Ir ao conteúdo
  • Cadastre-se

othon_16

Membros Plenos
  • Total de itens

    164
  • Registro em

  • Última visita

  • Qualificações

    0%

Reputação

0

Sobre othon_16

  • Data de Nascimento 16-04-1986 (33 anos)

Informações gerais

  • Cidade e Estado
    Fortaleza, CE
  1. Meus caros, Estou tendo um problema de conexão de rede Wireless neste router TP-Link WR541g/542g. Acabei de instalar um computador com Windows XP 64 bit e não conecta. Estou desconfiando que isso esteja sendo causado pela forma de encriptação da rede (que é WEP), mas não consigo entender porque outros computadores também com processadores 64 bit conseguem conectar. Tenho um netbook com Windows XP 32 bits que conecta à essa rede normalmente. O que posso fazer? Obrigado.
  2. Caros amigos, Estou tendo um problema com a montagem do meu netbook Philco. Percebi que a tela roçava na carcaça do netbook, e vi que a porquinha do parafuso do lado que está roçando caiu para dentro da placa-mãe. Estou tentando abri-lo, mas não consigo. Alguém sabe como abri-lo? Grato.
  3. Exatamente, tenho que programar o pHmetro para envio de dados, coisa que já está feita, falta somente o PC receber os dados. Vou testar o arquivo indicado, obrigado!
  4. Pessoal, Estou tentando comunicar um equipamento (medidor de pH) com entrada RS-232 ao computador, e estou tendo problemas quanto ao reconhecimento e aquisição de dados. O cabo que se faz para esse tipo de conexão é do tipo modem nulo, e consegui fazer a conexão entre o pHmetro e o PC, mas não consigo receber os dados do equipamento para o computador. Os programas que tentei só dizem que a conexão foi feita, mas não recebe os dados, e no próprio equipamento está configurado para enviar periodicamente os dados a cada segundo. Existe algum programa que faça o recebimento de dados enviados pelo equipamento? Obrigado.
  5. Meus caros, Seria possível rodar aplicativos 16 bits num Windows 7 Professional 64 bits? Trabalho com eletroquímica e os programas de interfaciamento dos equipamentos são 16 bits. Como eu uso o Seven Home Premium 64 bits, e meu notebook suporta virtuazliação de hardware, será que compensaria fazer uma atualização para o Professional para obter a virtualização de hardware, ou seja, eu poderia rodar aplicativos de 16 bits na versão Premium? Obrigado.
  6. Eu também estou tendo o mesmo problema, mas eu comprei uma memória Kingston exatamente igual àquela que estava instalada no meu PC (DDR2 533), e no Everest as configurações são iguaizinhas. Mostro anexo a tela do Everest mostrando o tipo de memória. Obrigado, Othon
  7. othon_16

