[Resolvido!] Travamento Momentâneo

[Rody Dio 0]

Meu Pc está com um problema de travamento, ele trava por alguns segundos e depois volta ao normal, o mouse congela, tudo congela e deposi fica normal, isso acontece várias vezes o tempo todo. Já tentei antivirus, antispyware, adware etc... nada resolve. Não sei se pode ser hardware... ele já deu esse problema uma vez, mas não lembro como resolvi, agora voltou a dar isso, talvez com o log do HijackThis vcs possam me ajudar, muito grato pela atençãoa

 

====================

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:31:00, on 12/8/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Google\Update\1.2.183.7\GoogleCrashHandler.exe

C:\Arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWTray.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

F:\Documents and Settings\RODY\Meus documentos\Downloads\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vivalafenix.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: 4shared.com Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Arquivos de programas\4shared.com\tb4sh1.dll

O2 - BHO: 4shared.com Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Arquivos de programas\4shared.com\tb4sh1.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Arquivos de programas\Winamp Toolbar\winamptb.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\ARQUIV~1\GbPlugin\gbiehUni.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Arquivos de programas\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Arquivos de programas\Winamp Toolbar\winamptb.dll

O3 - Toolbar: 4shared.com Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Arquivos de programas\4shared.com\tb4sh1.dll

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Dados de aplicativos\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Arquivos de programas\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll

O9 - Extra 'Tools' menuitem: &Configurações do Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Arquivos de programas\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1240079924375

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=29223

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlugin/cab/GbPluginUni.cab

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O20 - Winlogon Notify: GbPluginUni - C:\ARQUIV~1\GbPlugin\gbiehUni.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate1c9d1e3fbe00034) (gupdate1c9d1e3fbe00034) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

--

End of file - 9624 bytes

 

 

==========================

 

Muito Grato pela atenção

[Rody Dio 0]

LOG DO COMBOFIX Talvez tb ajude!!!

 

ComboFix 09-08-10.06 - RODY 12/08/2009 23:49.1.4 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.3326.2876 [GMT -3:00]

Executando de: f:\documents and settings\RODY\Meus documentos\Downloads\ComboFix.exe

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

.

ADS - drivers: deleted 350 bytes in 1 streams.

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-07-13 to 2009-08-13 ))))))))))))))))))))))))))))

.

 

2009-08-13 00:19 . 2009-08-13 00:31 -------- d-----w- c:\documents and settings\RODY\Dados de aplicativos\IObit

2009-08-13 00:19 . 2009-08-13 00:19 -------- d-----w- c:\arquivos de programas\IObit

2009-08-12 03:41 . 2009-08-12 03:41 -------- d-sh--w- c:\documents and settings\RODY\IETldCache

2009-08-12 03:01 . 2009-08-12 03:01 -------- d-----w- c:\windows\ie8updates

2009-08-12 02:59 . 2009-08-12 03:00 -------- dc-h--w- c:\windows\ie8

2009-08-12 02:01 . 2009-07-03 16:59 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2009-08-12 02:01 . 2009-07-03 16:59 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2009-08-12 02:00 . 2009-07-01 07:08 101376 -c----w- c:\windows\system32\dllcache\iecompat.dll

2009-07-27 03:44 . 2009-07-27 03:46 -------- d-----w- c:\documents and settings\RODY\Dados de aplicativos\Any Video Converter

2009-07-27 03:44 . 2009-07-27 03:44 -------- d-----w- c:\arquivos de programas\Any Video Converter

2009-07-27 03:41 . 2009-07-27 03:41 -------- d-----w- c:\documents and settings\RODY\Dados de aplicativos\Apple Computer

2009-07-27 03:39 . 2009-07-27 03:39 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\VOWSoft

2009-07-27 03:39 . 2009-08-13 01:30 -------- d-----w- c:\arquivos de programas\ABC 3GP Converter

2009-07-16 16:06 . 2009-07-01 17:28 52224 ----a-w- c:\documents and settings\RODY\Dados de aplicativos\Mozilla\Firefox\Profiles\zul5qyup.default\extensions\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}\components\FFExternalAlert.dll

2009-07-16 16:06 . 2009-07-01 17:28 114688 ----a-w- c:\documents and settings\RODY\Dados de aplicativos\Mozilla\Firefox\Profiles\zul5qyup.default\extensions\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}\components\npmozax.dll

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-13 02:40 . 2009-05-06 23:38 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft

2009-08-13 02:40 . 2009-05-06 23:38 -------- d-----w- c:\arquivos de programas\Lavasoft

