Nigel 0 Denunciar post Postado Fevereiro 13, 2011 O COMPUTADOR ESTÁ LENTO HÁ ALGUM TEMPO, TRAVANDO PRINCIPALMENTE QUANDO USO O NAVEGADOR, QUALQUER UM DELES. JOGO NEM PENSAR, FICA LENTO ATÉ O DA COBRINHA. SEGUE ABAIXO O LOG: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 13:02:34, on 13/2/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\ARQUIV~1\GbPlugin\GbpSv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\The Skins Factory\Hyperdesk\Common\HDThemeEnabler.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccProxy.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Arquivos de programas\Bonjour\mDNSResponder.exe C:\Arquivos de programas\Spyware Doctor\BDT\BDTUpdateService.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\LckFldService.exe C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\PixArt\PAC7302\Monitor.exe C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\alg.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\svchost.exe C:\ARQUIV~1\ARQUIV~1\SYMANT~1\CCPD-LC\symlcsvc.exe C:\Documents and Settings\uu\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\uu\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\uu\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\uu\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\uu\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\uu\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\uu\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\uu\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\uu\Desktop\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) R3 - URLSearchHook: FreeOnlineRadioPlayerRecorder Toolbar - {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Arquivos de programas\FreeOnlineRadioPlayerRecorder\tbFre0.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Arquivos de programas\Spyware Doctor\BDT\PCTBrowserDefender.dll O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Arquivos de programas\ConduitEngine\ConduitEngine.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\ARQUIV~1\ARQUIV~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Arquivos de programas\Megaupload\Mega Manager\MegaIEMn.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: FreeOnlineRadioPlayerRecorder Toolbar - {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Arquivos de programas\FreeOnlineRadioPlayerRecorder\tbFre0.dll O2 - BHO: Download Accelerator Plus Integration - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\ARQUIV~1\DAP\DAPIEL~1.DLL O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Arquivos de programas\Spyware Doctor\BDT\PCTBrowserDefender.dll O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll O3 - Toolbar: FreeOnlineRadioPlayerRecorder Toolbar - {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Arquivos de programas\FreeOnlineRadioPlayerRecorder\tbFre0.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [soundMax] "C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4.exe" /tray O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Arquivos de programas\Norton 360\osCheck.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\WINDOWS\system32\install\server.exe O4 - HKLM\..\Policies\Explorer\Run: [] O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\WINDOWS\system32\install\server.exe O4 - HKUS\S-1-5-19\..\RunOnce: [] (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [] (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user') O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download All using 4shared Desktop - C:\Arquivos de programas\4shared Desktop\down_all.htm O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm O8 - Extra context menu item: Download Links As... - file://C:\WINDOWS\system32\page.htm O8 - Extra context menu item: Download Target(s) As... - file://C:\WINDOWS\system32\link.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {2ADE19BB-1E79-4EC4-976E-AC74339ADD76} (ActiveViewGUI Control) - http://www.masterkids.ddns.com.br/ActiveViewGUI.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab O16 - DPF: {66F7F252-3FE1-4650-B1E5-94B2A38271C5} (ActiveView Control) - http://www.masterkids.ddns.com.br/ActiveView.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Arquivos de programas\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe O23 - Service: Browser Defender Update Service - Unknown owner - C:\Arquivos de programas\Spyware Doctor\BDT\BDTUpdateService.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\VAScanner\comHost.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Hyperdesk Theme Enabler (HdThemeEnabler) - The Skins Factory, Inc. - C:\Arquivos de programas\The Skins Factory\Hyperdesk\Common\HDThemeEnabler.