Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Oseias19

[Arquivado] &nbspMaioria dos Programas Usando 50% ou +

Recommended Posts

Boas..

 

Segue o Log do HijackThis ...

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:09:25, on 9/8/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Alwil Software\Avast5\AvastUI.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Documents and Settings\Sando\Desktop\Downloads\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.ask.com?o=15383&l=dis

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R3 - URLSearchHook: Reganam Toolbar - {db9d7a78-a76c-4bf2-97c6-258925ee1542} - C:\Arquivos de programas\Reganam\tbReg1.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Reganam Toolbar - {db9d7a78-a76c-4bf2-97c6-258925ee1542} - C:\Arquivos de programas\Reganam\tbReg1.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Reganam Toolbar - {db9d7a78-a76c-4bf2-97c6-258925ee1542} - C:\Arquivos de programas\Reganam\tbReg1.dll

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [HDAudDeck] C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe 1

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [avast5] C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /nogui

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{23A510A1-2031-41D7-A829-D1F944238948}: NameServer = 200.204.0.10 200.204.0.138

O17 - HKLM\System\CS1\Services\Tcpip\..\{23A510A1-2031-41D7-A829-D1F944238948}: NameServer = 200.204.0.10 200.204.0.138

O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Arquivos de programas\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

 

--

End of file - 5640 bytes

 

 

Considerações finais: No Log mostra o tal Internet Explorer **o qual eu nao estava usando na momento do Log, e o qual nunca uso tambem**

Antes pensava ser problema de minha placa mãe, a qual troquei a mesma por uma nova.

Os tais programas que disse são programas que são usados no dia-a-dia como : Windows System Care, Ccleaner, Photoshop,e outros mais,(os quais nao me lembro no momento) alguns destes programas usam quase 3 vezes mais do que era usado antes do problema começar.

Jogos Online como Lineage 2 usa muito Cpu tambem, antes o que era usado 7~10% de cpu, hoje fica com 50~70%

Hoje lendo alguns tópicos relacionados a minha duvida, fiz os tais procedimentos, mas nao vi melhoras.

Segue a configuração do PC: Intel core 2 duo E4500 2.2 Ghz, 2 GB de Memoria.

Ja estou pensando ser problema na propria CPU ...

 

Muito Obrigado desde já.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa tarde...

 

1.

*Faça um scan online com o NOD32

 

4682a6d30e.gif

 

*Ao término cole o relatório criado em C:\Arquivos de programas\EsetOnlineScanner\log

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa tarde...

 

1.

*Faça um scan online com o NOD32'>http://eset.com/onlinescan"]NOD32

 

4682a6d30e.gif

 

*Ao término cole o relatório criado em C:\Arquivos de programas\EsetOnlineScanner\log

 

Bom dia...

 

Desculpas pela demora a responder.

 

Segue o Log...

 

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=cfa81a11a930da49af09dd8ea779854d

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2010-08-11 05:46:37

# local_time=2010-08-11 02:46:37 (-0300, Hora oficial do Brasil)

# country="Brazil"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=768 16777215 100 0 5538895 5538895 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=65426

# found=10

# cleaned=10

# scan_time=12354

C:\Arquivos de programas\Cheat Engine\dbk32.sys Win32/HackTool.CheatEngine application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Lineage II\system\msxml.dll a variant of Win32/Packed.VMProtect.AAA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Sando\Desktop\Downloads\gracia_vgos_system_v7.zip a variant of Win32/Packed.VMProtect.AAA trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Sando\Meus documentos\Downloads\BroherSoft_CheatEngine55.exe Win32/HackTool.CheatEngine application (deleted - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{76832E46-5D0A-474F-94AF-F67156547394}\RP87\A0017227.sys Win32/HackTool.CheatEngine application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{76832E46-5D0A-474F-94AF-F67156547394}\RP87\A0017228.dll a variant of Win32/Packed.VMProtect.AAA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

D:\Jogos\James.Camerons.Avatar.The.Game-RELOADED\rld-avtr.iso Win32/Packed.VMProtect.D trojan (deleted - quarantined) 00000000000000000000000000000000 C

D:\Programas\aTube_Catcher_Installer.exe Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C

D:\Programas\Converter fotos.zip Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C

D:\Programas\totcarnageisflat-ch.zip probably a variant of Win32/Inject.GJCKPSQ trojan (deleted - quarantined) 00000000000000000000000000000000 C

Compartilhar este post


Link para o post
Compartilhar em outros sites

1.

*Execute o arquivo c:\arquivos de programas\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe

 

2.

*Baixe o MalwareBytes Anti-malware e salve-o no desktop

*Instale o programa

*Se alguma atualização existir, o download será automático. Aguarde...

*O programa será aberto automaticamente.

*Na aba [Verificação], selecione a opção [Verificação completa]

*Clique em [Verificar] e selecione as partições a serem examinadas (geralmente C:\ e D:\)

*Ao término do scan, poderá ser interrogado se deseja remover objetos da memória. Clique [sIM] > [OK] > [Mostrar Resultados]

*Clique em [Remover Selecionados]

*Um relatório (mbam-log-ano-mês-data.txt) será apresentado.

*Cole-o na sua próxima resposta

Compartilhar este post


Link para o post
Compartilhar em outros sites

Certo, acabei de chegar do trabalho, e o MalwareBytes esta fazendo a verificação completa, Partição C: e D:

 

Daqui a pouco posto o Log

 

Obrigado desde já

Compartilhar este post


Link para o post
Compartilhar em outros sites

Então segue o Log...