2009-08-13 02:40 . 2009-05-06 23:38 -------- dc-h--w- c:\documents and settings\All Users\Dados de aplicativos\~0

2009-08-13 02:18 . 2009-04-18 18:16 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2009-08-13 01:54 . 2009-04-19 16:16 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Electronic Arts

2009-08-13 00:30 . 2009-04-21 04:14 -------- d-----w- c:\arquivos de programas\K-Lite Codec Pack

2009-08-12 04:08 . 2009-04-26 21:56 -------- d-----w- c:\arquivos de programas\Spybot - Search & Destroy

2009-08-12 04:03 . 2009-04-26 21:56 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2009-08-12 02:30 . 2009-04-27 04:04 1 ----a-w- c:\documents and settings\RODY\Dados de aplicativos\BrOffice.org\3\user\uno_packages\cache\stamp.sys

2009-08-12 01:36 . 2009-04-18 21:57 -------- d-----w- c:\arquivos de programas\Windows Live Safety Center

2009-08-11 02:09 . 2009-04-22 03:30 21629335 ----a-w- c:\windows\Internet Logs\tvDebug.Zip

2009-08-09 01:58 . 2001-10-28 15:07 79240 ----a-w- c:\windows\system32\perfc016.dat

2009-08-09 01:58 . 2001-10-28 15:07 468462 ----a-w- c:\windows\system32\perfh016.dat

2009-08-07 09:03 . 2009-04-20 00:52 -------- d-----w- c:\arquivos de programas\DreaMule

2009-08-05 16:13 . 2009-04-26 21:44 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-08-03 05:29 . 2009-04-18 22:41 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP

2009-07-20 02:37 . 2009-06-16 18:36 -------- d-----w- c:\documents and settings\RODY\Dados de aplicativos\Hamachi

2009-07-19 02:56 . 2009-04-18 18:26 -------- d-----w- c:\arquivos de programas\Google

2009-07-16 16:59 . 2009-07-16 16:59 132533 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_07_16_13_54_17_small.dmp.zip

2009-07-13 07:17 . 2009-07-13 07:17 130586 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_07_13_04_11_50_small.dmp.zip

2009-07-08 23:06 . 2009-07-02 05:36 -------- d-----w- c:\documents and settings\RODY\Dados de aplicativos\SendSpace Wizard

2009-07-07 22:35 . 2009-07-07 22:34 -------- d-----w- c:\arquivos de programas\QuickTime

2009-07-07 22:34 . 2009-07-07 22:34 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Apple Computer

2009-07-07 22:34 . 2009-07-07 22:34 -------- d-----w- c:\arquivos de programas\Apple Software Update

2009-07-07 22:34 . 2009-07-07 22:34 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Apple

2009-07-06 05:00 . 2009-07-06 05:00 139002 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_07_06_01_55_13_small.dmp.zip

2009-07-05 21:38 . 2009-07-05 21:38 134836 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_07_05_18_32_50_small.dmp.zip

2009-07-03 16:59 . 2004-08-04 02:45 915456 ----a-w- c:\windows\system32\wininet.dll

2009-07-02 05:36 . 2009-07-02 05:36 -------- d-----w- c:\arquivos de programas\SendSpace

2009-06-28 11:47 . 2009-06-28 11:47 133718 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_06_28_08_42_14_small.dmp.zip

2009-06-28 07:04 . 2009-06-28 07:04 123961 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_06_28_03_59_07_small.dmp.zip

2009-06-16 22:23 . 2009-06-16 22:23 -------- d-----w- c:\arquivos de programas\Opera

2009-06-16 18:35 . 2009-06-16 18:35 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys

2009-06-16 14:39 . 2004-08-04 02:45 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-16 14:39 . 2001-10-28 15:06 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-06-03 19:10 . 2004-08-04 02:45 1295872 ----a-w- c:\windows\system32\quartz.dll

2009-05-30 22:02 . 2009-05-30 22:02 8192 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstCCD.exe

2009-05-30 22:02 . 2009-05-30 22:02 61440 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCSFEMsi.exe

2009-05-30 22:02 . 2009-05-30 22:02 10240 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCS.exe

2009-05-30 22:01 . 2009-05-30 22:02 34511040 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Nokia_PC_Suite_7_1_26_0_wu_por_br.exe

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}"= "c:\arquivos de programas\4shared.com\tb4sh1.dll" [2009-06-02 2094616]

 

[HKEY_CLASSES_ROOT\clsid\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}]

2009-06-02 02:52 2094616 ----a-w- c:\arquivos de programas\4shared.com\tb4sh1.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}"= "c:\arquivos de programas\4shared.com\tb4sh1.dll" [2009-06-02 2094616]

