Oseias19 0 Denunciar post Postado Agosto 9, 2010 Boas.. Segue o Log do HijackThis ... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:09:25, on 9/8/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\wscntfy.exe C:\Arquivos de programas\Alwil Software\Avast5\AvastUI.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\taskmgr.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe C:\WINDOWS\RTHDCPL.EXE C:\Documents and Settings\Sando\Desktop\Downloads\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.ask.com?o=15383&l=dis R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R3 - URLSearchHook: Reganam Toolbar - {db9d7a78-a76c-4bf2-97c6-258925ee1542} - C:\Arquivos de programas\Reganam\tbReg1.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Reganam Toolbar - {db9d7a78-a76c-4bf2-97c6-258925ee1542} - C:\Arquivos de programas\Reganam\tbReg1.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Reganam Toolbar - {db9d7a78-a76c-4bf2-97c6-258925ee1542} - C:\Arquivos de programas\Reganam\tbReg1.dll O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [HDAudDeck] C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe 1 O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [avast5] C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /nogui O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O17 - HKLM\System\CCS\Services\Tcpip\..\{23A510A1-2031-41D7-A829-D1F944238948}: NameServer = 200.204.0.10 200.204.0.138 O17 - HKLM\System\CS1\Services\Tcpip\..\{23A510A1-2031-41D7-A829-D1F944238948}: NameServer = 200.204.0.10 200.204.0.138 O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Arquivos de programas\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- End of file - 5640 bytes Considerações finais: No Log mostra o tal Internet Explorer **o qual eu nao estava usando na momento do Log, e o qual nunca uso tambem** Antes pensava ser problema de minha placa mãe, a qual troquei a mesma por uma nova. Os tais programas que disse são programas que são usados no dia-a-dia como : Windows System Care, Ccleaner, Photoshop,e outros mais,(os quais nao me lembro no momento) alguns destes programas usam quase 3 vezes mais do que era usado antes do problema começar. Jogos Online como Lineage 2 usa muito Cpu tambem, antes o que era usado 7~10% de cpu, hoje fica com 50~70% Hoje lendo alguns tópicos relacionados a minha duvida, fiz os tais procedimentos, mas nao vi melhoras. Segue a configuração do PC: Intel core 2 duo E4500 2.2 Ghz, 2 GB de Memoria. Ja estou pensando ser problema na propria CPU ... Muito Obrigado desde já. Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Agosto 10, 2010 Boa tarde... 1. *Faça um scan online com o NOD32 *Ao término cole o relatório criado em C:\Arquivos de programas\EsetOnlineScanner\log Compartilhar este post Link para o post Compartilhar em outros sites
Oseias19 0 Denunciar post Postado Agosto 11, 2010 Boa tarde... 1. *Faça um scan online com o NOD32'>http://eset.com/onlinescan"]NOD32 *Ao término cole o relatório criado em C:\Arquivos de programas\EsetOnlineScanner\log Bom dia... Desculpas pela demora a responder. Segue o Log... ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=cfa81a11a930da49af09dd8ea779854d # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2010-08-11 05:46:37 # local_time=2010-08-11 02:46:37 (-0300, Hora oficial do Brasil) # country="Brazil" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=768 16777215 100 0 5538895 5538895 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=65426 # found=10 # cleaned=10 # scan_time=12354 C:\Arquivos de programas\Cheat Engine\dbk32.sys Win32/HackTool.CheatEngine application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Arquivos de programas\Lineage II\system\msxml.dll a variant of Win32/Packed.VMProtect.AAA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\Sando\Desktop\Downloads\gracia_vgos_system_v7.zip a variant of Win32/Packed.VMProtect.AAA trojan (deleted - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\Sando\Meus documentos\Downloads\BroherSoft_CheatEngine55.exe Win32/HackTool.CheatEngine application (deleted - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{76832E46-5D0A-474F-94AF-F67156547394}\RP87\A0017227.sys Win32/HackTool.CheatEngine application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{76832E46-5D0A-474F-94AF-F67156547394}\RP87\A0017228.dll a variant of Win32/Packed.VMProtect.AAA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C D:\Jogos\James.Camerons.Avatar.The.Game-RELOADED\rld-avtr.iso Win32/Packed.VMProtect.D trojan (deleted - quarantined) 00000000000000000000000000000000 C D:\Programas\aTube_Catcher_Installer.exe Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C D:\Programas\Converter fotos.zip Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C D:\Programas\totcarnageisflat-ch.zip probably a variant of Win32/Inject.GJCKPSQ trojan (deleted - quarantined) 00000000000000000000000000000000 C Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Agosto 11, 2010 1. *Execute o arquivo c:\arquivos de programas\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe 2. *Baixe o MalwareBytes Anti-malware e salve-o no desktop *Instale o programa *Se alguma atualização existir, o download será automático. Aguarde... *O programa será aberto automaticamente. *Na aba [Verificação], selecione a opção [Verificação completa] *Clique em [Verificar] e selecione as partições a serem examinadas (geralmente C:\ e D:\) *Ao término do scan, poderá ser interrogado se deseja remover objetos da memória. Clique [sIM] > [OK] > [Mostrar Resultados] *Clique em [Remover Selecionados] *Um relatório (mbam-log-ano-mês-data.txt) será apresentado. *Cole-o na sua próxima resposta Compartilhar este post Link para o post Compartilhar em outros sites