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LiveUpdate - Symantec Corporation - C:\Arquivos de programas\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe O23 - Service: ServiceLayer - Nokia - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: Symantec Core LC - Unknown owner - C:\ARQUIV~1\ARQUIV~1\SYMANT~1\CCPD-LC\symlcsvc.exe -- End of file - 15919 bytes Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Fevereiro 13, 2011 :) Olá Nigel! :seta: Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet: Faça o download do ComboFix Salve-o no Desktop (área de trabalho). * Desabilite as proteções residente de: antivírus, antispywares e firewall ( menos o do Windows! ) * Feche todas as janelas e execute a ferramenta. * Ps: A execução, por comando, também é possível: * Vá em Iniciar --> Executar --> Digite ou cole: "%userprofile%\desktop\Combofix.exe" /killall * Clique em Ok. * Na solicitação: "Negação de garantia de software" --> Clique em Sim. * Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo. * Terminando,clique Sim ou Yes. --> Aguarde. XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX :!: Caso aconteça a notificação de: Aplicativo Win32 inválido ou alguma mensagem parecida com esta, delete a ferramenta ComboFix.exe e faça, novamente, seu download. * Salve-a no Desktop,renomeada como: Kombo.exe * Ps: Nomeie durante o salvamento,e não após salvá-la! * Ps: Surgindo alguma mensagem de erro, rode o ComboFix.exe em "Modo Seguro". <-- Link! * Ps: Na presença de atividades rootkit,teremos a seguinte janela de notificação: * Ps: Anote essas detecções, e dê o OK. Neste caso poste estas detecções que você terá anotado em sua próxima resposta juntamente com os logs pedidos. * Ps: Para completar as remoções, talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde! * Ps: Para evitar problemas, siga todas as recomendações propostas. XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX * Abrir-se-á a janela Auto Scan. --> Aguarde! * Para finalizar remoções, o ComboFix poderá reiniciar o computador. * Se houver necessidade, digite a opção ( 1 ) --> Aperte Enter! --> Aguarde a conclusão! * Durante o scan, evite manusear o mouse ou teclado! <-- Importante! * Caso, por algum motivo de força maior, precise parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter. <><><><><><><><><><><><> Poste o log do Combofix que estará em C:\ComboFix.txt juntamente com um novo log do Hijackthis em sua próxima resposta e nos diga como está o seu PC depois disto. Ficamos no aguardo. Compartilhar este post Link para o post Compartilhar em outros sites
Nigel 0 Denunciar post Postado Fevereiro 15, 2011 Apenas não consegui desligar o norton totalmente (não sabia como), apenas desativei o firewall dele e as outras proteções, aí o programa perguntou se continuava mesmo assim e escolhi continuar. Não deu nenhum erro, e nenhuma mensagem diferente. Acho que já melhorou a velocidade, e ainda não travou, mas acabo de reiniciar, vou observar melhor. Seguem os logs: ComboFix 11-02-13.04 - uu 14/02/2011 20:45:16.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.990.501 [GMT -3:00] Executando de: C:\Documents and Settings\uu\desktop\combofix.exe Comandos utilizados :: /killall AV: Norton 360 *Enabled/Updated* {A5F1BC7C-EA33-4247-961C-0217208396C4} AV: Spyware Doctor with AntiVirus *Disabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6} FW: Norton 360 *Disabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3} . ADS - system32: deleted 2 bytes in 1 streams. ADS - drivers: deleted 204 bytes in 1 streams. ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Arquivos de programas\Mozilla Firefox\componentes C:\Arquivos de programas\Mozilla Firefox\componentes\browser.xpt C:\Arquivos de programas\Mozilla Firefox\componentes\browserdirprovider.dll C:\Arquivos de programas\Mozilla Firefox\componentes\brwsrcmp.dll C:\Arquivos de programas\Mozilla Firefox\componentes\coFFPlgn.dll C:\Arquivos de programas\Mozilla Firefox\componentes\components.list C:\Arquivos de programas\Mozilla Firefox\componentes\FeedConverter.js C:\Arquivos de programas\Mozilla Firefox\componentes\FeedProcessor.js C:\Arquivos de programas\Mozilla Firefox\componentes\FeedWriter.js C:\Arquivos de programas\Mozilla Firefox\componentes\fuelApplication.js C:\Arquivos de programas\Mozilla Firefox\componentes\GPSDGeolocationProvider.js C:\Arquivos de programas\Mozilla Firefox\componentes\jsconsole-clhandler.js C:\Arquivos de programas\Mozilla Firefox\componentes\NetworkGeolocationProvider.js C:\Arquivos de programas\Mozilla Firefox\componentes\nppl3260.xpt C:\Arquivos de programas\Mozilla Firefox\componentes\nsAddonRepository.js C:\Arquivos de programas\Mozilla Firefox\componentes\nsBadCertHandler.js C:\Arquivos de programas\Mozilla Firefox\componentes\nsBlocklistService.js C:\Arquivos de programas\Mozilla Firefox\componentes\nsBrowserContentHandler.js C:\Arquivos de programas\Mozilla Firefox\componentes\nsBrowserGlue.js C:\Arquivos de programas\Mozilla Firefox\componentes\nsContentDispatchChooser.js