Logo Hardware.com.br
eduardoi
eduardoi Novo Membro Registrado
38 Mensagens 0 Curtidas

[Resolvido] Uso de CPU 100%.

#1 Por eduardoi 23/12/2010 - 20:01
Bom, li em alguns fóruns que esse problema pode ser do sistema que nao esta gerenciando o processador corretamente.
não estou tendo problemas com superaquecimento, isso já foi resolvido,o problema é só o processador que fica em 100% de uso em tarefas extremamentes simples como rolar a pagina da internet, ou minimizar um janela.
Configuração:
AMD Athlon 64(tm) 3700+ 2.2 ghz
2gb 2 x 1 ddr 400 kingston
hd samsung 160gb sata
GeForce 8400gs 512mb
Windows xp SP3 mega lite

se precisarem de mais alguma coisa só falar.
ja procurei em outros topicos, nenhum resolveu (: porém ajudaram.
edit: colocando uma img dos processos
http://img5.imageshack.us/i/100hc.png/
Klash
Klash Highlander Registrado
9.2K Mensagens 763 Curtidas
#2 Por Klash
23/12/2010 - 20:27
__
1 - Limpe os contatos da(s) memória(s) RAM como uma borracha de preferência "Branca" e "Macia", limpe o cooler e passa pasta térmica no processador, isso pode ajudar com os travamentos e com as lentidez do computador.

2 - Desfragmente o disco, faz a limpeza do disco, use os programas Ccleaner, MV RegClean, MalwareBytes' anti-malware, superantispyware, Tune UP, Advanced System care e um antivírus.Diretório até "Desfragmentação de disco" e "Limpeza do disco".

Iniciar > Todos os Programas > Acessórios > Ferramentas do Sistema > "Desfragmentação do Disco" e "Limpeza do Disco".


Desabilite os programas sendo iniciados com o Windows.

Iniciar > Executar > msconfig > Inicializar > Desmarque todos os programas sendo iniciados e se quiser deixe só o anti-vírus habilitado.


Iniciar > Executar > Digite > chkdsk /f/r tecle [Enter], na janela que abriu, pressione [S] e tecle [Enter]. Reinicie o PC.
___________________

Possível vírus.

*Baixe o HiJackThis 2.0.4
http://www.baixaki.com.br/download/hijackthis.htm
*Execute-o;
*Clique em “Do a system scan save a logfile”;
*Cole o relatório gerado pelo HiJackThis.

Observação: Se for Windows Vista ou 7, clique com o botão direito no HiJackThis > Executar como Administrador.
eduardoi
eduardoi Novo Membro Registrado
38 Mensagens 0 Curtidas
#3 Por eduardoi
23/12/2010 - 20:33
Relatório do hijackthis 2.0.4 e vou fazer esse passo -> Iniciar > Executar > Digite > chkdsk /f/r tecle [Enter], na janela que abriu, pressione [S] e tecle [Enter]. Reinicie o PC.


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:31:19, on 23/12/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Arquivos de programas\Java\jre6\bin\jqs.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\wbem\wmiapsrv.exe
E:\WINDOWS\system32\wscntfy.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\RTHDCPL.EXE
E:\WINDOWS\PixArt\PAC7302\Monitor.exe
E:\WINDOWS\system32\RUNDLL32.EXE
E:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe
E:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
E:\Arquivos de programas\uTorrent\uTorrent.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Arquivos de programas\Orbitdownloader\orbitdm.exe
E:\Arquivos de programas\Orbitdownloader\orbitnet.exe
E:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
E:\Arquivos de programas\Internet Explorer\iexplore.exe
E:\Arquivos de programas\Internet Explorer\iexplore.exe
E:\WINDOWS\system32\taskmgr.exe
E:\Arquivos de programas\Internet Explorer\iexplore.exe
E:\Arquivos de programas\Internet Explorer\iexplore.exe
E:\Documents and Settings\Eduardo\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
E:\Documents and Settings\Eduardo\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
E:\Arquivos de programas\Internet Explorer\iexplore.exe
E:\Downloads\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - E:\Arquivos de programas\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - E:\Arquivos de programas\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PAC7302_Monitor] E:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast5] "E:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [msnmsgr] "E:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [uTorrent] "E:\Arquivos de programas\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: Orbit.lnk = E:\Arquivos de programas\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://E:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://E:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://E:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://E:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://E:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - E:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - E:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - E:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - E:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - E:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: CiSvc - Unknown owner - E:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: ClipSrv - Unknown owner - E:\WINDOWS\system32\clipsrv.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - E:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - E:\Arquivos de programas\Arquivos comuns\PCSuite\Services\ServiceLayer.exe
--
End of file - 7019 bytes
Klash
Klash Highlander Registrado
9.2K Mensagens 763 Curtidas
#4 Por Klash
23/12/2010 - 22:01
Abra o HiJackThis, clica em "Do a system scan only", selecione as entradas:

