[Resolvido!] Computador lento

dcesar · Maio 3, 2008

Olá,

Meu computador tem estado lento, inexplicavelmente. Quado abro o gerenciador de tarefas do windows ele mostra um uso de CPU altíssimo (80% a 100%), mesmo que só um programa (um navegador, por exemplo) esteja aberto.

Outra coisa que acontece é ele travar por alguns segundos (2 ou 3) e voltar ao normal, regularmente.

Colei abaixo o log do Hijackthis.

Obrigado pela atenção.

César

-

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 09:31:07, on 3/5/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program\AntiVir PersonalEdition Classic\avguard.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\Arquivos de Programas\Java\jre1.6.0_03\bin\jusched.exe

C:\Program\AntiVir PersonalEdition Classic\avgnt.exe

C:\Arquivos de Programas\Hewlett-Packard\hp deskjet 9300 series\Toolbox\mpm.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Program\AntiVir PersonalEdition Classic\sched.exe

C:\Arquivos de programas\Comodo\Firewall\cmdagent.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\PCSuite\Services\ServiceLayer.exe

C:\Arquivos de programas\Comodo\Firewall\cfp.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de Programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de Programas\Scpad\scpsssh2.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de Programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GbPlugin\gbieh.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Arquivos de Programas\GbPlugin\gbiehuni.dll

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de Programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Arquivos de programas\Comodo\Firewall\cfp.exe" -s

O4 - HKLM\..\Run: [HPWG myPrintMileage Agent] C:\Arquivos de Programas\Hewlett-Packard\hp deskjet 9300 series\Toolbox\mpm.exe

O4 - HKLM\..\Run: [zzGBK] D:\setup.exe

O4 - HKLM\..\Run: [googletalk] C:\Arquivos de Programas\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\ARQUIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de Programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de Programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de Programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O16 - DPF: {36C417C6-13C6-448B-9784-DD73A93B0582} (McAfee.com Download+Installer Class) - http://download.mcafee.com/molbin/shared/m...83/mcinsctl.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1189893767875

O16 - DPF: {9EC30204-384D-11D3-9CA3-00A024F0AF03} (ValidaUsuario Class) - https://cpne.bradesco.com.br/certifexp.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,20/mcgdmgr.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlug...GbPluginUni.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{917E8ABF-6E7C-4393-B931-094E0505A2F6}: NameServer = 200.165.132.154 200.165.132.148

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GbPlugin\gbieh.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de Programas\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de Programas\Scpad\scpLIB.dll

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Arquivos de programas\Comodo\Firewall\cmdagent.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\Arquivos comuns\PCSuite\Services\ServiceLayer.exe

--

End of file - 8580 bytes

DigRam · Maio 9, 2008

Bom Dia! dcesar

>@< Faça o download do ComboFix.

>@< Baixe-o para o Desktop!

>@< Desabilite as proteções residente de: antivírus,antispywares e Firewall.

>@< Feche todas as janelas e execute a ferramenta!

Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.
Salve-a no Desktop,renomeada como: Kombo.exe

Ps: Nomeie durante o salvamento,e não após salvá-la!

Ps: Caso ocorra alguma mensagem de erro,rode o ComboFix em Modo de Segurança.

>@< Abrirá a janela Auto Scan. Aguarde!

>@< Digite a opção para continuar e < Enter >

>@< Aguarde a conclusão! Durante o scan,evite tocar no mouse ou teclado!

-----------------------------------

>@< Poste o relatório: C:\ComboFix.txt,na sua resposta + Log do HJT,atualizado.

Abraços!

dcesar · Maio 11, 2008

Digram, obrigado.

Os logs estão lá embaixo.

Mas antes: rodeio o Combofix uma primeira vez, no perfil 1, ele abriu, começou a rodar e depois apareceu uma mensagem dizendo que o Windows alguma coisa Host não estava ativo, algo assim. Foi muito rápido, não deu pra ler: apareceu isso e depois o PC reiniciou.

Entrei no mesmo perfil, rodei o Combofix de novo, deu no mesmo. Só que, quando reiniciou dessa segunda vez, ele passou o scandisk.

Aí reiniciei, entrei no modo de segurança e rodei o Combofix uma terceira vez. Aí funcionou. Mas quando reiniciei (depois do Combofix ter terminado) e entrei no perfil 2, ele me deu uma mensagem do Spybot dizendo que uma entrada do registro havia sido mudada: o perfil 1 (aquele em que eu havia rodado o combofix pela primeira vez) havia cedido o lugar de "default" para o perfil 2.

Não sei se isso é importante ou normal, por isso estou citando.

Abaixo, os logs.

Abraço

-

ComboFix 08-05-09.1 - Administrador 2008-05-10 22:03:00.1 - FAT32x86 MINIMAL

Executando de: C:\Documents and Settings\Administrador\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Windows Media\10.0\WMSDKNSD.XML

.

((((((((((((((((((((((( Ficheiros criados de 2008-04-11 to 2008-05-11 ))))))))))))))))))))))))))))))))

.

