sou_tao_emo
Suspenso
Olá Blue Zee,
Não, salvo esteja eu a fazer algo de errado, é mesmo assim. O PC é recente, nem um mês tem.
Não, salvo esteja eu a fazer algo de errado, é mesmo assim. O PC é recente, nem um mês tem.
.:: Análise de logs HijackThis! ::.
- Autor do tópico DekkeR
- Data Início
Blue Zee
Power Member
sou_tao_emo
Suspenso
Aqui vai:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:44:12, on 15-12-2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files (x86)\eMule\emule.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Internet Explorer\IEUser.exe
C:\Users\utilizador\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Serviço de rede')
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-03.sun.com/s/ESD5/JS...8/&filename=jinstall-6u10-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 5926 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:44:12, on 15-12-2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files (x86)\eMule\emule.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Internet Explorer\IEUser.exe
C:\Users\utilizador\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Serviço de rede')
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-03.sun.com/s/ESD5/JS...8/&filename=jinstall-6u10-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 5926 bytes
Blue Zee
Power Member
sou_tao_emo
Suspenso
Ok, Zee. Foi só para experimentar, também : )
Obrigado pela análise!
Obrigado pela análise!
Blue Zee
Power Member
Note apenas que o HJT sendo uma aplicação 32bits não funciona correctamente em Vista 64.
Embora o log possa ajudar em algumas situações, não é a ferramenta mais adequada para o seu sistema.
Zee
Na sequencia do virus bagle e de o ter removido atraves de todos os programas que tenho actualmente no computador de protecçao, queria que me dissesses se for possivel se ha alguma coisa ainda a ser limpa.
Aqui fica o log:
ogfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:19:18, on 16-12-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Programas\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\windows\Explorer.EXE
C:\Programas\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programas\Acronis\TrueImageEchoEnterpriseServer\TrueImageMonitor.exe
C:\Programas\Acronis\TrueImageEchoEnterpriseServer\TimounterMonitor.exe
C:\Programas\Ficheiros comuns\Acronis\Schedule2\schedhlp.exe
C:\windows\system32\RUNDLL32.EXE
C:\Programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programas\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programas\Ficheiros comuns\Acronis\Schedule2\schedul2.exe
C:\Programas\Ficheiros comuns\Nero\Lib\NMIndexStoreSvr.exe
C:\Programas\Windows Live\Messenger\msnmsgr.exe
C:\Programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programas\COMODO\COMODO Internet Security\cmdagent.exe
C:\windows\System32\svchost.exe
C:\Programas\Nero\Nero8\Nero BackItUp\NBService.exe
C:\windows\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Programas\Sandboxie\SbieSvc.exe
C:\Programas\Analog Devices\SoundMAX\SMAgent.exe
C:\Programas\Ficheiros comuns\Nero\Lib\NMIndexingService.exe
C:\Programas\Windows Live\Messenger\usnsvc.exe
C:\Programas\DAEMON Tools Lite\daemon.exe
C:\Programas\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programas\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Programas\Acronis\TrueImageEchoEnterpriseServer\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Programas\Acronis\TrueImageEchoEnterpriseServer\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programas\Ficheiros comuns\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Programas\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programas\Ficheiros comuns\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [DAEMON Tools Lite] C:\Programas\DAEMON Tools Lite\daemon.exe -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1226177501234
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programas\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programas\Ficheiros comuns\Acronis\Schedule2\schedul2.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programas\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Programas\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programas\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programas\Ficheiros comuns\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Programas\Sandboxie\SbieSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programas\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 7096 bytes
Muito Obrigado
Aqui fica o log:
ogfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:19:18, on 16-12-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Programas\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\windows\Explorer.EXE
C:\Programas\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programas\Acronis\TrueImageEchoEnterpriseServer\TrueImageMonitor.exe
C:\Programas\Acronis\TrueImageEchoEnterpriseServer\TimounterMonitor.exe
C:\Programas\Ficheiros comuns\Acronis\Schedule2\schedhlp.exe
C:\windows\system32\RUNDLL32.EXE
C:\Programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programas\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programas\Ficheiros comuns\Acronis\Schedule2\schedul2.exe
C:\Programas\Ficheiros comuns\Nero\Lib\NMIndexStoreSvr.exe
C:\Programas\Windows Live\Messenger\msnmsgr.exe
C:\Programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programas\COMODO\COMODO Internet Security\cmdagent.exe
C:\windows\System32\svchost.exe
C:\Programas\Nero\Nero8\Nero BackItUp\NBService.exe
C:\windows\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Programas\Sandboxie\SbieSvc.exe
C:\Programas\Analog Devices\SoundMAX\SMAgent.exe
C:\Programas\Ficheiros comuns\Nero\Lib\NMIndexingService.exe
C:\Programas\Windows Live\Messenger\usnsvc.exe
C:\Programas\DAEMON Tools Lite\daemon.exe
C:\Programas\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programas\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Programas\Acronis\TrueImageEchoEnterpriseServer\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Programas\Acronis\TrueImageEchoEnterpriseServer\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programas\Ficheiros comuns\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Programas\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programas\Ficheiros comuns\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [DAEMON Tools Lite] C:\Programas\DAEMON Tools Lite\daemon.exe -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1226177501234
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programas\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programas\Ficheiros comuns\Acronis\Schedule2\schedul2.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programas\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Programas\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programas\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programas\Ficheiros comuns\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Programas\Sandboxie\SbieSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programas\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 7096 bytes
Muito Obrigado
Blue Zee
Power Member
bigcenterman
Power Member
Se puderem fazer o favor de dar aqui uma verificada agradecia
o meu PC por vezes em certas horas esta a parecer um Zonbi
ja fiz a analise do log no site indicado
no qual existem muitos pontos de interrogaçao( alguns deles sei o que sao e nao ha problema)
outros nao sei o que fazer.
o que estou a estranhar esta marcado a vermelho no log,ja passei um spyware,antivirus,trojanremover mas...