Oseias19 0 Denunciar post Postado Agosto 11, 2010 Certo, acabei de chegar do trabalho, e o MalwareBytes esta fazendo a verificação completa, Partição C: e D: Daqui a pouco posto o Log Obrigado desde já Compartilhar este post Link para o post Compartilhar em outros sites
Oseias19 0 Denunciar post Postado Agosto 11, 2010 Então segue o Log... Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Versão da Base de Dados: 4404 Windows 5.1.2600 Service Pack 3 Internet Explorer 6.0.2900.5512 11/8/2010 18:36:24 mbam-log-2010-08-11 (18-36-24).txt Tipo de Verificação: Verificação Completa (C:\|D:\|) Objetos escaneados: 182997 Tempo decorrido: 22 minuto(s), 6 segundo(s) Processos de Memória Infectados: 0 Módulos de Memória Infectados: 0 Chaves de Registro Infectadas: 0 Valores de Registro Infectados: 0 Itens de Dados no Registro Infectados: 0 Pastas Infectadas: 0 Arquivos Infectados: 1 Processos de Memória Infectados: (Não foram detectados ítens maliciosos) Módulos de Memória Infectados: (Não foram detectados ítens maliciosos) Chaves de Registro Infectadas: (Não foram detectados ítens maliciosos) Valores de Registro Infectados: (Não foram detectados ítens maliciosos) Itens de Dados no Registro Infectados: (Não foram detectados ítens maliciosos) Pastas Infectadas: (Não foram detectados ítens maliciosos) Arquivos Infectados: D:\Jogos\Batman Arkham Asylum\d3drm.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully. Apesar do Log me parecer estar limpo e ja ter deletado o d3drm.dll (Malware.Packer.Gen) , o problema infelizmente persiste. Obrigado. Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Agosto 11, 2010 1. *Baixe o ERUNT e salve-o no desktop *Extraia o conteúdo para a pasta C:\ERUNT *Duplo clique em ERUNT.exe *Clique [OK] > [OK] > [sim] > [OK] 2. *Desative temporariamente seu antivírus Clique com o botão direito do mouse no ícone do Avast ao lado do relógio > Selecione "Pausar a proteção residente" > Confirme. *Baixe o ComboFix e salve-o no desktop *Execute o Combofix e aceite o contrato *Se o console de recuperação do Windows já estiver instalado, o ComboFix continuará o processo automaticamente. Caso contrário, clique em [sIM] para a sua instalação. *Clique em [sIM] para continuar. *Aguarde a conclusão de todas as etapas *Enquanto o ComboFix estiver em execução, evite usar o mouse e o teclado!!..... Para interromper o procedimento tecle N ou 2 e depois ENTER. *O programa será fechado automaticamente e um relatório (C:\combofix.txt) será apresentado. Cole-o na próxima resposta. *Se for reiniciar o PC haverá uma opção, na inicialização, chamada Console de Recuperação. Não entre no Windows através do mesmo desde que devidamente orientado(a)! Compartilhar este post Link para o post Compartilhar em outros sites
Oseias19 0 Denunciar post Postado Agosto 11, 2010 Procedimentos Feitos, o primeiro programa que estava era o RDilly, depois atualizou para o ERUNT (aqui no forum) e deu tudo certo. Segue o Log do Combofix... ComboFix 10-08-11.04 - Sando 11/08/2010 20:28:40.3.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2045.1469 [GMT -3:00] Executando de: c:\documents and settings\Sando\Desktop\ComboFix.exe AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} . (((((((((((((((( Arquivos/Ficheiros criados de 2010-07-11 to 2010-08-11 )))))))))))))))))))))))))))) . 2010-08-08 21:20 . 2010-08-08 21:30 -------- d-----w- C:\ToolBar SD 2010-08-08 20:35 . 2010-08-08 20:35 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\PassMark 2010-08-08 20:35 . 2010-08-08 20:35 -------- d-----w- c:\arquivos de programas\BurnInTest 2010-08-08 19:53 . 2010-08-08 19:53 -------- d-s---w- c:\documents and settings\Sando\UserData 2010-08-08 13:20 . 2008-04-10 14:52 4682 ----a-w- c:\windows\system32\npptNT2.sys 2010-08-08 13:13 . 2010-08-08 20:21 -------- d-----w- c:\arquivos de programas\Lineage II 2010-08-08 02:08 . 2010-08-08 02:08 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\SRSLabs 2010-08-08 01:59 . 2010-08-08 01:59 -------- d-----w- c:\documents and settings\Sando\Dados de aplicativos\Malwarebytes 2010-08-08 01:59 . 2010-04-29 18:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-08-08 01:59 . 2010-08-08 01:59 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware 2010-08-08 01:59 . 2010-08-08 01:59 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes 2010-08-08 01:59 . 2010-04-29 18:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-08-08 01:50 . 2010-08-08 01:50 -------- d-----w- c:\arquivos de programas\Arquivos comuns\SRS 2010-08-08 01:50 . 2010-08-08 01:50 -------- d-----w- c:\arquivos de programas\SRSLabs 2010-08-08 00:35 . 2010-08-08 00:35 -------- d-----w- c:\arquivos de programas\7-Zip 2010-08-06 23:15 . 2010-08-06 23:15 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\KONAMI 2010-08-06 23:15 . 2010-08-06 23:15 -------- d-----w- c:\arquivos de programas\KONAMI 2010-08-04 03:06 . 2010-08-04 03:06 503808 ----a-w- c:\documents and settings\Sando\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6f2f47bb-n\msvcp71.dll 2010-08-04 03:06 . 