Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Fábio Luis

[Resolvido] &nbspAnálise de log - pc lento em alguns momentos

Recommended Posts

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 02:10:37, on 30/10/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\LSI SoftModem\agrsmsvc.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\Mam3Pan.Exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Hijack This\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ipefae.org.br/novo/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [Mam3Pan] Mam3Pan.Exe

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: McAfee Security Scan Plus.lnk = ?

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehCef.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Arquivos de programas\LSI SoftModem\agrsmsvc.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Arquivos de programas\McAfee Security Scan\2.0.181\McCHSvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

--

End of file - 6349 bytes

 

algum habilitado para verificar o log, por favor?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Fábio Luis

 

*Baixe o MalwareBytes Anti-malware e salve-o no desktop

 

*Instale o programa e aguarde a atualização

*O programa será aberto automaticamente

*Na aba [Verificação], selecione [Verificação completa]

*Clique [Verificar] e selecione a partição onde o Windows está instalado

*Ao finalizar o scan, clique [sIM] > [OK] > [Ver Resultados]

*Clique [Remover Selecionados]

*Cole o relatório apresentado

Compartilhar este post


Link para o post
Compartilhar em outros sites

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Versão da Base de Dados: 5066

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

7/11/2010 14:18:42

mbam-log-2010-11-07 (14-18-42).txt

 

Tipo de Verificação: Verificação Completa (C:\|D:\|)

Objetos escaneados: 193203

Tempo decorrido: 47 minuto(s), 30 segundo(s)

 

Processos de Memória Infectados: 0

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 1

Valores de Registro Infectados: 0

Itens de Dados no Registro Infectados: 1

Pastas Infectadas: 0

Arquivos Infectados: 1

 

Processos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Chaves de Registro Infectadas:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

 

Valores de Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Itens de Dados no Registro Infectados:

HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

 

Pastas Infectadas:

(Não foram detectados ítens maliciosos)

 

Arquivos Infectados:

C:\Documents and Settings\Fábio\Configurações locais\Temp\jar_cache5146006609018077038.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Fábio Luis

 

*Desative seu antivírus temporariamente

Clique com o botão direito do mouse no ícone do Avira ao lado do relógio

Clique na opção "Antivir Guard enable".

*Baixe o RSIT e salve-o no desktop

*Execute o RSIT e clique [Continue]

*Cole o relatório C:\rsit\log.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ola, segue o log:

 

Logfile of random's system information tool 1.08 (written by random/random)

Run by Fábio at 2010-11-16 16:01:01

Microsoft Windows XP Professional Service Pack 3

System drive C: has 24 GB (63%) free of 38 GB

Total RAM: 959 MB (69% free)

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 16:01:22, on 16/11/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\LSI SoftModem\agrsmsvc.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\Mam3Pan.Exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Documents and Settings\Fábio\Desktop\RSIT.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Arquivos de programas\trend micro\Fábio.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ipefae.org.br/novo/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [Mam3Pan] Mam3Pan.Exe

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehCef.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Arquivos de programas\LSI SoftModem\agrsmsvc.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

--

End of file - 5905 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\DriverEasy Scheduled Scan.job

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

C:\WINDOWS\tasks\User_Feed_Synchronization-{63C6ABF0-E980-41E6-AE91-02C38EDD5FE0}.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Auxiliar de Conexão do Windows Live - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540003}]

GbIehObj Class - C:\Arquivos de programas\GbPlugin\gbiehcef.dll [2010-09-21 333768]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll [2010-01-24 41760]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-01-24 79648]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"VTTimer"=C:\WINDOWS\system32\VTTimer.exe [2006-09-14 53248]

"Mam3Pan"=C:\WINDOWS\system32\Mam3Pan.Exe [2007-09-05 839680]

"avgnt"=C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe [2010-08-02 281768]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe [2010-09-21 932288]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck]