continua na mesma
Obrigado pela desponibilidade
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:59:35, on 18-12-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programas\Comodo\CBOClean\BOCORE.exe
C:\Programas\cFosSpeed\spd.exe
C:\Programas\COMODO\Firewall\cmdagent.exe
C:\Programas\Comodo\common\CAVASpy\cavasm.exe
C:\Programas\Java\jre6\bin\jqs.exe
C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Programas\COMODO\SafeSurf\cssurf.exe
C:\Programas\COMODO\Firewall\cfp.exe
C:\Programas\Comodo\Comodo AntiVirus\CMain.exe
C:\Programas\Comodo\AntiSpam\CAS32.exe
C:\Programas\Comodo\LaunchPad\CLPTray.exe
C:\PROGRA~1\Comodo\CBOClean\BOC427.exe
C:\Programas\OpenDNS Updater\OpenDNS Updater.exe
C:\Programas\cFosSpeed\cFosSpeed.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programas\Comodo\VEngine\VEngine.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programas\Comodo\i-Vault\i-Vault.exe
C:\Programas\PeerGuardian2\pg2.exe
C:\Programas\Comodo\Comodo AntiVirus\Cavaud.exe
C:\Programas\Comodo\Comodo AntiVirus\CAVSubmit.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Programas\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Programas\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\svchost.exe
C:\Programas\DVDFab 5\DVDFab.exe
C:\PROGRA~1\DVDFAB~1\DVDFabConsole.exe
C:\Programas\Maxthon2\Maxthon.exe
C:\Programas\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comodo.com/search/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
F3 - REG:win.ini: load=
F3 - REG:win.ini: run=
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DiABLO - {487CA274-DDC9-45CA-BF51-2017CE8D6D8A} - C:\Programas\Comodo\i-Vault\i-Vault.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programas\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programas\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Comodo VerificationEngine Browser Helper NEW - {A968A4B4-C492-4834-B651-17602C3885C8} - C:\Programas\Comodo\VEngine\VEngineIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Programas\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Programas\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [cnfgCav] "C:\Programas\Comodo\Comodo AntiVirus\CMain.exe"
O4 - HKLM\..\Run: [ComodoAntiSpam] C:\Programas\Comodo\AntiSpam\CAS32.exe -q
O4 - HKLM\..\Run: [Comodo Launch Pad App] C:\Programas\Comodo\LaunchPad\CLPGuiApp.exe
O4 - HKLM\..\Run: [Comodo Launch Pad Tray] C:\Programas\Comodo\LaunchPad\CLPTray.exe
O4 - HKLM\..\Run: [BOC-427] C:\PROGRA~1\Comodo\CBOClean\BOC427.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [OpenDNS Update] "C:\Programas\OpenDNS Updater\OpenDNS Updater.exe"
O4 - HKLM\..\Run: [cFosSpeed] C:\Programas\cFosSpeed\cFosSpeed.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VEngine] C:\Programas\Comodo\VEngine\VEngine.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Programas\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [WindowsTranslator] C:\PROGRA~1\MICROP~1\DELTAT~1.0\DWinTrsl.exe
O4 - HKLM\..\Run: [WindowsTranslator_Espanhol] C:\PROGRA~1\MICROP~1\DELTAT~1\DWinTrsl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpySweeper] "C:\Programas\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [i-Vault] C:\Programas\Comodo\i-Vault\i-Vault.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programas\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programas\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [PeerGuardian] C:\Programas\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Programas\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Programas\Trend Micro\HijackThis\HijackThis.exe /startupscan
O4 - HKUS\S-1-5-21-299502267-436374069-839522115-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'eMule_Secure')
O4 - HKUS\S-1-5-21-299502267-436374069-839522115-1006\..\Run: [eMuleAutoStart] G:\eMulev0.49a.-MorphXTv11\eMule\eMule.exe -AutoStart (User 'eMule_Secure')
O8 - Extra context menu item: - Download &this page with WebCloner - E:\WebCloner Pro 2.6\addthis.htm
O8 - Extra context menu item: - Download all &images with WebCloner - E:\WebCloner Pro 2.6\addimg.htm
O8 - Extra context menu item: - Download all &links with WebCloner - E:\WebCloner Pro 2.6\addurl.htm
O8 - Extra context menu item: - Download selected links with WebCloner - E:\WebCloner Pro 2.6\addsellinks.htm
O8 - Extra context menu item: Download selected images with WebCloner - E:\WebCloner Pro 2.6\addselimgs.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: WebCloner - {ADFCCE65-DF10-46fd-B04A-53CCBE2A0795} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &WebCloner - {ADFCCE65-DF10-46fd-B04A-53CCBE2A0795} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\cemlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cemlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cemlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cemlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cemlsp.dll
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{69500B8A-8BCF-4242-876F-12EC1936335E}: NameServer = 208.67.220.220,212.113.164.56,208.67.222.222,212.113.164.55,212.113.164.48,212.113.164.47
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programas\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: monln - C:\WINDOWS\SYSTEM32\monln.dll
O23 - Service: BOCore - COMODO - C:\Programas\Comodo\CBOClean\BOCORE.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Programas\cFosSpeed\spd.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Programas\COMODO\Firewall\cmdagent.exe
O23 - Service: Comodo Anti-Virus and Anti-Spyware Service - Comodo Inc. - C:\Programas\Comodo\common\CAVASpy\cavasm.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programas\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Programas\Webroot\Spy Sweeper\SpySweeper.exe
--
End of file - 10197 bytes
o meu PC por vezes em certas horas esta a parecer um Zonbi
ja fiz a analise do log no site indicado
no qual existem muitos pontos de interrogaçao( alguns deles sei o que sao e nao ha problema)
outros nao sei o que fazer.
o que estou a estranhar esta marcado a vermelho no log,ja passei um spyware,antivirus,trojanremover mas...
continua na mesmaObrigado pela desponibilidade
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:59:35, on 18-12-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programas\Comodo\CBOClean\BOCORE.exe
C:\Programas\cFosSpeed\spd.exe
C:\Programas\COMODO\Firewall\cmdagent.exe
C:\Programas\Comodo\common\CAVASpy\cavasm.exe
C:\Programas\Java\jre6\bin\jqs.exe
C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Programas\COMODO\SafeSurf\cssurf.exe
C:\Programas\COMODO\Firewall\cfp.exe
C:\Programas\Comodo\Comodo AntiVirus\CMain.exe
C:\Programas\Comodo\AntiSpam\CAS32.exe
C:\Programas\Comodo\LaunchPad\CLPTray.exe
C:\PROGRA~1\Comodo\CBOClean\BOC427.exe
C:\Programas\OpenDNS Updater\OpenDNS Updater.exe
C:\Programas\cFosSpeed\cFosSpeed.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programas\Comodo\VEngine\VEngine.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programas\Comodo\i-Vault\i-Vault.exe
C:\Programas\PeerGuardian2\pg2.exe
C:\Programas\Comodo\Comodo AntiVirus\Cavaud.exe
C:\Programas\Comodo\Comodo AntiVirus\CAVSubmit.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Programas\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Programas\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\svchost.exe
C:\Programas\DVDFab 5\DVDFab.exe
C:\PROGRA~1\DVDFAB~1\DVDFabConsole.exe
C:\Programas\Maxthon2\Maxthon.exe
C:\Programas\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comodo.com/search/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
F3 - REG:win.ini: load=
F3 - REG:win.ini: run=