 

[HKEY_CLASSES_ROOT\clsid\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{09EC805C-CB2E-4D53-B0D3-A75A428B81C7}"= "c:\arquivos de programas\4shared.com\tb4sh1.dll" [2009-06-02 2094616]

 

[HKEY_CLASSES_ROOT\clsid\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ZoneAlarm Client"="c:\arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384]

"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-14 171520]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-11 13524992]

"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399008}"= "c:\arquiv~1\GbPlugin\gbiehUni.dll" [2009-03-25 414624]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2009-03-25 14:32 271152 ----a-w- c:\arquivos de programas\GbPlugin\gbieh.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginUni]

2009-03-25 12:08 414624 ----a-w- c:\arquiv~1\GbPlugin\gbiehUni.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^forteManager.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\forteManager.lnk

backup=c:\windows\pss\forteManager.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^RODY^Menu Iniciar^Programas^Inicializar^BrOffice.org 3.0.lnk]

path=c:\documents and settings\RODY\Menu Iniciar\Programas\Inicializar\BrOffice.org 3.0.lnk

backup=c:\windows\pss\BrOffice.org 3.0.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"c:\\Arquivos de programas\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=

 

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [18/4/2009 17:52 26320]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [26/4/2009 18:44 108289]

R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [18/4/2009 17:53 52560]

S2 gupdate1c9d1e3fbe00034;Google Update Service (gupdate1c9d1e3fbe00034);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [10/5/2009 23:55 133104]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-08-04 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 15:34]

 

2009-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-05-11 02:55]

 

2009-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-05-11 02:55]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.vivalafenix.com.br/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &Winamp Search - c:\documents and settings\All Users\Dados de aplicativos\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://www14.bancobrasil.com.br/plugin/GbpDist.cab

DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} - hxxps://clickbanking.unibanco.com.br/GbPlugin/cab/GbPluginUni.cab

FF - ProfilePath - c:\documents and settings\RODY\Dados de aplicativos\Mozilla\Firefox\Profiles\zul5qyup.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.vivalafenix.com.br/sys/

FF - component: c:\arquivos de programas\Google\Google Gears\Firefox\lib\ff35\gears.dll

FF - component: c:\documents and settings\RODY\Dados de aplicativos\Mozilla\Firefox\Profiles\zul5qyup.default\extensions\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}\components\FFExternalAlert.dll

FF - component: c:\documents and settings\RODY\Dados de aplicativos\Mozilla\Firefox\Profiles\zul5qyup.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}\components\GbMzhBb.dll

FF - plugin: c:\arquivos de programas\Google\Update\1.2.183.7\npGoogleOneClick8.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-13 00:03

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_USERS\S-1-5-21-1957994488-879983540-725345543-1003\Software\SecuROM\License information*]

"datasecu"=hex:e2,c7,d7,d0,92,96,da,7b,01,88,cb,9f,14,bb,b9,f2,2d,85,ea,9e,7b,

dd,75,fc,32,44,9c,a3,64,ca,b5,53,4b,37,ad,2e,45,ad,b2,81,1c,f7,2c,d6,a9,e6,\

"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(708)

c:\arquivos de programas\GBPLUGIN\gbieh.dll

c:\arquiv~1\GbPlugin\gbiehUni.dll

 

- - - - - - - > 'explorer.exe'(2268)

c:\windows\system32\WININET.dll

c:\arquivos de programas\GBPLUGIN\gbieh.dll

c:\arquiv~1\GbPlugin\gbiehUni.dll

c:\windows\system32\webcheck.dll

.

Tempo para conclusão: 2009-08-13 0:05

ComboFix-quarantined-files.txt 2009-08-13 03:05

 

Pré-execução: 7 pasta(s) 52.521.242.624 bytes disponíveis

Pós execução: 7 pasta(s) 52.534.657.024 bytes disponíveis

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

239

[Sam Spade 2]

Olá Rody Dio! Os logs estão Ok. Procure verificar o hardware, que provavelmente o problema está partindo daí.

 

Abraço.

[Rody Dio 0]

muito obrigado,

 

irei verificar.

 

percebi que sempre que trava a luz que acende qnd o pc está trabalhando fica acesa direto sem parar, só volta ao normal qnd reinicio ele...

[Sam Spade 2]

Ok, pode estar havendo super-aquecimento do processador por deficiência do cooler. Leve a um técnico de confiança para os devidos testes.

 

Abraço.

[Rody Dio 0]

muito obrigado,

 

Farei isso amanhã!!!

[Sam Spade 2]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.