como faço pro RSIT scanear a D? ele só faz scan da C:
Remoção de vírus
- Iniciador de Tópicos Mr.Wolf
- Data de Início
como faço pro RSIT scanear a D? ele só faz scan da C:
Meu computador está c/o vírus Win32/Alman
Alguém poderia me ajudar a removê-lo . Aqui está o log(acho que é esse o nome). Veja
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:07:18, on 18/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\Arquivos de programas\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\SupportAppXL\cdrom_mon.exe
C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe
C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe
C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe
C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Arquivos de programas\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\ARQUIV~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Ganso\scktsrvr.exe
C:\Arquivos de programas\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\ARQUIV~1\AVG\AVG8\avgemc.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe
C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe
C:\ARQUIV~1\AVG\AVG8\avgtray.exe
C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\System32\alg.exe
C:\Arquivos de programas\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\Arquivos de programas\UltraVNC\winvnc.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe
C:\Ganso\Ganso.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Ganso\GansoServer.exe
C:\Arquivos de programas\Windows Media Player\wmplayer.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\AVG\AVG8\avgui.exe
C:\Arquivos de programas\AVG\AVG8\avgscanx.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.uol.com.br/
R3 - URLSearchHook: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Arquivos de programas\Best_Security_Tips\tbBes1.dll
R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Arquivos de programas\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
R3 - URLSearchHook: SpeedBitPlus Toolbar - {60270dc7-9ea0-472f-9b77-66652c06246e} - C:\Arquivos de programas\SpeedBitPlus\tbSpe1.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Arquivos de programas\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SpeedBitPlus Toolbar - {60270dc7-9ea0-472f-9b77-66652c06246e} - C:\Arquivos de programas\SpeedBitPlus\tbSpe1.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll
O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Arquivos de programas\HP\Smart Web Printing\SmartWebPrinting.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GBPLUGIN\gbieh.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdm2.dll
O2 - BHO: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Arquivos de programas\Best_Security_Tips\tbBes1.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Arquivos de programas\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Arquivos de programas\Best_Security_Tips\tbBes1.dll
O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Arquivos de programas\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: SpeedBitPlus Toolbar - {60270dc7-9ea0-472f-9b77-66652c06246e} - C:\Arquivos de programas\SpeedBitPlus\tbSpe1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1292428093-1580436667-725345543-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-1292428093-1580436667-725345543-1005\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Run Server as application.lnk = C:\Arquivos de programas\UltraVNC\winvnc.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Baixar com o FDM - file://C:\Arquivos de programas\Free Download Manager\dllink.htm
O8 - Extra context menu item: Baixar tudo com o FDM - file://C:\Arquivos de programas\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selecionado pelo FDM - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{12145406-E46F-4A0F-97B8-7CAC1ABCE142}: NameServer = 10.1.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{12145406-E46F-4A0F-97B8-7CAC1ABCE142}: NameServer = 10.1.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{12145406-E46F-4A0F-97B8-7CAC1ABCE142}: NameServer = 10.1.1.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GBPLUGIN\gbieh.dll
O20 - Winlogon Notify: __GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autorun CDROM Monitor - Unknown owner - C:\WINDOWS\system32\SupportAppXL\cdrom_mon.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Borland Socket Server (SocketServer) - Borland Software Corporation - C:\Ganso\scktsrvr.exe
--
End of file - 13139 bytes
-----------Obrigado,
José Antunes
Alguém poderia me ajudar a removê-lo . Aqui está o log(acho que é esse o nome). Veja
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:07:18, on 18/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\Arquivos de programas\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\SupportAppXL\cdrom_mon.exe
C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe
C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe
C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe
C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Arquivos de programas\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\ARQUIV~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Ganso\scktsrvr.exe
C:\Arquivos de programas\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\ARQUIV~1\AVG\AVG8\avgemc.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe
C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe
C:\ARQUIV~1\AVG\AVG8\avgtray.exe
C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\System32\alg.exe
C:\Arquivos de programas\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\Arquivos de programas\UltraVNC\winvnc.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe
C:\Ganso\Ganso.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Ganso\GansoServer.exe
C:\Arquivos de programas\Windows Media Player\wmplayer.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\AVG\AVG8\avgui.exe
C:\Arquivos de programas\AVG\AVG8\avgscanx.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.uol.com.br/
R3 - URLSearchHook: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Arquivos de programas\Best_Security_Tips\tbBes1.dll
R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Arquivos de programas\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
R3 - URLSearchHook: SpeedBitPlus Toolbar - {60270dc7-9ea0-472f-9b77-66652c06246e} - C:\Arquivos de programas\SpeedBitPlus\tbSpe1.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Arquivos de programas\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SpeedBitPlus Toolbar - {60270dc7-9ea0-472f-9b77-66652c06246e} - C:\Arquivos de programas\SpeedBitPlus\tbSpe1.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll
O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Arquivos de programas\HP\Smart Web Printing\SmartWebPrinting.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GBPLUGIN\gbieh.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdm2.dll