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DiABLO - {487CA274-DDC9-45CA-BF51-2017CE8D6D8A} - C:\Programas\Comodo\i-Vault\i-Vault.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programas\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programas\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Comodo VerificationEngine Browser Helper NEW - {A968A4B4-C492-4834-B651-17602C3885C8} - C:\Programas\Comodo\VEngine\VEngineIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Programas\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Programas\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [cnfgCav] "C:\Programas\Comodo\Comodo AntiVirus\CMain.exe"
O4 - HKLM\..\Run: [ComodoAntiSpam] C:\Programas\Comodo\AntiSpam\CAS32.exe -q
O4 - HKLM\..\Run: [Comodo Launch Pad App] C:\Programas\Comodo\LaunchPad\CLPGuiApp.exe
O4 - HKLM\..\Run: [Comodo Launch Pad Tray] C:\Programas\Comodo\LaunchPad\CLPTray.exe
O4 - HKLM\..\Run: [BOC-427] C:\PROGRA~1\Comodo\CBOClean\BOC427.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [OpenDNS Update] "C:\Programas\OpenDNS Updater\OpenDNS Updater.exe"
O4 - HKLM\..\Run: [cFosSpeed] C:\Programas\cFosSpeed\cFosSpeed.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VEngine] C:\Programas\Comodo\VEngine\VEngine.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Programas\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [WindowsTranslator] C:\PROGRA~1\MICROP~1\DELTAT~1.0\DWinTrsl.exe
O4 - HKLM\..\Run: [WindowsTranslator_Espanhol] C:\PROGRA~1\MICROP~1\DELTAT~1\DWinTrsl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpySweeper] "C:\Programas\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [i-Vault] C:\Programas\Comodo\i-Vault\i-Vault.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programas\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programas\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [PeerGuardian] C:\Programas\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Programas\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Programas\Trend Micro\HijackThis\HijackThis.exe /startupscan
O4 - HKUS\S-1-5-21-299502267-436374069-839522115-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'eMule_Secure')
O4 - HKUS\S-1-5-21-299502267-436374069-839522115-1006\..\Run: [eMuleAutoStart] G:\eMulev0.49a.-MorphXTv11\eMule\eMule.exe -AutoStart (User 'eMule_Secure')
O8 - Extra context menu item: - Download &this page with WebCloner - E:\WebCloner Pro 2.6\addthis.htm
O8 - Extra context menu item: - Download all &images with WebCloner - E:\WebCloner Pro 2.6\addimg.htm
O8 - Extra context menu item: - Download all &links with WebCloner - E:\WebCloner Pro 2.6\addurl.htm
O8 - Extra context menu item: - Download selected links with WebCloner - E:\WebCloner Pro 2.6\addsellinks.htm
O8 - Extra context menu item: Download selected images with WebCloner - E:\WebCloner Pro 2.6\addselimgs.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: WebCloner - {ADFCCE65-DF10-46fd-B04A-53CCBE2A0795} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &WebCloner - {ADFCCE65-DF10-46fd-B04A-53CCBE2A0795} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\cemlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cemlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cemlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cemlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cemlsp.dll
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{69500B8A-8BCF-4242-876F-12EC1936335E}: NameServer = 208.67.220.220,212.113.164.56,208.67.222.222,212.113.164.55,212.113.164.48,212.113.164.47
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programas\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: monln - C:\WINDOWS\SYSTEM32\monln.dll
O23 - Service: BOCore - COMODO - C:\Programas\Comodo\CBOClean\BOCORE.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Programas\cFosSpeed\spd.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Programas\COMODO\Firewall\cmdagent.exe
O23 - Service: Comodo Anti-Virus and Anti-Spyware Service - Comodo Inc. - C:\Programas\Comodo\common\CAVASpy\cavasm.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programas\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Programas\Webroot\Spy Sweeper\SpySweeper.exe
--
End of file - 10197 bytes
Blue Zee
Power Member
Não me admira que tenha problemas. Tem aí uma colecção de programas que são excelentes convites ao malware.
Se não alterar o seu comportamento não há nenhum software de segurança que resista.
Faça Iniciar > Executar > digite
netsh winsock reset catalog
Clique em OK, reinicie o sistema e coloque um novo log do HJT.
Zee
Blue Zee
Power Member
Como desactivar o Dr. Watson para Windowsno meu pc tb dá esse erro
quando eu to jogando need for speed III hot pursuit ele trava e dá esse erro
Teste.
Zee
bigcenterman
Power Member
obrigado
Blue Zee
as entradas ja se foram
mas e o resto, pode-me dar umas dicas
doque precisa ser corrigido,ou do que esta realmente mal
Por favor
Novo log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:10:01, on 19-12-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programas\Comodo\CBOClean\BOCORE.exe
C:\Programas\cFosSpeed\spd.exe
C:\Programas\COMODO\Firewall\cmdagent.exe
C:\Programas\Comodo\common\CAVASpy\cavasm.exe
C:\Programas\Java\jre6\bin\jqs.exe
C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Programas\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Programas\COMODO\SafeSurf\cssurf.exe
C:\Programas\COMODO\Firewall\cfp.exe
C:\Programas\Comodo\Comodo AntiVirus\CMain.exe
C:\Programas\Comodo\AntiSpam\CAS32.exe
C:\Programas\Comodo\LaunchPad\CLPTray.exe
C:\PROGRA~1\Comodo\CBOClean\BOC427.exe
C:\Programas\Java\jre6\bin\jusched.exe
C:\Programas\OpenDNS Updater\OpenDNS Updater.exe
C:\Programas\cFosSpeed\cFosSpeed.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programas\Comodo\VEngine\VEngine.exe
C:\PROGRA~1\MICROP~1\DELTAT~1.0\DWinTrsl.exe
C:\PROGRA~1\MICROP~1\DELTAT~1\DWinTrsl.exe
C:\Programas\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Programas\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programas\Comodo\i-Vault\i-Vault.exe
C:\Programas\Messenger\msmsgs.exe
C:\Programas\PeerGuardian2\pg2.exe
C:\Programas\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Programas\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programas\Webroot\Spy Sweeper\SSU.EXE
C:\Programas\Maxthon2\Maxthon.exe
C:\Programas\Comodo\Comodo AntiVirus\Cavaud.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comodo.com/search/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
F3 - REG:win.ini: load=
F3 - REG:win.ini: run=
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DiABLO - {487CA274-DDC9-45CA-BF51-2017CE8D6D8A} - C:\Programas\Comodo\i-Vault\i-Vault.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programas\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programas\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Comodo VerificationEngine Browser Helper NEW - {A968A4B4-C492-4834-B651-17602C3885C8} - C:\Programas\Comodo\VEngine\VEngineIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Programas\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Programas\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [cnfgCav] "C:\Programas\Comodo\Comodo AntiVirus\CMain.exe"
O4 - HKLM\..\Run: [ComodoAntiSpam] "C:\Programas\Comodo\AntiSpam\CAS32.exe" -q
O4 - HKLM\..\Run: [Comodo Launch Pad App] C:\Programas\Comodo\LaunchPad\CLPGuiApp.exe
O4 - HKLM\..\Run: [Comodo Launch Pad Tray] C:\Programas\Comodo\LaunchPad\CLPTray.exe
O4 - HKLM\..\Run: [BOC-427] C:\PROGRA~1\Comodo\CBOClean\BOC427.exe
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [OpenDNS Update] "C:\Programas\OpenDNS Updater\OpenDNS Updater.exe"
O4 - HKLM\..\Run: [cFosSpeed] C:\Programas\cFosSpeed\cFosSpeed.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VEngine] C:\Programas\Comodo\VEngine\VEngine.exe
O4 - HKLM\..\Run: [TrojanScanner] "C:\Programas\Trojan Remover\Trjscan.exe"
O4 - HKLM\..\Run: [WindowsTranslator] C:\PROGRA~1\MICROP~1\DELTAT~1.0\DWinTrsl.exe