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O4 - HKLM\..\Run: [avast5] "E:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')


Clica em Fix Cheked.

___________________

*Baixe o MalwareBytes Anti-Malware.
http://www.malwarebytes.org/mbam.php
*Instale o aplicativo.
*Atualiza-o
*Clique em "Verificação completa".
*Quando terminar o scan, e algum "malware" for detectado, clique em "Exibir resultado", e depois clique em "remover selecionados".
*Abrirá um Relatório automático, Copia e cole aqui.
*Todas as infecções serão enviadas para quarentena, e alguns poderão exigir que faça a reinicialização do sistema.
eduardoi
eduardoi Novo Membro Registrado
38 Mensagens 0 Curtidas
#5 Por eduardoi
23/12/2010 - 23:20
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Versão da Base de Dados: 5363

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

23/12/2010 23:18:50
mbam-log-2010-12-23 (23-18-50).txt

Tipo de Verificação: Verificação Completa (D:\|E:\|)
Objetos escaneados: 192915
Tempo decorrido: 44 minuto(s), 21 segundo(s)

Processos de Memória Infectados: 0
Módulos de Memória Infectados: 0
Chaves de Registro Infectadas: 0
Valores de Registro Infectados: 0
Itens de Dados no Registro Infectados: 0
Pastas Infectadas: 0
Arquivos Infectados: 3

Processos de Memória Infectados:
(Não foram detectados ítens maliciosos)

Módulos de Memória Infectados:
(Não foram detectados ítens maliciosos)

Chaves de Registro Infectadas:
(Não foram detectados ítens maliciosos)

Valores de Registro Infectados:
(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Infectados:
(Não foram detectados ítens maliciosos)

Pastas Infectadas:
(Não foram detectados ítens maliciosos)

Arquivos Infectados:
d:\documentos\Eduardo\programas básicos\assitir video\Codecs\Bsplayer\KeyGen1\keygen.exe (Trojan.Dropper.PGen) -> Quarantined and deleted successfully.
d:\documentos\Eduardo\programas básicos\assitir video\Codecs\Bsplayer\KeyGen2\CR-BS241.EXE (Trojan.Dropper.PGen) -> Quarantined and deleted successfully.
d:\system volume information\_restore{075b274d-eb09-4f6f-a13b-44a06383b1bf}\RP34\A0009186.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
Klash
Klash Highlander Registrado
9.2K Mensagens 763 Curtidas
#6 Por Klash
23/12/2010 - 23:24
* Faça o download do ComboFix., salve-o no desktop:
http://rapidshare.com/files/417101573/ComboFix.exe
ou
http://www.easy-share.com/1912151986/ComboFix.exe

* Desative temporariamente o seu Anti vírus.
* Execute-o - Aceite o contrato.