 

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Versão da Base de Dados: 4404

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 6.0.2900.5512

 

11/8/2010 18:36:24

mbam-log-2010-08-11 (18-36-24).txt

 

Tipo de Verificação: Verificação Completa (C:\|D:\|)

Objetos escaneados: 182997

Tempo decorrido: 22 minuto(s), 6 segundo(s)

 

Processos de Memória Infectados: 0

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 0

Valores de Registro Infectados: 0

Itens de Dados no Registro Infectados: 0

Pastas Infectadas: 0

Arquivos Infectados: 1

 

Processos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Chaves de Registro Infectadas:

(Não foram detectados ítens maliciosos)

 

Valores de Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Itens de Dados no Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Pastas Infectadas:

(Não foram detectados ítens maliciosos)

 

Arquivos Infectados:

D:\Jogos\Batman Arkham Asylum\d3drm.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.

 

Apesar do Log me parecer estar limpo e ja ter deletado o d3drm.dll (Malware.Packer.Gen) , o problema infelizmente persiste.

 

Obrigado.

Compartilhar este post


Link para o post
Compartilhar em outros sites

1.

*Baixe o ERUNT e salve-o no desktop

*Extraia o conteúdo para a pasta C:\ERUNT

*Duplo clique em ERUNT.exe

*Clique [OK] > [OK] > [sim] > [OK]

 

2.

*Desative temporariamente seu antivírus

 

Clique com o botão direito do mouse no ícone do Avast ao lado do relógio > Selecione "Pausar a proteção residente" > Confirme.

*Baixe o ComboFix e salve-o no desktop

 

*Execute o Combofix e aceite o contrato

 

*Se o console de recuperação do Windows já estiver instalado, o ComboFix continuará o processo automaticamente. Caso contrário, clique em [sIM] para a sua instalação.

 

recovery-console-prompt.jpg

 

*Clique em [sIM] para continuar.

 

recovery-console-installed.jpg

 

*Aguarde a conclusão de todas as etapas

 

etapas.jpg

 

*Enquanto o ComboFix estiver em execução, evite usar o mouse e o teclado!!..... Para interromper o procedimento tecle N ou 2 e depois ENTER.

 

*O programa será fechado automaticamente e um relatório (C:\combofix.txt) será apresentado. Cole-o na próxima resposta.

 

*Se for reiniciar o PC haverá uma opção, na inicialização, chamada Console de Recuperação. Não entre no Windows através do mesmo desde que devidamente orientado(a)!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Procedimentos Feitos, o primeiro programa que estava era o RDilly, depois atualizou para o ERUNT (aqui no forum) e deu tudo certo.

 

Segue o Log do Combofix...

 

ComboFix 10-08-11.04 - Sando 11/08/2010 20:28:40.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2045.1469 [GMT -3:00]

Executando de: c:\documents and settings\Sando\Desktop\ComboFix.exe

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

 

(((((((((((((((( Arquivos/Ficheiros criados de 2010-07-11 to 2010-08-11 ))))))))))))))))))))))))))))

.

 

2010-08-08 21:20 . 2010-08-08 21:30 -------- d-----w- C:\ToolBar SD

2010-08-08 20:35 . 2010-08-08 20:35 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\PassMark

2010-08-08 20:35 . 2010-08-08 20:35 -------- d-----w- c:\arquivos de programas\BurnInTest

2010-08-08 19:53 . 2010-08-08 19:53 -------- d-s---w- c:\documents and settings\Sando\UserData

2010-08-08 13:20 . 2008-04-10 14:52 4682 ----a-w- c:\windows\system32\npptNT2.sys

2010-08-08 13:13 . 2010-08-08 20:21 -------- d-----w- c:\arquivos de programas\Lineage II

2010-08-08 02:08 . 2010-08-08 02:08 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\SRSLabs

2010-08-08 01:59 . 2010-08-08 01:59 -------- d-----w- c:\documents and settings\Sando\Dados de aplicativos\Malwarebytes

2010-08-08 01:59 . 2010-04-29 18:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-08-08 01:59 . 2010-08-08 01:59 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2010-08-08 01:59 . 2010-08-08 01:59 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2010-08-08 01:59 . 2010-04-29 18:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-08-08 01:50 . 2010-08-08 01:50 -------- d-----w- c:\arquivos de programas\Arquivos comuns\SRS

2010-08-08 01:50 . 2010-08-08 01:50 -------- d-----w- c:\arquivos de programas\SRSLabs

2010-08-08 00:35 . 2010-08-08 00:35 -------- d-----w- c:\arquivos de programas\7-Zip

2010-08-06 23:15 . 2010-08-06 23:15 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\KONAMI

2010-08-06 23:15 . 2010-08-06 23:15 -------- d-----w- c:\arquivos de programas\KONAMI

2010-08-04 03:06 . 2010-08-04 03:06 503808 ----a-w- c:\documents and settings\Sando\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6f2f47bb-n\msvcp71.dll

2010-08-04 03:06 . 2010-08-04 03:06 499712 ----a-w- c:\documents and settings\Sando\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6f2f47bb-n\jmc.dll

2010-08-04 03:06 . 2010-08-04 03:06 348160 ----a-w- c:\documents and settings\Sando\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6f2f47bb-n\msvcr71.dll

2010-08-04 03:06 . 2010-08-04 03:06 61440 ----a-w- c:\documents and settings\Sando\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5cf2e7a2-n\decora-sse.dll

2010-08-04 03:06 . 2010-08-04 03:06 12800 ----a-w- c:\documents and settings\Sando\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5cf2e7a2-n\decora-d3d.dll

2010-07-31 15:37 . 2010-07-31 15:37 -------- d-----w- c:\windows\USB Vibration

2010-07-31 15:37 . 2010-07-31 15:37 -------- d-----w- c:\arquivos de programas\USB Vibration

2010-07-31 15:13 . 2010-07-31 15:13 -------- d--h--r- c:\documents and settings\Sando\Dados de aplicativos\SecuROM

2010-07-31 15:13 . 2008-10-15 09:22 452440 ----a-w- c:\windows\system32\d3dx10_40.dll

