Usamos cookies para medir audiência e melhorar sua experiência. Você pode aceitar ou recusar a qualquer momento. Veja sobre o iMasters.
Olá. Gostaria de saber se há algo anormal no meu log, pois a máquina está meio lenta. Abraços
HiJackThis
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:07:46, on 11/07/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\VTTimer.exe
C:\Windows\System32\VTTrayp.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\SOUNDMAN.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\taskhost.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Windows\system32\wuauclt.exe
C:\Users\gaspar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\gaspar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\gaspar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\gaspar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\gaspar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\gaspar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\gaspar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\gaspar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\gaspar\Downloads\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\Free Download Manager\iefdm2.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Users\gaspar\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{61FA8882-2F70-4DEE-8D1F-C1C7CCE6127A}: NameServer = 200.222.122.134 200.165.132.155
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: HWDeviceService.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
--
End of file - 5599 bytes
Bom Dia! MasterFuxi
########
735,30 Mb Total Physical Memory | 94,59 Mb Available Physical Memory | 12,86% Memory free [TXT_MEMOIRE_INSUFFISANTE]
########
|- Seu computador possui memória livre insuficiente!
|- Ps: Desinstale alguns softwares,que não lhe sejam importantes ou coloque mais RAM na máquina.
|- DESINSTALE
|- <1> C:\Program Files\Malwarebytes' Anti-Malware
|- <2> C:\ProgramData\DatacardService <- Se não utiliza pode desinstalar!
-/-
|- Execute o OTL.exe.
|- Copie estas informações que estão em vermelho,para o campo clipboard da ferramenta. ( "Exames Personalizados Correções" )
>
:OTLFF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
:Files
Type C:\Windows\system32\Tasks\{D05693B4-7F34-4658-A578-123DC51AD118} /C
C:\Users\gaspar\AppData\Local\{*}
:Commands
[purity]
[emptytemp]
[Reboot]
|- Clique no botão Consertar -> Aguarde a conclusão!
|- O computador vai reiniciar! -> Clique em "Executar".
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/OTL_RunFix.jpg&key=09e9249e416710368096f3071f572470adab328652ebc1420e14063af4dbfd77" alt="OTL_RunFix.jpg" />
|- Para versões em Inglês,clique em Run Fix que é o mesmo que Consertar.
|- Poste o relatório: C:\_OTL\MovedFiles\*.log
Abraços!
Boa Tarde! MasterFuxi
|- Baixe: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/ZHPDiag_Silent.jpg&key=b108c6f3da4b9ebe004c6fc63c6e29fc4f2043056612e16f58c8a6da9600eaea" alt="ZHPDiag_Silent.jpg" /> > ( ... par Nicolas Coolman )
|- Salve-o no desktop!
|- Para Windows Vista ou 7,clique direito e execute o arquivo como administrador.
|- Aguarde a conclusão do scan e clique em "Copier". <- Aguarde!
|- Poste e/ou cole aqui,o link que foi gerado!
Abraços!
Boa Tarde! Aqui está.
ZHPDiag
http://pjjoint.malekal.com/files.php?read=ZHPDiag_20120712_b15o12f6f6b13
Boa Tarde! MasterFuxi
|- Baixe: < ZHPFix.zip >
|- Descompacte-o para o desktop. < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/ZHPFix_logo.jpg&key=36deb1b56d9a268ad62852103ef8ad3d00908949d89c903217f56b8157856234" alt="ZHPFix_logo.jpg" /> >
|- Feche programas/pastas que estejam abertos.
|- Feche,também,o navegador!
|- Para Windows Vista,desabilite a UAC.
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/ZHPFix_Logo.jpg&key=e1490e388cb3365073cd3d8484ad299330f9c980ec992ca5e2d4b57fd46b5d7b" alt="ZHPFix_Logo.jpg" />
|- Para Windows Vista ou 7,clique direito em ZHPFix.exe e execute-o como administrador.
|- Selecione e copie estas informações,que estão em vermelho,para o "Bloco de Notas".