C:\Arquivos de programas\Mozilla Firefox\componentes\nsContentPrefService.js C:\Arquivos de programas\Mozilla Firefox\componentes\nsDefaultCLH.js C:\Arquivos de programas\Mozilla Firefox\componentes\nsDownloadManagerUI.js C:\Arquivos de programas\Mozilla Firefox\componentes\nsExtensionManager.js C:\Arquivos de programas\Mozilla Firefox\componentes\nsFormAutoComplete.js C:\Arquivos de programas\Mozilla Firefox\componentes\nsHandlerService.js C:\Arquivos de programas\Mozilla Firefox\componentes\nsHelperAppDlg.js C:\Arquivos de programas\Mozilla Firefox\componentes\nsINIProcessor.js C:\Arquivos de programas\Mozilla Firefox\componentes\nsIQTScriptablePlugin.xpt C:\Arquivos de programas\Mozilla Firefox\componentes\nsJSRealPlayerPlugin.xpt C:\Arquivos de programas\Mozilla Firefox\componentes\nsLivemarkService.js C:\Arquivos de programas\Mozilla Firefox\componentes\nsLoginInfo.js C:\Arquivos de programas\Mozilla Firefox\componentes\nsLoginManager.js C:\Arquivos de programas\Mozilla Firefox\componentes\nsLoginManagerPrompter.js C:\Arquivos de programas\Mozilla Firefox\componentes\nsMicrosummaryService.js C:\Arquivos de programas\Mozilla Firefox\componentes\nsPlacesAutoComplete.js C:\Arquivos de programas\Mozilla Firefox\componentes\nsPlacesDBFlush.js C:\Arquivos de programas\Mozilla Firefox\componentes\nsPlacesTransactionsService.js C:\Arquivos de programas\Mozilla Firefox\componentes\nsPrivateBrowsingService.js C:\Arquivos de programas\Mozilla Firefox\componentes\nsProxyAutoConfig.js C:\Arquivos de programas\Mozilla Firefox\componentes\nsSafebrowsingApplication.js C:\Arquivos de programas\Mozilla Firefox\componentes\nsSearchService.js C:\Arquivos de programas\Mozilla Firefox\componentes\nsSearchSuggestions.js C:\Arquivos de programas\Mozilla Firefox\componentes\nsSessionStartup.js C:\Arquivos de programas\Mozilla Firefox\componentes\nsSessionStore.js C:\Arquivos de programas\Mozilla Firefox\componentes\nsSetDefaultBrowser.js C:\Arquivos de programas\Mozilla Firefox\componentes\nsSidebar.js C:\Arquivos de programas\Mozilla Firefox\componentes\nsTaggingService.js C:\Arquivos de programas\Mozilla Firefox\componentes\nsTryToClose.js C:\Arquivos de programas\Mozilla Firefox\componentes\nsUpdateService.js C:\Arquivos de programas\Mozilla Firefox\componentes\nsUpdateServiceStub.js C:\Arquivos de programas\Mozilla Firefox\componentes\nsUpdateTimerManager.js C:\Arquivos de programas\Mozilla Firefox\componentes\nsUrlClassifierLib.js C:\Arquivos de programas\Mozilla Firefox\componentes\nsUrlClassifierListManager.js C:\Arquivos de programas\Mozilla Firefox\componentes\nsURLFormatter.js C:\Arquivos de programas\Mozilla Firefox\componentes\nsWebHandlerApp.js C:\Arquivos de programas\Mozilla Firefox\componentes\pluginGlue.js C:\Arquivos de programas\Mozilla Firefox\componentes\storage-Legacy.js C:\Arquivos de programas\Mozilla Firefox\componentes\storage-mozStorage.js C:\Arquivos de programas\Mozilla Firefox\componentes\txEXSLTRegExFunctions.js C:\Arquivos de programas\Mozilla Firefox\componentes\WebContentConverter.js C:\Documents and Settings\uu\Dados de aplicativos\logs.dat C:\Documents and Settings\uu\gbas.dll_u C:\WINDOWS\command C:\WINDOWS\system32\antav C:\WINDOWS\system32\antav\av.exe C:\WINDOWS\system32\antav\nameversion C:\WINDOWS\system32\HideFyles C:\WINDOWS\system32\HideFyles\apointy.exe C:\WINDOWS\system32\HideFyles\inuus C:\WINDOWS\system32\HideFyles\ntfy C:\WINDOWS\system32\HidesFileLogs C:\WINDOWS\system32\HidesFileLogs\01.log C:\WINDOWS\system32\HidesFileLogs\02.log C:\WINDOWS\system32\HidesFileLogs\03.log C:\WINDOWS\system32\HidesFileLogs\04.log C:\WINDOWS\system32\HidesFileLogs\05.log C:\WINDOWS\system32\HidesFileLogs\06.log C:\WINDOWS\system32\HidesFileLogs\07.log C:\WINDOWS\system32\HidesFileLogs\08.log C:\WINDOWS\system32\HidesFileLogs\09.log C:\WINDOWS\system32\HidesFileLogs\10.log C:\WINDOWS\system32\HidesFileLogs\11.log C:\WINDOWS\system32\HidesFileLogs\12.log C:\WINDOWS\system32\HidesFileLogs\13.log C:\WINDOWS\system32\HidesFileLogs\14.log C:\WINDOWS\system32\HidesFileLogs\15.log C:\WINDOWS\system32\HidesFileLogs\16.log C:\WINDOWS\system32\HidesFileLogs\17.log C:\WINDOWS\system32\HidesFileLogs\18.log C:\WINDOWS\system32\HidesFileLogs\19.log C:\WINDOWS\system32\HidesFileLogs\20.log C:\WINDOWS\system32\HidesFileLogs\21.log C:\WINDOWS\system32\HidesFileLogs\22.log C:\WINDOWS\system32\HidesFileLogs\23.log C:\WINDOWS\system32\HidesFileLogs\24.log C:\WINDOWS\system32\HidesFileLogs\25.log C:\WINDOWS\system32\HidesFileLogs\26.log C:\WINDOWS\system32\HidesFileLogs\27.log C:\WINDOWS\system32\HidesFileLogs\28.log C:\WINDOWS\system32\HidesFileLogs\29.log C:\WINDOWS\system32\HidesFileLogs\30.log C:\WINDOWS\system32\HidesFileLogs\31.log C:\WINDOWS\system32\HidesFileLogs\32.log C:\WINDOWS\system32\HidesFileLogs\33.log C:\WINDOWS\system32\HidesFileLogs\34.log C:\WINDOWS\system32\HidesFileLogs\35.log