Publicado em 3 de dez.

[Resolvido!]NTKernel System (ntoshrnl.exe)

Prezados amigos

Socorro,

apareceu me o firewall com mensagens tipo NTKernel System (ntoshrnl.exe) is trying to send an ICMP type 8 (Echo Request) paket To (#meu IP Virtua). Do you want to allow this program to access the network?

J'passei antivirus, Avast, o Spybot e nada mostra. Copiei o log do meu Hijack this e coloco abaixo.

Ajuda, peço.

StartupList report, 3/12/2007, 06:13:32

StartupList version: 1.52.2

Started from : C:\Program Files\hijack\HijackThis.EXE

Detected: Windows XP SP2 (WinNT 5.01.2600)

Detected: Internet Explorer v7.00 (7.00.6000.16544)

* Using default options

==================================================

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Sygate\SPF\smc.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files\Executive Software\DiskeeperLite\DKService.exe

C:\WINDOWS\system32\DVDRAMSV.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

c:\Toshiba\IVP\swupdate\swupdtmr.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\ltmoh\Ltmoh.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Toshiba\Tvs\TvsTray.exe

C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

C:\WINDOWS\system32\TPSMain.exe

C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

C:\WINDOWS\system32\TPSBattM.exe

C:\WINDOWS\system32\ZoomingHook.exe

C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

C:\Program Files\TOSHIBA\TouchPad\TPTray.exe

C:\WINDOWS\system32\TCtrlIOHook.exe

C:\WINDOWS\system32\TDispVol.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Protector Suite QL\psqltray.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe

C:\Program Files\CS3\Acrobat 8.0\Acrobat\Acrotray.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\TMais\voipMais Softphone Preview\System\voipMais Softphone Preview.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\WINDOWS\system32\RAMASST.exe

C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\toshiba\ivp\ism\ivpsvmgr.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\hijack\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:

[C:\Documents and Settings\TOM1\Start Menu\Programs\Startup]

Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE

Shell folders Common Startup:

[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]

Adobe Acrobat Speed Launcher.lnk = ?

Adobe Acrobat Synchronizer.lnk = C:\Program Files\CS3\Acrobat 8.0\Acrobat\AdobeCollabSync.exe

RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ehTray = C:\WINDOWS\ehome\ehtray.exe

igfxtray = C:\WINDOWS\system32\igfxtray.exe

igfxhkcmd = C:\WINDOWS\system32\hkcmd.exe

igfxpers = C:\WINDOWS\system32\igfxpers.exe

RTHDCPL = RTHDCPL.EXE

Alcmtr = ALCMTR.EXE

LtMoh = C:\Program Files\ltmoh\Ltmoh.exe

AGRSMMSG = AGRSMMSG.exe

HWSetup = C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP

SVPWUTIL = C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL

Tvs = C:\Program Files\Toshiba\Tvs\TvsTray.exe

CeEKEY = C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

TPSMain = TPSMain.exe

PadTouch = C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

ZoomingHook = ZoomingHook.exe

SmoothView = C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

TPNF = C:\Program Files\TOSHIBA\TouchPad\TPTray.exe

TCtryIOHook = TCtrlIOHook.exe

TDispVol = TDispVol.exe

Pinger = c:\toshiba\ivp\ism\pinger.exe /run

IntelZeroConfig = "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

IntelWireless = "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

avast! = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

SmcService = C:\PROGRA~1\Sygate\SPF\smc.exe -startgui

Adobe Reader Speed Launcher = "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

PSQLLauncher = "C:\Program Files\Protector Suite QL\launcher.exe" /startup

Apoint = C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe = NDSTray.exe

C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe = TFncKy.exe

Acrobat Assistant 8.0 = "C:\Program Files\CS3\Acrobat 8.0\Acrobat\Acrotray.exe"

(Default) =

Adobe_ID0EYTHM = C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

Google Desktop Search = "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

TOSCDSPD = C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe

voipMais Softphone Preview = C:\Program Files\TMais\voipMais Softphone Preview\System\voipMais Softphone Preview.exe /quiet

Skype = "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

swg = C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

E:\arquivoprogramas\adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0 = E:\arquivoprogramas\adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

[AdobeUpdater]

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=INI section not found

run=INI section not found

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=Registry value not found

HKLM\..\Windows NT\CurrentVersion\WinLogon: run=Registry value not found

HKLM\..\Windows\CurrentVersion\WinLogon: load=Registry key not found

HKLM\..\Windows\CurrentVersion\WinLogon: run=Registry key not found

HKCU\..\Windows NT\CurrentVersion\WinLogon: load=Registry value not found

HKCU\..\Windows NT\CurrentVersion\WinLogon: run=Registry value not found

HKCU\..\Windows\CurrentVersion\WinLogon: load=Registry key not found

HKCU\..\Windows\CurrentVersion\WinLogon: run=Registry key not found

HKCU\..\Windows NT\CurrentVersion\Windows: load=

HKCU\..\Windows NT\CurrentVersion\Windows: run=Registry value not found

HKLM\..\Windows NT\CurrentVersion\Windows: load=Registry value not found

HKLM\..\Windows NT\CurrentVersion\Windows: run=Registry value not found

HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=INI section not found

SCRNSAVE.EXE=INI section not found

drivers=INI section not found

Shell & screensaver key from Registry:

Shell=Explorer.exe

SCRNSAVE.EXE=C:\WINDOWS\system32\ssmarque.scr

drivers=Registry value not found

Policies Shell key:

HKCU\..\Policies: Shell=Registry key not found

HKLM\..\Policies: Shell=Registry value not found

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll - {22BF413B-C6D2-4d91-82A9-A0F997BA588C}

(no name) - c:\program files\google\googletoolbar2.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}

(no name) - C:\Program Files\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll - {AE7CD045-E861-484f-8273-0445EE161910}

--------------------------------------------------

Enumerating Download Program Files:

[WUWebControl Class]

InProcServer32 = C:\WINDOWS\system32\wuweb.dll

CODEBASE = http://www.update.microsoft.com/windowsupd...b?1196040936987

[shockwave Flash Object]

InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx

CODEBASE = https://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #4: C:\Program Files\Bonjour\mdnsNSP.dll

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll

CDBurn: C:\WINDOWS\system32\SHELL32.dll

WebCheck: C:\WINDOWS\system32\webcheck.dll

SysTray: C:\WINDOWS\system32\stobject.dll

WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll

--------------------------------------------------

End of report, 10.838 bytes

Report generated in 0,062 seconds

Command line options:

/verbose - to add additional info on each section

/complete - to include empty sections and unsuspicious data

/full - to include several rarely-important sections

/force9x - to include Win9x-only startups even if running on WinNT

/forcent - to include WinNT-only startups even if running on Win9x

/forceall - to include all Win9x and WinNT startups, regardless of platform

/history - to list version history only

------------

obrigado :natal_sad:

Discussão (9)

Entre ou cadastre-se para participar da discussão

Entrar Criar conta

Carregando comentários...