>
[MD5.00000000000000000000000000000000] [APT] [{D05693B4-7F34-4658-A578-123DC51AD118}] (...) -- C:\Users\gaspar\Downloads\wIShld\setup.exe (.not file.)O43 - CFD: 15/04/2012 - 23:43:29 - [0] ----D C:\Users\gaspar\AppData\Local\Dados de aplicativos
O43 - CFD: 15/04/2012 - 23:43:29 - [0] ----D C:\Users\gaspar\AppData\Local\Histórico
[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]:Shell
C:\Windows\system32\Tasks\{D05693B4-7F34-4658-A578-123DC51AD118}
proxyfix
emptytemp
firewallraz
sysrestore
|- Estando com o Bloco de Notas aberto,acione os atalhos: "Ctrl+A" -> "Ctrl+C"
|- Minimize o Bloco de Notas.
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/ZHPDiag_PasteClipboard.jpg&key=e48613cfa6f79756d0d3087d1f9470f91a4d063f3d1285295d93d87cacbfb63d" alt="ZHPDiag_PasteClipboard.jpg" />
|- Clique no menu,"Paste ClipBoard".
|- Clique em "GO" -> Oui.
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/ZHPFix_GO.jpg&key=558fe81face1e694faa61f1e0c3985db203e8ad910d59aa68f5da5f2fd114f02" alt="ZHPFix_GO.jpg" />
|- Ps: Temos,àcima,sequência de imagens para maior exclarecimento.
|- Poste o relatório: C:\ZHP\ZHPFix[R1].txt
Abraços!
Boa Noite! Aqui está.
ZHPFix
Rapport de ZHPFix 1.2.06 par Nicolas Coolman, Update du 17/05/2012
Fichier d'export Registre :
Run by gaspar at 12/07/2012 19:29:33
Windows 7 Ultimate Edition, 32-bit Service Pack 1 (Build 7601)
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html
Web site : http://nicolascoolman.skyrock.com/
========== Registry Value ==========
NOT FOUND [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]:Shell
ProxyFix : Proxy killed successfully
DELETED ProxyServer Value
DELETED ProxyEnable Value
DELETED EnableHttp1_1 Value
DELETED ProxyHttp1.1 Value
DELETED ProxyOverride Value
No Value in Standard Profile Register Key FirewallRaz :
No Value in Domain Profile Register Key FirewallRaz :
No Value in Firewall Exception Register Key (FirewallRaz)
========== Repertory ==========
NOT FOUND C:\Users\gaspar\AppData\Local\Dados de aplicativos
NOT FOUND C:\Users\gaspar\AppData\Local\Histórico
DELETED Window Temporary:
========== File ==========
NOT FOUND Folder/File: c:\windows\system32\tasks\{d05693b4-7f34-4658-a578-123dc51ad118}
DELETED Window Temporary:
========== Task ==========
DELETED Task: {D05693B4-7F34-4658-A578-123DC51AD118}
========== Restoration ==========
Restore System Point not created
========== Summary ==========
10 : Registry Value
3 : Repertory
2 : File
1 : Task
1 : Restoration
End of clean in 00mn 13s
========== Report File ==========
C:\ZHP\ZHPFix[R1].txt - 12/07/2012 19:29:33 [1437]
Boa Noite! MasterFuxi
---\\ System Information~ Processor: x86 Family 6 Model 22 Stepping 1, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 735 MB (22% free) <-
System Restore: Activé (Enable)
System drive C: has 34 GB (46%) free of 74 GB
|- Houve aumento da memória disponível,mas...ainda insuficiente.
|- Ps: Recomendo colocar mais memória no PC.
-/-
|- Abra o OTL.exe -> Clique em Limpeza. <-- Confirme!
|- Ps: O computador irá reiniciar!
-/-
|- Seus logs estão limpos!
|- Faça manutenção! Procure desfragmentar o disco e registro.
Abraços!
Boa Noite!
Agradeço pela ajuda e paciência. Problema resolvido.
PROBLEMA RESOLVIDO
Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.
