Annluciap 0 Denunciar post Postado Outubro 20, 2008 Olá, tenho um micro que está super lento e na hora em que vou reiniciar ou fazer logoff ele não faz. Salvei um log do Hijack... segue abaixo. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:11:26, on 20/10/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe C:\ARQUIV~1\GbPlugin\GbpSv.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Network Associates\Common Framework\FrameworkService.exe C:\Arquivos de programas\Positivo Informática\Positivo Network Manager\LanCtrl.exe C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Network Associates\Common Framework\UpdaterUI.exe C:\Arquivos de programas\Ahead\InCD\InCD.exe C:\Arquivos de programas\Winamp\winampa.exe C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Microsoft Office\Office\OSA.EXE C:\Arquivos de programas\WinZip\WZQKPICK.EXE C:\Documents and Settings\Administrador\Desktop\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ufrgs.br/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GbPlugin\gbieh.dll O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Arquivos de programas\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [WinampAgent] C:\Arquivos de programas\Winamp\winampa.exe O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Aleph 500.14.2 Version Check.lnk = C:\AL500\ALEPHCOM\BIN\VERSION.EXE O4 - Global Startup: Inicialização do Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA.EXE O4 - Global Startup: Localização acelerada da Microsoft.lnk = C:\Arquivos de programas\Microsoft Office\Office\FINDFAST.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Arquivos de programas\WinZip\WZQKPICK.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{BA016882-8270-4335-BEDF-F8E7F63C1F2D}: NameServer = 143.54.1.52,143.54.1.53 O17 - HKLM\System\CS1\Services\Tcpip\..\{BA016882-8270-4335-BEDF-F8E7F63C1F2D}: NameServer = 143.54.1.52,143.54.1.53 O17 - HKLM\System\CS2\Services\Tcpip\..\{BA016882-8270-4335-BEDF-F8E7F63C1F2D}: NameServer = 143.54.1.52,143.54.1.53 O17 - HKLM\System\CS3\Services\Tcpip\..\{BA016882-8270-4335-BEDF-F8E7F63C1F2D}: NameServer = 143.54.1.52,143.54.1.53 O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GbPlugin\gbieh.dll O20 - Winlogon Notify: NetManNP - C:\Arquivos de programas\Positivo Informática\Positivo Network Manager\LCWinLNP.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Arquivos de programas\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\WINDOWS\system32\HPZipm12.exe (file missing) O23 - Service: Positivo Network Manager - Positivo Informática Ltda - C:\Arquivos de programas\Positivo Informática\Positivo Network Manager\LanCtrl.exe O23 - Service: SNMP Trap Service (SNMPTRAP) - Unknown owner - C:\WINDOWS\system32\snmptrap.exe (file missing) -- End of file - 6771 bytes ------------------------------------------------------------------------------- Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Outubro 22, 2008 Bom Dia! Annluciap <@> Faça um scan online em: < Kaspersky > <@> Utilize para isso,o navegador Internet Explorer. <!> Acesse o site,e clique em: < > <@> Na próxima página,clique em: I Accept <@> Isto,para que se instale o controle ActiveX e,em seguida,atualize o banco de dados. <@> Na próxima página,clique em: My Computer e faça o scan. <@> Tenha paciência! <@> Aguarde a atualização da base de dados,e também do exame,que é demorado. <@> Terminando,salve e poste o relatório. <@> Clique em Save Report As... para salvar o log. <@> Salve o resultado como .txt,segundo a imagem abaixo: <@> Poste,também,HijackThis atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Annluciap 0 Denunciar post Postado Outubro 22, 2008 Segue: -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Tuesday, October 21, 2008 Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Tuesday, October 21, 2008 15:51:52 Records in database: 1331814 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: A:\ C:\ D:\ E:\ Scan statistics: Files scanned: 43050 Threat name: 0 Infected objects: 0 Suspicious objects: 0 Duration of the scan: 01:35:40 No malware has been detected. The scan area is clean. The selected area was scanned. ------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:35:11, on 22/10/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe C:\ARQUIV~1\GbPlugin\GbpSv.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Network Associates\Common Framework\FrameworkService.exe C:\Arquivos de programas\Positivo Informática\Positivo Network Manager\LanCtrl.exe C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Network Associates\Common Framework\UpdaterUI.exe C:\Arquivos de programas\Ahead\InCD\InCD.exe C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\WinZip\WZQKPICK.EXE C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Administrador\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ufrgs.br/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GbPlugin\gbieh.dll O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Arquivos de programas\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Aleph 500.14.2 Version Check.lnk = C:\AL500\ALEPHCOM\BIN\VERSION.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Arquivos de programas\WinZip\WZQKPICK.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{BA016882-8270-4335-BEDF-F8E7F63C1F2D}: NameServer = 143.54.1.52,143.54.1.53 O17 - HKLM\System\CS1\Services\Tcpip\..\{BA016882-8270-4335-BEDF-F8E7F63C1F2D}: NameServer = 143.54.1.52,143.54.1.53 O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GbPlugin\gbieh.dll O20 - Winlogon Notify: NetManNP - C:\Arquivos de programas\Positivo Informática\Positivo Network Manager\LCWinLNP.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Arquivos de programas\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\WINDOWS\system32\HPZipm12.exe (file missing) O23 - Service: Positivo Network Manager - Positivo Informática Ltda - C:\Arquivos de programas\Positivo Informática\Positivo Network Manager\LanCtrl.exe O23 - Service: SNMP Trap Service (SNMPTRAP) - Unknown owner - C:\WINDOWS\system32\snmptrap.exe (file missing) -- End of file - 5414 bytes ----------------------------------------------------- Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Outubro 23, 2008 Bom Dia! Annluciap <!> Não existem indicações de malwares,no PC. <!> Tente um procedimento de restauração de arquivos,na solução do problema. ----------------------- <@> Vá em Iniciar --> Executar --> Digite: sfc /scannow --> Clique OK. <@> Será pedido a colocação do CD-ROM,do Windows XP,no drive. <@> Aguarde a conclusão do reparo! ----------------------- <!> O log está limpo! <!> Tudo Ok? Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Annluciap 0 Denunciar post Postado Outubro 24, 2008 Olá, estava pensando em fazer isso mesmo. Vou seguir as instruções indicadas por ti. Obrigada pela ajuda. Um abraço, Ana. Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Outubro 25, 2008 PROBLEMA RESOLVIDO! Caso o autor necessite que o Tópico seja reaberto é preciso enviar uma Mensagem Privada,para um Moderador,com um Link para o Tópico. Compartilhar este post Link para o post Compartilhar em outros sites