2010-07-31 15:01 . 2010-07-31 15:01 -------- d-----w- c:\arquivos de programas\Disney Interactive Studios

2010-07-31 01:43 . 2010-07-31 01:43 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Solidshield

2010-07-31 01:37 . 2010-07-31 01:37 -------- d-----w- c:\arquivos de programas\Ubisoft

2010-07-29 02:14 . 2010-07-29 02:14 -------- d-----w- c:\arquivos de programas\EA GAMES

2010-07-27 18:05 . 2010-07-27 18:05 -------- d-----w- c:\arquivos de programas\WinPcap

2010-07-25 21:34 . 2010-07-25 21:34 917504 ----a-w- c:\documents and settings\Sando\Dados de aplicativos\PowerChallenge\PowerSoccer\TVE3.dll

2010-07-25 21:34 . 2010-07-25 21:34 4296704 ----a-w- c:\documents and settings\Sando\Dados de aplicativos\PowerChallenge\PowerSoccer\PowerSoccer.exe

2010-07-25 21:33 . 2010-07-25 21:34 253952 ----a-w- c:\documents and settings\Sando\Dados de aplicativos\PowerChallenge\PowerSoccer\OpenAL32.dll

2010-07-25 21:33 . 2010-07-25 21:33 889488 ----a-w- c:\documents and settings\Sando\Dados de aplicativos\PowerChallenge\PowerSoccer\DFEngine.dll

2010-07-25 21:33 . 2010-07-25 21:33 656088 ----a-w- c:\documents and settings\Sando\Dados de aplicativos\PowerChallenge\loader8.dll

2010-07-25 21:33 . 2010-07-25 21:33 -------- d-----w- c:\documents and settings\Sando\Dados de aplicativos\PowerChallenge

2010-07-25 15:57 . 2007-12-26 20:30 679936 ----a-w- c:\windows\system32\D3DX81ab.dll

2010-07-25 15:57 . 2007-12-26 20:30 1970176 ----a-w- c:\windows\system32\d3dx9.dll

2010-07-25 15:57 . 2010-08-11 09:32 -------- d-----w- c:\arquivos de programas\Cheat Engine

2010-07-24 18:18 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys

2010-07-24 18:18 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2010-07-24 18:18 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2010-07-24 18:18 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2010-07-24 18:18 . 2010-06-28 20:32 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2010-07-24 18:18 . 2010-06-28 20:32 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys

2010-07-24 18:18 . 2010-06-28 20:32 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2010-07-24 18:17 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr

2010-07-24 18:17 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe

2010-07-24 15:38 . 2008-01-16 01:10 49152 ------r- c:\windows\system32\ChCfg.exe

2010-07-24 15:38 . 2010-07-24 15:38 -------- d-----w- c:\windows\system32\RTCOM

2010-07-24 15:38 . 2008-01-16 01:10 86016 ------r- c:\windows\SoundMan.exe

2010-07-24 15:38 . 2008-01-16 01:10 1826816 ------r- c:\windows\SkyTel.exe

2010-07-24 15:38 . 2008-01-16 01:10 1191936 ------r- c:\windows\RtlUpd.exe

2010-07-24 15:38 . 2008-01-16 01:10 9715200 ------r- c:\windows\RTLCPL.exe

2010-07-24 15:38 . 2008-01-16 01:10 4609024 ------r- c:\windows\system32\drivers\RtkHDAud.sys

2010-07-24 15:38 . 2008-01-16 01:10 16384512 ------r- c:\windows\RTHDCPL.exe

2010-07-24 15:38 . 2008-01-16 01:10 2165760 ------r- c:\windows\MicCal.exe

2010-07-24 15:38 . 2008-01-16 01:10 2808832 ------r- c:\windows\alcwzrd.exe

2010-07-24 15:38 . 2008-01-16 01:10 69632 ------r- c:\windows\Alcmtr.exe

2010-07-24 15:38 . 2008-01-16 01:10 520192 ------r- c:\windows\RtlExUpd.dll

2010-07-24 15:30 . 2010-07-24 15:46 -------- d-----w- C:\TempEI4

2010-07-24 15:23 . 2008-04-13 22:20 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll

2010-07-24 15:23 . 2008-04-13 22:20 21504 ----a-w- c:\windows\system32\hidserv.dll

2010-07-24 15:23 . 2008-04-13 21:58 14720 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys

2010-07-24 15:23 . 2008-04-13 21:58 14720 ----a-w- c:\windows\system32\drivers\kbdhid.sys

2010-07-24 15:23 . 2008-04-13 14:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys

2010-07-24 15:23 . 2008-04-13 14:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-08-11 23:13 . 2010-08-11 23:13 -------- d-----w- c:\arquivos de programas\Softonic_Brasil

2010-08-10 22:39 . 2010-08-10 22:38 -------- d-----w- c:\arquivos de programas\Megacubo

2010-08-10 22:38 . 2010-08-10 22:38 -------- d-----w- c:\arquivos de programas\SopCast

2010-08-10 22:38 . 2010-08-10 22:38 -------- d-----w- c:\arquivos de programas\Orban

2010-08-08 13:13 . 2010-06-07 00:18 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2010-08-08 12:40 . 2010-06-07 02:50 -------- d-----w- c:\documents and settings\Sando\Dados de aplicativos\LimeWire

2010-08-08 12:40 . 2010-06-07 00:56 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2010-08-03 18:45 . 2010-06-16 22:16 -------- d-----w- c:\arquivos de programas\3GPplayer2010

2010-07-26 04:17 . 2010-06-06 23:57 -------- d-----w- c:\documents and settings\Sando\Dados de aplicativos\uTorrent

2010-07-26 01:28 . 2010-06-09 20:44 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe

2010-07-25 23:29 . 2010-06-06 23:41 -------- d-----w- c:\documents and settings\Sando\Dados de aplicativos\IObit