Importante: enquanto o ComboFix estiver em execução, não use o mouse nem o teclado!!.
– O programa será fechado automaticamente. --

* Envie o relatório criado em C:\combofix.txt e um novo Log do hijackthis.
Andguitar
Andguitar Veterano Registrado
1.2K Mensagens 17 Curtidas
#11 Por Andguitar
23/12/2010 - 23:40
em cara olha so, vai no gerenciador de tarefas (ctrl+alt+del) e vai na aba processos e procure pelo carinha chamado csrcs, ele aumenta a 100% o processador, ele é um vírus que força o hardware que nem o processador, mas tomar cuidado pq tem um arquivo do windows que eh csrss que naum pode ser deletado, se vc achar esse tal de csrcs poste aqui que te mostro como eliminar abraço até mais!
Switches e Roteadores Cisco, Asterisk, Wifi Ubiquiti, Servidores Linux e Segurança em Cisco...
eduardoi
eduardoi Novo Membro Registrado
38 Mensagens 0 Curtidas
#12 Por eduardoi
24/12/2010 - 00:19
andguitar, isso nao deu certo, era virus mesmo (:

Log Combofix:
ComboFix 10-12-23.02 - Eduardo 24/12/2010 0:01.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2047.1710 [GMT -2:00]
Executando de: e:\downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
(((((((((((((((( Arquivos/Ficheiros criados de 2010-11-24 to 2010-12-24 ))))))))))))))))))))))))))))
.
2010-12-19 00:22 . 2010-12-24 01:46 -------- d-----w- E:\Downloads
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-06 00:21 . 2008-05-07 02:03 916480 ----a-w- e:\windows\system32\wininet.dll
2010-11-06 00:21 . 2008-05-07 02:02 43520 ----a-w- e:\windows\system32\licmgr10.dll
2010-11-06 00:21 . 2008-05-07 02:02 1469440 ----a-w- e:\windows\system32\inetcpl.cpl
2010-11-03 12:27 . 2008-05-07 02:02 385024 ----a-w- e:\windows\system32\html.iec
2010-11-02 15:17 . 2008-04-14 11:00 40960 ----a-w- e:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:09 . 2008-04-14 11:00 290048 ----a-w- e:\windows\system32\atmfd.dll
2010-10-26 13:58 . 2008-04-14 11:00 1853440 ----a-w- e:\windows\system32\win32k.sys
.
((((((((((((((((((((((((((((( [EMAIL="SnapShot@2010-12-22_23.23.34"]SnapShot@2010-12-22_23.23.34[/EMAIL] )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-12 02:02 . 2009-07-12 02:02 51008 e:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-12 02:02 . 2009-07-12 02:02 59728 e:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-12 02:02 . 2009-07-12 02:02 42832 e:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-12 02:02 . 2009-07-12 02:02 43344 e:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-12 02:02 . 2009-07-12 02:02 61264 e:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-12 02:02 . 2009-07-12 02:02 62800 e:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-12 02:02 . 2009-07-12 02:02 61760 e:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-12 02:02 . 2009-07-12 02:02 61776 e:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-12 02:02 . 2009-07-12 02:02 53568 e:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-12 02:02 . 2009-07-12 02:02 63296 e:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-12 02:02 . 2009-07-12 02:02 36688 e:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-12 02:02 . 2009-07-12 02:02 35648 e:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-12 02:05 . 2009-07-12 02:05 59904 e:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-12 02:05 . 2009-07-12 02:05 59904 e:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2010-12-24 02:00 . 2010-12-24 02:00 16384 e:\windows\Temp\Perflib_Perfdata_40c.dat
+ 2008-04-14 11:00 . 2010-12-23 21:44 77668 e:\windows\system32\perfc016.dat
- 2008-04-14 11:00 . 2010-12-22 01:37 77668 e:\windows\system32\perfc016.dat
+ 2008-04-14 11:00 . 2010-12-23 21:44 66178 e:\windows\system32\perfc009.dat
- 2008-04-14 11:00 . 2010-12-22 01:37 66178 e:\windows\system32\perfc009.dat
+ 2010-12-20 13:33 . 2010-12-20 20:09 38224 e:\windows\system32\drivers\mbamswissarmy.sys
- 2010-12-20 13:33 . 2010-04-29 17:39 38224 e:\windows\system32\drivers\mbamswissarmy.sys
+ 2010-12-20 13:33 . 2010-12-20 20:08 20952 e:\windows\system32\drivers\mbam.sys
- 2010-12-20 13:33 . 2010-04-29 17:39 20952 e:\windows\system32\drivers\mbam.sys
+ 2010-12-23 19:05 . 2010-09-07 13:52 46672 e:\windows\system32\drivers\aswTdi.sys
+ 2010-12-23 19:05 . 2010-09-07 13:47 23376 e:\windows\system32\drivers\aswRdr.sys
+ 2010-12-23 19:05 . 2010-09-07 13:47 94544 e:\windows\system32\drivers\aswmon.sys
+ 2010-12-23 19:05 . 2010-09-07 13:47 17744 e:\windows\system32\drivers\aswFsBlk.sys
+ 2010-12-23 19:05 . 2010-09-07 13:46 28880 e:\windows\system32\drivers\aavmker4.sys
+ 2010-12-23 19:04 . 2010-09-07 14:12 38848 e:\windows\avastSS.scr
+ 2009-07-12 02:02 . 2009-07-12 02:02 653120 e:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-12 02:02 . 2009-07-12 02:02 569664 e:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-12 02:05 . 2009-07-12 02:05 225280 e:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
- 2008-04-14 11:00 . 2010-12-22 01:37 465602 e:\windows\system32\perfh016.dat
+ 2008-04-14 11:00 . 2010-12-23 21:44 465602 e:\windows\system32\perfh016.dat
- 2008-04-14 11:00 . 2010-12-22 01:37 429982 e:\windows\system32\perfh009.dat
+ 2008-04-14 11:00 . 2010-12-23 21:44 429982 e:\windows\system32\perfh009.dat