O2 - BHO: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Arquivos de programas\Best_Security_Tips\tbBes1.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Arquivos de programas\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Arquivos de programas\Best_Security_Tips\tbBes1.dll
O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Arquivos de programas\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: SpeedBitPlus Toolbar - {60270dc7-9ea0-472f-9b77-66652c06246e} - C:\Arquivos de programas\SpeedBitPlus\tbSpe1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1292428093-1580436667-725345543-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-1292428093-1580436667-725345543-1005\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Run Server as application.lnk = C:\Arquivos de programas\UltraVNC\winvnc.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Baixar com o FDM - file://C:\Arquivos de programas\Free Download Manager\dllink.htm
O8 - Extra context menu item: Baixar tudo com o FDM - file://C:\Arquivos de programas\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selecionado pelo FDM - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{12145406-E46F-4A0F-97B8-7CAC1ABCE142}: NameServer = 10.1.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{12145406-E46F-4A0F-97B8-7CAC1ABCE142}: NameServer = 10.1.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{12145406-E46F-4A0F-97B8-7CAC1ABCE142}: NameServer = 10.1.1.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GBPLUGIN\gbieh.dll
O20 - Winlogon Notify: __GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autorun CDROM Monitor - Unknown owner - C:\WINDOWS\system32\SupportAppXL\cdrom_mon.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Borland Socket Server (SocketServer) - Borland Software Corporation - C:\Ganso\scktsrvr.exe
--
End of file - 13139 bytes
-----------Obrigado,
José Antunes
Eae
Meu antivirus, o Kaspersky 8 achou esses virus aqui, e não consegue remover:
C:\Program Files\Java\jre1.0.6_03\bin\java.exe
C:\Program Files\Java\jre1.0.6_05\bin\java.exe
Flash9e.ocx
Flash9.ocx
Flash8.ocx
Não sei se tem jeito de tratar, se remover talves estrague mais o Windows. me ajudem ae. EheHeHe
Meu antivirus, o Kaspersky 8 achou esses virus aqui, e não consegue remover:
C:\Program Files\Java\jre1.0.6_03\bin\java.exe
C:\Program Files\Java\jre1.0.6_05\bin\java.exe
Flash9e.ocx
Flash9.ocx
Flash8.ocx
Não sei se tem jeito de tratar, se remover talves estrague mais o Windows. me ajudem ae. EheHeHe
J.Antunes desinstale a ASK Toolbar e todas as outras Toolbar que você tiver instalado.
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Arquivos de programas\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
E baixe esta ferramenta para remover o virus http://free.avg.com/virus-removal.ndi-67799
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Arquivos de programas\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
E baixe esta ferramenta para remover o virus http://free.avg.com/virus-removal.ndi-67799
Bom dia wolf, gostaria que desse uma olhada no meu log de novo, agradeço 
Logfile of HijackThis v1.99.1
Scan saved at 14:11:42, on 18/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Telefonica\Speedy\SATUF.exe
C:\WINDOWS\vsnpstd.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Windows Media Player\wmplayer.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\MSN Messenger\msnmsgr.exe
C:\Arquivos de programas\MSN Messenger\usnsvc.exe
C:\Documents and Settings\Diego\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [C6501Sound] RunDll32 c6501.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [tspuf] C:\Arquivos de programas\Telefonica\Speedy\SATUF.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [amd_dc_opt] C:\Arquivos de programas\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100
O17 - HKLM\System\CCS\Services\Tcpip\..\{34E99F57-A806-434F-B7F1-3046A2A220FB}: NameServer = 200.204.0.10 200.204.0.138
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Scan saved at 14:11:42, on 18/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Telefonica\Speedy\SATUF.exe
C:\WINDOWS\vsnpstd.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Windows Media Player\wmplayer.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\MSN Messenger\msnmsgr.exe
C:\Arquivos de programas\MSN Messenger\usnsvc.exe
C:\Documents and Settings\Diego\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [C6501Sound] RunDll32 c6501.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [tspuf] C:\Arquivos de programas\Telefonica\Speedy\SATUF.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [amd_dc_opt] C:\Arquivos de programas\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100
O17 - HKLM\System\CCS\Services\Tcpip\..\{34E99F57-A806-434F-B7F1-3046A2A220FB}: NameServer = 200.204.0.10 200.204.0.138
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
No firewall do Windows, na aba Avançado, clique em Restaurar Padrões.
Se o cara está invadindo seu computador, verifique se não há um usuário criado para tal. Você executou algum programa que esse 'amigo' te mandou?.
Bom dia wolf, gostaria que desse uma olhada no meu log de novo, agradeço
Logfile of HijackThis v1.99.1
Scan saved at 14:11:42, on 18/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Telefonica\Speedy\SATUF.exe
C:\WINDOWS\vsnpstd.exe (camera)
C:\WINDOWS\system32\RUNDLL32.EXE
C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Windows Media Player\wmplayer.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\MSN Messenger\msnmsgr.exe
C:\Arquivos de programas\MSN Messenger\usnsvc.exe
C:\Documents and Settings\Diego\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [C6501Sound] RunDll32 c6501.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [tspuf] C:\Arquivos de programas\Telefonica\Speedy\SATUF.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [amd_dc_opt] C:\Arquivos de programas\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100
O17 - HKLM\System\CCS\Services\Tcpip\..\{34E99F57-A806-434F-B7F1-3046A2A220FB}: NameServer = 200.204.0.10 200.204.0.138
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Aparentemente limpo.
obrigado!!!!!!!
Ele não me mandou nada,ele esta tentando.
luisednardo siga as instruções.
____________________________________________________________
JosMilanga, salve o RSIT no HD D: e faça um scan lá.
____________________________________________________________
WyM, não é possível que o Kaspersky detectou tantos falsos-positivos assim. Todos os arquivos estão nos locais corretos e são legítmos. :huh:
Porém, pode ser o PoliP StInGEr. Não exclua estes arquivos de forma alguma WyM. Mande-os apenas para a quarentena do Kaspersky, sem removê-los, deixe-os lá!