O4 - HKLM\..\Run: [WindowsTranslator_Espanhol] C:\PROGRA~1\MICROP~1\DELTAT~1\DWinTrsl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpySweeper] C:\Programas\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [i-Vault] C:\Programas\Comodo\i-Vault\i-Vault.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programas\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programas\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [PeerGuardian] C:\Programas\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Programas\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [HijackThis startup scan] "C:\Programas\Trend Micro\HijackThis\HijackThis.exe" /startupscan
O8 - Extra context menu item: - Download &this page with WebCloner - E:\WebCloner Pro 2.6\addthis.htm
O8 - Extra context menu item: - Download all &images with WebCloner - E:\WebCloner Pro 2.6\addimg.htm
O8 - Extra context menu item: - Download all &links with WebCloner - E:\WebCloner Pro 2.6\addurl.htm
O8 - Extra context menu item: - Download selected links with WebCloner - E:\WebCloner Pro 2.6\addsellinks.htm
O8 - Extra context menu item: Download selected images with WebCloner - E:\WebCloner Pro 2.6\addselimgs.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: WebCloner - {ADFCCE65-DF10-46fd-B04A-53CCBE2A0795} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &WebCloner - {ADFCCE65-DF10-46fd-B04A-53CCBE2A0795} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{69500B8A-8BCF-4242-876F-12EC1936335E}: NameServer = 208.67.220.220,212.113.164.56,208.67.222.222,212.113.164.55,212.113.164.48,212.113.164.47
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programas\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: monln - C:\WINDOWS\SYSTEM32\monln.dll
O23 - Service: BOCore - COMODO - C:\Programas\Comodo\CBOClean\BOCORE.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Programas\cFosSpeed\spd.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Programas\COMODO\Firewall\cmdagent.exe
O23 - Service: Comodo Anti-Virus and Anti-Spyware Service - Comodo Inc. - C:\Programas\Comodo\common\CAVASpy\cavasm.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programas\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Programas\Webroot\Spy Sweeper\SpySweeper.exe
--
End of file - 9681 bytes
Blue Zee
as entradas ja se foram
mas e o resto, pode-me dar umas dicas
doque precisa ser corrigido,ou do que esta realmente mal
Por favor
Novo log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:10:01, on 19-12-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programas\Comodo\CBOClean\BOCORE.exe
C:\Programas\cFosSpeed\spd.exe
C:\Programas\COMODO\Firewall\cmdagent.exe
C:\Programas\Comodo\common\CAVASpy\cavasm.exe
C:\Programas\Java\jre6\bin\jqs.exe
C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Programas\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Programas\COMODO\SafeSurf\cssurf.exe
C:\Programas\COMODO\Firewall\cfp.exe
C:\Programas\Comodo\Comodo AntiVirus\CMain.exe
C:\Programas\Comodo\AntiSpam\CAS32.exe
C:\Programas\Comodo\LaunchPad\CLPTray.exe
C:\PROGRA~1\Comodo\CBOClean\BOC427.exe
C:\Programas\Java\jre6\bin\jusched.exe
C:\Programas\OpenDNS Updater\OpenDNS Updater.exe
C:\Programas\cFosSpeed\cFosSpeed.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programas\Comodo\VEngine\VEngine.exe
C:\PROGRA~1\MICROP~1\DELTAT~1.0\DWinTrsl.exe
C:\PROGRA~1\MICROP~1\DELTAT~1\DWinTrsl.exe
C:\Programas\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Programas\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programas\Comodo\i-Vault\i-Vault.exe
C:\Programas\Messenger\msmsgs.exe
C:\Programas\PeerGuardian2\pg2.exe
C:\Programas\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Programas\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programas\Webroot\Spy Sweeper\SSU.EXE
C:\Programas\Maxthon2\Maxthon.exe
C:\Programas\Comodo\Comodo AntiVirus\Cavaud.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comodo.com/search/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
F3 - REG:win.ini: load=
F3 - REG:win.ini: run=
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DiABLO - {487CA274-DDC9-45CA-BF51-2017CE8D6D8A} - C:\Programas\Comodo\i-Vault\i-Vault.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programas\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programas\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Comodo VerificationEngine Browser Helper NEW - {A968A4B4-C492-4834-B651-17602C3885C8} - C:\Programas\Comodo\VEngine\VEngineIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Programas\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Programas\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [cnfgCav] "C:\Programas\Comodo\Comodo AntiVirus\CMain.exe"
O4 - HKLM\..\Run: [ComodoAntiSpam] "C:\Programas\Comodo\AntiSpam\CAS32.exe" -q
O4 - HKLM\..\Run: [Comodo Launch Pad App] C:\Programas\Comodo\LaunchPad\CLPGuiApp.exe
O4 - HKLM\..\Run: [Comodo Launch Pad Tray] C:\Programas\Comodo\LaunchPad\CLPTray.exe
O4 - HKLM\..\Run: [BOC-427] C:\PROGRA~1\Comodo\CBOClean\BOC427.exe
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [OpenDNS Update] "C:\Programas\OpenDNS Updater\OpenDNS Updater.exe"
O4 - HKLM\..\Run: [cFosSpeed] C:\Programas\cFosSpeed\cFosSpeed.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VEngine] C:\Programas\Comodo\VEngine\VEngine.exe
O4 - HKLM\..\Run: [TrojanScanner] "C:\Programas\Trojan Remover\Trjscan.exe"
O4 - HKLM\..\Run: [WindowsTranslator] C:\PROGRA~1\MICROP~1\DELTAT~1.0\DWinTrsl.exe
O4 - HKLM\..\Run: [WindowsTranslator_Espanhol] C:\PROGRA~1\MICROP~1\DELTAT~1\DWinTrsl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpySweeper] C:\Programas\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [i-Vault] C:\Programas\Comodo\i-Vault\i-Vault.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programas\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programas\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [PeerGuardian] C:\Programas\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Programas\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [HijackThis startup scan] "C:\Programas\Trend Micro\HijackThis\HijackThis.exe" /startupscan
O8 - Extra context menu item: - Download &this page with WebCloner - E:\WebCloner Pro 2.6\addthis.htm
O8 - Extra context menu item: - Download all &images with WebCloner - E:\WebCloner Pro 2.6\addimg.htm
O8 - Extra context menu item: - Download all &links with WebCloner - E:\WebCloner Pro 2.6\addurl.htm
O8 - Extra context menu item: - Download selected links with WebCloner - E:\WebCloner Pro 2.6\addsellinks.htm
O8 - Extra context menu item: Download selected images with WebCloner - E:\WebCloner Pro 2.6\addselimgs.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: WebCloner - {ADFCCE65-DF10-46fd-B04A-53CCBE2A0795} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &WebCloner - {ADFCCE65-DF10-46fd-B04A-53CCBE2A0795} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{69500B8A-8BCF-4242-876F-12EC1936335E}: NameServer = 208.67.220.220,212.113.164.56,208.67.222.222,212.113.164.55,212.113.164.48,212.113.164.47
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programas\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: monln - C:\WINDOWS\SYSTEM32\monln.dll
O23 - Service: BOCore - COMODO - C:\Programas\Comodo\CBOClean\BOCORE.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Programas\cFosSpeed\spd.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Programas\COMODO\Firewall\cmdagent.exe
O23 - Service: Comodo Anti-Virus and Anti-Spyware Service - Comodo Inc. - C:\Programas\Comodo\common\CAVASpy\cavasm.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programas\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Programas\Webroot\Spy Sweeper\SpySweeper.exe
--
End of file - 9681 bytes
Blue Zee
Power Member
bigcenterman,
O log está melhor, basta não ter nenhum P2P a correr que são portas abertas para entrada de malware.