2010-08-04 03:06 499712 ----a-w- c:\documents and settings\Sando\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6f2f47bb-n\jmc.dll 2010-08-04 03:06 . 2010-08-04 03:06 348160 ----a-w- c:\documents and settings\Sando\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6f2f47bb-n\msvcr71.dll 2010-08-04 03:06 . 2010-08-04 03:06 61440 ----a-w- c:\documents and settings\Sando\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5cf2e7a2-n\decora-sse.dll 2010-08-04 03:06 . 2010-08-04 03:06 12800 ----a-w- c:\documents and settings\Sando\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5cf2e7a2-n\decora-d3d.dll 2010-07-31 15:37 . 2010-07-31 15:37 -------- d-----w- c:\windows\USB Vibration 2010-07-31 15:37 . 2010-07-31 15:37 -------- d-----w- c:\arquivos de programas\USB Vibration 2010-07-31 15:13 . 2010-07-31 15:13 -------- d--h--r- c:\documents and settings\Sando\Dados de aplicativos\SecuROM 2010-07-31 15:13 . 2008-10-15 09:22 452440 ----a-w- c:\windows\system32\d3dx10_40.dll 2010-07-31 15:01 . 2010-07-31 15:01 -------- d-----w- c:\arquivos de programas\Disney Interactive Studios 2010-07-31 01:43 . 2010-07-31 01:43 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Solidshield 2010-07-31 01:37 . 2010-07-31 01:37 -------- d-----w- c:\arquivos de programas\Ubisoft 2010-07-29 02:14 . 2010-07-29 02:14 -------- d-----w- c:\arquivos de programas\EA GAMES 2010-07-27 18:05 . 2010-07-27 18:05 -------- d-----w- c:\arquivos de programas\WinPcap 2010-07-25 21:34 . 2010-07-25 21:34 917504 ----a-w- c:\documents and settings\Sando\Dados de aplicativos\PowerChallenge\PowerSoccer\TVE3.dll 2010-07-25 21:34 . 2010-07-25 21:34 4296704 ----a-w- c:\documents and settings\Sando\Dados de aplicativos\PowerChallenge\PowerSoccer\PowerSoccer.exe 2010-07-25 21:33 . 2010-07-25 21:34 253952 ----a-w- c:\documents and settings\Sando\Dados de aplicativos\PowerChallenge\PowerSoccer\OpenAL32.dll 2010-07-25 21:33 . 2010-07-25 21:33 889488 ----a-w- c:\documents and settings\Sando\Dados de aplicativos\PowerChallenge\PowerSoccer\DFEngine.dll 2010-07-25 21:33 . 2010-07-25 21:33 656088 ----a-w- c:\documents and settings\Sando\Dados de aplicativos\PowerChallenge\loader8.dll 2010-07-25 21:33 . 2010-07-25 21:33 -------- d-----w- c:\documents and settings\Sando\Dados de aplicativos\PowerChallenge 2010-07-25 15:57 . 2007-12-26 20:30 679936 ----a-w- c:\windows\system32\D3DX81ab.dll 2010-07-25 15:57 . 2007-12-26 20:30 1970176 ----a-w- c:\windows\system32\d3dx9.dll 2010-07-25 15:57 . 2010-08-11 09:32 -------- d-----w- c:\arquivos de programas\Cheat Engine 2010-07-24 18:18 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys 2010-07-24 18:18 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2010-07-24 18:18 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2010-07-24 18:18 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2010-07-24 18:18 . 2010-06-28 20:32 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2010-07-24 18:18 . 2010-06-28 20:32 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys 2010-07-24 18:18 . 2010-06-28 20:32 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2010-07-24 18:17 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr 2010-07-24 18:17 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe 2010-07-24 15:38 . 2008-01-16 01:10 49152 ------r- c:\windows\system32\ChCfg.exe 2010-07-24 15:38 . 2010-07-24 15:38 -------- d-----w- c:\windows\system32\RTCOM 2010-07-24 15:38 . 2008-01-16 01:10 86016 ------r- c:\windows\SoundMan.exe 2010-07-24 15:38 . 2008-01-16 01:10 1826816 ------r- c:\windows\SkyTel.exe 2010-07-24 15:38 . 2008-01-16 01:10 1191936 ------r- c:\windows\RtlUpd.exe 2010-07-24 15:38 . 2008-01-16 01:10 9715200 ------r- c:\windows\RTLCPL.exe 2010-07-24 15:38 . 2008-01-16 01:10 4609024 ------r- c:\windows\system32\drivers\RtkHDAud.sys 2010-07-24 15:38 . 2008-01-16 01:10 16384512 ------r- c:\windows\RTHDCPL.exe 2010-07-24 15:38 . 2008-01-16 01:10 2165760 ------r- c:\windows\MicCal.exe 2010-07-24 15:38 . 2008-01-16 01:10 2808832 ------r- c:\windows\alcwzrd.exe 2010-07-24 15:38 . 2008-01-16 01:10 69632 ------r- c:\windows\Alcmtr.exe 2010-07-24 15:38 . 2008-01-16 01:10 520192 ------r- c:\windows\RtlExUpd.dll 2010-07-24 15:30 . 2010-07-24 15:46 -------- d-----w- C:\TempEI4 2010-07-24 15:23 . 2008-04-13 22:20 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll 2010-07-24 15:23 . 2008-04-13 22:20 21504 ----a-w- c:\windows\system32\hidserv.dll 2010-07-24 15:23 . 2008-04-13 21:58 14720 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys 2010-07-24 15:23 . 2008-04-13 21:58 14720 ----a-w- c:\windows\system32\drivers\kbdhid.sys 2010-07-24 15:23 . 2008-04-13 14:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys 2010-07-24 15:23 . 2008-04-13 14:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-11 23:13 . 2010-08-11 23:13 -------- d-----w- c:\arquivos de programas\Softonic_Brasil 2010-08-10 22:39 . 2010-08-10 22:38 -------- d-----w- c:\arquivos de programas\Megacubo 2010-08-10 22:38 . 2010-08-10 22:38 -------- d-----w- c:\arquivos de programas\SopCast 2010-08-10 22:38 . 2010-08-10 22:38 -------- d-----w- c:\arquivos de programas\Orban 2010-08-08 13:13 . 2010-06-07 00:18 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information 2010-08-08 12:40 . 2010-06-07 02:50 -------- d-----w- c:\documents and settings\Sando\Dados de aplicativos\LimeWire 2010-08-08 12:40 . 