C:\WINDOWS\system32\HidesFileLogs\36.log C:\WINDOWS\system32\HidesFileLogs\37.log C:\WINDOWS\system32\HidesFileLogs\38.log C:\WINDOWS\system32\HidesFileLogs\39.log C:\WINDOWS\system32\HidesFileLogs\40.log C:\WINDOWS\system32\HidesFileLogs\41.log C:\WINDOWS\system32\HidesFileLogs\42.log C:\WINDOWS\system32\HidesFileLogs\43.log C:\WINDOWS\system32\HidesFileLogs\44.log C:\WINDOWS\system32\HidesFileLogs\45.log C:\WINDOWS\system32\HidesFileLogs\46.log C:\WINDOWS\system32\HidesFileLogs\47.log C:\WINDOWS\system32\HidesFileLogs\48.log C:\WINDOWS\system32\HidesFileLogs\49.log C:\WINDOWS\system32\HidesFileLogs\50.log C:\WINDOWS\system32\HidesFileLogs\51.log C:\WINDOWS\system32\HidesFileLogs\sair.log C:\WINDOWS\system32\install C:\WINDOWS\system32\SITE\empresa05 C:\WINDOWS\system32\SITE\empresa05\AC_RunActiveContent.js C:\WINDOWS\system32\SITE\empresa05\block.html C:\WINDOWS\system32\SITE\empresa05\erro.gif C:\WINDOWS\system32\SITE\empresa05\erro.html C:\WINDOWS\system32\SITE\empresa05\id.txt C:\WINDOWS\system32\SITE\empresa05\index.html C:\WINDOWS\system32\SITE\empresa05\index.swf C:\WINDOWS\system32\SITE\empresa05\settings.sol C:\WINDOWS\system32\SITE\empresa05\sync.txt C:\WINDOWS\system32\SITE\empresa09 C:\WINDOWS\system32\SITE\empresa09\AC_RunActiveContent.js C:\WINDOWS\system32\SITE\empresa09\block.html C:\WINDOWS\system32\SITE\empresa09\erro.gif C:\WINDOWS\system32\SITE\empresa09\erro.html C:\WINDOWS\system32\SITE\empresa09\id.txt C:\WINDOWS\system32\SITE\empresa09\index.html C:\WINDOWS\system32\SITE\empresa09\index.swf C:\WINDOWS\system32\SITE\empresa09\sync.txt C:\WINDOWS\system32\Thumbs.db C:\WINDOWS\system32\twunk_32.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Serviços ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_GBPSV -------\Service_GbpSv (((((((((((((((( Arquivos/Ficheiros criados de 2011-01-15 to 2011-02-15 )))))))))))))))))))))))))))) . 2011-02-07 17:57:44 . 2011-02-07 17:59:07 -------- d-----w- C:\Documents and Settings\uu\Dados de aplicativos\SecondLife 2011-02-07 17:57:43 . 2011-02-07 18:00:39 -------- d-----w- C:\Documents and Settings\uu\Configurações locais\Dados de aplicativos\SecondLife 2011-02-07 17:56:17 . 2011-02-07 17:57:33 -------- d-----w- C:\Arquivos de programas\SecondLifeViewer2 2011-01-30 18:45:02 . 2010-12-16 13:53:18 155136 ----a-w- C:\WINDOWS\system32\AI_ContextMenu.dll 2011-01-30 18:44:51 . 2010-11-19 21:02:34 496640 ----a-w- C:\WINDOWS\system32\xvid.ax 2011-01-30 18:44:50 . 2010-11-19 21:02:36 892928 ----a-w- C:\WINDOWS\system32\iconv.dll 2011-01-30 18:44:50 . 2010-11-19 21:02:36 675840 ----a-w- C:\WINDOWS\system32\ac3filter.ax 2011-01-30 18:44:37 . 2011-01-30 18:44:37 -------- d-----w- C:\Arquivos de programas\Aimersoft 2011-01-30 18:33:05 . 2007-04-12 17:19:50 129024 ----a-w- C:\WINDOWS\system32\AVERM.dll 2011-01-30 18:33:05 . 2006-09-26 16:57:40 28672 ----a-w- C:\WINDOWS\system32\AVEQT.dll 2011-01-30 18:33:00 . 2011-01-30 18:36:59 -------- d-----w- C:\Arquivos de programas\Movie DVD Maker 2011-01-26 17:06:44 . 2011-01-26 17:06:46 -------- d-----w- C:\Arquivos de programas\Convert Multiple FLV Files To MPEG or AVI Files Software 2011-01-26 16:51:52 . 2011-01-26 16:51:56 -------- d-----w- C:\Arquivos de programas\Efficient WMA MP3 Converter 2011-01-26 16:46:18 . 2011-01-26 16:46:20 -------- d-----w- C:\Arquivos de programas\Arquivos comuns\Common Share 2011-01-26 16:46:18 . 2008-12-18 16:38:32 719872 ----a-w- C:\WINDOWS\system32\devil.dll 2011-01-26 16:46:17 . 2008-12-18 16:38:30 351744 ----a-w- C:\WINDOWS\system32\avisynth.dll 2011-01-26 16:46:16 . 2008-12-18 16:38:30 1700352 ----a-w- C:\WINDOWS\system32\gdiplus.dll 2011-01-26 16:46:12 . 2011-01-26 16:46:12 -------- d-----w- C:\Arquivos de programas\OJOsoft 2011-01-26 16:42:02 . 2011-01-26 16:42:02 -------- d-----w- C:\Arquivos de programas\Emicsoft Studio 2011-01-26 16:37:47 . 2011-01-26 16:37:47 -------- d-----w- C:\Arquivos de programas\Doremisoft 2011-01-26 16:32:22 . 2011-01-26 16:32:22 -------- d-----w- C:\Mp3 Output 2011-01-26 16:32:19 . 2011-01-26 16:32:19 -------- d-----w- C:\Arquivos de programas\Smallvideosoft 2011-01-26 16:32:19 . 2009-06-08 18:33:08 8676883 ----a-w- C:\WINDOWS\system32\mp3Media2.dll 2011-01-25 00:41:29 . 2011-01-25 00:41:29 -------- d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\SpeedBit 2011-01-25 00:40:11 . 2011-01-25 00:44:32 -------- d-----w- C:\Arquivos de programas\DAP 2011-01-21 23:07:59 . 2011-01-21 23:07:59 -------- d-----w- C:\ubuntu-backup 2011-01-21 17:48:06 . 2010-12-03 19:59:23 25048 ----a-w- C:\Arquivos de programas\Mozilla Firefox\components\browserdirprovider.dll 2011-01-21 17:48:06 . 2010-12-03 19:59:23 140248 ----a-w- C:\Arquivos de programas\Mozilla Firefox\components\brwsrcmp.dll 2011-01-21 17:48:02 . 2010-12-03 19:59:23 912344 ----a-w- C:\Arquivos de programas\Mozilla Firefox\firefox.exe 2011-01-21 14:55:50 . 