C:\Arquivos de programas\VIA\VIAudioi\SBADeck\ADeck.exe [2007-08-09 528384]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^McAfee Security Scan Plus.lnk]

C:\ARQUIV~1\MCAFEE~1\20DEB9~1.181\SSSCHE~1.EXE []

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginCef]

C:\Arquivos de programas\GbPlugin\gbiehCef.dll [2010-09-21 333768]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399003}"=C:\Arquivos de programas\GbPlugin\gbiehcef.dll [2010-09-21 333768]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=323

"NoDriveAutoRun"=67108863

"NoDrives"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=323

"HonorAutoRunSetting"=1

"NoDriveAutoRun"=67108863

"NoDrives"=0

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe"="C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Arquivos de programas\Winamp\winamp.exe"="C:\Arquivos de programas\Winamp\winamp.exe:*:Enabled:Winamp"

"C:\Arquivos de programas\eMule\emule.exe"="C:\Arquivos de programas\eMule\emule.exe:*:Enabled:eMule"

"C:\Arquivos de programas\NetMeeting\conf.exe"="C:\Arquivos de programas\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®"

"C:\WINDOWS\system32\rtcshare.exe"="C:\WINDOWS\system32\rtcshare.exe:*:Enabled:Compartilhamento de aplicativo RTC"

"C:\Arquivos de programas\Google\Google Talk\googletalk.exe"="C:\Arquivos de programas\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"

"C:\Playlist\pgm\Playlist.exe"="C:\Playlist\pgm\Playlist.exe:*:Enabled:Playlist Digital."

"C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe"="C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"

"C:\Arquivos de programas\Megacubo\megacubo.exe"="C:\Arquivos de programas\Megacubo\megacubo.exe:*:Enabled:MegaCubo"

"C:\Arquivos de programas\Google\Google Earth\plugin\geplugin.exe"="C:\Arquivos de programas\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth"

"C:\Arquivos de programas\Skype\Phone\Skype.exe"="C:\Arquivos de programas\Skype\Phone\Skype.exe:*:Enabled:Skype"

"C:\Arquivos de programas\uTorrent\uTorrent.exe"="C:\Arquivos de programas\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe"="C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

 

======List of files/folders created in the last 1 months======

 

2010-11-16 16:01:01 ----D---- C:\rsit

2010-11-16 16:01:01 ----D---- C:\Arquivos de programas\trend micro

2010-11-13 11:23:10 ----D---- C:\Documents and Settings\Fábio\Dados de aplicativos\Avira

2010-11-12 16:25:10 ----D---- C:\Arquivos de programas\uTorrent

2010-11-12 16:24:22 ----D---- C:\Documents and Settings\Fábio\Dados de aplicativos\uTorrent

2010-11-12 14:35:03 ----D---- C:\Arquivos de programas\WorldUnlock Codes Calculator

2010-11-10 01:00:46 ----SHD---- C:\RECYCLER

2010-11-10 00:56:51 ----A---- C:\ComboFix.txt

2010-11-10 00:51:32 ----A---- C:\Boot.bak

2010-11-10 00:51:28 ----RASHD---- C:\cmdcons

2010-11-10 00:50:02 ----A---- C:\WINDOWS\zip.exe

2010-11-10 00:50:02 ----A---- C:\WINDOWS\SWXCACLS.exe

2010-11-10 00:50:02 ----A---- C:\WINDOWS\SWSC.exe

2010-11-10 00:50:02 ----A---- C:\WINDOWS\SWREG.exe

2010-11-10 00:50:02 ----A---- C:\WINDOWS\sed.exe

2010-11-10 00:50:02 ----A---- C:\WINDOWS\PEV.exe

2010-11-10 00:50:02 ----A---- C:\WINDOWS\NIRCMD.exe

2010-11-10 00:50:02 ----A---- C:\WINDOWS\MBR.exe

2010-11-10 00:50:02 ----A---- C:\WINDOWS\grep.exe

2010-11-10 00:49:56 ----D---- C:\WINDOWS\ERDNT

2010-11-10 00:49:36 ----D---- C:\Qoobox

2010-11-08 00:30:28 ----D---- C:\LinhaDefensiva

2010-11-07 18:08:37 ----ASH---- C:\hiberfil.sys

2010-11-07 13:25:16 ----D---- C:\Documents and Settings\Fábio\Dados de aplicativos\Malwarebytes