- Baixe o McAfee AVERT Stinger e salve no desktop;
OBS: É importante que salve-a no desktop (área de trabalho).
Dê um duplo clique no ícone do Stinger e clique em Scan Now. Aguarde que o exame seja feito e completado.
Depois que o Stinger acabar, reinicie o PC e aperte F8 intermitentemente. No menu escolha: Modo Seguro sem rede. Faça um scan com seu anti vírus Kaspersky novamente. Veja se ele irá detectar ainda os mesmos arquivos.
Reinicie o PC normalmente, poste um log do HijackThis aqui WyM.
Delete a pasta Qoobox em C: e o arquivo ComboFix.txt. Delete a ferramenta AD-Fix.
Copie o texto abaixo e cole-o no bloco de notas. Salve no desktop como CFScript.txt
Arraste o CFScript para o ComboFix como na imagem aqui abaixo e aguarde a execução automática da ferramenta:
● Se for solicitado à você, pressione Enter para iniciar o processo de remoção;
● Não use o mouse nem o teclado quando o ComboFix estiver rodando;
● Quando terminar, será gerado um novo log que estará em C:\ComboFix.txt;
● seu computador será reiniciado automaticamente;
Na sua próxima resposta, cole o ComboFix.txt e um novo log do HijackThis.
Copie o texto abaixo e cole-o no bloco de notas. Salve no desktop como CFScript.txt
Código:
KillAll::
File::
c:\windows\system32\kamsoft.exe
c:\windows\system32\gasretyw0.dll
c:\windows\system32\ckvo0.VIR002
c:\windows\system32\ckvo0.VIR000
c:\windows\system32\ckvo0.VIR001
c:\windows\system32\ckvo0.VIR
C:\sq.com
C:\sqmnoopt03.sqm
C:\sqmdata03.sqm
C:\sqmnoopt04.sqm
C:\sqmdata04.sqm
C:\sqmnoopt02.sqm
C:\sqmdata02.sqm
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{432d60b8-a477-11dd-8a5e-001d7dfcbda6}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86ac2e70-9259-11dd-8a13-001d7dfcbda6}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{87915025-9658-11dd-8a24-001d7dfcbda6}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b8eced66-aa24-11dd-8a7a-001d7dfcbda6}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c74aa0b4-af7d-11dd-8a94-001d7dfcbda6}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c7eb7e16-9b74-11dd-8a36-001d7dfcbda6}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da3b9e31-939f-11dd-8a18-001d7dfcbda6}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eb9974c3-9229-11dd-8a0c-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fa54211c-924d-11dd-8a12-001d7dfcbda6}]Arraste o CFScript para o ComboFix como na imagem aqui abaixo e aguarde a execução automática da ferramenta:
● Se for solicitado à você, pressione Enter para iniciar o processo de remoção;
● Não use o mouse nem o teclado quando o ComboFix estiver rodando;
● Quando terminar, será gerado um novo log que estará em C:\ComboFix.txt;
● seu computador será reiniciado automaticamente;
Na sua próxima resposta, cole o ComboFix.txt e um novo log do HijackThis.
____________________________________________________________
JosMilanga, salve o RSIT no HD D: e faça um scan lá.
____________________________________________________________
WyM, não é possível que o Kaspersky detectou tantos falsos-positivos assim. Todos os arquivos estão nos locais corretos e são legítmos. :huh:
Porém, pode ser o PoliP StInGEr. Não exclua estes arquivos de forma alguma WyM. Mande-os apenas para a quarentena do Kaspersky, sem removê-los, deixe-os lá!
- Baixe o McAfee AVERT Stinger e salve no desktop;
OBS: É importante que salve-a no desktop (área de trabalho).
Dê um duplo clique no ícone do Stinger e clique em Scan Now. Aguarde que o exame seja feito e completado.
Depois que o Stinger acabar, reinicie o PC e aperte F8 intermitentemente. No menu escolha: Modo Seguro sem rede. Faça um scan com seu anti vírus Kaspersky novamente. Veja se ele irá detectar ainda os mesmos arquivos.
Reinicie o PC normalmente, poste um log do HijackThis aqui WyM.
Amigo 110, recomendaria que colocasse um firewall de terceiros aí rapidinho meu amigo.
110 acesse o site aqui abaixo:
https://www.grc.com/x/ne.dll?bh0bkyd2
Clique em Proceed > Continuar. Clique em All Service Ports e aguarde. Quanto terminar clique no botão Text Summary (um pouco mais abaixo da página. Copie o log da outra página e cole-o aqui.
Após isto, acesse novamente o site acima, e ao invés de escolher All Service Ports, escolha Common Ports e faça a mesma coisa que acima.
Poste os dois logs aqui 110.
Segue os logs Mr.Wolf:
All service ports:
Common ports:
Qual firewall free voce me recomenda Mr.Wolf?
All service ports:
GRC Port Authority Report created on UTC: 2008-11-18 at 19:09:21
Results from scan of ports: 0-1055
0 Ports Open
1048 Ports Closed
8 Ports Stealth
---------------------
1056 Ports Tested
NO PORTS were found to be OPEN.
Ports found to be STEALTH were: 21, 23, 25, 69, 80, 135, 139,
161
Other than what is listed above, all ports are CLOSED.
TruStealth: FAILED - NOT all tested ports were STEALTH,
- NO unsolicited packets were received,
- A PING REPLY (ICMP Echo) WAS RECEIVED.
Results from scan of ports: 0-1055
0 Ports Open
1048 Ports Closed
8 Ports Stealth
---------------------
1056 Ports Tested
NO PORTS were found to be OPEN.