Primeiro crie um ponto de restauro novo.
Descarregue e instale os seguintes programas:
A versão Slim do CCleaner (sem toolbar):
http://www.ccleaner.com/download/builds.aspx
SUPERAntiSpyware FREE
Depois de instalados os programas acima, reinicie o PC, faça um scan com o HJT e seleccione as seguintes entradas para limpar (clique no quadradinho à esquerda de cada entrada):
Clique em Fix checked, confirme se necessário, e encerre o HJT após a limpeza.
Reinicie o PC.
Arranque com o CCleaner usando o ícone no ambiente de trabalho, seleccione todas as entradas nos separadores Windows e Applications e clique no botão Run cleaner.
Terminada a limpeza reinicie o sistema em Modo Normal.
Arranque o SUPERAntiSpyware utilizando o ícone criado no ambiente de trabalho.
Actualize as definições clicando no botão Check for Updates...
Terminada a actualização clique em Preferences, depois no separador Scanning Control, em Scanner Options, assegure-se que selecciona
- Close browsers before scanning.
- Scan for tracking cookies.
- Terminate memory threats before quarantining.
E desmarque todos os outros. Agora clique em Close para sair deste menu.
Clique em Scan your Computer..., seleccione Perform Complete Scan, clique em Next e aguarde pacientemente até lhe ser apresentado um relatório dos itens encontrados. Clique em OK e Next para confirmar a limpeza.
Encerre o programa, reinicie o PC e coloque um novo log.
Zee
O log está melhor, basta não ter nenhum P2P a correr que são portas abertas para entrada de malware.
Primeiro crie um ponto de restauro novo.
Descarregue e instale os seguintes programas:
A versão Slim do CCleaner (sem toolbar):
http://www.ccleaner.com/download/builds.aspx
SUPERAntiSpyware FREE
Depois de instalados os programas acima, reinicie o PC, faça um scan com o HJT e seleccione as seguintes entradas para limpar (clique no quadradinho à esquerda de cada entrada):
Código:
F3 - REG:win.ini: load=
F3 - REG:win.ini: run=Reinicie o PC.
Arranque com o CCleaner usando o ícone no ambiente de trabalho, seleccione todas as entradas nos separadores Windows e Applications e clique no botão Run cleaner.
Terminada a limpeza reinicie o sistema em Modo Normal.
Arranque o SUPERAntiSpyware utilizando o ícone criado no ambiente de trabalho.
Actualize as definições clicando no botão Check for Updates...
Terminada a actualização clique em Preferences, depois no separador Scanning Control, em Scanner Options, assegure-se que selecciona
- Close browsers before scanning.
- Scan for tracking cookies.
- Terminate memory threats before quarantining.
E desmarque todos os outros. Agora clique em Close para sair deste menu.
Clique em Scan your Computer..., seleccione Perform Complete Scan, clique em Next e aguarde pacientemente até lhe ser apresentado um relatório dos itens encontrados. Clique em OK e Next para confirmar a limpeza.
Encerre o programa, reinicie o PC e coloque um novo log.
Zee
Blue Zee
Power Member
Mesmo com o Dr. Watson desactivado?
eric1212
Membro
Última edição:
Blue Zee
Power Member
O erro aparece relacionado com o Spybot?
Então deve ser o TeaTimer.
Vá a Adicionar ou Remover Programas e desinstale Spybot - Search & Destroy.
Reinicie e teste.
Zee
bigcenterman
Power Member
Blue Zee
mais uma vez obrigado pela sua disponibilidade
aqui esta o novo log
no entanto no item 08 noto ainda este webcloner
ao qual nao tenho nada disso instalado e muito menos
configurado para o Dir E:/ ( deve ser fixed não??)
outra coisa que agora notei ao comparar os logs é no item 017
que sao os IP do meu DNS; os que estao a vermelho
sao do DNS da netcabo aos quais ja os retirei por duas vezes
e continuam sempre a aparecer
seram eles a forçarem a que eu utilize os seus DNSs??