2010-11-07 13:24:58 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2010-11-07 13:24:55 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes

2010-11-07 13:24:54 ----D---- C:\Arquivos de programas\Malwarebytes' Anti-Malware

2010-11-07 13:24:54 ----A---- C:\WINDOWS\system32\drivers\mbam.sys

2010-10-30 02:07:41 ----D---- C:\Hijack This

2010-10-29 12:02:29 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\McAfee

2010-10-17 23:35:46 ----D---- C:\Documents and Settings\Fábio\Dados de aplicativos\Google

 

======List of files/folders modified in the last 1 months======

 

2010-11-16 16:01:05 ----D---- C:\WINDOWS\Prefetch

2010-11-16 16:01:01 ----D---- C:\Arquivos de programas

2010-11-16 15:48:38 ----D---- C:\WINDOWS\Temp

2010-11-16 15:48:05 ----D---- C:\WINDOWS\system32\CatRoot2

2010-11-16 15:47:24 ----AD---- C:\WINDOWS\system32\drivers

2010-11-16 12:52:24 ----A---- C:\WINDOWS\SchedLgU.Txt

2010-11-16 08:20:15 ----SHD---- C:\WINDOWS\Installer

2010-11-16 08:20:15 ----RSD---- C:\WINDOWS\assembly

2010-11-16 08:20:15 ----D---- C:\Config.Msi

2010-11-12 17:46:41 ----D---- C:\WINDOWS

2010-11-12 17:11:01 ----D---- C:\WINDOWS\Debug

2010-11-11 19:57:05 ----A---- C:\WINDOWS\NeroDigital.ini

2010-11-11 12:26:10 ----A---- C:\WINDOWS\system32\MRT.exe

2010-11-10 00:55:19 ----N---- C:\WINDOWS\system.ini

2010-11-10 00:55:13 ----D---- C:\WINDOWS\system32\drivers\etc

2010-11-10 00:54:58 ----D---- C:\WINDOWS\system32

2010-11-10 00:53:52 ----D---- C:\WINDOWS\AppPatch

2010-11-10 00:53:48 ----D---- C:\Arquivos de programas\Arquivos comuns

2010-11-10 00:51:32 ----RASH---- C:\boot.ini

2010-11-07 14:21:59 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$

2010-11-04 18:01:11 ----D---- C:\WINDOWS\pss

2010-11-04 15:38:38 ----D---- C:\Documents and Settings\Fábio\Dados de aplicativos\Skype

2010-11-04 15:36:28 ----D---- C:\Documents and Settings\Fábio\Dados de aplicativos\skypePM

2010-10-29 20:58:50 ----HD---- C:\WINDOWS\inf

2010-10-29 11:58:55 ----D---- C:\Arquivos de programas\Mozilla Firefox

2010-10-25 13:00:09 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2010-10-25 13:00:06 ----D---- C:\Arquivos de programas\GbPlugin

2010-10-20 19:54:14 ----SHD---- C:\WINDOWS\CSC

2010-10-18 11:50:50 ----SD---- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft

2010-10-17 23:35:30 ----D---- C:\Arquivos de programas\Google

2010-10-17 23:33:49 ----SD---- C:\WINDOWS\Tasks

2010-10-17 01:11:36 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R0 gagp30kx;Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms; C:\WINDOWS\system32\DRIVERS\gagp30kx.sys [2008-04-13 46464]