2010-07-24 18:17 . 2010-06-07 00:44 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Alwil Software

2010-07-24 15:38 . 2010-06-07 00:47 -------- d-----w- c:\arquivos de programas\Realtek

2010-06-23 03:01 . 2010-06-16 22:16 -------- d-----w- c:\arquivos de programas\Reganam

2010-06-16 22:16 . 2010-06-16 22:16 -------- d-----w- c:\arquivos de programas\Conduit

2010-06-16 00:37 . 2010-06-07 22:33 -------- d-----w- c:\documents and settings\Sando\Dados de aplicativos\Ahead

2010-06-16 00:37 . 2010-06-16 00:37 -------- d-----w- c:\documents and settings\Sando\Dados de aplicativos\DivX

2010-06-14 21:37 . 2010-06-14 21:37 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Java

2010-06-14 21:36 . 2010-06-14 21:36 503808 ----a-w- c:\documents and settings\Sando\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-67fad5da-n\msvcp71.dll

2010-06-14 21:36 . 2010-06-14 21:36 499712 ----a-w- c:\documents and settings\Sando\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-67fad5da-n\jmc.dll

2010-06-14 21:36 . 2010-06-14 21:36 348160 ----a-w- c:\documents and settings\Sando\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-67fad5da-n\msvcr71.dll

2010-06-14 21:36 . 2010-06-14 21:36 61440 ----a-w- c:\documents and settings\Sando\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-52e208b6-n\decora-sse.dll

2010-06-14 21:36 . 2010-06-14 21:36 12800 ----a-w- c:\documents and settings\Sando\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-52e208b6-n\decora-d3d.dll

2010-06-14 21:36 . 2010-06-14 21:36 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-06-14 21:36 . 2010-06-14 21:36 -------- d-----w- c:\arquivos de programas\Java

2010-06-14 03:44 . 2010-06-14 03:44 -------- d-----w- c:\arquivos de programas\XP Codec Pack

2010-06-13 21:46 . 2010-06-13 21:46 -------- d-----w- c:\arquivos de programas\UltraISO

2010-06-13 21:46 . 2010-06-13 21:46 -------- d-----w- c:\arquivos de programas\Arquivos comuns\EZB Systems

2010-06-13 20:45 . 2010-06-13 20:44 45 ----a-w- c:\documents and settings\Sando\Dados de aplicativos\TSDNWIN.TMP

2010-06-13 20:41 . 2010-06-13 20:39 1531392 ----a-w- c:\documents and settings\Sando\Dados de aplicativos\tsdnwin.dll

2010-06-13 20:41 . 2010-06-13 20:39 1531392 ----a-w- c:\documents and settings\Sando\Dados de aplicativos\tsdnwin.dll

2010-06-13 20:37 . 2010-06-13 20:37 -------- d-----w- c:\arquivos de programas\SAMSUNG

2010-06-13 19:02 . 2010-06-13 19:02 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Ahead

2010-06-13 19:02 . 2010-06-13 18:58 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Ahead

2010-06-13 18:58 . 2010-06-13 18:58 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Nero

2010-06-13 18:58 . 2010-06-13 18:58 -------- d-----w- c:\arquivos de programas\Nero

2010-06-13 18:55 . 2010-06-13 18:43 -------- d-----w- c:\arquivos de programas\Ahead

2010-06-13 17:04 . 2010-06-13 17:04 46340 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll

2010-06-13 17:04 . 2010-06-13 17:04 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Blizzard Entertainment

2010-06-13 03:07 . 2010-06-13 03:07 -------- d-----w- c:\documents and settings\Sando\Dados de aplicativos\Media Player Classic

2010-06-13 02:06 . 2010-06-13 02:06 -------- d-----w- c:\arquivos de programas\Alcohol Soft

2010-06-13 00:49 . 2010-06-13 00:49 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\FLEXnet

2010-06-11 18:05 . 2010-06-11 18:05 413696 ----a-w- c:\windows\system32\wrap_oal.dll

2010-06-11 18:05 . 2010-06-11 18:05 110592 ----a-w- c:\windows\system32\OpenAL32.dll

2010-06-07 23:44 . 2010-06-07 23:44 12160 ----a-w- c:\windows\system32\drivers\ag02.sys

2010-06-07 23:43 . 2010-06-07 23:43 11366 ----a-w- C:\W44394875.reg

2010-06-07 01:58 . 2008-04-14 12:00 79240 ----a-w- c:\windows\system32\perfc016.dat

2010-06-07 01:58 . 2008-04-14 12:00 468462 ----a-w- c:\windows\system32\perfh016.dat

2010-06-07 01:51 . 2010-06-07 01:51 0 ----a-w- c:\windows\nsreg.dat

2010-06-07 00:13 . 2010-06-07 00:13 315392 ----a-w- c:\windows\HideWin.exe

2010-06-07 00:08 . 2010-06-07 00:08 1462272 ----a-w- c:\windows\system32\cpuz147.exe

2010-06-07 00:02 . 2010-06-06 23:17 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat

2010-06-06 23:47 . 2010-06-06 23:47 691696 ----a-w- c:\windows\system32\drivers\sptd.sys

2010-06-06 23:42 . 2010-06-06 23:42 3012 ----a-w- c:\arquivos de programas\Arquivos comuns\unins000.dat

2010-06-06 23:42 . 2010-06-06 23:42 730656 ----a-w- c:\arquivos de programas\Arquivos comuns\unins000.exe

2010-06-06 23:15 . 2010-06-06 23:15 21844 ----a-w- c:\windows\system32\emptyregdb.dat

2010-06-02 07:55 . 2010-06-13 22:29 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll

2010-06-02 07:55 . 2010-06-13 22:29 527192 ----a-w- c:\windows\system32\XAudio2_7.dll

2010-06-02 07:55 . 2010-06-13 22:29 239960 ----a-w- c:\windows\system32\xactengine3_7.dll

2010-05-26 14:41 . 2010-06-13 22:29 470880 ----a-w- c:\windows\system32\d3dx10_43.dll

2010-05-26 14:41 . 2010-06-13 22:29 248672 ----a-w- c:\windows\system32\d3dx11_43.dll

2010-05-26 14:41 . 2010-06-13 22:29 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll

2010-05-26 14:41 . 2010-06-13 22:29 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll

2010-05-26 14:41 . 2010-06-13 22:29 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll

.