2010-06-07 00:56 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy 2010-08-03 18:45 . 2010-06-16 22:16 -------- d-----w- c:\arquivos de programas\3GPplayer2010 2010-07-26 04:17 . 2010-06-06 23:57 -------- d-----w- c:\documents and settings\Sando\Dados de aplicativos\uTorrent 2010-07-26 01:28 . 2010-06-09 20:44 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe 2010-07-25 23:29 . 2010-06-06 23:41 -------- d-----w- c:\documents and settings\Sando\Dados de aplicativos\IObit 2010-07-24 18:17 . 2010-06-07 00:44 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Alwil Software 2010-07-24 15:38 . 2010-06-07 00:47 -------- d-----w- c:\arquivos de programas\Realtek 2010-06-23 03:01 . 2010-06-16 22:16 -------- d-----w- c:\arquivos de programas\Reganam 2010-06-16 22:16 . 2010-06-16 22:16 -------- d-----w- c:\arquivos de programas\Conduit 2010-06-16 00:37 . 2010-06-07 22:33 -------- d-----w- c:\documents and settings\Sando\Dados de aplicativos\Ahead 2010-06-16 00:37 . 2010-06-16 00:37 -------- d-----w- c:\documents and settings\Sando\Dados de aplicativos\DivX 2010-06-14 21:37 . 2010-06-14 21:37 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Java 2010-06-14 21:36 . 2010-06-14 21:36 503808 ----a-w- c:\documents and settings\Sando\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-67fad5da-n\msvcp71.dll 2010-06-14 21:36 . 2010-06-14 21:36 499712 ----a-w- c:\documents and settings\Sando\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-67fad5da-n\jmc.dll 2010-06-14 21:36 . 2010-06-14 21:36 348160 ----a-w- c:\documents and settings\Sando\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-67fad5da-n\msvcr71.dll 2010-06-14 21:36 . 2010-06-14 21:36 61440 ----a-w- c:\documents and settings\Sando\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-52e208b6-n\decora-sse.dll 2010-06-14 21:36 . 2010-06-14 21:36 12800 ----a-w- c:\documents and settings\Sando\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-52e208b6-n\decora-d3d.dll 2010-06-14 21:36 . 2010-06-14 21:36 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-06-14 21:36 . 2010-06-14 21:36 -------- d-----w- c:\arquivos de programas\Java 2010-06-14 03:44 . 2010-06-14 03:44 -------- d-----w- c:\arquivos de programas\XP Codec Pack 2010-06-13 21:46 . 2010-06-13 21:46 -------- d-----w- c:\arquivos de programas\UltraISO 2010-06-13 21:46 . 2010-06-13 21:46 -------- d-----w- c:\arquivos de programas\Arquivos comuns\EZB Systems 2010-06-13 20:45 . 2010-06-13 20:44 45 ----a-w- c:\documents and settings\Sando\Dados de aplicativos\TSDNWIN.TMP 2010-06-13 20:41 . 2010-06-13 20:39 1531392 ----a-w- c:\documents and settings\Sando\Dados de aplicativos\tsdnwin.dll 2010-06-13 20:41 . 2010-06-13 20:39 1531392 ----a-w- c:\documents and settings\Sando\Dados de aplicativos\tsdnwin.dll 2010-06-13 20:37 . 2010-06-13 20:37 -------- d-----w- c:\arquivos de programas\SAMSUNG 2010-06-13 19:02 . 2010-06-13 19:02 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Ahead 2010-06-13 19:02 . 2010-06-13 18:58 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Ahead 2010-06-13 18:58 . 2010-06-13 18:58 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Nero 2010-06-13 18:58 . 2010-06-13 18:58 -------- d-----w- c:\arquivos de programas\Nero 2010-06-13 18:55 . 2010-06-13 18:43 -------- d-----w- c:\arquivos de programas\Ahead 2010-06-13 17:04 . 2010-06-13 17:04 46340 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll 2010-06-13 17:04 . 2010-06-13 17:04 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Blizzard Entertainment 2010-06-13 03:07 . 2010-06-13 03:07 -------- d-----w- c:\documents and settings\Sando\Dados de aplicativos\Media Player Classic 2010-06-13 02:06 . 2010-06-13 02:06 -------- d-----w- c:\arquivos de programas\Alcohol Soft 2010-06-13 00:49 . 2010-06-13 00:49 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\FLEXnet 2010-06-11 18:05 . 2010-06-11 18:05 413696 ----a-w- c:\windows\system32\wrap_oal.dll 2010-06-11 18:05 . 2010-06-11 18:05 110592 ----a-w- c:\windows\system32\OpenAL32.dll 2010-06-07 23:44 . 2010-06-07 23:44 12160 ----a-w- c:\windows\system32\drivers\ag02.sys 2010-06-07 23:43 . 2010-06-07 23:43 11366 ----a-w- C:\W44394875.reg 2010-06-07 01:58 . 2008-04-14 12:00 79240 ----a-w- c:\windows\system32\perfc016.dat 2010-06-07 01:58 . 2008-04-14 12:00 468462 ----a-w- c:\windows\system32\perfh016.dat 2010-06-07 01:51 . 2010-06-07 01:51 0 ----a-w- c:\windows\nsreg.dat 2010-06-07 00:13 . 2010-06-07 00:13 315392 ----a-w- c:\windows\HideWin.exe 2010-06-07 00:08 . 2010-06-07 00:08 1462272 ----a-w- c:\windows\system32\cpuz147.exe 2010-06-07 00:02 . 2010-06-06 23:17 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2010-06-06 23:47 . 2010-06-06 23:47 691696 ----a-w- c:\windows\system32\drivers\sptd.sys 2010-06-06 23:42 . 2010-06-06 23:42 3012 ----a-w- c:\arquivos de programas\Arquivos comuns\unins000.dat 2010-06-06 23:42 . 2010-06-06 23:42 730656 ----a-w- c:\arquivos de programas\Arquivos comuns\unins000.exe 2010-06-06 23:15 . 2010-06-06 23:15 21844 ----a-w- c:\windows\system32\emptyregdb.dat 2010-06-02 07:55 . 2010-06-13 22:29 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll 2010-06-02 07:55 . 2010-06-13 22:29 527192 ----a-w- c:\windows\system32\XAudio2_7.dll 2010-06-02 07:55 . 2010-06-13 22:29 239960 ----a-w- c:\windows\system32\xactengine3_7.dll 2010-05-26 14:41 . 2010-06-13 22:29 470880 ----a-w- c:\windows\system32\d3dx10_43.dll 2010-05-26 14:41 . 