R0 GbpKm;Gbp KernelMode; C:\WINDOWS\system32\drivers\gbpkm.sys [2010-09-21 45128]

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-19 36864]

R1 Asapi;Asapi; C:\WINDOWS\system32\drivers\Asapi.sys [2002-04-17 11264]

R1 avgio;avgio; \??\C:\Arquivos de programas\Avira\AntiVir Desktop\avgio.sys []

R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-08-02 126856]

R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520]

R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-08-02 60936]

R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2009-07-09 1161696]

R3 AV88BASE;Cx2388x Base Driver; C:\WINDOWS\system32\drivers\av88base.sys [2007-01-31 422656]

R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2009-06-16 46592]

R3 MAM3_01;Service for ESI MAYA44 1; C:\WINDOWS\system32\drivers\Mam3Wdm.sys [2007-09-05 22912]

R3 MAM3_AA;Service for ESI MAYA44 Audio Driver (EWDM); C:\WINDOWS\system32\drivers\Mam3.sys [2007-09-05 28800]

R3 SoC PC-Camera Service;SoC PC-Camera; C:\WINDOWS\system32\DRIVERS\pfc027.sys [2004-03-24 138396]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]

R3 viagfx;viagfx; C:\WINDOWS\system32\DRIVERS\vtmini.sys [2007-04-28 283904]

R3 VIAudio;Vinyl AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\vinyl97.sys [2007-06-27 207488]

S2 CX23880;Conexant 23880 Video Capture; C:\WINDOWS\system32\drivers\cx88vid.sys [2006-06-07 257152]

S3 catchme;catchme; \??\C:\DOCUME~1\FBIO~1\CONFIG~1\Temp\catchme.sys []

S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]

S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM); C:\WINDOWS\system32\DRIVERS\vrtaucbl.sys [2006-05-22 45568]

S3 EuMusDesignVirtualAudioCableWdm_lcs;Breakaway Pipeline (WDM); C:\WINDOWS\system32\DRIVERS\vaclcskd.sys [2009-06-14 48096]

S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]

S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-12 49664]

S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-12 16496]

S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-12 21568]

S3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys []

S3 MPE;Filtro BDA MPE; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]

S3 MSTEE;Conversor em T entre locais de fluxo contínuo Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]

S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]

S3 NdisIP;Conexão de TV e vídeo da Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]

S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]

S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Arquivos de programas\LSI SoftModem\agrsmsvc.exe [2009-03-27 14336]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe [2010-08-02 135336]

R2 AntiVirService;Avira AntiVir Guard; C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe [2010-08-02 267944]

R2 GbpSv;Gbp Service; C:\ARQUIV~1\GbPlugin\GbpSv.exe [2010-09-21 54728]

R2 JavaQuickStarterService;Java Quick Starter; C:\Arquivos de programas\Java\jre6\bin\jqs.exe [2010-01-24 153376]

R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]

S2 gupdate;Google Update Service (gupdate); C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [2010-10-17 136176]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]

S3 ose;Office Source Engine; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S3 WMPNetworkSvc;Serviço de Compartilhamento de Rede do Windows Media Player; C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe [2006-11-02 914944]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

 

-----------------EOF-----------------

Compartilhar este post


Link para o post
Compartilhar em outros sites

OK...o log está limpo.

 

1.

*Delete o RSIT e a pasta C:\rsit

 

2.

*Baixe o ATF Cleaner e salve-o no desktop

*Execute o ATF-Cleaner

*Selecione:

[X] Select All

*Clique em [Empty Selected]

*Clique em [Exit] ou no [X] para sair do programa

 

3.

*Baixe e instale o CCleaner

*Clique [Executar Limpeza]

*Clique [Registro] > [Procurar erros] > [Corrigir Erros Selecionados] > [Corrigir Todos os Erros Selecionados]

 

 

Um abraço.

Compartilhar este post


Link para o post
Compartilhar em outros sites

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.