Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Rui Pedro

Lento, ruidoso e infectado

Recommended Posts

Ola!

Ando com alguns problemas no computador. Além de estar lento (apesar de ser um portatil PIV a 3.0GHz), faz muito barulho a funcionar e além disso parece haver alguma infecção porque alguns sites não me são permitidos entrar pois dizem que não são seguros (sites que consultava regularmente até hà 2 dias).

Fiz um scan com Hijackthis não sei se servirá para alguma coisa:

Logfile of HijackThis v1.99.1

Scan saved at 4:04:44, on 22-07-2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Programas\Ficheiros comuns\Symantec Shared\ccSetMgr.exe

C:\Programas\Ficheiros comuns\Symantec Shared\SNDSrvc.exe

C:\Programas\Ficheiros comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

c:\Programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\svchost.exe

C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Programas\Norton AntiVirus\navapsvc.exe

C:\Programas\Norton AntiVirus\IWP\NPFMntor.exe

C:\WINDOWS\system32\svchost.exe

C:\Programas\Ficheiros comuns\Symantec Shared\Security Center\SymWSC.exe

C:\Programas\Java\jre1.6.0_01\bin\jusched.exe

C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Programas\Synaptics\SynTP\SynTPLpr.exe

C:\Programas\Synaptics\SynTP\SynTPEnh.exe

C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe

C:\Programas\HPQ\Quick Launch Buttons\EabServr.exe

C:\Programas\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe

C:\Programas\Alcatel\SpeedTouch USB\Dragdiag.exe

C:\Programas\HP\HP Software Update\HPWuSchd.exe

C:\Programas\HP\hpcoretech\hpcmpmgr.exe

C:\Programas\QuickTime\qttask.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programas\Windows Media Player\WMPNSCFG.exe

C:\Programas\HPQ\SHARED\HPQWMI.exe

C:\Programas\Software WIDCOMM\Bluetooth\BTTray.exe

C:\Programas\Messenger\msmsgs.exe

C:\Programas\Internet Explorer\iexplore.exe

C:\Programas\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sapo.pt/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sapo.pt/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sapo.pt/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by SAPO

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programas\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programas\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [updateManager] "C:\Programas\Ficheiros comuns\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [ATIPTA] C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Programas\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Programas\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ccApp] "C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [Cpqset] C:\Programas\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programas\HPQ\Quick Launch Buttons\EabServr.exe /Start

O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Programas\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [HP Software Update] "C:\Programas\HP\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe

O4 - HKLM\..\Run: [Windows Defender] "C:\Programas\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [i downloaded pirated Software from P2P ] FIFA Football 2007

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Programas\Windows Media Player\WMPNSCFG.exe

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Enviar para &Bluetooth - c:\Programas\Software WIDCOMM\Bluetooth\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160063880562

O17 - HKLM\System\CCS\Services\Tcpip\..\{D0E58500-26AB-4F12-96A7-E2D6D463798B}: NameServer = 212.55.154.174

O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Agendador do LiveUpdate automático - Symantec Corporation - C:\Programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - c:\Programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccSetMgr.exe

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programas\HPQ\SHARED\HPQWMI.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Serviço do Auto-Protect do Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programas\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programas\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Programas\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHEI~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\Security Center\SymWSC.exe

Ajudem-me que já ando farto disto........

Muito obrigado,

Abraço

Rui

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia Rui Pedro!

Ando com alguns problemas no computador. Além de estar lento (apesar de ser um portatil PIV a 3.0GHz), faz muito barulho a funcionar..

>@< Cooler ruidoso!Pode levar a um Técnico,para substituí-lo.

..e além disso parece haver alguma infecção...

>@< O Log,aparentemente,não mostra nenhuma infecção!Mas,como você possui o ActiveX,do KasperSky,faça um escaneamento OnLine e,poste o relatório.

..porque alguns sites não me são permitidos entrar pois dizem que não são seguros (sites que consultava regularmente até hà 2 dias).

>@< Isso passa por uma configuração,na aba de Segurança,do seu navegador ( IE7 ).Coloque o nível de segurança em Médio,e veja se resolve!

>@< Poste,então: Relatório do KasperSky + Log do HijackThis,atualizado.

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Hi Rui o Joran tem razao barulhor nao tem nada a ver com infeccao procure um tecnico que pode ser cooler ou fonte que ja faz o computador perder desempenho, valeu.