Ports found to be STEALTH were: 21, 23, 25, 69, 80, 135, 139,
161
Other than what is listed above, all ports are CLOSED.
TruStealth: FAILED - NOT all tested ports were STEALTH,
- NO unsolicited packets were received,
- A PING REPLY (ICMP Echo) WAS RECEIVED.
----------------------------------------------------------------------
GRC Port Authority Report created on UTC: 2008-11-18 at 19:11:20
Results from scan of ports: 0, 21-23, 25, 79, 80, 110, 113,
119, 135, 139, 143, 389, 443, 445,
1002, 1024-1030, 1720, 5000
0 Ports Open
20 Ports Closed
6 Ports Stealth
---------------------
26 Ports Tested
NO PORTS were found to be OPEN.
Ports found to be STEALTH were: 21, 23, 25, 80, 135, 139
Other than what is listed above, all ports are CLOSED.
TruStealth: FAILED - NOT all tested ports were STEALTH,
- NO unsolicited packets were received,
- A PING REPLY (ICMP Echo) WAS RECEIVED.
GRC Port Authority Report created on UTC: 2008-11-18 at 19:11:20
Results from scan of ports: 0, 21-23, 25, 79, 80, 110, 113,
119, 135, 139, 143, 389, 443, 445,
1002, 1024-1030, 1720, 5000
0 Ports Open
20 Ports Closed
6 Ports Stealth
---------------------
26 Ports Tested
NO PORTS were found to be OPEN.
Ports found to be STEALTH were: 21, 23, 25, 80, 135, 139
Other than what is listed above, all ports are CLOSED.
TruStealth: FAILED - NOT all tested ports were STEALTH,
- NO unsolicited packets were received,
- A PING REPLY (ICMP Echo) WAS RECEIVED.
Qual firewall free voce me recomenda Mr.Wolf?
110, preocupante. Veja a informação do All Service Ports (todas as portas do firewall):
Common Ports (portas comuns utilizadas pelo firewall):
O que seriam portas fechadas e escondidas?
Quando as portas do firewall estão fechadas tudo bem, ninguém conseguirá acesso, pois estão fechadas. Porém, se existir um cracker qualquer na rede que queira hackear alguém, verá suas portas na rede, pois estão fechadas, mas não escondidas.
Quando as portas se encontram escondidas, elas estão fechadas e ao mesmo tempo camufladas na rede. O cracker não as verá ali na rede para tentar entrar em seu sistema. Por isso à preferência é de que as portas estejam escondidas.
Entretanto, como joga, deve abrir portas no firewall. Creio que seja por isso que deu este resultado. Mas como sempre digo aqui, o firewall do Windows é básico, quase nada. Analisa apenas as informações de entrada, mas o que estã saindo de seu sistema ele não está "nem aí". Vamos supor que suas informações estejam sendo enviadas à um domínio malicioso. O firewall do Windows não bloqueará, e muito menos lhe alertará disso.
Bem, os free que eu considero os melhores são estes acima 110.
A maioria das portas (1048) estão fechadas (Closed). Deveriam estar escondidas (Stealth) que são apenas 8.
Common Ports (portas comuns utilizadas pelo firewall):
Também a maioria das portas estão fechadas.
O que seriam portas fechadas e escondidas?
Quando as portas do firewall estão fechadas tudo bem, ninguém conseguirá acesso, pois estão fechadas. Porém, se existir um cracker qualquer na rede que queira hackear alguém, verá suas portas na rede, pois estão fechadas, mas não escondidas.
Quando as portas se encontram escondidas, elas estão fechadas e ao mesmo tempo camufladas na rede. O cracker não as verá ali na rede para tentar entrar em seu sistema. Por isso à preferência é de que as portas estejam escondidas.
Entretanto, como joga, deve abrir portas no firewall. Creio que seja por isso que deu este resultado. Mas como sempre digo aqui, o firewall do Windows é básico, quase nada. Analisa apenas as informações de entrada, mas o que estã saindo de seu sistema ele não está "nem aí". Vamos supor que suas informações estejam sendo enviadas à um domínio malicioso. O firewall do Windows não bloqueará, e muito menos lhe alertará disso.
O melhor firewall que existe, e já comprovado, é o Comodo Firewall Pro 110, além de ser free também. Porém, existe o Zone Alarm free e pago que é o Pro (só que o pago está com promoção de 1 ano grátis). Tem também o Online Armor que é excelente, porém, bem complicado de configurá-lo.
Bem, os free que eu considero os melhores são estes acima 110.
Estamos aí 110.
Caso instale um firewall de terceiros, não esqueça que antes de instalá-lo, deve desativar o do Windows primeiramente.
E caso realmente instale um, verifique o resultado novamente no site que lhe passei como estarão as portas. Ou se quiser postar o resultado aqui fique à vontade.
Aliás, qual antivirus utiliza 110? Caso utilize o Kaspersky, sugeria que não instalasse o Comodo. Pois eles são incompatíveis em alguns sistemas.