2010-06-13 22:29 248672 ----a-w- c:\windows\system32\d3dx11_43.dll 2010-05-26 14:41 . 2010-06-13 22:29 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll 2010-05-26 14:41 . 2010-06-13 22:29 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll 2010-05-26 14:41 . 2010-06-13 22:29 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll . ((((((((((((((((((((((((((((( SnapShot@2010-08-08_22.18.04 ))))))))))))))))))))))))))))))))))))))))) . + 2010-08-11 23:15 . 2010-08-11 23:15 16384 c:\windows\Temp\Perflib_Perfdata_194.dat + 2010-08-11 23:20 . 2010-08-11 23:20 221184 c:\windows\ERDNT\11-8-2010\Users\00000002\UsrClass.dat + 2010-08-11 23:20 . 2005-10-20 15:02 163328 c:\windows\ERDNT\11-8-2010\ERDNT.EXE + 2010-08-10 01:13 . 2008-03-05 18:56 3786760 c:\windows\system32\d3dx9_37.dll - 2010-06-06 23:42 . 2008-03-05 18:56 3786760 c:\windows\system32\d3dx9_37.dll + 2010-08-11 23:20 . 2010-08-11 23:20 4505600 c:\windows\ERDNT\11-8-2010\Users\00000001\NTUSER.DAT . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{db9d7a78-a76c-4bf2-97c6-258925ee1542}"= "c:\arquivos de programas\Reganam\tbReg1.dll" [2010-06-23 2515552] "{12fc3d37-2a42-4fe3-8489-81296878cba5}"= "c:\arquivos de programas\Softonic_Brasil\tbSoft.dll" [2010-06-03 2736736] [HKEY_CLASSES_ROOT\clsid\{db9d7a78-a76c-4bf2-97c6-258925ee1542}] [HKEY_CLASSES_ROOT\clsid\{12fc3d37-2a42-4fe3-8489-81296878cba5}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{12fc3d37-2a42-4fe3-8489-81296878cba5}] 2010-06-03 21:24 2736736 ----a-w- c:\arquivos de programas\Softonic_Brasil\tbSoft.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{db9d7a78-a76c-4bf2-97c6-258925ee1542}] 2010-06-23 03:02 2515552 ----a-w- c:\arquivos de programas\Reganam\tbReg1.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{db9d7a78-a76c-4bf2-97c6-258925ee1542}"= "c:\arquivos de programas\Reganam\tbReg1.dll" [2010-06-23 2515552] "{12fc3d37-2a42-4fe3-8489-81296878cba5}"= "c:\arquivos de programas\Softonic_Brasil\tbSoft.dll" [2010-06-03 2736736] [HKEY_CLASSES_ROOT\clsid\{db9d7a78-a76c-4bf2-97c6-258925ee1542}] [HKEY_CLASSES_ROOT\clsid\{12fc3d37-2a42-4fe3-8489-81296878cba5}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{DB9D7A78-A76C-4BF2-97C6-258925EE1542}"= "c:\arquivos de programas\Reganam\tbReg1.dll" [2010-06-23 2515552] [HKEY_CLASSES_ROOT\clsid\{db9d7a78-a76c-4bf2-97c6-258925ee1542}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-03 110696] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-03 13670504] "HDAudDeck"="c:\arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-08-28 33673216] "SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2010-02-18 248040] "RTHDCPL"="RTHDCPL.EXE" [2008-01-16 16384512] "avast5"="c:\arquiv~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Arquivos de programas\\Dragon Age\\bin_ship\\daorigins.exe"= "c:\\Arquivos de programas\\Dragon Age\\DAOriginsLauncher.exe"= "c:\\Arquivos de programas\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"= "c:\\Arquivos de programas\\Arquivos comuns\\Ahead\\Nero Web\\SetupX.exe"= "d:\\StarCraft II Beta\\StarCraft II.exe"= "c:\\Arquivos de programas\\Eidos\\Kane and Lynch Dead Men\\kaneandlynch.exe"= "d:\\StarCraft II Beta\\Versions\\Base15655\\SC2.exe"= "c:\\Arquivos de programas\\LimeWire\\LimeWire.exe"= "c:\\Arquivos de programas\\KONAMI\\Pro Evolution Soccer 2010\\pes2010.exe"= "c:\\Arquivos de programas\\Ubisoft\\James Cameron's AVATAR - EL VIDEOJUEGO\\bin\\Avatar.exe"= "c:\\Arquivos de programas\\Ubisoft\\James Cameron's AVATAR - EL VIDEOJUEGO\\bin\\AvatarLauncher.exe"= "c:\\Arquivos de programas\\Disney Interactive Studios\\Split Second\\SplitSecond.exe"= "c:\\Arquivos de programas\\KONAMI\\Pro Evolution Soccer 2010\\Kitserver2010\\Patchs HQ 2010.exe"= "c:\\Arquivos de programas\\Megacubo\\megacubo.exe"= R0 ag02;ag02;c:\windows\system32\drivers\ag02.sys [7/6/2010 20:44 12160] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [24/7/2010 15:18 165456] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [24/7/2010 15:18 17744] R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [16/11/2009 13:33 50704] S3 3xHybrid;SAA713x TV Card Service;c:\windows\system32\drivers\3xHybrid.sys [8/6/2010 14:10 906368] S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\arquivos de programas\Dragon Age\bin_ship\daupdatersvc.service.exe [15/12/2009 17:07 25832] S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [6/6/2010 21:17 1390976] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6/6/2010 20:47 691696] . . ------- Scan Suplementar ------- . uStart Page = hxxp://br.ask.com?o=15383&l=dis mWindow Title = TCP: {23A510A1-2031-41D7-A829-D1F944238948} = 200.204.0.10 200.204.0.138 FF - ProfilePath - c:\documents and settings\Sando\Dados de aplicativos\Mozilla\Firefox\Profiles\anopuorj.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - google.com FF - plugin: c:\arquivos de programas\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\docume~1\Sando\DADOSD~1\POWERC~1\nppowerloader.dll FF - plugin: c:\windows\system32\C2MP\npdivx32.dll ---- FIREFOX POLICIES ---- c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br"); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-08-11 20:30 Windows 5.1.2600 Service Pack 3 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run HDAudDeck = c:\arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe 1???????????????????????????????????????????????????????? Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** . --------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------- [HKEY_USERS\S-1-5-21-527237240-764733703-1417001333-1003\Software\SecuROM\License information*] "datasecu"=hex:d8,8e,d1,6a,21,96,15,db,5b,e4,b0,56,ad,df,8f,ee,a4,f9,c7,01,ac, de,27,fb,79,8f,d8,a7,11,84,43,3b,c9,b5,4c,38,81,fc,df,4d,5c,7b,59,65,e1,d9,\ "rkeysecu"=hex:3d,0a,94,99,4e,d0,9c,ac,cd,6a,c7,83,86,c9,50,37 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- - - - - - - - > 'explorer.exe'(2668) c:\windows\system32\msi.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Tempo para conclusão: 2010-08-11 20:31:30 ComboFix-quarantined-files.txt 2010-08-11 23:31 ComboFix2.txt 2010-08-08 21:58 Pré-execução: 14 pasta(s) 86.130.712.576 bytes disponíveis Pós execução: 15 pasta(s) 86.123.499.520 bytes disponíveis WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - E136FAC99A1E73886492FD9FE295243B Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Agosto 12, 2010 Sem problema...tanto o RDilly como o ERUNT fazem um backup do seu registro. Envie o arquivo abaixo para análise em http://www.virustotal.com.br c:\windows\system32\drivers\ag02.sys *Cole o link da análise. Compartilhar este post Link para o post Compartilhar em outros sites
Oseias19 0 Denunciar post Postado Agosto 12, 2010 Bom nao achei o link, mas segue a analise do scan File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis: MD5: c4f58af0796b9e6c9b81975411dd4ad1 Date first seen: 2010-06-08 01:11:43 (UTC) Date last seen: 2010-06-08 01:11:43 (UTC) Detection ratio: 1/41 Esta certo? Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Agosto 12, 2010 OK...sem problemas. O log está limpo. 1. *Delete o RDilly e a pasta C:\Rdilly 2. *Clique em [iniciar] > [Executar] > digite: Combofix /uninstall *Clique [OK] *Clique em [Executar] *Aguarde surgir a mensagem: "ComboFix está desinstalado" *Clique [OK] 3. *Clique em [iniciar] > [Executar] > digite: msconfig *Clique OK *Clique na aba "BOOT.INI" *Selecione a linha C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons *Clique em [Verificar caminhos de inicialização] *Clique em [sIM] > [OK] *Reinicie o PC *Ao iniciar o Windows, o utilitário de configuração informará que foi alterado. *Clique em "Não mostrar esta mensagem ou iniciar o utilitário de configuração do sistema ao iniciar o Windows" 4. *Baixe e instale o CCleaner *Abra o programa e na aba "Windows", desça até a opção "Avançado" e selecione "Dados Prefetch antigos" *Clique em [Executar Limpeza] *Em seguida, clique em [Registro] -> [Procurar erros] -> [Corrigir Erros Selecionados] -> [Corrigir Todos os Erros Selecionados] Compartilhar este post Link para o post Compartilhar em outros sites
Oseias19 0 Denunciar post Postado Agosto 12, 2010 Pronto, fiz tudo o que me pediu, porem o problema persiste. Tem uma coisa estranha e acho que pode ajudar, quando na area de trabalho fico com o F5 apertado (atualizando), o uso de CPU sobe ligeiramente de 0 para 52% ,e o processo que toma CPU é o Explorer.exe Espero que isso ajude. Obrigado mais uma vez Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Agosto 12, 2010 Este é um problema difícil de saber.... Sabemos que por malwares não é. Então, tentaremos alguns procedimentos. *Baixe o Automatic System Cleaner e salve-o no desktop *Extraia o conteúdo para o desktop *Execute o programa e clique em [Agree] *Na primeira janela, clique em [uncheck All] *Selecione depois as opções: [] Create a Restore Point [] Reboot When Completed *Na aba [security], selecione: [] RegSeeker Scan *Na aba [Perfomance], selecione: [] Prune Autoruns[] Optimize Registry *Na aba [Maintenance], selecione: [] Schedule System File Defragementation (next boot)[] Defragment the Hard Drive (Defraggler) *Na aba [Win Fixes], selecione: [] Fix Windows Explorer *Na aba [Win Fixes 2], selecione: [] Fix Windows Associations[] Restore .zip Association *Clique em [Execute] e aguarde. Pode demorar...seja paciente. *Ao término, o PC será reiniciado e será feito um CheckDisk... *Cole o relatório chamado AutoCleanAAAAMMDDHH.txt, onde AAAA= ano, MM= mês, DD= dia e HH= hora que está localizado na pasta Logs no desktop. Não se preocupe se houverem muitas pastas criadas, no desktop, pelo programa. Depois removeremos todas. Compartilhar este post Link para o post Compartilhar em outros sites
Oseias19 0 Denunciar post Postado Agosto 12, 2010 Boa Noite. Chegando do serviço agora.. o procedimento ja está sendo executado. Só um problema, na aba [security] não tem o "RegSeeker Scan", mesmo fazendo o update nao apareceu o mesmo. Terminando posto o Log, até mais. Analise feita, segue o log... Starting Processes... #---Action Begin: SystemRestore -------- Creating a System Restore Point Restore Point Created Successfully #---Action End: SystemRestore ---------- #---Action Begin: ExeAss --------------- Win Fixes - Fixing EXE Association... .exe Win Fixes - Fixing SCR Associations... .scr Win Fixes - Fixing MSI Associations... .msi Win Fixes - Fixing LNK Associations... .lnk Win Fixes - Fixing MSC Associations... .msc Win Fixes - Fixing DIR Associations... Directory Win Fixes - Fixing REG Associations... .reg #---Action End: ExeAss ----------------- #---Action Begin: ZipAss --------------- Win Fixes - Fixing ZIP Association... .zip #---Action End: ZipAss ----------------- #---Action Begin: FixExplorer ---------- Registering: acelpdec.ax Result=Success