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • Oi pessoal :)

    Muito obrigado pelas respostas.

    Relamente tenho para aqui uma infecção :((

    Mas o que fazer para ficar com isto tudo limpo de uma vez por todas???

    Aqui vai o scan dos Kaspersky e do Hijackthis:

    Mais uma vez obrigado por tudo.

    Abraço

    Rui

    Friday, July 22, 2005 7:03:46 PM

    Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)

    Kaspersky Online Scanner version: 5.0.83.0

    Kaspersky Anti-Virus database last update: 22/07/2007

    Kaspersky Anti-Virus database records: 343909

    Scan SettingsScan using the following antivirus databasestandardScan ArchivestrueScan Mail BasestrueScan TargetMy ComputerC:\

    D:\ Scan StatisticsTotal number of scanned objects59030Number of viruses found2Number of infected objects19 / 0Number of suspicious objects0Duration of the scan process02:10:57

    Infected Object NameVirus NameLast ActionC:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-01032007-235917.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2005-07-22_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp Object is locked skipped C:\Documents and Settings\All Users\DRM\drmstore.hds Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Definições locais\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Definições locais\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Definições locais\Histórico\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Definições locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Definições locais\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Definições locais\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Rui Lopes\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Rui Lopes\Definições locais\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped C:\Documents and Settings\Rui Lopes\Definições locais\Application Data\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked skipped C:\Documents and Settings\Rui Lopes\Definições locais\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Rui Lopes\Definições locais\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Rui Lopes\Definições locais\Histórico\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Rui Lopes\Definições locais\Histórico\History.IE5\MSHist012005072220050723\index.dat Object is locked skipped C:\Documents and Settings\Rui Lopes\Definições locais\Temp\~DF4FC7.tmp Object is locked skipped C:\Documents and Settings\Rui Lopes\Definições locais\Temp\~DF500D.tmp Object is locked skipped C:\Documents and Settings\Rui Lopes\Definições locais\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped C:\Documents and Settings\Rui Lopes\Definições locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Rui Lopes\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Rui Lopes\ntuser.dat.LOG Object is locked skipped C:\hpcmerr.log Object is locked skipped C:\Programas\Ficheiros comuns\Symantec Shared\SNDALRT.log Object is locked skipped C:\Programas\Ficheiros comuns\Symantec Shared\SNDCON.log Object is locked skipped C:\Programas\Ficheiros comuns\Symantec Shared\SNDDBG.log Object is locked skipped C:\Programas\Ficheiros comuns\Symantec Shared\SNDFW.log Object is locked skipped C:\Programas\Ficheiros comuns\Symantec Shared\SNDIDS.log Object is locked skipped C:\Programas\Ficheiros comuns\Symantec Shared\SNDSYS.log Object is locked skipped C:\Programas\Ficheiros comuns\Symantec Shared\SPPolicy.log Object is locked skipped C:\Programas\Ficheiros comuns\Symantec Shared\SPStart.log Object is locked skipped C:\Programas\Ficheiros comuns\Symantec Shared\SPStop.log Object is locked skipped C:\Programas\Norton AntiVirus\AVApp.log Object is locked skipped C:\Programas\Norton AntiVirus\AVError.log Object is locked skipped C:\Programas\Norton AntiVirus\AVVirus.log Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{E67D92C7-2AA5-4456-B3E4-9D6AB305FDDB}\RP316\A0053451.exe/irsetup.dat Infected: Trojan-Dropper.Win32.Peerad.a skipped C:\System Volume Information\_restore{E67D92C7-2AA5-4456-B3E4-9D6AB305FDDB}\RP316\A0053451.exe