    Dúvida

    Pessoal, Estou com dúvida se meu computador está infectado com vírus ou spyware, ele está muito lento e o NOD nem funciona. Segue log do Hijackthis para análise. Obrigado, Othon Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:36:37, on 24/3/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\PROGRA~1\GbPlugin\GbpSv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Acer\Empowering Technology\eLock\Monitor\LockMon.exe C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE C:\Acer\Empowering Technology\ePerformance\MemCheck.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Acer\Empowering Technology\eLock\LockServ.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\ALEXSA~1\LOCALS~1\Temp\Rar$EX03.438\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/ R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files\GbPlugin\gbieh.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe O4 - HKLM\..\Run: [eLockMonitor] C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Acer Empowering Technology.lnk = ? O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O20 - Winlogon Notify: GbPluginBb - C:\Program Files\GbPlugin\gbieh.dll O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LockServ - Unknown owner - C:\Acer\Empowering Technology\eLock\LockServ.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 8618 bytes
  8. Pessoal, o site do Banco do Brasil está muito esquisito. Notei que ele é possível entrar com qualquer valor de conta corrente e agência, e também qualquer valor da senha de 8 dígitos. Depois, aparece uma tela dizendo para colocar a senha do cartão. Desconfio que o meu computador esteja assim, pois perguntei a outras pessoas e eles não tiveram esse problema. O que devo fazer?
  9. Obrigado, José. Quanto à "Executar Limpeza", aparece um aviso dizendo que os arquivos do sistema serão apagados. Pode-se ignorar esse aviso?
  10. Log do ShowVundo ================================================= Relatório | BHOs, Winlogon Notify e AppInit_DLLs ================================================= AppInit_DLLs ------------------------------------------------- [Vazia] ------------------------------------------------- Authentication Packages ------------------------------------------------- [1] msv1_0 ------------------------------------------------- Security Providers ------------------------------------------------- msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll ------------------------------------------------- Explorer Execute Hooks ------------------------------------------------- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="shell32.dll" "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL" "{E37CB5F0-51F5-4395-A808-5FA49E399F83}"="C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll" ------------------------------------------------- Browser Helper Objects ------------------------------------------------- [HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\] Yahoo! Toolbar Helper | [indefinido] C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll [HKLM\SOFTWARE\Classes\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\] Facilitador de Leitor de Link Adobe PDF | [indefinido] C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [HKLM\SOFTWARE\Classes\CLSID\{2E3C3651-B19C-4DD9-A979-901EC3E930AF}\] ssh2 Class | [indefinido] C:\Arquivos de programas\Scpad\scpsssh2.dll [HKLM\SOFTWARE\Classes\CLSID\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\] BitComet Helper | [indefinido] C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.1.8.30.dll [HKLM\SOFTWARE\Classes\CLSID\{53707962-6F74-2D53-2644-206D7942484F}\] [indefinido] | [indefinido] C:\ARQUIV~1\SPYBOT~1\SDHelper.dll [HKLM\SOFTWARE\Classes\CLSID\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}\] [indefinido] | [indefinido] [indefinido] [HKLM\SOFTWARE\Classes\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\] Groove GFS Browser Helper | [indefinido] C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL [HKLM\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\] SSVHelper Class | [indefinido] C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll [HKLM\SOFTWARE\Classes\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\] Windows Live Sign-in Helper | [indefinido] C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [HKLM\SOFTWARE\Classes\CLSID\{C41A1C0E-EA6C-11D4-B1B8-444553540000}\] GbIehObj Class | G-Buster Browser Defense C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll [HKLM\SOFTWARE\Classes\CLSID\{EBBBA3BE-54EC-4896-863D-750DEADBA3D2}\] [indefinido] | [indefinido] [indefinido] ------------------------------------------------- Winlogon Notify ------------------------------------------------- [Padrão] crypt32chain : crypt32.dll [Padrão] cryptnet : cryptnet.dll [Padrão] cscdll : cscdll.dll [Nova] iifedbb : cscdll.dll [Nova] jkhhg : cscdll.dll [Padrão] ScCertProp : wlnotify.dll [Padrão] Schedule : wlnotify.dll [Padrão] sclgntfy : sclgntfy.dll [Padrão] SensLogn : WlNotify.dll [Padrão] termsrv : wlnotify.dll [Nova] WgaLogon : wlnotify.dll [Padrão] wlballoon : wlnotify.dll [Nova] xxyxutq : xxyxutq.dll [Nova] __GbPluginBb : C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll Esta NÃO É uma lista de arquivos maliciosos!