Registering: actxprxy.dll Result=Success Registering: asctrls.ocx Result=Success Registering: daxctle.ocx Result=Success Registering: dhtmled.ocx Result=Success Registering: hhctrl.ocx Result=Success Registering: lcodecx.ax Result=Success Registering: licmgr.dll Result=Success Registering: mpgds.ax Result=Success Registering: msdxm.ocx Result=Success Registering: plugin.ocx Result=Success Registering: proctexe.ocx Result=Success Registering: tdc.ocx Result=Success Registering: wshom.ocx Result=Success Registering: access.cpl Result=Success Registering: appwiz.cpl Result=Success Registering: desk.cpl Result=Success Registering: firewall.cpl Result=Success Registering: hdwwiz.cpl Result=Success Registering: inetcpl.cpl Result=Success Registering: intl.cpl Result=Success Registering: nusrmgr.cpl Result=Success Registering: netsetup.cpl Result=Success Registering: powercfg.cpl Result=Success Registering: timedate.cpl Result=Success Registering: wuau.cpl Result=Success Registering: quartz.dll Result=Success Registering: danim.dll Result=Success Registering: dmscript.dll Result=Success Registering: dmstyle.dll Result=Success Registering: dxmasf.dll Result=Success Registering: dxtmsft.dll Result=Success Registering: dxtrans.dll Result=Success Registering: sbe.dll Result=Success Registering: dxva.dll Result=Success Registering: dxmrtp.dll Result=Success Registering: dxdiagn.dll Result=Success Registering: dx8vb.dll Result=Success Registering: dx7vb.dll Result=Success Registering: atl.dll Result=Success Registering: corpol.dll Result=Success Registering: dispex.dll Result=Success Registering: jscript.dll Result=Success Registering: scrrun.dll Result=Success Registering: scrobj.dll Result=Success Registering: vbscript.dll Result=Success Registering: wshext.dll Result=Success Registering: activeds.dll Result=Success Registering: audiodev.dll Result=Success Registering: browseui.dll Result=Success Registering: browsewm.dll Result=Success Registering: cabview.dll Result=Success Registering: cdfview.dll Result=Success Registering: clbcatex.dll Result=Success Registering: clbcatq.dll Result=Success Registering: comcat.dll Result=Success Registering: cscui.dll Result=Success Registering: credui.dll Result=Success Registering: datime.dll Result=Success Registering: devmgr.dll Result=Success Registering: dfsshlex.dll Result=Success Registering: dmdlgs.dll Result=Success Registering: dmdeskmgr.dll Result=Success Registering: dmloader.dll Result=Success Registering: dmocx.dll Result=Success Registering: dmview.ocx Result=Success Registering: dsuiext.dll Result=Success Registering: dsquery.dll Result=Success Registering: dskquoiu.dll Result=Success Registering: els.dll Result=Success Registering: es.dll Result=Success Registering: fontext.dll Result=Success Registering: hlink.dll Result=Success Registering: hnetcfg.dll Result=Success Registering: iedkcs.dll Result=Success Registering: iepeers.dll Result=Success Registering: iesetup.dll Result=Success Registering: ils.dll Result=Success Registering: imgutil.dll Result=Success Registering: inetcfg.dll Result=Success Registering: inetcomm.dll Result=Success Registering: inseng.dll Result=Success Registering: laprxy.dll Result=Success Registering: lmrt.dll Result=Success Registering: mlang.dll Result=Success Registering: mmcndmgr.dll Result=Success Registering: mmcshext.dll Result=Success Registering: mscoree.dll Result=Success Registering: mshhtml.dll Result=Success Registering: msieftp.dll Result=Success Registering: msoe.dll Result=Success Registering: msoeacct.dll Result=Success Registering: msrc.dll Result=Success Registering: msrating.dll Result=Success Registering: mydocs.dll Result=Success Registering: mstime.dll Result=Success Registering: netcfgx.dll Result=Success Registering: netplwiz.dll Result=Success Registering: netman.dll Result=Success Registering: netshell.dll Result=Success Registering: ntmsevt.dll Result=Success Registering: ntmsmgr.dll Result=Success Registering: ntmssvc.dll Result=Success Registering: occache.dll Result=Success Registering: ole.dll Result=Success Registering: oleaut.dll Result=Success Registering: oleacc.dll Result=Success Registering: olepro.dll Result=Success Registering: photowiz.dll Result=Success Registering: pngfilt.dll Result=Success Registering: remotepg.dll Result=Success Registering: rpcrt.dll Result=Success Registering: rshx.dll Result=Success Registering: sendmail.dll Result=Success Registering: slayerxp.dll Result=Success Registering: shdocvw.dll Result=Success Registering: shsvcs.dll Result=Success Registering: srclient.dll Result=Success Registering: stobject.dll Result=Success Registering: themeui.dll Result=Success Registering: twext.dll Result=Success Registering: urlmon.dll Result=Success Registering: userenv.dll Result=Success Registering: webcheck.dll Result=Success Registering: webvw.dll Result=Success Registering: winhttp.dll Result=Success Registering: wininet.dll Result=Success Registering: zipfldr.dll Result=Success Registering: Result=Success Registering: msdadc.dll Result=Success Registering: nsdaenum.dll Result=Success Registering: msdaer.dll Result=Success Registering: msdaipp.dll Result=Success Registering: msdaora.dll Result=Success Registering: msdaosp.dll Result=Success Registering: msdaps.dll Result=Success Registering: msdasc.dll Result=Success Registering: msdasql.dll Result=Success Registering: msdatt.dll