 

((((((((((((((((((((((((((((( SnapShot@2010-08-08_22.18.04 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-08-11 23:15 . 2010-08-11 23:15 16384 c:\windows\Temp\Perflib_Perfdata_194.dat

+ 2010-08-11 23:20 . 2010-08-11 23:20 221184 c:\windows\ERDNT\11-8-2010\Users\00000002\UsrClass.dat

+ 2010-08-11 23:20 . 2005-10-20 15:02 163328 c:\windows\ERDNT\11-8-2010\ERDNT.EXE

+ 2010-08-10 01:13 . 2008-03-05 18:56 3786760 c:\windows\system32\d3dx9_37.dll

- 2010-06-06 23:42 . 2008-03-05 18:56 3786760 c:\windows\system32\d3dx9_37.dll

+ 2010-08-11 23:20 . 2010-08-11 23:20 4505600 c:\windows\ERDNT\11-8-2010\Users\00000001\NTUSER.DAT

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{db9d7a78-a76c-4bf2-97c6-258925ee1542}"= "c:\arquivos de programas\Reganam\tbReg1.dll" [2010-06-23 2515552]

"{12fc3d37-2a42-4fe3-8489-81296878cba5}"= "c:\arquivos de programas\Softonic_Brasil\tbSoft.dll" [2010-06-03 2736736]

 

[HKEY_CLASSES_ROOT\clsid\{db9d7a78-a76c-4bf2-97c6-258925ee1542}]

 

[HKEY_CLASSES_ROOT\clsid\{12fc3d37-2a42-4fe3-8489-81296878cba5}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{12fc3d37-2a42-4fe3-8489-81296878cba5}]

2010-06-03 21:24 2736736 ----a-w- c:\arquivos de programas\Softonic_Brasil\tbSoft.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{db9d7a78-a76c-4bf2-97c6-258925ee1542}]

2010-06-23 03:02 2515552 ----a-w- c:\arquivos de programas\Reganam\tbReg1.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{db9d7a78-a76c-4bf2-97c6-258925ee1542}"= "c:\arquivos de programas\Reganam\tbReg1.dll" [2010-06-23 2515552]

"{12fc3d37-2a42-4fe3-8489-81296878cba5}"= "c:\arquivos de programas\Softonic_Brasil\tbSoft.dll" [2010-06-03 2736736]

 

[HKEY_CLASSES_ROOT\clsid\{db9d7a78-a76c-4bf2-97c6-258925ee1542}]

 

[HKEY_CLASSES_ROOT\clsid\{12fc3d37-2a42-4fe3-8489-81296878cba5}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{DB9D7A78-A76C-4BF2-97C6-258925EE1542}"= "c:\arquivos de programas\Reganam\tbReg1.dll" [2010-06-23 2515552]

 

[HKEY_CLASSES_ROOT\clsid\{db9d7a78-a76c-4bf2-97c6-258925ee1542}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-03 110696]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-03 13670504]

"HDAudDeck"="c:\arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-08-28 33673216]

"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2010-02-18 248040]

"RTHDCPL"="RTHDCPL.EXE" [2008-01-16 16384512]

"avast5"="c:\arquiv~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Dragon Age\\bin_ship\\daorigins.exe"=

"c:\\Arquivos de programas\\Dragon Age\\DAOriginsLauncher.exe"=

"c:\\Arquivos de programas\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Ahead\\Nero Web\\SetupX.exe"=

"d:\\StarCraft II Beta\\StarCraft II.exe"=

"c:\\Arquivos de programas\\Eidos\\Kane and Lynch Dead Men\\kaneandlynch.exe"=

"d:\\StarCraft II Beta\\Versions\\Base15655\\SC2.exe"=

"c:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"c:\\Arquivos de programas\\KONAMI\\Pro Evolution Soccer 2010\\pes2010.exe"=

"c:\\Arquivos de programas\\Ubisoft\\James Cameron's AVATAR - EL VIDEOJUEGO\\bin\\Avatar.exe"=

"c:\\Arquivos de programas\\Ubisoft\\James Cameron's AVATAR - EL VIDEOJUEGO\\bin\\AvatarLauncher.exe"=

"c:\\Arquivos de programas\\Disney Interactive Studios\\Split Second\\SplitSecond.exe"=

"c:\\Arquivos de programas\\KONAMI\\Pro Evolution Soccer 2010\\Kitserver2010\\Patchs HQ 2010.exe"=

"c:\\Arquivos de programas\\Megacubo\\megacubo.exe"=

 

R0 ag02;ag02;c:\windows\system32\drivers\ag02.sys [7/6/2010 20:44 12160]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [24/7/2010 15:18 165456]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [24/7/2010 15:18 17744]

R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [16/11/2009 13:33 50704]

S3 3xHybrid;SAA713x TV Card Service;c:\windows\system32\drivers\3xHybrid.sys [8/6/2010 14:10 906368]

S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\arquivos de programas\Dragon Age\bin_ship\daupdatersvc.service.exe [15/12/2009 17:07 25832]

S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [6/6/2010 21:17 1390976]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6/6/2010 20:47 691696]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://br.ask.com?o=15383&l=dis

mWindow Title =

TCP: {23A510A1-2031-41D7-A829-D1F944238948} = 200.204.0.10 200.204.0.138

FF - ProfilePath - c:\documents and settings\Sando\Dados de aplicativos\Mozilla\Firefox\Profiles\anopuorj.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - google.com

FF - plugin: c:\arquivos de programas\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\docume~1\Sando\DADOSD~1\POWERC~1\nppowerloader.dll

FF - plugin: c:\windows\system32\C2MP\npdivx32.dll

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-08-11 20:30

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

HDAudDeck = c:\arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????????????