  11. Log do Combofix ======================================== ComboFix 07-12-21.4 - Administrador 2007-12-30 14:34:14.3 - NTFSx86 MINIMAL Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.795 [GMT -3:00] Executando de: C:\Documents and Settings\Administrador\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((( Outras Exclusäes ))))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . C:\WINDOWS\system32\awtutss.dll C:\WINDOWS\system32\awvvt.dll C:\WINDOWS\system32\buaqjyft.dll C:\WINDOWS\system32\cawmbpcx.dll C:\WINDOWS\system32\cpouqqmb.dll C:\WINDOWS\system32\ghhkj.bak1 C:\WINDOWS\system32\ghhkj.bak2 C:\WINDOWS\system32\ghhkj.ini2 C:\WINDOWS\system32\iifedbb.dll C:\WINDOWS\system32\kqpmqnwl.ini C:\WINDOWS\system32\lwnqmpqk.dll C:\WINDOWS\system32\nbkwwfns.dll C:\WINDOWS\system32\ooerbgby.dll C:\WINDOWS\system32\oxxgpckv.ini C:\WINDOWS\system32\oyerhomq.dll C:\WINDOWS\system32\pskill.exe C:\WINDOWS\system32\qmohreyo.ini C:\WINDOWS\system32\rpjipakn.dll C:\WINDOWS\system32\tvvwa.ini C:\WINDOWS\system32\tvvwa.ini2 C:\WINDOWS\system32\vkcpgxxo.dll C:\WINDOWS\system32\vtuutts.dll C:\WINDOWS\system32\xcpbmwac.ini . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_DOMAINSERVICE -------\DomainService ((((((((((((((((((((((( Ficheiros criados de 2007-11-28 to 2007-12-30 )))))))))))))))))))))))))))))))) . 2007-12-29 21:33 . 2007-12-29 21:33 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Lavasoft 2007-12-29 21:33 . 2007-12-29 21:33 <DIR> d-------- C:\Arquivos de programas\Lavasoft 2007-12-29 18:48 . 2007-12-29 18:30 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys 2007-12-29 18:30 . 2007-12-29 19:11 <DIR> d-------- C:\Documents and Settings\Administrador\.housecall6.6 2007-12-28 21:14 . 2007-12-28 21:14 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-12-28 21:14 . 2007-12-28 21:14 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab 2007-12-28 21:04 . 2007-12-28 23:13 <DIR> d-------- C:\Arquivos de programas\PrevxCSI 2007-12-28 18:25 . 2007-12-28 18:25 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Prevx 2007-12-28 18:24 . 2007-12-28 21:05 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\PrevxCSI 2007-12-28 16:51 . 2007-12-17 13:53 159,458 --a------ C:\WINDOWS\system32\nvapps.nvb 2007-12-28 16:50 . 2007-12-28 16:50 <DIR> d-------- C:\NVIDIA 2007-12-28 16:15 . 2007-12-29 10:39 <DIR> d-------- C:\VTPFiles 2007-12-28 16:10 . 2007-12-28 16:10 78,942 --a------ C:\WINDOWS\Icon_3.ico 2007-12-28 12:48 . 2007-12-28 12:48 78,942 --a------ C:\WINDOWS\Icon_2.ico 2007-12-28 11:19 . 2007-12-28 11:19 <DIR> d-------- C:\WINDOWS\system32\VITrans 2007-12-28 11:19 . 2006-12-03 17:15 111,104 --a------ C:\WINDOWS\system32\Uharc.exe 2007-12-28 11:19 . 2007-12-28 11:19 78,942 --a------ C:\WINDOWS\Icon_1.ico 2007-12-28 11:19 . 2006-12-03 17:15 19,968 --a------ C:\WINDOWS\system32\reico.exe 2007-12-28 11:19 . 2006-12-03 17:14 8,636 --a------ C:\WINDOWS\system32\modifype.exe 2007-12-28 11:05 . 2007-12-28 11:48 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy 2007-12-27 20:26 . 2007-12-27 20:26 <DIR> d-------- C:\Arquivos de programas\Alwil Software 2007-12-27 20:26 . 2007-12-04 10:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-12-27 20:26 . 2004-01-09 06:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx 2007-12-27 20:26 . 2007-12-04 09:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr 2007-12-27 20:26 . 2007-12-04 11:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-12-27 20:26 . 2007-12-04 11:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-12-27 20:26 . 2007-12-04 11:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-12-27 20:26 . 2007-12-04 11:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-12-27 20:26 . 2007-12-04 11:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-12-27 19:28 . 2007-12-27 19:28 108,330 --a------ C:\Documents and Settings\All Users\Dados de aplicativos\firstlsp.reg.dat 2007-12-27 18:56 . 2007-12-27 19:30 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Avira 2007-12-26 15:41 . 2007-12-26 15:41 280,128 --a------ C:\FlvPlayer_1.4.exe 2007-12-26 11:30 . 2007-12-27 17:58 1,031,551 ---hs---- C:\WINDOWS\system32\kvmaltym.ini 2007-12-22 22:26 . 2007-12-22 22:35 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\BVRP Software 2007-12-22 22:26 . 2007-12-22 22:35 <DIR> d-------- C:\Arquivos de programas\mobile PhoneTools 2007-12-22 21:32 . 2007-12-22 21:32 <DIR> d-------- C:\WINDOWS\all drivers 2007-12-22 18:07 . 2007-12-22 18:07 <DIR> d-------- C:\Arquivos de programas\GoldWave 2007-12-22 18:07 . 2007-12-29 19:23 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2007-12-22 18:07 . 2007-12-22 18:07 1,409 --a------ C:\WINDOWS\QTFont.for 2007-12-22 17:46 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys 2007-12-22 17:46 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys 2007-12-22 17:25 . 2004-08-03 23:08 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys 2007-12-22 17:25 . 2004-08-03 23:08 25,600 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys 2007-12-19 19:01 . 2007-12-19 19:01 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Apple 2007-12-19 19:01 . 2007-12-19 19:01 <DIR> d-------- C:\Arquivos de programas\Apple Software Update 2007-12-17 20:51 . 2007-12-17 20:53 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\SoftPerfect Personal Firewall 2007-12-16 17:44 . 2007-12-16 17:44 <DIR> d-------- C:\Arquivos de programas\HachaPro 2007-12-15 12:06 . 