Boa Noite! MasterFuxi
|- Baixe: < /applications/core/interface/imageproxy/imageproxy.php?img=http://billy-oneal.com/Canned%2520Speeches/speechimages/OTL/otlDesktopIcon.png&key=1894e5d356219721410c3360cbf9af74877ae24ccc81ed88026fc2d95dd96a07" alt="otlDesktopIcon.png" /> > ( ... by OldTimer Tools )
|- Clique em Salvar! < /applications/core/interface/imageproxy/imageproxy.php?img=http://www.mediafire.com/imgbnc.php/0e5c629f14858f5bf77e61d46c160e317c6d8c5d3ee101e311e440e99d7fd7b06g.jpg&key=3b5f68b982954852820a7b1c44c7d4ba5f9d81d9cc9adb16f3359408e8cb0d2c" alt="0e5c629f14858f5bf77e61d46c160e317c6d8c5d3ee101e311e440e99d7fd7b06g.jpg" /> >
|- Salve-o no desktop!
|- Duplo clique em OTL.exe --> Executar: /applications/core/interface/imageproxy/imageproxy.php?img=http://www.mediafire.com/imgbnc.php/c19ede0bf8817fba1b9a9c0e9dae6ede3b8983c41017d8926efac3638b95aee16g.jpg&key=422d6e6777df6b11458399b7f42d7cf2ca878f8e09b61a66ff681dacba971926" alt="c19ede0bf8817fba1b9a9c0e9dae6ede3b8983c41017d8926efac3638b95aee16g.jpg" />
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/OTL_Configuracao.jpg&key=7e76108b70bd59b556c6498d72f98bc50a1507c1101b089d8b9941f652fb86f9" alt="OTL_Configuracao.jpg" /> >> /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/OTL_Padrao.jpg&key=527dbad2b87905959f3ae5549fa6261b5208534cea6c54c3fa3ff991665188f4" alt="OTL_Padrao.jpg" />
|- Configure "Verificação de Arquivos",segundo a screenshot!
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25202/OTL_SemExt2.jpg&key=05f9220c5424b04df13bdcb38bad393cbf3e2b0c3d3705a4baff62e1096dadd8" alt="OTL_SemExt2.jpg" />
|- Ps: Faça o mesmo para estes!
|- Assinale,também,a inclusão da verificação para 64bits.
|- Em "Exame Extra do Registro",assinale "Nenhum".
>
netsvcs%APPDATA%\Local\*.
%APPDATA%\*.exe /s
%APPDATA%\*.
%USERPROFILE%\AppData\Local\.
%USERPROFILE%\AppData\Roaming\.
%systemroot%\assembly\tmp\. /S /MD5
%systemroot%\assembly\temp\. /S /MD5
%systemroot%\assembly\GAC\. /S /MD5
%systemroot%\assembly\GAC_32\. /S /MD5
%systemroot%\assembly\GAC_64\. /S /MD5
%systemroot%\system32\config\systemprofile\AppData\Local\.
%windir%\ServiceProfiles\LocalService\AppData\Local\Temp\.
%windir%\ServiceProfiles\NetworkService\AppData\Local\Temp\.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes
/md5start
explorer.exe
userinit.exe
winlogon.exe
wininit.exe
csrss.exe
smss.exe
svchost.exe
services.exe
uninst.exe
/md5stop
%systemroot%\system32\tasks\. /s /64
%systemroot%\system32\Tasks\. /s
%windir%\tasks\. /s
CREATERESTOREPOINT
/applications/core/interface/imageproxy/imageproxy.php?img=http://www.mediafire.com/imgbnc.php/6659d256325569c6e621117dc332966313a07d11cb5fb0ea4d9176217c7aefa76g.jpg&key=2f5fa92bb006b1b2ac6be24e167f552dde9bcc59e9fb935192d1c347c1a94cbf" alt="6659d256325569c6e621117dc332966313a07d11cb5fb0ea4d9176217c7aefa76g.jpg" />
|- Cole estas informações,que estão em verde,para o campo "Exames Personalizados/Correções".
|- Clique em Verificar: /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/OTL_Verificar.jpg&key=d6c8d91e28b9f545fcc454786ff682a3989a5e65e39fecb6192e17ff28bc52d0" alt="OTL_Verificar.jpg" />
|- Concluindo,poste o relatório: OTL.txt
|- Para grandes relatórios,acesse: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/Cjoint_Logo.jpg&key=bc3f249ffa4fec167155636520ebfd1fed8f6c8d63b5aa0b8cd82fb55aa2edb7" alt="Cjoint_Logo.jpg" /> >
|- Maiores informações: < |Link| >
Abraços!