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_USERS\S-1-5-21-527237240-764733703-1417001333-1003\Software\SecuROM\License information*]

"datasecu"=hex:d8,8e,d1,6a,21,96,15,db,5b,e4,b0,56,ad,df,8f,ee,a4,f9,c7,01,ac,

de,27,fb,79,8f,d8,a7,11,84,43,3b,c9,b5,4c,38,81,fc,df,4d,5c,7b,59,65,e1,d9,\

"rkeysecu"=hex:3d,0a,94,99,4e,d0,9c,ac,cd,6a,c7,83,86,c9,50,37

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'explorer.exe'(2668)

c:\windows\system32\msi.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Tempo para conclusão: 2010-08-11 20:31:30

ComboFix-quarantined-files.txt 2010-08-11 23:31

ComboFix2.txt 2010-08-08 21:58

 

Pré-execução: 14 pasta(s) 86.130.712.576 bytes disponíveis

Pós execução: 15 pasta(s) 86.123.499.520 bytes disponíveis

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

- - End Of File - - E136FAC99A1E73886492FD9FE295243B

Compartilhar este post


Link para o post
Compartilhar em outros sites

Sem problema...tanto o RDilly como o ERUNT fazem um backup do seu registro.

 

Envie o arquivo abaixo para análise em http://www.virustotal.com.br

 

c:\windows\system32\drivers\ag02.sys

*Cole o link da análise.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom nao achei o link, mas segue a analise do scan

 

File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis:

MD5: c4f58af0796b9e6c9b81975411dd4ad1

Date first seen: 2010-06-08 01:11:43 (UTC)

Date last seen: 2010-06-08 01:11:43 (UTC)

Detection ratio: 1/41

 

Esta certo?

Compartilhar este post


Link para o post
Compartilhar em outros sites

OK...sem problemas.

 

O log está limpo.

 

1.

*Delete o RDilly e a pasta C:\Rdilly

 

2.

*Clique em [iniciar] > [Executar] > digite: Combofix /uninstall

*Clique [OK]

 

92674490.jpg

 

*Clique em [Executar]

*Aguarde surgir a mensagem: "ComboFix está desinstalado"

*Clique [OK]

 

3.

*Clique em [iniciar] > [Executar] > digite: msconfig

*Clique OK

*Clique na aba "BOOT.INI"

*Selecione a linha C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

 

removercombofix1.jpg

 

*Clique em [Verificar caminhos de inicialização]

*Clique em [sIM] > [OK]

 

removercombofix2.jpg

 

*Reinicie o PC

*Ao iniciar o Windows, o utilitário de configuração informará que foi alterado.

*Clique em "Não mostrar esta mensagem ou iniciar o utilitário de configuração do sistema ao iniciar o Windows"

 

4.

*Baixe e instale o CCleaner

*Abra o programa e na aba "Windows", desça até a opção "Avançado" e selecione "Dados Prefetch antigos"

*Clique em [Executar Limpeza]

*Em seguida, clique em [Registro] -> [Procurar erros] -> [Corrigir Erros Selecionados] -> [Corrigir Todos os Erros Selecionados]

Compartilhar este post


Link para o post
Compartilhar em outros sites

Pronto, fiz tudo o que me pediu, porem o problema persiste.

Tem uma coisa estranha e acho que pode ajudar, quando na area de trabalho fico com o F5 apertado (atualizando), o uso de CPU sobe ligeiramente de 0 para 52% ,e o processo que toma CPU é o Explorer.exe

Espero que isso ajude.

Obrigado mais uma vez

Compartilhar este post


Link para o post
Compartilhar em outros sites

Este é um problema difícil de saber....

 

Sabemos que por malwares não é.

 

Então, tentaremos alguns procedimentos.

 

*Baixe o Automatic System Cleaner e salve-o no desktop

 

*Extraia o conteúdo para o desktop

*Execute o programa e clique em [Agree]

 

*Na primeira janela, clique em [uncheck All]

*Selecione depois as opções:

 

[] Create a Restore Point

[] Reboot When Completed

 

*Na aba [security], selecione:

 

[] RegSeeker Scan

 

*Na aba [Perfomance], selecione:

 

[] Prune Autoruns

[] Optimize Registry

 

*Na aba [Maintenance], selecione:

 

[] Schedule System File Defragementation (next boot)

[] Defragment the Hard Drive (Defraggler)

 

*Na aba [Win Fixes], selecione:

 

[] Fix Windows Explorer

 

*Na aba [Win Fixes 2], selecione:

 

[] Fix Windows Associations

[] Restore .zip Association

 

*Clique em [Execute] e aguarde. Pode demorar...seja paciente.

*Ao término, o PC será reiniciado e será feito um CheckDisk...

 

*Cole o relatório chamado AutoCleanAAAAMMDDHH.txt, onde AAAA= ano, MM= mês, DD= dia e HH= hora que está localizado na pasta Logs no desktop.

 

Não se preocupe se houverem muitas pastas criadas, no desktop, pelo programa. Depois removeremos todas.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite.

 

Chegando do serviço agora.. o procedimento ja está sendo executado.

 

Só um problema, na aba [security] não tem o "RegSeeker Scan", mesmo fazendo o update nao apareceu o mesmo.

 

Terminando posto o Log, até mais.

 

Analise feita, segue o log...