2007-12-15 12:06 92,672 --a------ C:\KillBox.exe 2007-12-15 01:28 . 2007-12-29 21:32 <DIR> d-------- C:\Documents and Settings\Administrador\Tracing 2007-12-14 21:23 . 2007-12-14 21:24 241 --a------ C:\WINDOWS\kaillera.ini 2007-12-12 07:59 . 2007-12-12 07:59 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Comodo 2007-12-12 07:59 . 2007-12-12 07:59 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Comodo 2007-12-11 22:12 . 2007-12-16 08:17 <DIR> d-------- C:\Arquivos de programas\Comodo 2007-12-11 22:12 . 2007-10-20 18:45 211 --a------ C:\boot.ini.comodofirewall 2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts 2007-12-10 17:29 . 2007-12-10 17:29 1,017 --a------ C:\BIOSLOCK.INI 2007-12-09 20:11 . 2007-12-28 19:04 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-12-09 20:11 . 2007-12-28 19:01 30,590 --a------ C:\WINDOWS\system32\pavas.ico 2007-12-09 20:11 . 2007-12-28 19:01 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico 2007-12-09 20:11 . 2007-12-28 19:01 1,406 --a------ C:\WINDOWS\system32\Help.ico 2007-12-07 18:57 . 2007-12-07 18:58 <DIR> d-------- C:\vdownloader 2007-12-05 01:41 . 2007-12-05 01:41 1,089,536 --a------ C:\WINDOWS\system32\nvcuda.dll 2007-11-30 22:41 . 2007-11-30 22:41 <DIR> d-------- C:\Arquivos de programas\LizardTech 2007-11-30 21:38 . 2007-12-10 16:26 <DIR> d-------- C:\Arquivos de programas\Yahoo! 2007-11-25 23:06 . 2007-12-27 18:15 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller 2007-11-25 23:06 . 2007-12-15 01:26 <DIR> d-------- C:\Arquivos de programas\Windows Live 2007-11-16 14:28 . 2007-11-16 14:28 <DIR> d-------- C:\Documents and Settings\LocalService\Dados de aplicativos\AVG7 2007-11-16 13:23 . 2007-12-09 19:51 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\AVG7 2007-11-16 12:36 . 2007-12-10 16:26 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Avg7 2007-11-16 12:14 . 2007-12-27 22:19 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\uTorrent 2007-11-16 12:14 . 2007-11-16 12:14 <DIR> d-------- C:\Arquivos de programas\uTorrent 2007-11-15 18:02 . 2007-10-20 18:45 211 --ahs---- C:\BOOT.BKK 2007-11-15 13:07 . 2007-11-15 13:07 <DIR> d-------- C:\Arquivos de programas\TGTSoft 2007-11-07 15:34 . 2007-11-07 15:34 51,736 --a------ C:\WINDOWS\system32\sirenacm.dll . ((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-30 00:31 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard 2007-12-29 23:41 --------- d-----w C:\Arquivos de programas\Soulseek 2007-12-28 14:47 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\AntiSpyware 2007-12-28 01:19 --------- d-----w C:\Arquivos de programas\eMule 2007-12-23 01:27 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information 2007-12-22 20:40 36,480 ----a-w C:\WINDOWS\system32\drivers\P2k.sys 2007-12-22 13:35 --------- d-----w C:\Arquivos de programas\DOSBox-0.70 2007-12-20 21:30 --------- d-----w C:\Arquivos de programas\Windows Live Safety Center 2007-12-19 22:02 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Apple Computer 2007-12-19 22:02 --------- d-----w C:\Arquivos de programas\QuickTime Alternative 2007-12-15 04:27 --------- d-----w C:\Arquivos de programas\MSN Messenger 2007-12-12 02:57 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help 2007-12-10 21:52 --------- d-----w C:\Arquivos de programas\Winamp 2007-12-10 21:50 --------- d--h--w C:\Arquivos de programas\Scpad 2007-12-10 21:48 --------- d-----w C:\Arquivos de programas\Microsoft Virtual PC 2007-12-10 21:44 --------- d-----w C:\Arquivos de programas\GbPlugin 2007-12-10 20:37 --------- d-----w C:\Arquivos de programas\WinImage 2007-12-09 21:22 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\pdf995 2007-12-09 21:05 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin 2007-12-05 05:53 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE 2007-12-05 04:41 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll 2007-12-05 04:41 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll 2007-12-05 04:41 8,523,776 ----a-w C:\WINDOWS\system32\nvcpl.dll 2007-12-05 04:41 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe 2007-12-05 04:41 7,435,392 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys 2007-12-05 04:41 6,901,760 ----a-w C:\WINDOWS\system32\nvoglnt.dll 2007-12-05 04:41 6,549,504 ----a-w C:\WINDOWS\system32\nvdisps.dll 2007-12-05 04:41 5,773,568 ----a-w C:\WINDOWS\system32\nv4_disp.dll 2007-12-05 04:41 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll 2007-12-05 04:41 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll 2007-12-05 04:41 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe 2007-12-05 04:41 425,984 ----a-w C:\WINDOWS\system32\keystone.exe 2007-12-05 04:41 385,024 ----a-w C:\WINDOWS\system32\nvapi.dll 2007-12-05 04:41 356,352 ----a-w C:\WINDOWS\system32\nvudisp.exe 2007-12-05 04:41 35,328 ----a-w C:\WINDOWS\system32\nvcodins.dll 2007-12-05 04:41 35,328 ----a-w C:\WINDOWS\system32\nvcod.dll 2007-12-05 04:41 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll 2007-12-05 04:41 3,710,976 ----a-w C:\WINDOWS\system32\nvvitvs.dll 2007-12-05 04:41 3,420,160 ----a-w C:\WINDOWS\system32\nvgames.dll 2007-12-05 04:41 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll 2007-12-05 04:41 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll 2007-12-05 04:41 2,498,560 ----a-w C:\WINDOWS\system32\nvwss.dll 2007-12-05 04:41 