Desculpe Mr,
na pressa esqueci de deletar as pastas, mas aqui estão os logs
na pressa esqueci de deletar as pastas, mas aqui estão os logs
Logfile of HijackThis v1.99.1
Scan saved at 18:16:13, on 18/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\sm56hlpr.exe
C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe
C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\hijackthis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Arquivos de programas\myBabylon_English\tbmyBa.dll
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll
O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Arquivos de programas\myBabylon_English\tbmyBa.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll
O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Arquivos de programas\myBabylon_English\tbmyBa.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Babylon Client] C:\Arquivos de programas\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Arquivos de programas\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [TABS] Tabbed Browsing
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
Scan saved at 18:16:13, on 18/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\sm56hlpr.exe
C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe
C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\hijackthis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Arquivos de programas\myBabylon_English\tbmyBa.dll
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll
O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Arquivos de programas\myBabylon_English\tbmyBa.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll
O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Arquivos de programas\myBabylon_English\tbmyBa.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Babylon Client] C:\Arquivos de programas\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Arquivos de programas\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [TABS] Tabbed Browsing
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
ComboFix 08-11-16.05 - Robério 2008-11-18 18:07:58.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.620 [GMT -2:00]
Executando de: c:\documents and settings\Robério\Desktop\ComboFix.exe
Comandos utilizados :: c:\documents and settings\Robério\Desktop\CFScript.txt
* Criado um novo ponto de restauro
ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADA !!
FILE ::
C:\sq.com
C:\sqmdata02.sqm
C:\sqmdata03.sqm
C:\sqmdata04.sqm
C:\sqmnoopt02.sqm
C:\sqmnoopt03.sqm
C:\sqmnoopt04.sqm
c:\windows\system32\ckvo0.VIR
c:\windows\system32\ckvo0.VIR000
c:\windows\system32\ckvo0.VIR001
c:\windows\system32\ckvo0.VIR002
c:\windows\system32\gasretyw0.dll
c:\windows\system32\kamsoft.exe
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\sq.com
C:\sqmdata02.sqm
C:\sqmdata03.sqm
C:\sqmdata04.sqm
C:\sqmnoopt02.sqm
C:\sqmnoopt03.sqm
C:\sqmnoopt04.sqm
c:\windows\system32\ckvo0.VIR
c:\windows\system32\ckvo0.VIR000
c:\windows\system32\ckvo0.VIR001
c:\windows\system32\ckvo0.VIR002
c:\windows\system32\gasretyw0.dll
c:\windows\system32\kamsoft.exe
.
(((((((((((((((( Arquivos/Ficheiros criados de 2008-10-18 to 2008-11-18 ))))))))))))))))))))))))))))
.
2008-11-18 04:54 . 2007-02-09 10:26 184,320 --a------ c:\windows\system32\delnext.exe
2008-11-18 04:54 . 2004-05-05 09:40 16,384 --a------ c:\windows\system32\restart.exe
2008-11-17 23:24 . 2008-11-17 23:25 <DIR> d-------- C:\hijackthis
2008-11-17 23:23 . 2008-11-17 23:23 212,849 --a------ C:\hijackthis.zip
2008-11-17 23:11 . 2001-09-05 23:27 18,176 --a------ c:\windows\system32\drivers\sermouse.sys
2008-11-17 23:11 . 2001-09-05 23:27 18,176 --a--c--- c:\windows\system32\dllcache\sermouse.sys
2008-11-12 18:51 . 2008-10-24 09:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-10 17:53 . 2008-11-10 17:53 2,306,113 --a------ c:\windows\system32\GPhotos.scr
2008-11-10 11:44 . 2008-11-11 03:08 <DIR> d-------- c:\documents and settings\Robério\Dados de aplicativos\Babylon
2008-11-10 11:44 . 2008-11-13 15:55 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Babylon
2008-11-10 11:44 . 2008-11-10 11:44 <DIR> d-------- c:\arquivos de programas\myBabylon_English
2008-11-10 11:44 . 2008-11-10 11:44 <DIR> d-------- c:\arquivos de programas\Conduit
2008-11-10 11:44 . 2008-11-10 11:44 <DIR> d-------- c:\arquivos de programas\Babylon
2008-10-28 12:50 . 2008-10-28 12:50 <DIR> d-------- c:\documents and settings\Robério\Dados de aplicativos\ArcSoft
2008-10-28 11:57 . 2008-11-01 22:29 739 --a------ c:\windows\STImgBrowser.INI
2008-10-28 11:53 . 1995-07-31 13:44 212,480 --a------ c:\windows\PCDLIB32.DLL
2008-10-28 11:53 . 2001-11-02 15:06 163,840 --a------ c:\windows\system32\PhotoImpression Screen Saver.scr
2008-10-28 11:52 . 2008-10-28 11:52 <DIR> d-------- c:\arquivos de programas\ArcSoft
2008-10-28 11:51 . 2008-10-28 11:51 <DIR> d-------- c:\arquivos de programas\directx
2008-10-24 13:49 . 2008-10-24 13:49 56,579 --a------ C:\Apresentação4.pdf
2008-10-24 13:47 . 2008-10-24 13:47 <DIR> d-------- c:\windows\system32\psconv
2008-10-24 13:47 . 2008-10-24 13:47 <DIR> d-------- c:\arquivos de programas\psconvert
2008-10-24 13:47 . 2001-10-29 01:42 116,224 --a------ c:\windows\system32\pdfmonnt.dll
2008-10-24 13:47 . 2008-10-24 13:47 164 --a------ c:\windows\system32\psconv.ini
2008-10-24 12:59 . 1998-06-24 00:00 609,584 --a------ c:\windows\system32\COMCTL32.OCX
2008-10-24 12:48 . 2008-10-24 12:50 34 --a------ C:\pdfinfo.ini
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-08 11:29 --------- d-----w c:\arquivos de programas\Arquivos comuns\Adobe
2008-11-02 00:29 --------- d-----w c:\arquivos de programas\DivX
2008-10-28 13:52 --------- d--h--w c:\arquivos de programas\InstallShield Installation Information
2008-10-28 13:50 --------- d-----w c:\arquivos de programas\Arquivos comuns\InstallShield