- 2010-12-19 00:04 . 2010-12-19 00:04 233936 e:\windows\system32\Macromed\Flash\FlashUtil10l_Plugin.exe
+ 2010-12-19 00:04 . 2010-12-23 23:45 233936 e:\windows\system32\Macromed\Flash\FlashUtil10l_Plugin.exe
+ 2010-12-23 23:33 . 2010-12-23 23:33 233936 e:\windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe
- 2010-12-18 22:31 . 2010-12-18 22:31 233936 e:\windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe
+ 2010-12-23 23:33 . 2010-12-23 23:33 311248 e:\windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.dll
- 2010-12-18 22:31 . 2010-12-18 22:31 311248 e:\windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.dll
+ 2010-12-23 19:05 . 2010-09-07 13:52 165584 e:\windows\system32\drivers\aswSP.sys
+ 2010-12-23 19:05 . 2010-09-07 13:47 100176 e:\windows\system32\drivers\aswmon2.sys
+ 2010-12-23 19:04 . 2010-09-07 14:11 167592 e:\windows\system32\aswBoot.exe
+ 2010-12-23 19:05 . 2010-12-23 19:05 219648 e:\windows\Installer\11a859.msi
+ 2009-07-12 02:02 . 2009-07-12 02:02 3780424 e:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-12 02:02 . 2009-07-12 02:02 3765048 e:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
+ 2009-02-03 02:15 . 2010-12-23 23:45 5971408 e:\windows\system32\Macromed\Flash\NPSWF32.dll
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="e:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
"uTorrent"="e:\arquivos de programas\uTorrent\uTorrent.exe" [2010-12-20 396152]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-01-11 15961088]
"PAC7302_Monitor"="e:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"nwiz"="nwiz.exe" [2008-05-03 1630208]
"NvMediaCenter"="e:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"NvCplDaemon"="e:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"avast5"="e:\arquivos de programas\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="e:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2009-03-08 128512]
e:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\
Orbit.lnk - e:\arquivos de programas\Orbitdownloader\orbitdm.exe [2010-12-18 1835106]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Atualizador de licenças ESET.lnk]
path=e:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Atualizador de licenças ESET.lnk
backup=e:\windows\pss\Atualizador de licenças ESET.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 19:10 35696 ----a-w- e:\arquivos de programas\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- e:\arquivos de programas\DAEMON Tools Lite\DTLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-12-06 00:55 54832 ----a-w- e:\arquivos de programas\CyberLink\PowerDVD\Language\Language.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-05-03 03:16 13529088 ----a-w- e:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2006-11-23 17:10 56928 ------w- e:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-12-20 13:31 149280 ----a-w- e:\arquivos de programas\Java\jre6\bin\jusched.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"e:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"e:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"e:\\Arquivos de programas\\Pando Networks\\Media Booster\\PMB.exe"=
"e:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"=
"e:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"=
"e:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58763:TCP"= 58763:TCP:Pando Media Booster
"58763:UDP"= 58763:UDP:Pando Media Booster
R0 sptd;sptd;e:\windows\system32\drivers\sptd.sys [20/12/2010 22:04 691696]
R1 aswSP;aswSP;e:\windows\system32\drivers\aswSP.sys [23/12/2010 17:05 165584]
R2 aswFsBlk;aswFsBlk;e:\windows\system32\drivers\aswFsBlk.sys [23/12/2010 17:05 17744]
S3 epmntdrv;epmntdrv;e:\windows\system32\epmntdrv.sys [18/12/2010 20:32 13192]
S3 EuGdiDrv;EuGdiDrv;e:\windows\system32\EuGdiDrv.sys [18/12/2010 20:32 8456]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.google.com.br/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download by Orbit - e:\arquivos de programas\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - e:\arquivos de programas\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - e:\arquivos de programas\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - e:\arquivos de programas\Orbitdownloader\orbitmxt.dll/202
IE: E&xportar para o Microsoft Excel - e:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-24 00:11
Windows 5.1.2600 Service Pack 3 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros/arquivos ocultos ...
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
**************************************************************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@e:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="e:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•6~*]
"6140110900063D11C8EF10054038389C"="E?\\WINDOWS\\system32\\FM20ENU.DLL"
.
Tempo para conclusão: 2010-12-24 00:15:05
ComboFix-quarantined-files.txt 2010-12-24 02:15
ComboFix2.txt 2010-12-22 23:24
Pré-execução: 6 pasta(s) 23.484.973.056 bytes disponíveis
Pós execução: 7 pasta(s) 23.708.217.344 bytes disponíveis
WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 06E5929B45223A9329089CB51F8DAB2E




________________________________
O Brasil é o melhor país do mundo
Oque estraga eles são os brasileiros
eduardoi
eduardoi Novo Membro Registrado
38 Mensagens 0 Curtidas
#14 Por eduardoi
24/12/2010 - 00:23
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 00:22:07, on 24/12/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Arquivos de programas\Java\jre6\bin\jqs.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\wbem\wmiapsrv.exe
E:\WINDOWS\system32\wscntfy.exe
E:\WINDOWS\system32\notepad.exe
E:\WINDOWS\explorer.exe
E:\Arquivos de programas\Internet Explorer\iexplore.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Arquivos de programas\Internet Explorer\iexplore.exe
E:\WINDOWS\system32\taskmgr.exe
E:\Downloads\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - E:\Arquivos de programas\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - E:\Arquivos de programas\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PAC7302_Monitor] E:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast5] "E:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [msnmsgr] "E:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [uTorrent] "E:\Arquivos de programas\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: Orbit.lnk = E:\Arquivos de programas\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://E:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://E:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://E:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://E:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://E:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - E:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - E:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - E:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - E:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - E:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: CiSvc - Unknown owner - E:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: ClipSrv - Unknown owner - E:\WINDOWS\system32\clipsrv.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - E:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - E:\Arquivos de programas\Arquivos comuns\PCSuite\Services\ServiceLayer.exe
--
End of file - 6203 bytes
Klash
Klash Highlander Registrado
9.2K Mensagens 763 Curtidas
#15 Por Klash
24/12/2010 - 00:25
Log limpo.

→ Faça o download do wise registry cleaner:
http://www.baixaki.com.br/download/w...ry-cleaner.htm

→ Instale o aplicativo.(Não instale a Ask Toolbar)
→ Ao executá-lo selecione todas as opções a esquerda e clique em verificar.
→ Encontrando erros selecione todos(sem excessão) e clique em corrigir.

→ Faça o download do advanced system care:
http://www.baixaki.com.br/download/a...systemcare.htm

→ Instale o aplicativo e efetue uma limpeza e otimização no sistema.
© 1999-2025 Hardware.com.br. Todos os direitos reservados.
Imagem do Modal