2011-01-21 14:55:50 -------- d-----w- C:\Documents and Settings\uu\Dados de aplicativos\IObit 2011-01-21 14:55:49 . 2011-01-21 14:55:49 -------- d-----w- C:\Arquivos de programas\IObit . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-12-29 01:08:54 . 2010-12-29 01:08:54 0 ----a-w- C:\WINDOWS\system32\ConduitEngine.tmp 2010-12-28 13:46:30 . 2009-08-17 16:50:55 46600 ----a-w- C:\WINDOWS\system32\drivers\gbpkm.sys 2010-12-24 00:54:18 . 2010-12-24 00:54:16 143360 ----a-w- C:\WINDOWS\system32\unzip32.dll 2010-01-26 13:11:08 . 2010-11-23 23:26:53 444283 ----a-w- C:\Arquivos de programas\Arquivos comuns\WinPcapNmap.exe . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{f999a48b-1950-4d81-9971-79018f807b4b}"= "C:\Arquivos de programas\FreeOnlineRadioPlayerRecorder\tbFre0.dll" [2010-10-18 10:26:36 3908192] [HKEY_CLASSES_ROOT\clsid\{f999a48b-1950-4d81-9971-79018f807b4b}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] 2010-10-18 10:26:36 3908192 ----a-w- C:\Arquivos de programas\ConduitEngine\ConduitEngine.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f999a48b-1950-4d81-9971-79018f807b4b}] 2010-10-18 10:26:36 3908192 ----a-w- C:\Arquivos de programas\FreeOnlineRadioPlayerRecorder\tbFre0.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{f999a48b-1950-4d81-9971-79018f807b4b}"= "C:\Arquivos de programas\FreeOnlineRadioPlayerRecorder\tbFre0.dll" [2010-10-18 10:26:36 3908192] [HKEY_CLASSES_ROOT\clsid\{f999a48b-1950-4d81-9971-79018f807b4b}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{F999A48B-1950-4D81-9971-79018F807B4B}"= "C:\Arquivos de programas\FreeOnlineRadioPlayerRecorder\tbFre0.dll" [2010-10-18 10:26:36 3908192] [HKEY_CLASSES_ROOT\clsid\{f999a48b-1950-4d81-9971-79018f807b4b}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2007-06-29 09:24:52 286720] "PAC7302_Monitor"="C:\WINDOWS\PixArt\PAC7302\Monitor.exe" [2006-11-03 14:01:16 319488] "GrooveMonitor"="C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 14:44:34 31072] "ccApp"="C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe" [2008-10-17 18:52:10 51048] "osCheck"="C:\Arquivos de programas\Norton 360\osCheck.exe" [2008-02-26 14:50:44 988512] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb] 2011-02-01 11:50:26 354592 ----a-w- C:\Arquivos de programas\GbPlugin\gbieh.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Flash.exe] path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Flash.exe backup=C:\WINDOWS\pss\Flash.exeCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HOTSYNCSHORTCUTNAME.lnk] path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\HOTSYNCSHORTCUTNAME.lnk backup=C:\WINDOWS\pss\HOTSYNCSHORTCUTNAME.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^uu^Menu Iniciar^Programas^Inicializar^Adobe Gamma.lnk] path=C:\Documents and Settings\uu\Menu Iniciar\Programas\Inicializar\Adobe Gamma.lnk backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^uu^Menu Iniciar^Programas^Inicializar^Download Mage.lnk] path=C:\Documents and Settings\uu\Menu Iniciar\Programas\Inicializar\Download Mage.lnk backup=C:\WINDOWS\pss\Download Mage.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^uu^Menu Iniciar^Programas^Inicializar^HotSync Manager.LNK] path=C:\Documents and Settings\uu\Menu Iniciar\Programas\Inicializar\HotSync Manager.LNK backup=C:\WINDOWS\pss\HotSync Manager.LNKStartup [HKLM\~\startupfolder\C:^Documents and Settings^uu^Menu Iniciar^Programas^Inicializar^Skyscape SmartUpdate.lnk] path=C:\Documents and Settings\uu\Menu Iniciar\Programas\Inicializar\Skyscape SmartUpdate.lnk backup=C:\WINDOWS\pss\Skyscape SmartUpdate.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-09-21 02:07:44 932288 ----a-r- C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2010-09-23 07:47:04 35760 ----a-w- C:\Arquivos de programas\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount] 2009-11-15 09:42:00 33120 ----a-w- C:\Arquivos de programas\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2009-12-14 03:57:24 135664 ----atw- C:\Documents and Settings\uu\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ink Monitor] 2004-05-05 16:54:34 262210 ------w- C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor] 2006-11-03 14:01:16 319488 ----a-w- C:\WINDOWS\PixArt\PAC207\Monitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 02:21:10 1695232 ----a-w- C:\Arquivos de programas\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-01 18:57:24 153136 ----a-w- C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor] 2008-11-07 16:50:26 54576 ----a-w- C:\Arquivos de programas\OLYMPUS\OLYMPUS Master 2\FirstStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2007-06-29 09:24:52 286720 ----a-w- C:\Arquivos de programas\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSPower] 2005-05-26 03:01:44 49152 ----a-r- C:\WINDOWS\system32\SiSPower.