 

Starting Processes...

 

#---Action Begin: SystemRestore --------

Creating a System Restore Point

Restore Point Created Successfully

#---Action End: SystemRestore ----------

 

#---Action Begin: ExeAss ---------------

Win Fixes - Fixing EXE Association...

.exe

Win Fixes - Fixing SCR Associations...

.scr

Win Fixes - Fixing MSI Associations...

.msi

Win Fixes - Fixing LNK Associations...

.lnk

Win Fixes - Fixing MSC Associations...

.msc

Win Fixes - Fixing DIR Associations...

Directory

Win Fixes - Fixing REG Associations...

.reg

#---Action End: ExeAss -----------------

 

#---Action Begin: ZipAss ---------------

Win Fixes - Fixing ZIP Association...

.zip

#---Action End: ZipAss -----------------

 

#---Action Begin: FixExplorer ----------

Registering: acelpdec.ax Result=Success

Registering: actxprxy.dll Result=Success

Registering: asctrls.ocx Result=Success

Registering: daxctle.ocx Result=Success

Registering: dhtmled.ocx Result=Success

Registering: hhctrl.ocx Result=Success

Registering: lcodecx.ax Result=Success

Registering: licmgr.dll Result=Success

Registering: mpgds.ax Result=Success

Registering: msdxm.ocx Result=Success

Registering: plugin.ocx Result=Success

Registering: proctexe.ocx Result=Success

Registering: tdc.ocx Result=Success

Registering: wshom.ocx Result=Success

Registering: access.cpl Result=Success

Registering: appwiz.cpl Result=Success

Registering: desk.cpl Result=Success

Registering: firewall.cpl Result=Success

Registering: hdwwiz.cpl Result=Success

Registering: inetcpl.cpl Result=Success

Registering: intl.cpl Result=Success

Registering: nusrmgr.cpl Result=Success

Registering: netsetup.cpl Result=Success

Registering: powercfg.cpl Result=Success

Registering: timedate.cpl Result=Success

Registering: wuau.cpl Result=Success

Registering: quartz.dll Result=Success

Registering: danim.dll Result=Success

Registering: dmscript.dll Result=Success

Registering: dmstyle.dll Result=Success

Registering: dxmasf.dll Result=Success

Registering: dxtmsft.dll Result=Success

Registering: dxtrans.dll Result=Success

Registering: sbe.dll Result=Success

Registering: dxva.dll Result=Success

Registering: dxmrtp.dll Result=Success

Registering: dxdiagn.dll Result=Success

Registering: dx8vb.dll Result=Success

Registering: dx7vb.dll Result=Success

Registering: atl.dll Result=Success

Registering: corpol.dll Result=Success

Registering: dispex.dll Result=Success

Registering: jscript.dll Result=Success

Registering: scrrun.dll Result=Success

Registering: scrobj.dll Result=Success

Registering: vbscript.dll Result=Success

Registering: wshext.dll Result=Success

Registering: activeds.dll Result=Success

Registering: audiodev.dll Result=Success

Registering: browseui.dll Result=Success

Registering: browsewm.dll Result=Success

Registering: cabview.dll Result=Success

Registering: cdfview.dll Result=Success

Registering: clbcatex.dll Result=Success

Registering: clbcatq.dll Result=Success

Registering: comcat.dll Result=Success

Registering: cscui.dll Result=Success

Registering: credui.dll Result=Success

Registering: datime.dll Result=Success

Registering: devmgr.dll Result=Success

Registering: dfsshlex.dll Result=Success

Registering: dmdlgs.dll Result=Success

Registering: dmdeskmgr.dll Result=Success

Registering: dmloader.dll Result=Success

Registering: dmocx.dll Result=Success

Registering: dmview.ocx Result=Success

Registering: dsuiext.dll Result=Success

Registering: dsquery.dll Result=Success

Registering: dskquoiu.dll Result=Success

Registering: els.dll Result=Success

Registering: es.dll Result=Success

Registering: fontext.dll Result=Success

Registering: hlink.dll Result=Success

Registering: hnetcfg.dll Result=Success

Registering: iedkcs.dll Result=Success

Registering: iepeers.dll Result=Success

Registering: iesetup.dll Result=Success

Registering: ils.dll Result=Success

Registering: imgutil.dll Result=Success

Registering: inetcfg.dll Result=Success

Registering: inetcomm.dll Result=Success

Registering: inseng.dll Result=Success

Registering: laprxy.dll Result=Success

Registering: lmrt.dll Result=Success

Registering: mlang.dll Result=Success

Registering: mmcndmgr.dll Result=Success

Registering: mmcshext.dll Result=Success

Registering: mscoree.dll Result=Success

Registering: mshhtml.dll Result=Success

Registering: msieftp.dll Result=Success

Registering: msoe.dll Result=Success

Registering: msoeacct.dll Result=Success

Registering: msrc.dll Result=Success

Registering: msrating.dll Result=Success

Registering: mydocs.dll Result=Success

Registering: mstime.dll Result=Success

Registering: netcfgx.dll Result=Success

Registering: netplwiz.dll Result=Success

Registering: netman.dll Result=Success

Registering: netshell.dll Result=Success

Registering: ntmsevt.dll Result=Success

Registering: ntmsmgr.dll Result=Success

Registering: ntmssvc.dll Result=Success

Registering: occache.dll Result=Success

Registering: ole.dll Result=Success

Registering: oleaut.dll Result=Success

Registering: oleacc.dll Result=Success

Registering: olepro.dll Result=Success

Registering: photowiz.dll Result=Success

Registering: pngfilt.dll Result=Success

Registering: remotepg.dll Result=Success

Registering: rpcrt.dll Result=Success

Registering: rshx.dll Result=Success

Registering: sendmail.dll Result=Success

Registering: slayerxp.dll Result=Success

Registering: shdocvw.dll Result=Success

Registering: shsvcs.dll Result=Success

Registering: srclient.dll Result=Success

Registering: stobject.dll Result=Success

Registering: themeui.dll Result=Success

Registering: twext.dll Result=Success