Result=Success Registering: msdaurl.dll Result=Success Registering: msdmeng.dll Result=Success Registering: msdmine.dll Result=Success Registering: msjtor.dll Result=Success Registering: msmdbc.dll Result=Success Registering: msmdgd.dll Result=Success Registering: msolap.dll Result=Success Registering: msolui.dll Result=Success Registering: msxactps.dll Result=Success Registering: oledb.dll Result=Success Registering: oledbr.dll Result=Success Registering: sqloledb.dll Result=Success Registering: sqlxmlx.dll Result=Success Registering: Result=Success Fixing IE Policies Restarting Explorer #---Action End: FixExplorer ------------ #---Action Begin: Autorun -------------- Extracting... HKLM CV Run Deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NvCplDaemon - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup Deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SunJavaUpdateSched - "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" Deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\RTHDCPL - RTHDCPL.EXE Deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NvMediaCenter - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit Deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HDAudDeck - C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe 1 HKCU CV Run ShellServiceObjectDelayLoad ShellServiceObjectDelayLoad SM Common Deleted: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\\desktop.ini SM c* Deleted: C:\Documents and Settings\Sando\Menu Iniciar\Programas\Inicializar\\desktop.ini Tasks Deleted: C:\WINDOWS\Tasks\\SA.DAT #---Action End: Autorun ---------------- #---Action Begin: PageDefrag ----------- Downloading Page Defragmenter From: http://download.sysinternals.com/Files/PageDefrag.zip Initializing Download Download Complete #---Action End: PageDefrag ------------- #---Action Begin: Defrag --------------- Downloading Defraggler From: http://www.piriform.com/defraggler/download/portable/downloadfile Initializing Download Download Complete #---Action End: Defrag ----------------- #---Action Begin: NTREGOPT ------------- Downloading NT Registry Optimizer From: http://www.derfisch.de/lars/ntregopt.zip Initializing Download Download Complete Extracting... #---Action End: NTREGOPT --------------- Finished Processes Rebooting Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Agosto 13, 2010 *Execute novamente o programa Automatic System Cleaner e clique em [Delete Files] *Feche o programa e delete a pasta Logs, o arquivo de configuração settings.ini e o programa Automatic System Cleaner. Todos localizados no desktop. Como está o problema? Compartilhar este post Link para o post Compartilhar em outros sites
Oseias19 0 Denunciar post Postado Agosto 13, 2010 Certo, o problema persiste, to quase tendo certeza de que o problema é o proprio CPU. Obrigado Até mais. Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Agosto 13, 2010 Hardware seria mais uma opção e acredito que este seja o motivo. Andei dando uma pesquisada, e não sei se encaixa no seu problema. Dê uma olhada no link abaixo. A opção de registrar a dll já foi feita pelo Automatic System Cleaner conforme mostra o log: Registering: zipfldr.dll Result=Success. http://translate.google.com.br/translate?hl=pt-BR&sl=en&u=http://techsalsa.com/solve-explorerexe-consuming-100-cpu-resources/&ei=0RBkTJahAYiluAf217CJCQ&sa=X&oi=translate&ct=result&resnum=10&ved=0CEgQ7gEwCTgK&prev=/search%3Fq%3Dexplorer.exe%2Bconsumindo%2Bcpu%26start%3D10%26hl%3Dpt-BR%26sa%3DN%26prmd%3Ddf http://translate.google.com.br/translate?hl=pt-BR&langpair=en|pt&u=http://en.kioskea.net/faq/813-windows-xp-explorer-exe-is-using-the-cpu-at-99-or-100 Outro achado foi: 1. Ctrl-Alt-Del para abrir o Gerenciador de Tarefas. 2. Clique em Arquivo Nova Tarefa | (run). 3. Digite regedit na caixa Executar e clique em OK. 4. Navegue até a seguinte chave do Registro: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options 5. Sob esta chave haverão subchaves chamada explorer.exe e iexplorer.exe. Exclua as chaves do explorer e iexplorer totalmente. 6. Feche o Regedit e reinicie o computador. Compartilhar este post Link para o post Compartilhar em outros sites
Oseias19 0 Denunciar post Postado Agosto 13, 2010 Certo ja estou efetuando os procedimentos, espero que de certo , quando terminar volto para dar a resposta, até mais. :joia: Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Agosto 13, 2010 Certo ja estou efetuando os procedimentos, espero que de certo , quando terminar volto para dar a resposta, até mais. :joia: Caso ocorra algum problema após estas mudanças no registro, você poderá recuperar as configurações anteriores. Para isso... *Abra a pasta C:\Windows\ERDNT\11-08-2010 *Execute o ERDNT.exe *Clique [OK] > [OK] > [sim] *O PC será reiniciado. Compartilhar este post Link para o post Compartilhar em outros sites
Oseias19 0 Denunciar post Postado Agosto 13, 2010 Apos ter feito os procedimentos citados acima e de reiniciar o pc, o problema ainda persiste. Se Depois de um Format C: o problema continuar, ai sim o problema pode ser de Hardware. Até mais, obrigado pelo otimo trabalho. ^_^ Wings,tenho uma vaga lembrança de que o problema começou depois que instalei uma atualização do windows que baixei em algum site, se for este mesmo o problema, voce saberia como desinstalar esta atualização? Até.. Compartilhar este post Link para o post Compartilhar em outros sites