2008-05-10 21:44 . 2008-05-10 21:44 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG

2008-05-03 09:28 . 2008-05-03 09:28 <DIR> d-------- C:\Arquivos de programas\Trend Micro

2008-04-23 22:13 . 2008-04-23 22:13 250,690 --a------ C:\Documents and Settings\Diego\Dados de aplicativos\NMM-MetaData.db

2008-04-18 12:28 . 2008-04-18 12:28 <DIR> d-------- C:\Progrma emp domestica

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-30 10:44 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-03-30 10:44 360,064 ----a-w C:\WINDOWS\system32\DllCache\tcpip.sys

2008-03-27 23:20 --------- d-----w C:\Arquivos de Programas\TimeAdjuster

2008-03-25 23:38 --------- d-----w C:\Arquivos de Programas\BitComet

2008-03-22 18:41 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-03-22 18:40 50,688 ----a-w C:\WINDOWS\system32\wbhelp2.dll

2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-20 08:09 1,845,376 ------w C:\WINDOWS\system32\DllCache\win32k.sys

2008-03-10 21:45 230,432 ----a-w C:\PA207.DAT

2008-03-01 21:32 3,591,680 ------w C:\WINDOWS\system32\DllCache\mshtml.dll

2008-02-29 09:00 625,664 ------w C:\WINDOWS\system32\DllCache\iexplore.exe

2008-02-29 08:59 70,656 ------w C:\WINDOWS\system32\DllCache\ie4uinit.exe

2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\DllCache\ieudinit.exe

2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll

2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\DllCache\gdi32.dll

2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll

2008-02-20 05:38 45,568 ------w C:\WINDOWS\system32\DllCache\dnsrslvr.dll

2008-02-20 05:38 148,992 ------w C:\WINDOWS\system32\DllCache\dnsapi.dll

2008-02-15 05:44 161,792 ------w C:\WINDOWS\system32\DllCache\ieakui.dll

2008-02-13 17:56 713 ---ha-w C:\os985380.bin

.

------- Sigcheck -------

2008-03-30 07:44 360064 3f89432724dc5d72689e16f3354bccfc C:\WINDOWS\system32\drivers\tcpip.sys

2008-03-30 07:44 360064 3f89432724dc5d72689e16f3354bccfc C:\WINDOWS\system32\DllCache\tcpip.sys

2006-04-20 08:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys

2006-04-20 09:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys

2007-10-30 14:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys

2005-08-31 02:14 359936 dbc20c4332fe84b826530c49ae09721e C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 21:45 15360]

"SpybotSD TeaTimer"="C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

"updateMgr"="C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RemoteControl"="C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 03:01 32768]

"Cmaudio"="cmicnfg.cpl" []

"SunJavaUpdateSched"="C:\Arquivos de Programas\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

"avgnt"="C:\Program\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-15 22:46 262401]

"COMODO Firewall Pro"="C:\Arquivos de programas\Comodo\Firewall\cfp.exe" [2007-11-23 09:52 1481984]

"HPWG myPrintMileage Agent"="C:\Arquivos de Programas\Hewlett-Packard\hp deskjet 9300 series\Toolbox\mpm.exe" [2003-08-06 05:04 102400]

"zzGBK"="D:\setup.exe" [ ]

"googletalk"="C:\Arquivos de Programas\Google\Google Talk\googletalk.exe" [2007-01-01 19:54 3735552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 21:45 15360]

"MsnMsgr"="C:\Arquivos de programas\MSN Messenger\MsnMsgr.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nlsf"="cmd.exe" [2004-08-03 21:45 400384 C:\WINDOWS\system32\cmd.exe]

"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-03 18:34 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]

"{A3717295-941D-416F-9384-ED1736729F1C}"= C:\Arquivos de Programas\Scpad\scpLIB.dll [2008-04-24 10:11 201984]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399008}"= C:\Arquivos de Programas\GbPlugin\gbiehuni.dll [2007-10-08 17:27 336800]

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= C:\ARQUIV~1\GbPlugin\gbieh.dll [2008-04-15 09:37 378696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"CompIBBrd"= {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de Programas\Scpad\scpLIB.dll [2008-04-24 10:11 201984]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

C:\ARQUIV~1\GbPlugin\gbieh.dll 2008-04-15 09:37 378696 C:\ARQUIV~1\GbPlugin\gbieh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.3iv2"= 3ivxVfWCodec.dll

"VIDC.VP31"= vp31vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\Google\\Google Talk\\googletalk.exe"=

"C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"13327:TCP"= 13327:TCP:BitComet 13327 TCP

"13327:UDP"= 13327:UDP:BitComet 13327 UDP

S1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2007-11-23 09:52]

S1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2007-11-23 09:52]

S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2007-09-15 18:53]

S3 PAC207;PC Camera;C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2007-05-29 13:30]

*Newly Created Service* - CATCHME

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-10 22:05:02

Windows 5.1.2600 Service Pack 2 FAT NTAPI

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2008-05-10 22:05:38

ComboFix-quarantined-files.txt 2008-05-11 01:05:38

Pre-Run: 51,522,273,280 bytes disponíveis

Post-Run: 52,626,391,040 bytes disponíveis

118 --- E O F --- 2008-04-09 18:08:42

---

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:28:57, on 10/5/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\AntiVir PersonalEdition Classic\avguard.exe

C:\Program\AntiVir PersonalEdition Classic\sched.exe

C:\Arquivos de programas\Comodo\Firewall\cmdagent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\Arquivos de Programas\Java\jre1.6.0_03\bin\jusched.exe

C:\Program\AntiVir PersonalEdition Classic\avgnt.exe

C:\Arquivos de programas\Comodo\Firewall\cfp.exe

C:\Arquivos de Programas\Hewlett-Packard\hp deskjet 9300 series\Toolbox\mpm.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe