Ir ao conteúdo
  • Cadastre-se
mmadruga

IE7 usando 100% cpu - LOG do HijackThis

Posts recomendados

Estou com um grande problema, e pelo que vi outras pessoas tb.

Quando inicio o IE7, depois de alguns minutos de uso ele trava e vejo que está consumindo 100% de cpu.

Vi aqui que algumas pessoas indicam a utilzação do HijackThis. Rodei e abaixo seguem os logs no modo normal e no modo de segurança. Não sei interpretá-los, por isto solicito ajuda do que fazer.

Desde já grato.

LOG MODO NORMAL

Logfile of HijackThis v1.99.1

Scan saved at 14:30:46, on 23/12/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

D:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

D:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

D:\WINDOWS\Explorer.EXE

D:\WINDOWS\system32\spoolsv.exe

D:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

D:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe

D:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

D:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

D:\Arquivos de programas\Comodo\Firewall\cfp.exe

D:\WINDOWS\system32\ctfmon.exe

D:\Arquivos de programas\VIA\RAID\raid_tool.exe

D:\Arquivos de programas\Comodo\Firewall\cmdagent.exe

D:\Arquivos de programas\PaperCut Print Logger\pcpl.exe

D:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PSIService.exe

D:\WINDOWS\system32\RioMSC.exe

D:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

D:\WINDOWS\System32\svchost.exe

D:\Arquivos de programas\Vono\Softfone Vono\System\Vono Manager.exe

D:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

D:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

D:\WINDOWS\System32\svchost.exe

D:\Arquivos de programas\MSN Messenger\usnsvc.exe

D:\Documents and Settings\Adriana e Maurício\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.click21.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [avast!] D:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [smapp] D:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe

O4 - HKLM\..\Run: [iSUSPM Startup] D:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "D:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [COMODO Firewall Pro] "D:\Arquivos de programas\Comodo\Firewall\cfp.exe" -s

O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "D:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [skype] "D:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - Global Startup: VIA RAID TOOL.lnk = D:\Arquivos de programas\VIA\RAID\raid_tool.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab

O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h30155.www3.hp.com/ediags/dd/instal...nosticsxp2k.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1188602290453

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: D:\WINDOWS\system32\guard32.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - D:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - D:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - D:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - D:\Arquivos de programas\Comodo\Firewall\cmdagent.exe

O23 - Service: Google Updater Service (gusvc) - Google - D:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: PaperCut Print Logger (PCPrintLogger) - Unknown owner - D:\Arquivos de programas\PaperCut Print Logger\pcpl.exe" PCPrintLogger (file missing)

O23 - Service: ProtexisLicensing - Unknown owner - D:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PSIService.exe

O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - D:\WINDOWS\system32\RioMSC.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - D:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Vono Manager (Vono_Manager) - Unknown owner - D:\Arquivos de programas\Vono\Softfone Vono\System\Vono Manager.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Segue o log.

Há alguma coisa:

Infected: not-a-virus:Monitor.Win32.KGBSpy.g skipped

Inno: infected - 2 skipped

Alguns objetos não foram verificados por estarem "locked". Normal ou podem estar escondendo algo?

Em tempo uso Comodo Firewall e Avast (sempre atualizados)

Sunday, January 06, 2008 7:11:13 PM

Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)

Kaspersky Online Scanner version: 5.0.98.0

Kaspersky Anti-Virus database last update: 6/01/2008

Kaspersky Anti-Virus database records: 503089

Scan Settings

Scan using the following antivirus database extended

Scan Archives true

Scan Mail Bases true

Scan Target My Computer

A:\

C:\

D:\

E:\

F:\

G:\

H:\

Scan Statistics

Total number of scanned objects 109157

Number of viruses found 2

Number of infected objects 3

Number of suspicious objects 0

Duration of the scan process 03:55:00

Infected Object Name Virus Name Last Action

C:\sti.log Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

D:\Arquivos de programas\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped

D:\Arquivos de programas\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped

D:\Arquivos de programas\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped

D:\Arquivos de programas\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped

D:\Arquivos de programas\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped

D:\Arquivos de programas\Alwil Software\Avast4\DATA\report\Proteção residente.txt Object is locked skipped

D:\Arquivos de programas\PaperCut Print Logger\papercut-logger.log Object is locked skipped

D:\Documents and Settings\Adriana e Maurício\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

D:\Documents and Settings\Adriana e Maurício\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

D:\Documents and Settings\Adriana e Maurício\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped

D:\Documents and Settings\Adriana e Maurício\Configurações locais\Histórico\History.IE5\MSHist012008010620080107\index.dat Object is locked skipped

D:\Documents and Settings\Adriana e Maurício\Configurações locais\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

D:\Documents and Settings\Adriana e Maurício\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

D:\Documents and Settings\Adriana e Maurício\Cookies\index.dat Object is locked skipped

D:\Documents and Settings\Adriana e Maurício\Dados de aplicativos\Vono\Vono\Log\Vono.log Object is locked skipped

D:\Documents and Settings\Adriana e Maurício\NTUSER.DAT Object is locked skipped

D:\Documents and Settings\Adriana e Maurício\NTUSER.DAT.LOG Object is locked skipped

D:\Documents and Settings\All Users\Dados de aplicativos\Comodo\Firewall Pro\cfplogdb.sdb Object is locked skipped

D:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

D:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

D:\Documents and Settings\LocalService\Configurações locais\Temp\Cookies\index.dat Object is locked skipped

D:\Documents and Settings\LocalService\Configurações locais\Temp\History\History.IE5\index.dat Object is locked skipped

D:\Documents and Settings\LocalService\Configurações locais\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

D:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

D:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

D:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

D:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

D:\Documents and Settings\NetworkService\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped

D:\Documents and Settings\NetworkService\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

D:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped

D:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

D:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

D:\System Volume Information\_restore{D568730E-632E-4856-A339-C51A5AEFF1E1}\RP244\A0062546.exe/file003 Infected: not-a-virus:Monitor.Win32.KGBSpy.g skipped

D:\System Volume Information\_restore{D568730E-632E-4856-A339-C51A5AEFF1E1}\RP244\A0062546.exe/file191 Infected: not-a-virus:Monitor.Win32.KGBSpy.i skipped

D:\System Volume Information\_restore{D568730E-632E-4856-A339-C51A5AEFF1E1}\RP244\A0062546.exe Inno: infected - 2 skipped

D:\System Volume Information\_restore{D568730E-632E-4856-A339-C51A5AEFF1E1}\RP253\change.log Object is locked skipped

D:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

D:\WINDOWS\S26698E04.tmp Object is locked skipped

D:\WINDOWS\SchedLgU.Txt Object is locked skipped

D:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

D:\WINDOWS\Sti_Trace.log Object is locked skipped

D:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

D:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

D:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped

D:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

D:\WINDOWS\system32\config\default Object is locked skipped

D:\WINDOWS\system32\config\default.LOG Object is locked skipped

D:\WINDOWS\system32\config\Internet.evt Object is locked skipped

D:\WINDOWS\system32\config\SAM Object is locked skipped

D:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

D:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

D:\WINDOWS\system32\config\SECURITY Object is locked skipped

D:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

D:\WINDOWS\system32\config\software Object is locked skipped

D:\WINDOWS\system32\config\software.LOG Object is locked skipped

D:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

D:\WINDOWS\system32\config\system Object is locked skipped

D:\WINDOWS\system32\config\system.LOG Object is locked skipped

D:\WINDOWS\system32\drivers\atapi.sys Object is locked skipped

D:\WINDOWS\system32\h323log.txt Object is locked skipped

D:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

D:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

D:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

D:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

D:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

D:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

D:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

D:\WINDOWS\Temp\Perflib_Perfdata_63c.dat Object is locked skipped

D:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped

D:\WINDOWS\wiadebug.log Object is locked skipped

D:\WINDOWS\wiaservc.log Object is locked skipped

D:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Compartilhar este post


Link para o post
Compartilhar em outros sites





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×
×
  • Criar novo...