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 20:25 --------- d-----w c:\documents and settings\Robério\Dados de aplicativos\Ahead
2008-10-17 21:54 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\NCH Swift Sound
2008-10-17 21:54 --------- d-----w c:\arquivos de programas\NCH Swift Sound
2008-10-17 21:46 --------- d-----w c:\documents and settings\Robério\Dados de aplicativos\NCH Swift Sound
2008-10-17 21:39 --------- d-----w c:\arquivos de programas\NCH Software
2008-10-16 16:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 16:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 16:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 16:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 16:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 16:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 16:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 16:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-12 18:46 --------- d-----w c:\arquivos de programas\Google
2008-10-06 18:10 --------- d-----w c:\documents and settings\Robério\Dados de aplicativos\DivX
2008-10-06 18:04 --------- d-----w c:\arquivos de programas\IZArc
2008-10-06 13:15 --------- d-----w c:\arquivos de programas\Real Alternative
2008-10-06 12:58 --------- d-----w c:\arquivos de programas\SMPlayer
2008-10-05 19:58 --------- d-----w c:\arquivos de programas\MSXML 4.0
2008-10-05 02:47 --------- d-----w c:\documents and settings\Robério\Dados de aplicativos\Media Player Classic
2008-10-04 19:28 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\SlySoft
2008-10-04 19:28 --------- d-----w c:\arquivos de programas\SlySoft
2008-10-04 19:27 --------- d-----w c:\arquivos de programas\Elaborate Bytes
2008-10-04 19:24 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Nero
2008-10-04 19:24 --------- d-----w c:\arquivos de programas\Nero
2008-10-04 19:24 --------- d-----w c:\arquivos de programas\Arquivos comuns\Ahead
2008-10-04 19:19 --------- d-----w c:\arquivos de programas\Windows Media Connect 2
2008-10-04 19:13 --------- d-----w c:\arquivos de programas\MSN Messenger
2008-10-04 19:10 --------- d-----w c:\documents and settings\Robério\Dados de aplicativos\InstallShield
2008-10-04 19:10 --------- d-----w c:\arquivos de programas\Realtek
2008-10-04 18:59 --------- d-----w c:\arquivos de programas\Mobile Partner
2008-10-04 18:57 --------- d-----w c:\arquivos de programas\Intel
2008-10-04 18:44 --------- d-----w c:\arquivos de programas\microsoft frontpage
2008-10-04 18:43 --------- d-----w c:\arquivos de programas\Serviços on-line
2008-10-04 18:42 --------- d-----w c:\arquivos de programas\Arquivos comuns\Serviços
2008-09-30 18:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 15:26 1,846,528 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:15 1,307,648 ----a-w c:\windows\system32\msxml6.dll
2008-09-04 17:16 1,106,944 ----a-w c:\windows\system32\msxml3.dll
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\arquivos de programas\myBabylon_English\tbmyBa.dll" [2008-08-20 1780248]
[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
2008-08-20 23:03 1780248 --a------ c:\arquivos de programas\myBabylon_English\tbmyBa.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\arquivos de programas\myBabylon_English\tbmyBa.dll" [2008-08-20 1780248]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}"= "c:\arquivos de programas\myBabylon_English\tbmyBa.dll" [2008-08-20 1780248]
[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"AnyDVD"="c:\arquivos de programas\SlySoft\AnyDVD\AnyDVDtray.exe" [2008-05-13 2091968]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-10-06 171448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SMSERIAL"="c:\windows\sm56hlpr.exe" [2006-04-05 565248]
"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Babylon Client"="c:\arquivos de programas\Babylon\Babylon-Pro\Babylon.exe" [2008-09-28 3565280]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2008-05-09 c:\windows\system32\advpack.dll]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=
"c:\\Arquivos de programas\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-18 18:10:30
Windows 5.1.2600 Service Pack 3 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros/arquivos ocultos ...
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
**************************************************************************
.
------------------------ Outros Processos em Execução ------------------------
.
c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Tempo para conclusão: 2008-11-18 18:14:46 - Máquina reiniciou
ComboFix-quarantined-files.txt 2008-11-18 20:14:26
ComboFix2.txt 2008-11-18 07:46:37
Pré-execução: 11 pasta(s) 146.020.409.344 bytes disponíveis
Pós execução: 11 pasta(s) 146,015,805,440 bytes disponíveis
184 --- E O F --- 2008-11-13 01:08:02
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.620 [GMT -2:00]
Executando de: c:\documents and settings\Robério\Desktop\ComboFix.exe
Comandos utilizados :: c:\documents and settings\Robério\Desktop\CFScript.txt
* Criado um novo ponto de restauro
ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADA !!
FILE ::
C:\sq.com
C:\sqmdata02.sqm
C:\sqmdata03.sqm
C:\sqmdata04.sqm
C:\sqmnoopt02.sqm
C:\sqmnoopt03.sqm
C:\sqmnoopt04.sqm
c:\windows\system32\ckvo0.VIR
c:\windows\system32\ckvo0.VIR000
c:\windows\system32\ckvo0.VIR001
c:\windows\system32\ckvo0.VIR002
c:\windows\system32\gasretyw0.dll
c:\windows\system32\kamsoft.exe
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\sq.com
C:\sqmdata02.sqm
C:\sqmdata03.sqm
C:\sqmdata04.sqm
C:\sqmnoopt02.sqm
C:\sqmnoopt03.sqm
C:\sqmnoopt04.sqm
c:\windows\system32\ckvo0.VIR
c:\windows\system32\ckvo0.VIR000
c:\windows\system32\ckvo0.VIR001
c:\windows\system32\ckvo0.VIR002
c:\windows\system32\gasretyw0.dll
c:\windows\system32\kamsoft.exe
.