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll 2007-12-05 04:41 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe 2007-12-05 04:41 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe 2007-12-05 04:41 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll 2007-12-05 04:41 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe 2007-12-05 04:41 1,474,560 ----a-w C:\WINDOWS\system32\nview.dll 2007-12-05 04:41 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe 2007-12-05 04:41 1,228,800 ----a-w C:\WINDOWS\system32\nvmobls.dll 2007-12-05 04:41 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-10-29 22:44 1,292,288 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-25 12:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-21 01:44 47,360 ----a-w C:\Documents and Settings\Administrador\Dados de aplicativos\pcouffin.sys 2007-07-18 23:29 20,589,462 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_07_18_20_28_34_full.dmp.zip 2007-07-14 13:05 20,575,588 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_07_13_20_38_16_full.dmp.zip 2007-07-08 12:10 21,735,853 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_07_08_01_20_10_full.dmp.zip 2006-04-26 17:59 22,760 ----a-w C:\WINDOWS\inf\usb2vcom.sys 2005-07-07 02:58 42,210 ----a-w C:\WINDOWS\inf\USBPORT.SYS 2005-01-05 05:05 82,768 ----a-w C:\WINDOWS\inf\slabser.sys 2005-01-05 05:05 6,704 ----a-w C:\WINDOWS\inf\slabwh95.sys 2005-01-05 05:05 6,112 ----a-w C:\WINDOWS\inf\slabcmnt.sys 2005-01-05 05:05 51,040 ----a-w C:\WINDOWS\inf\slabbus.sys 2005-01-05 05:05 5,776 ----a-w C:\WINDOWS\inf\slabwhnt.sys 2005-01-05 05:05 4,016 ----a-w C:\WINDOWS\inf\slabcr.sys 2005-01-05 05:05 10,640 ----a-w C:\WINDOWS\inf\slabcm95.sys 2004-10-01 18:00 40,960 ----a-w C:\Arquivos de programas\Uninstall_CDS.exe 2003-12-01 02:54 43,136 ----a-w C:\WINDOWS\inf\ser2pl.sys 2003-10-27 09:42 34,332 ----a-w C:\WINDOWS\inf\SER9PL.sys . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas. [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EBBBA3BE-54EC-4896-863D-750DEADBA3D2}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PowerBar"="" [] "SMSystemAnalyzer"="C:\Arquivos de programas\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe" [2006-12-07 16:46] "discador"="C:\Arquivos de programas\Velox\Discador Velox\DISCADOR.EXE" [2003-11-26 07:58] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45] "SpybotSD TeaTimer"="C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2005-06-20 10:42 C:\WINDOWS\SOUNDMAN.EXE] "RemoteControl"="C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 20:24] "NvCplDaemon"="RUNDLL32.exe" [2004-08-04 00:45 C:\WINDOWS\system32\rundll32.exe] "nwiz"="nwiz.exe" [2007-12-05 01:41 C:\WINDOWS\system32\nwiz.exe] "avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 10:00] "NvMediaCenter"="RUNDLL32.exe" [2004-08-04 00:45 C:\WINDOWS\system32\rundll32.exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "Microsoft Setup Initialization"="rundll32.exe" [2004-08-04 00:45 C:\WINDOWS\system32\rundll32.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{A3717295-941D-416F-9384-ED1736729F1C}"= C:\Arquivos de programas\Scpad\scpLIB.dll [2007-03-27 01:29 128512] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll [2007-11-20 16:51 347464] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "CompIBBrd"= {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll [2007-03-27 01:29 128512] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="LogonUI.EXE" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifedbb] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkhhg] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyxutq] xxyxutq.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__GbPluginBb] C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll 2007-11-20 16:51 347464 C:\Arquivos de programas\GbPlugin\gbieh.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2006-10-27 00:47 31016 --a------ C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe /startoptions [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator] C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe R0 ViBus;ViBus;C:\WINDOWS\system32\DRIVERS\ViBus.sys [2007-03-26 15:26] R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2007-03-29 11:36] R0 ViPrt;VIA SATA IDE Device Driver;C:\WINDOWS\system32\DRIVERS\ViPrt.sys [2007-03-26 15:26] R1 vcdrom;Virtual CD-ROM Device Driver;C:\WINDOWS\system32\drivers\VCdRom.sys [2001-12-19 11:45] R2 Dnscache;Cliente DNS;C:\WINDOWS\system32\svchost.exe -k NetworkService [] R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2007-04-17 11:58] S2 cdenable;cdenable;C:\WINDOWS\system32\Drivers\cdenable.sys [] S3 avfwim;AvFw Packet Filter Miniport;C:\WINDOWS\system32\DRIVERS\avfwim.sys [] S3 k310bus;Sony Ericsson K310 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\k310bus.sys [2006-03-10 14:03] S3 k310mdfl;Sony Ericsson K310 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k310mdfl.sys [2006-03-10 14:03] S3 k310mdm;Sony Ericsson K310 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\k310mdm.sys [2006-03-10 14:03] S3 k310mgmt;Sony Ericsson K310 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\k310mgmt.sys [2006-03-10 14:03] S3 k310obex;Sony Ericsson K310 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\k310obex.sys [2006-03-10 