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:38:01, on 19-12-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Windows folder: C:\WINDOWS
System folder: C:\WINDOWS\system
Hosts file: C:\WINDOWS\System32\drivers\etc\hosts
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programas\Comodo\CBOClean\BOCORE.exe
C:\Programas\cFosSpeed\spd.exe
C:\Programas\COMODO\Firewall\cmdagent.exe
C:\Programas\Comodo\common\CAVASpy\cavasm.exe
C:\Programas\Java\jre6\bin\jqs.exe
C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Programas\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Programas\COMODO\SafeSurf\cssurf.exe
C:\Programas\COMODO\Firewall\cfp.exe
C:\Programas\Comodo\Comodo AntiVirus\CMain.exe
C:\Programas\Comodo\AntiSpam\CAS32.exe
C:\Programas\Comodo\LaunchPad\CLPTray.exe
C:\PROGRA~1\Comodo\CBOClean\BOC427.exe
C:\Programas\Java\jre6\bin\jusched.exe
C:\Programas\OpenDNS Updater\OpenDNS Updater.exe
C:\Programas\cFosSpeed\cFosSpeed.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programas\Comodo\VEngine\VEngine.exe
C:\PROGRA~1\MICROP~1\DELTAT~1.0\DWinTrsl.exe
C:\PROGRA~1\MICROP~1\DELTAT~1\DWinTrsl.exe
C:\Programas\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programas\Comodo\i-Vault\i-Vault.exe
C:\Programas\PeerGuardian2\pg2.exe
C:\Programas\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Programas\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programas\Webroot\Spy Sweeper\SSU.EXE
C:\Programas\Comodo\Comodo AntiVirus\Cavaud.exe
C:\Programas\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\notepad.exe
C:\Programas\Comodo\Comodo AntiVirus\CAVSubmit.exe
C:\Programas\Maxthon2\Maxthon.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comodo.com/search/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (filesize 62080 bytes, MD5 C11F6A1F61481E24BE3FDC06EA6F7D2A)
O2 - BHO: DiABLO - {487CA274-DDC9-45CA-BF51-2017CE8D6D8A} - C:\Programas\Comodo\i-Vault\i-Vault.dll (filesize 16896 bytes, MD5 661A7E57EC1DADEB6013F74D52B7EE42)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programas\Spybot - Search & Destroy\SDHelper.dll (filesize 1562448 bytes, MD5 32981ADE44D01EC2A9EBC2E311291707)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programas\Microsoft Office\Office12\GrooveShellExtensions.dll (filesize 2212224 bytes, MD5 32C4927E013C018A13D8DFBDA4148812)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre6\bin\ssv.dll (filesize 320920 bytes, MD5 35E6FB6E6003BD54A5D69C9C1C762192)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (filesize 322368 bytes, MD5 E43F7CFDEE2B00A22C96C168147B20D3)
O2 - BHO: Comodo VerificationEngine Browser Helper NEW - {A968A4B4-C492-4834-B651-17602C3885C8} - C:\Programas\Comodo\VEngine\VEngineIE.dll (filesize 1511168 bytes, MD5 AE4E5960941D4A5BEEFB3B1BE48DB64A)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programas\Java\jre6\bin\jp2ssv.dll (filesize 34816 bytes, MD5 5D57FD3DF32DC69CEC3D1D54B4C43162)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (filesize 73728 bytes, MD5 F68EDAFE003F2B3523C0742CD3B8D673)
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Programas\COMODO\SafeSurf\cssurf.exe" -s (filesize 278264 bytes, MD5 9263A3529C1C64407C241551B237AFF9)
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Programas\COMODO\Firewall\cfp.exe" -h (filesize 1797880 bytes, MD5 818D100BAB6B5ACB8D1EA28F08AF47CB)
O4 - HKLM\..\Run: [cnfgCav] "C:\Programas\Comodo\Comodo AntiVirus\CMain.exe" (filesize 110592 bytes, MD5 093BA8FC9966145916C718C2B204B717)
O4 - HKLM\..\Run: [ComodoAntiSpam] "C:\Programas\Comodo\AntiSpam\CAS32.exe" -q (filesize 1470464 bytes, MD5 E51ABC99FE9BFBD5200A4DF72B62B0CD)
O4 - HKLM\..\Run: [Comodo Launch Pad App] C:\Programas\Comodo\LaunchPad\CLPGuiApp.exeC:\Programas\Comodo\LaunchPad\CLPGuiApp.exe
O4 - HKLM\..\Run: [Comodo Launch Pad Tray] C:\Programas\Comodo\LaunchPad\CLPTray.exeC:\Programas\Comodo\LaunchPad\CLPTray.exe
O4 - HKLM\..\Run: [BOC-427] C:\PROGRA~1\Comodo\CBOClean\BOC427.exeC:\PROGRA~1\Comodo\CBOClean\BOC427.exe
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup (filesize 33280 bytes, MD5 C6DEB2EE4C46C4DC725D65836244F3F9)
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install (filesize 1626112 bytes, MD5 C6B1971E12A35FB69D64D01B915E1AA1)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Java\jre6\bin\jusched.exe" (filesize 136600 bytes, MD5 B98FFA8288EFAABC436C30D198608345)
O4 - HKLM\..\Run: [OpenDNS Update] "C:\Programas\OpenDNS Updater\OpenDNS Updater.exe" (filesize 316416 bytes, MD5 5A02F6E7D66EEDA92A0AC6F9EE5CD8D2)
O4 - HKLM\..\Run: [cFosSpeed] C:\Programas\cFosSpeed\cFosSpeed.exeC:\Programas\cFosSpeed\cFosSpeed.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe (filesize 180224 bytes, MD5 543C17E4CD2BA0502D8B2E7D4E592506)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE (filesize 77824 bytes, MD5 FBEF9F9C97B6B93E2041E65D3CD81C9C)
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (filesize 33280 bytes, MD5 C6DEB2EE4C46C4DC725D65836244F3F9)
O4 - HKLM\..\Run: [VEngine] C:\Programas\Comodo\VEngine\VEngine.exeC:\Programas\Comodo\VEngine\VEngine.exe
O4 - HKLM\..\Run: [TrojanScanner] "C:\Programas\Trojan Remover\Trjscan.exe" (filesize 300112 bytes, MD5 A84CABA53156A8A64590AC21F2BD2573)
O4 - HKLM\..\Run: [WindowsTranslator] C:\PROGRA~1\MICROP~1\DELTAT~1.0\DWinTrsl.exeC:\PROGRA~1\MICROP~1\DELTAT~1.0\DWinTrsl.exe
O4 - HKLM\..\Run: [WindowsTranslator_Espanhol] C:\PROGRA~1\MICROP~1\DELTAT~1\DWinTrsl.exeC:\PROGRA~1\MICROP~1\DELTAT~1\DWinTrsl.exe
O4 - HKLM\..\Run: [SpySweeper] C:\Programas\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray (filesize 4865600 bytes, MD5 947DB969EC2B4A57DC82084E9E635D4F)
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [i-Vault] C:\Programas\Comodo\i-Vault\i-Vault.exeC:\Programas\Comodo\i-Vault\i-Vault.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programas\Alcohol Soft\Alcohol 120\axcmd.exe" /automount (filesize 222592 bytes, MD5 EDDB8E76D3EEE9D2F1EBD5D40F8850B1)
O4 - HKCU\..\Run: [PeerGuardian] C:\Programas\PeerGuardian2\pg2.exeC:\Programas\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Programas\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win (filesize 1591808 bytes, MD5 667F078955A93FE382F74D5F109DFE31)
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programas\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\Programas\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: - Download &this page with WebCloner - E:\WebCloner Pro 2.6\addthis.htm
O8 - Extra context menu item: - Download all &images with WebCloner - E:\WebCloner Pro 2.6\addimg.htm
O8 - Extra context menu item: - Download all &links with WebCloner - E:\WebCloner Pro 2.6\addurl.htm