Registering: urlmon.dll Result=Success

Registering: userenv.dll Result=Success

Registering: webcheck.dll Result=Success

Registering: webvw.dll Result=Success

Registering: winhttp.dll Result=Success

Registering: wininet.dll Result=Success

Registering: zipfldr.dll Result=Success

Registering: Result=Success

Registering: msdadc.dll Result=Success

Registering: nsdaenum.dll Result=Success

Registering: msdaer.dll Result=Success

Registering: msdaipp.dll Result=Success

Registering: msdaora.dll Result=Success

Registering: msdaosp.dll Result=Success

Registering: msdaps.dll Result=Success

Registering: msdasc.dll Result=Success

Registering: msdasql.dll Result=Success

Registering: msdatt.dll Result=Success

Registering: msdaurl.dll Result=Success

Registering: msdmeng.dll Result=Success

Registering: msdmine.dll Result=Success

Registering: msjtor.dll Result=Success

Registering: msmdbc.dll Result=Success

Registering: msmdgd.dll Result=Success

Registering: msolap.dll Result=Success

Registering: msolui.dll Result=Success

Registering: msxactps.dll Result=Success

Registering: oledb.dll Result=Success

Registering: oledbr.dll Result=Success

Registering: sqloledb.dll Result=Success

Registering: sqlxmlx.dll Result=Success

Registering: Result=Success

Fixing IE Policies

Restarting Explorer

#---Action End: FixExplorer ------------

 

#---Action Begin: Autorun --------------

Extracting...

HKLM CV Run

Deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NvCplDaemon - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

Deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SunJavaUpdateSched - "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

Deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\RTHDCPL - RTHDCPL.EXE

Deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NvMediaCenter - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

Deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HDAudDeck - C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe 1

HKCU CV Run

ShellServiceObjectDelayLoad

ShellServiceObjectDelayLoad

SM Common

Deleted: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\\desktop.ini

SM c*

Deleted: C:\Documents and Settings\Sando\Menu Iniciar\Programas\Inicializar\\desktop.ini

Tasks

Deleted: C:\WINDOWS\Tasks\\SA.DAT

#---Action End: Autorun ----------------

 

#---Action Begin: PageDefrag -----------

Downloading Page Defragmenter From: http://download.sysinternals.com/Files/PageDefrag.zip

Initializing Download

Download Complete

#---Action End: PageDefrag -------------

 

#---Action Begin: Defrag ---------------

Downloading Defraggler From: http://www.piriform.com/defraggler/download/portable/downloadfile

Initializing Download

Download Complete

#---Action End: Defrag -----------------

 

#---Action Begin: NTREGOPT -------------

Downloading NT Registry Optimizer From: http://www.derfisch.de/lars/ntregopt.zip

Initializing Download

Download Complete

Extracting...

#---Action End: NTREGOPT ---------------

Finished Processes

Rebooting

Compartilhar este post


Link para o post
Compartilhar em outros sites

*Execute novamente o programa Automatic System Cleaner e clique em [Delete Files]

*Feche o programa e delete a pasta Logs, o arquivo de configuração settings.ini e o programa Automatic System Cleaner. Todos localizados no desktop.

 

Como está o problema?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Hardware seria mais uma opção e acredito que este seja o motivo.

 

Andei dando uma pesquisada, e não sei se encaixa no seu problema. Dê uma olhada no link abaixo. A opção de registrar a dll já foi feita pelo Automatic System Cleaner conforme mostra o log: Registering: zipfldr.dll Result=Success.

 

http://translate.google.com.br/translate?hl=pt-BR&sl=en&u=http://techsalsa.com/solve-explorerexe-consuming-100-cpu-resources/&ei=0RBkTJahAYiluAf217CJCQ&sa=X&oi=translate&ct=result&resnum=10&ved=0CEgQ7gEwCTgK&prev=/search%3Fq%3Dexplorer.exe%2Bconsumindo%2Bcpu%26start%3D10%26hl%3Dpt-BR%26sa%3DN%26prmd%3Ddf

 

http://translate.google.com.br/translate?hl=pt-BR&langpair=en|pt&u=http://en.kioskea.net/faq/813-windows-xp-explorer-exe-is-using-the-cpu-at-99-or-100

 

Outro achado foi:

 

1. Ctrl-Alt-Del para abrir o Gerenciador de Tarefas.

2. Clique em Arquivo Nova Tarefa | (run).

3. Digite regedit na caixa Executar e clique em OK.

4. Navegue até a seguinte chave do Registro:

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options

 

5. Sob esta chave haverão subchaves chamada explorer.exe e iexplorer.exe. Exclua as chaves do explorer e iexplorer totalmente.

6. Feche o Regedit e reinicie o computador.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Certo ja estou efetuando os procedimentos, espero que de certo , quando terminar volto para dar a resposta, até mais. :joia:

 

Caso ocorra algum problema após estas mudanças no registro, você poderá recuperar as configurações anteriores. Para isso...

 

*Abra a pasta C:\Windows\ERDNT\11-08-2010

*Execute o ERDNT.exe

*Clique [OK] > [OK] > [sim]

*O PC será reiniciado.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Apos ter feito os procedimentos citados acima e de reiniciar o pc, o problema ainda persiste.

Se Depois de um Format C: o problema continuar, ai sim o problema pode ser de Hardware.

 

Até mais, obrigado pelo otimo trabalho. ^_^

 

Wings,tenho uma vaga lembrança de que o problema começou depois que instalei uma atualização do windows que baixei em algum site, se for este mesmo o problema, voce saberia como desinstalar esta atualização?

 

Até..

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.