14:03] S3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS [2002-06-10 00:09] S3 suscom;Susteen Serial port driver;C:\WINDOWS\system32\DRIVERS\suscom.sys [2002-04-16 10:17] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc4214ca-33a1-11dc-9492-00192104bebe}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe \Shell\Open(&0)\command - Recycled\ctfmon.exe . Conte£do da pasta 'Tarefas Agendadas' "2007-10-13 00:20:54 C:\WINDOWS\Tasks\AntiSpyware Scheduled Scan.job" - C:\Arquivos de programas\AntiSpywareApp\AntiSpyware.ex - C:\Arquivos de programas\AntiSpywareApp "2007-12-22 20:53:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-30 14:37:36 Windows 5.1.2600 Service Pack 2 NTFS detected NTDLL code modification: ZwQuerySystemInformation Procurando processos ocultos ... C:\Arquivos de programas\iolo\Common\Lib\ioloDMVSvc.exe [1004] 0x861C7020 Procurando entradas auto inicializ veis ocultas ... HKCU\Software\Microsoft\Windows\CurrentVersion\Run PowerBar = ????????????l?@?l?@?D?????6~??????????????6~l?@?l?@????? ???????????W?9~??6~??????6~K?6~x???????[?6~???????? ??????????????|x???0???????????? ot??6~??????????????????|?????S???????l?@?l?@?????Q?7~????t?@?????l?@?8?@?l?@?3??s????????????????????8?@?_??s8?@?8?@ Procurando ficheiros ocultos ... Varredura completada com sucesso Ficheiros ocultos: 0 ************************************************************************** . Tempo para conclusÆo: 2007-12-30 14:38:30 - machine was rebooted [Administrador] . 2007-12-13 03:01:26 --- E O F --- ================================================ Log do Hijackthis ================================================ Logfile of HijackThis v1.99.1 Scan saved at 15:10:53, on 30/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\GbPlugin\GbpSv.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\nvsvc32.exe C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\SOUNDMAN.EXE C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Arquivos de programas\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\notepad.exe C:\hijackthis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: ssh2 Class - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.1.8.30.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll O3 - Toolbar: GVDownloader - {ae4df123-9140-4f93-9b32-ff0186389cc3} - mscoree.dll (file missing) O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\RunServices: [Microsoft Setup Initialization] rundll32.exe O4 - HKCU\..\Run: [sMSystemAnalyzer] "C:\Arquivos de programas\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe" O4 - HKCU\..\Run: [discador] C:\Arquivos de programas\Velox\Discador Velox\DISCADOR.EXE O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.1.8.30.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - http://security.symantec.com/sscv6/SharedContent/você/bin/AvSniff.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1191787137750 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: jkhhg - C:\WINDOWS\ O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O20 - Winlogon Notify: xxyxutq - xxyxutq.dll (file missing) O20 - Winlogon Notify: __GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Arquivos de programas\iolo\Common\Lib\ioloDMVSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe
  12. José, aqui está o scan do Kaspersky. ***************************************************** Infected Object Name Virus Name Last Action C:\!KillBox\iifedbb.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dhv skipped C:\Arquivos de programas\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped C:\Arquivos de programas\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped C:\Arquivos de programas\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped C:\Arquivos de programas\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped C:\Arquivos de programas\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped C:\Arquivos de programas\Alwil Software\Avast4\DATA\report\Proteção residente.txt Object is locked skipped C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Identities\{1A348A20-2242-4C58-9975-8EE6B2571D13}\Microsoft\Outlook Express\Caixa de entrada.dbx Mail MS Outlook 5: infected - 6 skipped C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\CardSpace\CardSpace.db Object is locked skipped C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\CardSpace\CardSpace.db.shadow Object is locked skipped C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Feeds Cache\index.dat Object is locked skipped C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Administrador\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Administrador\Configurações locais\Histórico\History.IE5\MSHist012007122920071230\index.dat Object is locked skipped C:\Documents and Settings\Administrador\Configurações locais\Temp\ew3fvisz.EXE Infected: Trojan-Downloader.Win32.Banload.fzp skipped C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\092QQ2EM\ms_s_2[1] Infected: Trojan-Spy.Win32.VBStat.h skipped C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Administrador\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Administrador\Meus documentos\41331_vdownloader061.zip/VDownloader.exe Infected: not-a-virus:Downloader.Win32.VDown.a skipped C:\Documents and Settings\Administrador\Meus documentos\41331_vdownloader061.zip ZIP: infected - 1 skipped C:\Documents and