(((((((((((((((( Arquivos/Ficheiros criados de 2008-10-18 to 2008-11-18 ))))))))))))))))))))))))))))
.
2008-11-18 04:54 . 2007-02-09 10:26 184,320 --a------ c:\windows\system32\delnext.exe
2008-11-18 04:54 . 2004-05-05 09:40 16,384 --a------ c:\windows\system32\restart.exe
2008-11-17 23:24 . 2008-11-17 23:25 <DIR> d-------- C:\hijackthis
2008-11-17 23:23 . 2008-11-17 23:23 212,849 --a------ C:\hijackthis.zip
2008-11-17 23:11 . 2001-09-05 23:27 18,176 --a------ c:\windows\system32\drivers\sermouse.sys
2008-11-17 23:11 . 2001-09-05 23:27 18,176 --a--c--- c:\windows\system32\dllcache\sermouse.sys
2008-11-12 18:51 . 2008-10-24 09:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-10 17:53 . 2008-11-10 17:53 2,306,113 --a------ c:\windows\system32\GPhotos.scr
2008-11-10 11:44 . 2008-11-11 03:08 <DIR> d-------- c:\documents and settings\Robério\Dados de aplicativos\Babylon
2008-11-10 11:44 . 2008-11-13 15:55 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Babylon
2008-11-10 11:44 . 2008-11-10 11:44 <DIR> d-------- c:\arquivos de programas\myBabylon_English
2008-11-10 11:44 . 2008-11-10 11:44 <DIR> d-------- c:\arquivos de programas\Conduit
2008-11-10 11:44 . 2008-11-10 11:44 <DIR> d-------- c:\arquivos de programas\Babylon
2008-10-28 12:50 . 2008-10-28 12:50 <DIR> d-------- c:\documents and settings\Robério\Dados de aplicativos\ArcSoft
2008-10-28 11:57 . 2008-11-01 22:29 739 --a------ c:\windows\STImgBrowser.INI
2008-10-28 11:53 . 1995-07-31 13:44 212,480 --a------ c:\windows\PCDLIB32.DLL
2008-10-28 11:53 . 2001-11-02 15:06 163,840 --a------ c:\windows\system32\PhotoImpression Screen Saver.scr
2008-10-28 11:52 . 2008-10-28 11:52 <DIR> d-------- c:\arquivos de programas\ArcSoft
2008-10-28 11:51 . 2008-10-28 11:51 <DIR> d-------- c:\arquivos de programas\directx
2008-10-24 13:49 . 2008-10-24 13:49 56,579 --a------ C:\Apresentação4.pdf
2008-10-24 13:47 . 2008-10-24 13:47 <DIR> d-------- c:\windows\system32\psconv
2008-10-24 13:47 . 2008-10-24 13:47 <DIR> d-------- c:\arquivos de programas\psconvert
2008-10-24 13:47 . 2001-10-29 01:42 116,224 --a------ c:\windows\system32\pdfmonnt.dll
2008-10-24 13:47 . 2008-10-24 13:47 164 --a------ c:\windows\system32\psconv.ini
2008-10-24 12:59 . 1998-06-24 00:00 609,584 --a------ c:\windows\system32\COMCTL32.OCX
2008-10-24 12:48 . 2008-10-24 12:50 34 --a------ C:\pdfinfo.ini
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-08 11:29 --------- d-----w c:\arquivos de programas\Arquivos comuns\Adobe
2008-11-02 00:29 --------- d-----w c:\arquivos de programas\DivX
2008-10-28 13:52 --------- d--h--w c:\arquivos de programas\InstallShield Installation Information
2008-10-28 13:50 --------- d-----w c:\arquivos de programas\Arquivos comuns\InstallShield
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 20:25 --------- d-----w c:\documents and settings\Robério\Dados de aplicativos\Ahead
2008-10-17 21:54 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\NCH Swift Sound
2008-10-17 21:54 --------- d-----w c:\arquivos de programas\NCH Swift Sound
2008-10-17 21:46 --------- d-----w c:\documents and settings\Robério\Dados de aplicativos\NCH Swift Sound
2008-10-17 21:39 --------- d-----w c:\arquivos de programas\NCH Software
2008-10-16 16:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 16:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 16:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 16:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 16:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 16:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 16:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 16:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-12 18:46 --------- d-----w c:\arquivos de programas\Google
2008-10-06 18:10 --------- d-----w c:\documents and settings\Robério\Dados de aplicativos\DivX
2008-10-06 18:04 --------- d-----w c:\arquivos de programas\IZArc
2008-10-06 13:15 --------- d-----w c:\arquivos de programas\Real Alternative
2008-10-06 12:58 --------- d-----w c:\arquivos de programas\SMPlayer
2008-10-05 19:58 --------- d-----w c:\arquivos de programas\MSXML 4.0
2008-10-05 02:47 --------- d-----w c:\documents and settings\Robério\Dados de aplicativos\Media Player Classic
2008-10-04 19:28 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\SlySoft
2008-10-04 19:28 --------- d-----w c:\arquivos de programas\SlySoft
2008-10-04 19:27 --------- d-----w c:\arquivos de programas\Elaborate Bytes
2008-10-04 19:24 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Nero
2008-10-04 19:24 --------- d-----w c:\arquivos de programas\Nero
2008-10-04 19:24 --------- d-----w c:\arquivos de programas\Arquivos comuns\Ahead
2008-10-04 19:19 --------- d-----w c:\arquivos de programas\Windows Media Connect 2
2008-10-04 19:13 --------- d-----w c:\arquivos de programas\MSN Messenger
2008-10-04 19:10 --------- d-----w c:\documents and settings\Robério\Dados de aplicativos\InstallShield
