Google\Google Updater\GoogleUpdater.exe" -systray -startup

O4 - HKLM\..\Run: [startCCC] "C:\Programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Programas\Ficheiros comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE KOCOM KMC-90 Web Camera

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~2\FICHEI~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Programas\Ficheiros comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\william\Definições locais\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [uTorrent] "C:\Programas\uTorrent\uTorrent.exe"

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [NitroPC] "C:\Programas\NitroPC\NitroPC.exe" -minimized

O4 - Global Startup: forteManager.lnk = ?

O4 - Global Startup: Logitech SetPoint.lnk = C:\Programas\Logitech\SetPoint\SetPoint.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Locate Spot on Map by GPS - C:\Programas\Opanda\IExif 2.3\IExifMap.htm

O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Programas\Opanda\IExif 2.3\IExifCom.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O11 - Options group: [TABS] Tabbed Browsing

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programas\Ficheiros comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\FICHEI~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: LBTWlgn - c:\programas\ficheiros comuns\logishrd\bluetooth\LBTWlgn.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Programas\Google\Update\GoogleUpdate.exe" /svc (file missing)

O23 - Service: Google Software Updater (gusvc) - Google - C:\Programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Programas\Java\jre6\bin\jqs.exe" -service -config "C:\Programas\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programas\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programas\Ficheiros comuns\Logishrd\Bluetooth\LBTServ.exe

 

 

Obrigado desde já

[William Cairo 0]

Pode fechar o topico, outro site ja ajudou. Eu precisava com um pouco de urgencia.

obrigado

[JonJon CS 1]

Você pode nos dizer qual foi a solução para que os outros usuários possam usufruir da solução de seu problema?

[William Cairo 0]

OK.. usei MalwareBytes + Combofix.. eliminou a porcariada toda!!

Abraços

[Laurentino Mello 1]

CASO RESOLVIDO.

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico e informe o motivo da reabertura.