Settings\Administrador\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Administrador\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Downloads\slsk\a baroque christmas\INCOMPLETE~13 Messe de Minuit sur des Airs de N.mp3 Object is locked skipped C:\Downloads\vdownloader.zip/VDownloader.exe Infected: not-a-virus:Downloader.Win32.VDown.a skipped C:\Downloads\vdownloader.zip ZIP: infected - 1 skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP185\A0095565.exe Infected: not-a-virus:AdTool.Win32.WhenU.a skipped C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP185\A0095566.exe Infected: not-a-virus:AdTool.Win32.WhenU.a skipped C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP190\A0096143.exe/file004 Infected: not-a-virus:AdTool.Win32.WhenU.a skipped C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP190\A0096143.exe/file005 Infected: not-a-virus:AdTool.Win32.WhenU.a skipped C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP190\A0096143.exe Inno: infected - 2 skipped C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP199\A0104116.rbf Infected: not-a-virus:FraudTool.Win32.AntiSpyware.a skipped C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP199\A0104122.rbf Infected: not-a-virus:FraudTool.Win32.AntiSpyware.a skipped C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP199\A0104128.rbf Infected: not-a-virus:FraudTool.Win32.AntiSpyware.b skipped C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP200\A0104141.rbf Infected: not-a-virus:FraudTool.Win32.AntiSpyware.a skipped C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP200\A0104143.rbf Infected: not-a-virus:FraudTool.Win32.AntiSpyware.b skipped C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP200\A0104147.rbf Infected: not-a-virus:FraudTool.Win32.AntiSpyware.a skipped C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP203\A0108122.rbf Infected: not-a-virus:FraudTool.Win32.AntiSpyware.a skipped C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP203\A0108124.rbf Infected: not-a-virus:FraudTool.Win32.AntiSpyware.b skipped C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP203\A0108128.rbf Infected: not-a-virus:FraudTool.Win32.AntiSpyware.a skipped C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP207\A0111599.exe Infected: not-a-virus:Downloader.Win32.VDown.a skipped C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP209\A0116479.exe/AntiSpywareApp/AntiSpyware.exe Infected: not-a-virus:FraudTool.Win32.AntiSpyware.a skipped C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP209\A0116479.exe/AntiSpywareApp/AntiSpywareSrv.srv.exe Infected: not-a-virus:FraudTool.Win32.AntiSpyware.b skipped C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP209\A0116479.exe/AntiSpywareApp/Launcher.exe Infected: not-a-virus:FraudTool.Win32.AntiSpyware.a skipped C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP209\A0116479.exe 7-Zip: infected - 3 skipped C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP209\A0116479.exe UPX: infected - 3 skipped C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP209\A0116479.exe PE_Patch.UPX: infected - 3 skipped C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP209\A0116480.exe/WISE0016.BIN Infected: not-a-virus:AdTool.Win32.WhenU.a skipped C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP209\A0116480.exe WiseSFX: infected - 1 skipped C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP267\A0161662.exe/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP267\A0161662.exe/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP267\A0161662.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP267\A0161662.exe RarSFX: infected - 3 skipped C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP277\A0169555.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP281\A0170713.dll Infected: Backdoor.Win32.Agent.dlj skipped C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP285\A0171242.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.ks skipped C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP285\A0171243.exe Infected: Backdoor.Win32.Delf.axp skipped C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP285\A0171244.dll Infected: Trojan-Spy.Win32.Banbra.ui skipped C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP285\A0171246.dll Infected: Trojan-Spy.Win32.VBStat.h skipped C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP285\A0171247.dll Infected: Trojan.Win32.Pakes.akr skipped C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP285\A0171315.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP285\A0171316.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP285\A0171317.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP285\A0171318.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP285\A0171380.exe Infected: not-a-virus:RiskTool.Win32.PsKill.e skipped C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP285\A0171465.exe Infected: not-a-virus:RiskTool.Win32.PsKill.e skipped C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP285\A0171610.exe Infected: not-a-virus:RiskTool.Win32.PsKill.e skipped C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP285\A0172562.