O8 - Extra context menu item: - Download selected links with WebCloner - E:\WebCloner Pro 2.6\addsellinks.htm
O8 - Extra context menu item: Download selected images with WebCloner - E:\WebCloner Pro 2.6\addselimgs.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (filesize 606288 bytes, MD5 5C044EF0F7D2DD81A45348106AD58152)
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (filesize 606288 bytes, MD5 5C044EF0F7D2DD81A45348106AD58152)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (filesize 40424 bytes, MD5 7FC19DA1DC70C78D2FBD7A1D10942051)
O9 - Extra button: WebCloner - {ADFCCE65-DF10-46fd-B04A-53CCBE2A0795} - C:\WINDOWS\system32\shdocvw.dll (filesize 1499136 bytes, MD5 396A4A2DCB4AEC494CA1C0DD7D4165F8)
O9 - Extra 'Tools' menuitem: &WebCloner - {ADFCCE65-DF10-46fd-B04A-53CCBE2A0795} - C:\WINDOWS\system32\shdocvw.dll (filesize 1499136 bytes, MD5 396A4A2DCB4AEC494CA1C0DD7D4165F8)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programas\Spybot - Search & Destroy\SDHelper.dll (filesize 1562448 bytes, MD5 32981ADE44D01EC2A9EBC2E311291707)
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programas\Spybot - Search & Destroy\SDHelper.dll (filesize 1562448 bytes, MD5 32981ADE44D01EC2A9EBC2E311291707)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (filesize 558080 bytes, MD5 AAC1D4EE39DF138C5D30AC5883E3B59F)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (filesize 558080 bytes, MD5 AAC1D4EE39DF138C5D30AC5883E3B59F)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe (filesize 1695232 bytes, MD5 B46FEEF1656A2B6BCA6211E0CBECFCF1)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe (filesize 1695232 bytes, MD5 B46FEEF1656A2B6BCA6211E0CBECFCF1)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{69500B8A-8BCF-4242-876F-12EC1936335E}: NameServer = 208.67.220.220,212.113.164.56,208.67.222.222,212.113.164.55,212.113.164.48,212.113.164.47
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programas\Microsoft Office\Office12\GrooveSystemServices.dll (filesize 224128 bytes, MD5 C48CBBD38D7FBB0E86F4364062EBC66E)
O20 - Winlogon Notify: !SASWinLogon - C:\Programas\SUPERAntiSpyware\SASWINLO.dllC:\Programas\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: monln - monln.dll (file missing)
O23 - Service: BOCore - COMODO - C:\Programas\Comodo\CBOClean\BOCORE.exeC:\Programas\Comodo\CBOClean\BOCORE.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Programas\cFosSpeed\spd.exeC:\Programas\cFosSpeed\spd.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Programas\COMODO\Firewall\cmdagent.exeC:\Programas\COMODO\Firewall\cmdagent.exe
O23 - Service: Comodo Anti-Virus and Anti-Spyware Service - Comodo Inc. - C:\Programas\Comodo\common\CAVASpy\cavasm.exeC:\Programas\Comodo\common\CAVASpy\cavasm.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programas\Java\jre6\bin\jqs.exeC:\Programas\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exeC:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Programas\Webroot\Spy Sweeper\SpySweeper.exeC:\Programas\Webroot\Spy Sweeper\SpySweeper.exe
--
End of file - 12942 bytes
mais uma vez obrigado pela sua disponibilidade
aqui esta o novo log
no entanto no item 08 noto ainda este webcloner
ao qual nao tenho nada disso instalado e muito menos
configurado para o Dir E:/ ( deve ser fixed não??)
outra coisa que agora notei ao comparar os logs é no item 017
que sao os IP do meu DNS; os que estao a vermelho
sao do DNS da netcabo aos quais ja os retirei por duas vezes
e continuam sempre a aparecer
seram eles a forçarem a que eu utilize os seus DNSs??
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:38:01, on 19-12-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Windows folder: C:\WINDOWS
System folder: C:\WINDOWS\system
Hosts file: C:\WINDOWS\System32\drivers\etc\hosts
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programas\Comodo\CBOClean\BOCORE.exe
C:\Programas\cFosSpeed\spd.exe
C:\Programas\COMODO\Firewall\cmdagent.exe
C:\Programas\Comodo\common\CAVASpy\cavasm.exe
C:\Programas\Java\jre6\bin\jqs.exe
C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Programas\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Programas\COMODO\SafeSurf\cssurf.exe
C:\Programas\COMODO\Firewall\cfp.exe
C:\Programas\Comodo\Comodo AntiVirus\CMain.exe
C:\Programas\Comodo\AntiSpam\CAS32.exe
C:\Programas\Comodo\LaunchPad\CLPTray.exe
C:\PROGRA~1\Comodo\CBOClean\BOC427.exe
C:\Programas\Java\jre6\bin\jusched.exe
C:\Programas\OpenDNS Updater\OpenDNS Updater.exe
C:\Programas\cFosSpeed\cFosSpeed.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programas\Comodo\VEngine\VEngine.exe
C:\PROGRA~1\MICROP~1\DELTAT~1.0\DWinTrsl.exe
C:\PROGRA~1\MICROP~1\DELTAT~1\DWinTrsl.exe
C:\Programas\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programas\Comodo\i-Vault\i-Vault.exe
C:\Programas\PeerGuardian2\pg2.exe
C:\Programas\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Programas\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programas\Webroot\Spy Sweeper\SSU.EXE
C:\Programas\Comodo\Comodo AntiVirus\Cavaud.exe
C:\Programas\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\notepad.exe
C:\Programas\Comodo\Comodo AntiVirus\CAVSubmit.exe
C:\Programas\Maxthon2\Maxthon.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comodo.com/search/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (filesize 62080 bytes, MD5 C11F6A1F61481E24BE3FDC06EA6F7D2A)
O2 - BHO: DiABLO - {487CA274-DDC9-45CA-BF51-2017CE8D6D8A} - C:\Programas\Comodo\i-Vault\i-Vault.dll (filesize 16896 bytes, MD5 661A7E57EC1DADEB6013F74D52B7EE42)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programas\Spybot - Search & Destroy\SDHelper.dll (filesize 1562448 bytes, MD5 32981ADE44D01EC2A9EBC2E311291707)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programas\Microsoft Office\Office12\GrooveShellExtensions.dll (filesize 2212224 bytes, MD5 32C4927E013C018A13D8DFBDA4148812)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre6\bin\ssv.dll (filesize 320920 bytes, MD5 35E6FB6E6003BD54A5D69C9C1C762192)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (filesize 322368 bytes, MD5 E43F7CFDEE2B00A22C96C168147B20D3)
O2 - BHO: Comodo VerificationEngine Browser Helper NEW - {A968A4B4-C492-4834-B651-17602C3885C8} - C:\Programas\Comodo\VEngine\VEngineIE.dll (filesize 1511168 bytes, MD5 AE4E5960941D4A5BEEFB3B1BE48DB64A)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programas\Java\jre6\bin\jp2ssv.dll (filesize 34816 bytes, MD5 5D57FD3DF32DC69CEC3D1D54B4C43162)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (filesize 73728 bytes, MD5 F68EDAFE003F2B3523C0742CD3B8D673)