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2010-10-11 19:49:48 14940040 ----a-r- C:\Arquivos de programas\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd] 2003-12-31 04:39:04 40960 ----a-w- C:\WINDOWS\vsnpstd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMax] 2004-09-23 15:41:54 860160 ----a-w- C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP] 2004-10-14 12:11:10 1388544 ----a-w- C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2009-12-14 03:38:53 149280 ----a-w- C:\Arquivos de programas\Java\jre6\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2008-08-25 01:38:51 39408 ----a-w- C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Arquivos de programas\\Azureus\\Azureus.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "C:\\Arquivos de programas\\Java\\jre1.6.0_02\\bin\\javaw.exe"= "C:\\GenialGiFT\\gift\\giFT.exe"= "C:\\Arquivos de programas\\K-LiteNitro\\giFT\\giFTl.exe"= "skp66.exe"= skp66.exe:BNDMSS "C:\\Arquivos de programas\\Motorola\\RSD Lite\\SDL.exe"= "ud32.exe"= ud32.exe:BNDMSS "C:\\Arquivos de programas\\Ares\\Ares.exe"= "C:\\Documents and Settings\\uu\\Meus documentos\\emulator-win\\Emulator.exe"= "C:\\WINDOWS\\system32\\dpvsetup.exe"= "C:\\Arquivos de programas\\uTorrent\\uTorrent.exe"= "C:\\Arquivos de programas\\Valve\\Counter-Strike Source\\srcds.exe"= "C:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"= "C:\\Arquivos de programas\\Valve\\hl.exe"= "C:\\Arquivos de programas\\Valve\\hlds.exe"= "C:\\RemoteView\\BcastTcp.exe"= "C:\\Arquivos de programas\\Google\\Google Earth\\client\\googleearth.exe"= "C:\\Arquivos de programas\\Google\\Google Earth\\plugin\\geplugin.exe"= "C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"= "C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"= "C:\\Arquivos de programas\\Megacubo\\megacubo.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "15615:TCP"= 15615:TCP:NortonAV "17371:TCP"= 17371:TCP:NortonAV "17598:TCP"= 17598:TCP:NortonAV "16173:TCP"= 16173:TCP:NortonAV "15121:TCP"= 15121:TCP:NortonAV "18053:TCP"= 18053:TCP:NortonAV "16092:TCP"= 16092:TCP:NortonAV "14679:TCP"= 14679:TCP:NortonAV "12345:TCP"= 12345:TCP:NortonAV "15458:TCP"= 15458:TCP:NortonAV "15379:TCP"= 15379:TCP:NortonAV "17238:TCP"= 17238:TCP:NortonAV "15994:TCP"= 15994:TCP:NortonAV "17564:TCP"= 17564:TCP:NortonAV "13620:TCP"= 13620:TCP:NortonAV "13793:TCP"= 13793:TCP:NortonAV "12503:TCP"= 12503:TCP:NortonAV "15290:TCP"= 15290:TCP:NortonAV "15012:TCP"= 15012:TCP:NortonAV "14760:TCP"= 14760:TCP:NortonAV "12891:TCP"= 12891:TCP:NortonAV "12835:TCP"= 12835:TCP:NortonAV "12557:TCP"= 12557:TCP:NortonAV "18892:TCP"= 18892:TCP:NortonAV "14865:TCP"= 14865:TCP:NortonAV "18611:TCP"= 18611:TCP:NortonAV R0 GbpKm;Gbp KernelMode;C:\WINDOWS\system32\drivers\gbpkm.sys [17/8/2009 13:50:55 46600] R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2/7/2009 09:52:27 28544] R0 PCTCore;PCTools KDS;C:\WINDOWS\system32\drivers\PCTCore.sys [14/8/2010 13:37:08 207280] R0 sptd;sptd;C:\WINDOWS\system32\drivers\sptd.sys [6/5/2010 19:26:38 691696] R2 Browser Defender Update Service;Browser Defender Update Service;C:\Arquivos de programas\Spyware Doctor\BDT\BDTUpdateService.exe [14/8/2010 13:40:03 112592] R2 HdThemeEnabler;Hyperdesk Theme Enabler;C:\Arquivos de programas\The Skins Factory\Hyperdesk\Common\HDThemeEnabler.exe [21/7/2008 12:50:02 106496] R2 LiveUpdate Notice;LiveUpdate Notice;C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCSVCHST.EXE [18/2/2008 16:37:20 149352] R2 npf;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [26/1/2010 23:09:02 50704] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Arquivos de programas\Arquivos comuns\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11/1/2011 02:32:20 102448] R3 NTProcDrv;Process creation detector for NT.;C:\WINDOWS\temp\drv1.tmp [14/2/2011 21:01:20 3584] S2 gupdate;Google Update Service (gupdate);C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [10/6/2010 09:24:08 136176] S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\drivers\COH_Mon.sys [12/1/2008 23:32:00 23888] S3 FXDRV;FXDRV;\??\D:\Fxdrv.sys --> D:\Fxdrv.sys [?] S3 npggsvc;nProtect GameGuard Service;C:\WINDOWS\system32\GameMon.des -service --> C:\WINDOWS\system32\GameMon.des -service [?] S3 sdAuxService;PC Tools Auxiliary Service;C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe [14/8/2010 13:36:58 365280] S3 usb2vcom;USB to Serial Bridge Controller;C:\WINDOWS\system32\drivers\usb2vcom.sys [17/4/2008 16:32:15 30368] S3 Usblink;Usblink Driver;C:\WINDOWS\system32\drivers\ulink.sys [30/7/2008 17:17:29 40060] S3 zlportio;zlportio;\??\C:\Documents and Settings\uu\Desktop\Renan\Downloads - RG\Jogos\UltraSta Deluxe 1.1\zlportio.sys --> C:\Documents and Settings\uu\Desktop\Renan\Downloads - RG\Jogos\UltraSta Deluxe 1.1\zlportio.sys [?] --- =Outros Serviços/Drivers Na Memória --- *NewlyCreated* - COMHOST . Conteúdo da pasta 'Tarefas Agendadas' 2011-02-15 C:\WINDOWS\Tasks\Google Software Updater.job - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-25 01:38:48 . 