2008-10-04 19:10 --------- d-----w c:\arquivos de programas\Realtek
2008-10-04 18:59 --------- d-----w c:\arquivos de programas\Mobile Partner
2008-10-04 18:57 --------- d-----w c:\arquivos de programas\Intel
2008-10-04 18:44 --------- d-----w c:\arquivos de programas\microsoft frontpage
2008-10-04 18:43 --------- d-----w c:\arquivos de programas\Serviços on-line
2008-10-04 18:42 --------- d-----w c:\arquivos de programas\Arquivos comuns\Serviços
2008-09-30 18:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 15:26 1,846,528 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:15 1,307,648 ----a-w c:\windows\system32\msxml6.dll
2008-09-04 17:16 1,106,944 ----a-w c:\windows\system32\msxml3.dll
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\arquivos de programas\myBabylon_English\tbmyBa.dll" [2008-08-20 1780248]
[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
2008-08-20 23:03 1780248 --a------ c:\arquivos de programas\myBabylon_English\tbmyBa.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\arquivos de programas\myBabylon_English\tbmyBa.dll" [2008-08-20 1780248]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}"= "c:\arquivos de programas\myBabylon_English\tbmyBa.dll" [2008-08-20 1780248]
[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"AnyDVD"="c:\arquivos de programas\SlySoft\AnyDVD\AnyDVDtray.exe" [2008-05-13 2091968]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-10-06 171448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SMSERIAL"="c:\windows\sm56hlpr.exe" [2006-04-05 565248]
"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Babylon Client"="c:\arquivos de programas\Babylon\Babylon-Pro\Babylon.exe" [2008-09-28 3565280]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2008-05-09 c:\windows\system32\advpack.dll]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=
"c:\\Arquivos de programas\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-18 18:10:30
Windows 5.1.2600 Service Pack 3 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros/arquivos ocultos ...
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
**************************************************************************
.
------------------------ Outros Processos em Execução ------------------------
.
c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Tempo para conclusão: 2008-11-18 18:14:46 - Máquina reiniciou
ComboFix-quarantined-files.txt 2008-11-18 20:14:26
ComboFix2.txt 2008-11-18 07:46:37
Pré-execução: 11 pasta(s) 146.020.409.344 bytes disponíveis
Pós execução: 11 pasta(s) 146,015,805,440 bytes disponíveis
184 --- E O F --- 2008-11-13 01:08:02
luisednardo, vá em Iniciar > Executar, digite: combofix /u e tecle Enter. Remova as pastas Qoobox, ComboFix e o arquivo ComboFix.txt em C:.
Execute o HijackThis e clique no botão Open the Misc Tools Section. Clique em Open ADS Spy. Desmarque as duas opções abaixo:
Quick scan (Windows base folder only) e Ignore safe system info streams.
Marque apenas a opção Calculate MD5 checksum os streams e clique no botão Scan. Aguarde luisednardo.
Após terminar o scan, caso seja encontrado algo, selecione todos os itens e clique no botão Remove selected.
Clique em Save log e salve o log como adsspy.txt na pasta Meus Documentos.
Poste este log em sua próxima resposta luisednardo.
Uma pergunta: Por acaso a tela do monitor está piscando, seja do nada, seja ao abrir algum aplicativo, ao iniciar o Windows, etc... luisednardo?
Execute o HijackThis e clique no botão Open the Misc Tools Section. Clique em Open ADS Spy. Desmarque as duas opções abaixo:
Quick scan (Windows base folder only) e Ignore safe system info streams.
Marque apenas a opção Calculate MD5 checksum os streams e clique no botão Scan. Aguarde luisednardo.
Após terminar o scan, caso seja encontrado algo, selecione todos os itens e clique no botão Remove selected.
Clique em Save log e salve o log como adsspy.txt na pasta Meus Documentos.
Poste este log em sua próxima resposta luisednardo.
Uma pergunta: Por acaso a tela do monitor está piscando, seja do nada, seja ao abrir algum aplicativo, ao iniciar o Windows, etc... luisednardo?
Não é modem não amigo 110. Quer dizer, vocâ abriu alguma porta no modem também?
Só abri uma porta para o bitcomet(torrent).
110, creio que isso não tenha à ver com o resultado não. Mas quero verificar uma coisa, faça o seguinte 110.
Vá em Iniciar > Executar, digite cmd e tecle Enter. No prompt digite este comando abaixo e dê um Enter (com aspas, espaços e tudo, igualzinho abaixo):
netstat –an | find "12345"
Veja se aparecerá uma linha de comando com as seguintes características ou parecida:
TCP 0.0.0.0:12345 0.0.0.0:0 LISTENING
Depois ainda no prompt digite o comando abaixo e tecle Enter:
netstat –an | find "31337"
Veja se aparecerá uma linha de comando com as seguintes características ou parecida:
TCP 0.0.0.0:31337 0.0.0.0:0 LISTENING
Me diga aqui amigo 110.