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Programas\COMODO\SafeSurf\cssurf.exe" -s (filesize 278264 bytes, MD5 9263A3529C1C64407C241551B237AFF9)
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Programas\COMODO\Firewall\cfp.exe" -h (filesize 1797880 bytes, MD5 818D100BAB6B5ACB8D1EA28F08AF47CB)
O4 - HKLM\..\Run: [cnfgCav] "C:\Programas\Comodo\Comodo AntiVirus\CMain.exe" (filesize 110592 bytes, MD5 093BA8FC9966145916C718C2B204B717)
O4 - HKLM\..\Run: [ComodoAntiSpam] "C:\Programas\Comodo\AntiSpam\CAS32.exe" -q (filesize 1470464 bytes, MD5 E51ABC99FE9BFBD5200A4DF72B62B0CD)
O4 - HKLM\..\Run: [Comodo Launch Pad App] C:\Programas\Comodo\LaunchPad\CLPGuiApp.exeC:\Programas\Comodo\LaunchPad\CLPGuiApp.exe
O4 - HKLM\..\Run: [Comodo Launch Pad Tray] C:\Programas\Comodo\LaunchPad\CLPTray.exeC:\Programas\Comodo\LaunchPad\CLPTray.exe
O4 - HKLM\..\Run: [BOC-427] C:\PROGRA~1\Comodo\CBOClean\BOC427.exeC:\PROGRA~1\Comodo\CBOClean\BOC427.exe
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup (filesize 33280 bytes, MD5 C6DEB2EE4C46C4DC725D65836244F3F9)
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install (filesize 1626112 bytes, MD5 C6B1971E12A35FB69D64D01B915E1AA1)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Java\jre6\bin\jusched.exe" (filesize 136600 bytes, MD5 B98FFA8288EFAABC436C30D198608345)
O4 - HKLM\..\Run: [OpenDNS Update] "C:\Programas\OpenDNS Updater\OpenDNS Updater.exe" (filesize 316416 bytes, MD5 5A02F6E7D66EEDA92A0AC6F9EE5CD8D2)
O4 - HKLM\..\Run: [cFosSpeed] C:\Programas\cFosSpeed\cFosSpeed.exeC:\Programas\cFosSpeed\cFosSpeed.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe (filesize 180224 bytes, MD5 543C17E4CD2BA0502D8B2E7D4E592506)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE (filesize 77824 bytes, MD5 FBEF9F9C97B6B93E2041E65D3CD81C9C)
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (filesize 33280 bytes, MD5 C6DEB2EE4C46C4DC725D65836244F3F9)
O4 - HKLM\..\Run: [VEngine] C:\Programas\Comodo\VEngine\VEngine.exeC:\Programas\Comodo\VEngine\VEngine.exe
O4 - HKLM\..\Run: [TrojanScanner] "C:\Programas\Trojan Remover\Trjscan.exe" (filesize 300112 bytes, MD5 A84CABA53156A8A64590AC21F2BD2573)
O4 - HKLM\..\Run: [WindowsTranslator] C:\PROGRA~1\MICROP~1\DELTAT~1.0\DWinTrsl.exeC:\PROGRA~1\MICROP~1\DELTAT~1.0\DWinTrsl.exe
O4 - HKLM\..\Run: [WindowsTranslator_Espanhol] C:\PROGRA~1\MICROP~1\DELTAT~1\DWinTrsl.exeC:\PROGRA~1\MICROP~1\DELTAT~1\DWinTrsl.exe
O4 - HKLM\..\Run: [SpySweeper] C:\Programas\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray (filesize 4865600 bytes, MD5 947DB969EC2B4A57DC82084E9E635D4F)
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [i-Vault] C:\Programas\Comodo\i-Vault\i-Vault.exeC:\Programas\Comodo\i-Vault\i-Vault.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programas\Alcohol Soft\Alcohol 120\axcmd.exe" /automount (filesize 222592 bytes, MD5 EDDB8E76D3EEE9D2F1EBD5D40F8850B1)
O4 - HKCU\..\Run: [PeerGuardian] C:\Programas\PeerGuardian2\pg2.exeC:\Programas\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Programas\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win (filesize 1591808 bytes, MD5 667F078955A93FE382F74D5F109DFE31)
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programas\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\Programas\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: - Download &this page with WebCloner - E:\WebCloner Pro 2.6\addthis.htm
O8 - Extra context menu item: - Download all &images with WebCloner - E:\WebCloner Pro 2.6\addimg.htm
O8 - Extra context menu item: - Download all &links with WebCloner - E:\WebCloner Pro 2.6\addurl.htm
O8 - Extra context menu item: - Download selected links with WebCloner - E:\WebCloner Pro 2.6\addsellinks.htm
O8 - Extra context menu item: Download selected images with WebCloner - E:\WebCloner Pro 2.6\addselimgs.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (filesize 606288 bytes, MD5 5C044EF0F7D2DD81A45348106AD58152)
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (filesize 606288 bytes, MD5 5C044EF0F7D2DD81A45348106AD58152)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (filesize 40424 bytes, MD5 7FC19DA1DC70C78D2FBD7A1D10942051)
O9 - Extra button: WebCloner - {ADFCCE65-DF10-46fd-B04A-53CCBE2A0795} - C:\WINDOWS\system32\shdocvw.dll (filesize 1499136 bytes, MD5 396A4A2DCB4AEC494CA1C0DD7D4165F8)
O9 - Extra 'Tools' menuitem: &WebCloner - {ADFCCE65-DF10-46fd-B04A-53CCBE2A0795} - C:\WINDOWS\system32\shdocvw.dll (filesize 1499136 bytes, MD5 396A4A2DCB4AEC494CA1C0DD7D4165F8)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programas\Spybot - Search & Destroy\SDHelper.dll (filesize 1562448 bytes, MD5 32981ADE44D01EC2A9EBC2E311291707)
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programas\Spybot - Search & Destroy\SDHelper.dll (filesize 1562448 bytes, MD5 32981ADE44D01EC2A9EBC2E311291707)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (filesize 558080 bytes, MD5 AAC1D4EE39DF138C5D30AC5883E3B59F)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (filesize 558080 bytes, MD5 AAC1D4EE39DF138C5D30AC5883E3B59F)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe (filesize 1695232 bytes, MD5 B46FEEF1656A2B6BCA6211E0CBECFCF1)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe (filesize 1695232 bytes, MD5 B46FEEF1656A2B6BCA6211E0CBECFCF1)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{69500B8A-8BCF-4242-876F-12EC1936335E}: NameServer = 208.67.220.220,212.113.164.56,208.67.222.222,212.113.164.55,212.113.164.48,212.113.164.47
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programas\Microsoft Office\Office12\GrooveSystemServices.dll (filesize 224128 bytes, MD5 C48CBBD38D7FBB0E86F4364062EBC66E)
O20 - Winlogon Notify: !SASWinLogon - C:\Programas\SUPERAntiSpyware\SASWINLO.dllC:\Programas\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: monln - monln.dll (file missing)
O23 - Service: BOCore - COMODO - C:\Programas\Comodo\CBOClean\BOCORE.exeC:\Programas\Comodo\CBOClean\BOCORE.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Programas\cFosSpeed\spd.exeC:\Programas\cFosSpeed\spd.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Programas\COMODO\Firewall\cmdagent.exeC:\Programas\COMODO\Firewall\cmdagent.exe
O23 - Service: Comodo Anti-Virus and Anti-Spyware Service - Comodo Inc. - C:\Programas\Comodo\common\CAVASpy\cavasm.exeC:\Programas\Comodo\common\CAVASpy\cavasm.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programas\Java\jre6\bin\jqs.exeC:\Programas\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exeC:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Programas\Webroot\Spy Sweeper\SpySweeper.exeC:\Programas\Webroot\Spy Sweeper\SpySweeper.exe
--
End of file - 12942 bytes