2009-03-25 21:20:58] 2011-02-15 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [2010-06-10 12:24:08 . 2010-06-10 12:24:06] 2011-02-14 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [2010-06-10 12:24:08 . 2010-06-10 12:24:06] 2010-05-31 C:\WINDOWS\Tasks\mixpadSevenDaysInit.job - C:\Arquivos de programas\NCH Swift Sound\MixPad\mixpad.exe [2010-05-31 23:30:49 . 2010-05-31 23:30:49] 2010-06-10 C:\WINDOWS\Tasks\mixpadShakeIcon.job - C:\Arquivos de programas\NCH Swift Sound\MixPad\mixpad.exe [2010-05-31 23:30:49 . 2010-05-31 23:30:49] 2010-06-10 C:\WINDOWS\Tasks\photostageShakeIcon.job - C:\Arquivos de programas\NCH Software\PhotoStage\photostage.exe [2010-05-31 23:30:34 . 2010-05-31 23:30:35] . . ------- Scan Suplementar ------- . uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage mWindow Title = uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local IE: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm IE: &Download All using 4shared Desktop - C:\Arquivos de programas\4shared Desktop\down_all.htm IE: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm IE: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm IE: Download Links As... - file://C:\WINDOWS\system32\page.htm IE: Download Target(s) As... - file://C:\WINDOWS\system32\link.htm IE: E&xport to Microsoft Excel - C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: E&xportar para o Microsoft Excel - C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000 IE: Google Sidewiki... - C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html IE: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\ARQUIV~1\DAP\dapie.dll Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\ARQUIV~1\DAP\dapie.dll DPF: {2ADE19BB-1E79-4EC4-976E-AC74339ADD76} - hxxp://www.masterkids.ddns.com.br/ActiveViewGUI.cab DPF: {66F7F252-3FE1-4650-B1E5-94B2A38271C5} - hxxp://www.masterkids.ddns.com.br/ActiveView.cab DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://www14.bancobrasil.com.br/plugin/GbpDist.cab FF - ProfilePath - C:\Documents and Settings\uu\Dados de aplicativos\Mozilla\Firefox\Profiles\94m5qc5q.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2737658&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - FreeOnlineRadioPlayerRecorder Customized Web Search FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2737658&SearchSource=13 FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q= FF - prefs.js: network.proxy.http - 192.168.1.64 FF - prefs.js: network.proxy.http_port - 8080 FF - prefs.js: network.proxy.type - 2 FF - Ext: YouTube Video Downloader: firefox-ext@youtubekeep.com - %profile%\extensions\firefox-ext@youtubekeep.com FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} FF - Ext: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - %profile%\extensions\{f999a48b-1950-4d81-9971-79018f807b4b} FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Arquivos de programas\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - C:\Arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - C:\Arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: jqs@sun.com - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ff FF - Ext: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - C:\Arquivos de programas\Nokia\Nokia PC Suite 7\bkmrksync FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - C:\Arquivos de programas\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension FF - Ext: Download Accelerator Plus (DAP) extension: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08} - C:\Arquivos de programas\DAP\DAPFireFox . - - - - ORFÃOS REMOVIDOS - - - - WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) HKU-Default-Run-Nokia.PCSync - C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe SafeBoot-WudfPf SafeBoot-WudfRd MSConfigStartUp-AMsnMonitor - C:\Arquivos de programas\AwinSoft\MsnMonitor\A_MSN_Monitor.exe MSConfigStartUp-AVG - C:\WINDOWS\system32\antav\av.exe MSConfigStartUp-AVG7_CC - C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe MSConfigStartUp-AVG8_TRAY - C:\ARQUIV~1\AVG\AVG8\avgtray.exe MSConfigStartUp-Emurayden PSX Emulator - C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe MSConfigStartUp-EPSON Stylus C67 Series - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAL.EXE MSConfigStartUp-Flash - C:\Arquivos de programas\Flash.exe MSConfigStartUp-LanguageShortcut - C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe MSConfigStartUp-MsnMonitor - C:\Arquivos de programas\IMMonitor\MSN Messenger Monitor Sniffer\MsnMonitor.exe MSConfigStartUp-PCSuiteTrayApplication - C:\Arquivos de programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe MSConfigStartUp-RemoteControl - C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe MSConfigStartUp-SpeedBitVideoAccelerator - C:\Arquivos de programas\SpeedBit Video Accelerator\VideoAccelerator.exe MSConfigStartUp-SUPERAntiSpyware - C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe MSConfigStartUp-Virtual PDF Printer - C:\Arquivos de programas\Virtual PDF Printer\VirtualPDFPrinter.exe MSConfigStartUp-WatchDog - C:\Arquivos de programas\mobile PhoneTools\WatchDog.exe Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:16:08, on 14/2/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\The Skins Factory\Hyperdesk\Common\HDThemeEnabler.