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dhv skipped C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP285\A0172573.exe Infected: not-a-virus:RiskTool.Win32.PsKill.e skipped C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP285\A0172648.exe/WISE0024.BIN Infected: not-a-virus:RiskTool.Win32.PsKill.e skipped C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP285\A0172648.exe/WISE0031.BIN/WISE0007.BIN Infected: not-a-virus:RiskTool.Win32.PsKill.e skipped C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP285\A0172648.exe/WISE0031.BIN/WISE0684.BIN/WISE0011.BIN Infected: not-a-virus:RiskTool.Win32.PsKill.e skipped C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP285\A0172648.exe/WISE0031.BIN/WISE0684.BIN Infected: not-a-virus:RiskTool.Win32.PsKill.e skipped C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP285\A0172648.exe/WISE0031.BIN Infected: not-a-virus:RiskTool.Win32.PsKill.e skipped C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP285\A0172648.exe WiseSFX: infected - 5 skipped C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP285\A0173584.exe Infected: not-a-virus:RiskTool.Win32.PsKill.e skipped C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP285\A0174608.exe Infected: not-a-virus:RiskTool.Win32.PsKill.e skipped C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP285\A0174688.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP285\A0174689.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dhv skipped C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP285\A0174691.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP285\A0174692.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dhv skipped C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP285\change.log Object is locked skipped C:\thon\Complete\Motorola OEM Mobile Phonetools Deluxe 4.0.exe/data.rar/load.exe Infected: Backdoor.Win32.Delf.axp skipped C:\thon\Complete\Motorola OEM Mobile Phonetools Deluxe 4.0.exe/data.rar/is68159.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.ks skipped C:\thon\Complete\Motorola OEM Mobile Phonetools Deluxe 4.0.exe/data.rar Infected: not-a-virus:AdWare.Win32.Virtumonde.ks skipped C:\thon\Complete\Motorola OEM Mobile Phonetools Deluxe 4.0.exe RarSFX: infected - 3 skipped C:\vdownloader\VDownloader.exe Infected: not-a-virus:Downloader.Win32.VDown.a skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\system32\awtutss.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dhv skipped C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\NetLimit.evt Object is locked skipped C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped C:\WINDOWS\system32\config\OSession.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\iifedbb.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dhv skipped C:\WINDOWS\system32\lwnqmpqk.dll Infected: Backdoor.Win32.Agent.dlj skipped C:\WINDOWS\system32\pskill.exe Infected: not-a-virus:RiskTool.Win32.PsKill.e skipped C:\WINDOWS\system32\vtuutts.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dhv skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\Temp\Perflib_Perfdata_734.dat Object is locked skipped C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed.
  13. Caros, Estão aparecendo muitas DLLs estranhas no meu PC, que o SpyBot acusa. Segue log do Hijackthis. **************************************************** Logfile of HijackThis v1.99.1 Scan saved at 18:10:09, on 28/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe C:\Arquivos de programas\GbPlugin\GbpSv.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\nvsvc32.exe C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Arquivos de programas\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\rundll32.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\Arquivos de programas\Soulseek\slsk.exe C:\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O3 - Toolbar: GVDownloader - {ae4df123-9140-4f93-9b32-ff0186389cc3} - mscoree.dll (file missing) O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\RunServices: [Microsoft Setup Initialization] rundll32.exe O4 - HKCU\..\Run: [sMSystemAnalyzer] "C:\Arquivos de programas\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe" O4 - HKCU\..\Run: [discador] C:\Arquivos de programas\Velox\Discador Velox\DISCADOR.EXE O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.1.8.30.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - http://security.symantec.com/sscv6/SharedContent/você/bin/AvSniff.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1191787137750 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{F007E7E6-7881-44DC-96F5-16BD2CE4AF7E}: NameServer = 200.165.132.155 200.149.55.140 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\bsialoef.exe (file missing) O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Arquivos de programas\iolo\Common\Lib\ioloDMVSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe
  14. Chi, não sei lhe dizer.
  15. Isso, eu pretendo comprar uma impressora em breve. Mas o problema do desligamento seria resolvido? A fonte é 450W.

Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×
×
  • Criar novo...

GRÁTIS: minicurso “Como ganhar dinheiro montando computadores”

Gabriel TorresGabriel Torres, fundador e editor executivo do Clube do Hardware, acaba de lançar um minicurso totalmente gratuito: "Como ganhar dinheiro montando computadores".

Você aprenderá sobre o quanto pode ganhar, como cobrar, como lidar com a concorrência, como se tornar um profissional altamente qualificado e muito mais!

Inscreva-se agora!