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccProxy.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Bonjour\mDNSResponder.exe C:\Arquivos de programas\Spyware Doctor\BDT\BDTUpdateService.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\LckFldService.exe C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\PixArt\PAC7302\Monitor.exe C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\uu\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) R3 - URLSearchHook: FreeOnlineRadioPlayerRecorder Toolbar - {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Arquivos de programas\FreeOnlineRadioPlayerRecorder\tbFre0.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Arquivos de programas\Spyware Doctor\BDT\PCTBrowserDefender.dll O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Arquivos de programas\ConduitEngine\ConduitEngine.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\ARQUIV~1\ARQUIV~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Arquivos de programas\Megaupload\Mega Manager\MegaIEMn.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: FreeOnlineRadioPlayerRecorder Toolbar - {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Arquivos de programas\FreeOnlineRadioPlayerRecorder\tbFre0.dll O2 - BHO: Download Accelerator Plus Integration - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\ARQUIV~1\DAP\DAPIEL~1.DLL O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Arquivos de programas\Spyware Doctor\BDT\PCTBrowserDefender.dll O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll O3 - Toolbar: FreeOnlineRadioPlayerRecorder Toolbar - {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Arquivos de programas\FreeOnlineRadioPlayerRecorder\tbFre0.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Arquivos de programas\Norton 360\osCheck.exe" O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user') O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download All using 4shared Desktop - C:\Arquivos de programas\4shared Desktop\down_all.htm O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm O8 - Extra context menu item: Download Links As... - file://C:\WINDOWS\system32\page.htm O8 - Extra context menu item: Download Target(s) As... - file://C:\WINDOWS\system32\link.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {2ADE19BB-1E79-4EC4-976E-AC74339ADD76} (ActiveViewGUI Control) - http://www.masterkids.ddns.com.br/ActiveViewGUI.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab O16 - DPF: {66F7F252-3FE1-4650-B1E5-94B2A38271C5} (ActiveView Control) - http://www.masterkids.ddns.com.br/ActiveView.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe O23 - Service: Browser Defender Update Service - Unknown owner - C:\Arquivos de programas\Spyware Doctor\BDT\BDTUpdateService.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\VAScanner\comHost.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Hyperdesk Theme Enabler (HdThemeEnabler) - The Skins Factory, Inc. - C:\Arquivos de programas\The Skins Factory\Hyperdesk\Common\HDThemeEnabler.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LiveUpdate - Symantec Corporation - C:\Arquivos de programas\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe O23 - Service: ServiceLayer - Nokia - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: Symantec Core LC - Unknown owner - C:\ARQUIV~1\ARQUIV~1\SYMANT~1\CCPD-LC\symlcsvc.exe -- End of file - 13722 bytes Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Fevereiro 15, 2011 :) Vários problemas foram removidos pelo Combofix. ________________________ :seta: Siga, por gentileza, estas dicas: Tutorial do Malwarebytes Anti-Malware Tutorial do Ad-Remover __________________________ :seta: Depois disso é só voltar aqui no fórum e postar um novo log do Hijackthis, o log do Malwarebytes e o log do Ad-Remover que estará em C:\Ad-Report-CLEAN[1].log e nos diga como está o seu PC depois disto. Ficamos no aguardo de sua resposta. Compartilhar este post Link para o post Compartilhar em outros sites
Mário Monteiro 179 Denunciar post Postado Março 15, 2011 Tópico Arquivado Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado. Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura. Compartilhar este post Link para o post Compartilhar em outros sites