SetupFactory: infected - 1 skipped C:\System Volume Information\_restore{E67D92C7-2AA5-4456-B3E4-9D6AB305FDDB}\RP316\A0053452.exe/irsetup.dat Infected: Trojan-Dropper.Win32.Peerad.a skipped C:\System Volume Information\_restore{E67D92C7-2AA5-4456-B3E4-9D6AB305FDDB}\RP316\A0053452.exe SetupFactory: infected - 1 skipped C:\System Volume Information\_restore{E67D92C7-2AA5-4456-B3E4-9D6AB305FDDB}\RP316\A0053453.exe/irsetup.dat Infected: Trojan-Dropper.Win32.Peerad.a skipped C:\System Volume Information\_restore{E67D92C7-2AA5-4456-B3E4-9D6AB305FDDB}\RP316\A0053453.exe SetupFactory: infected - 1 skipped C:\System Volume Information\_restore{E67D92C7-2AA5-4456-B3E4-9D6AB305FDDB}\RP316\A0053454.exe/irsetup.dat Infected: Trojan-Dropper.Win32.Peerad.a skipped C:\System Volume Information\_restore{E67D92C7-2AA5-4456-B3E4-9D6AB305FDDB}\RP316\A0053454.exe SetupFactory: infected - 1 skipped C:\System Volume Information\_restore{E67D92C7-2AA5-4456-B3E4-9D6AB305FDDB}\RP316\A0053455.exe/irsetup.dat Infected: Trojan-Dropper.Win32.Peerad.a skipped C:\System Volume Information\_restore{E67D92C7-2AA5-4456-B3E4-9D6AB305FDDB}\RP316\A0053455.exe SetupFactory: infected - 1 skipped C:\System Volume Information\_restore{E67D92C7-2AA5-4456-B3E4-9D6AB305FDDB}\RP316\A0053457.exe/irsetup.dat Infected: Trojan-Dropper.Win32.Peerad.a skipped C:\System Volume Information\_restore{E67D92C7-2AA5-4456-B3E4-9D6AB305FDDB}\RP316\A0053457.exe SetupFactory: infected - 1 skipped C:\System Volume Information\_restore{E67D92C7-2AA5-4456-B3E4-9D6AB305FDDB}\RP316\A0053458.exe/irsetup.dat Infected: Trojan-Dropper.Win32.Peerad.a skipped C:\System Volume Information\_restore{E67D92C7-2AA5-4456-B3E4-9D6AB305FDDB}\RP316\A0053458.exe SetupFactory: infected - 1 skipped C:\System Volume Information\_restore{E67D92C7-2AA5-4456-B3E4-9D6AB305FDDB}\RP316\A0053459.exe/irsetup.dat Infected: Trojan-Dropper.Win32.Peerad.a skipped C:\System Volume Information\_restore{E67D92C7-2AA5-4456-B3E4-9D6AB305FDDB}\RP316\A0053459.exe SetupFactory: infected - 1 skipped C:\System Volume Information\_restore{E67D92C7-2AA5-4456-B3E4-9D6AB305FDDB}\RP316\A0053460.exe/irsetup.dat Infected: Trojan-Dropper.Win32.Peerad.a skipped C:\System Volume Information\_restore{E67D92C7-2AA5-4456-B3E4-9D6AB305FDDB}\RP316\A0053460.exe SetupFactory: infected - 1 skipped C:\System Volume Information\_restore{E67D92C7-2AA5-4456-B3E4-9D6AB305FDDB}\RP316\A0053477.exe Infected: Trojan-Downloader.Win32.IstBar.po skipped C:\System Volume Information\_restore{E67D92C7-2AA5-4456-B3E4-9D6AB305FDDB}\RP318\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{F8075C94-962B-4BC1-84B0-F2C433398C83}.bin Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed.

    Logfile of HijackThis v1.99.1

    Scan saved at 19:09:32, on 22-07-2005

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16473)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Programas\Windows Defender\MsMpEng.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Programas\Ficheiros comuns\Symantec Shared\ccSetMgr.exe

    C:\Programas\Ficheiros comuns\Symantec Shared\SNDSrvc.exe

    C:\Programas\Ficheiros comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

    C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\spoolsv.exe

    C:\Programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe

    c:\Programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

    C:\Programas\Norton AntiVirus\navapsvc.exe

    C:\Programas\Norton AntiVirus\IWP\NPFMntor.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Programas\Java\jre1.6.0_01\bin\jusched.exe

    C:\Programas\Ficheiros comuns\Symantec Shared\Security Center\SymWSC.exe

    C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe

    C:\Programas\Synaptics\SynTP\SynTPLpr.exe

    C:\Programas\Synaptics\SynTP\SynTPEnh.exe

    C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe

    C:\Programas\HPQ\Quick Launch Buttons\EabServr.exe

    C:\Programas\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe

    C:\Programas\Alcatel\SpeedTouch USB\Dragdiag.exe

    C:\Programas\HP\HP Software Update\HPWuSchd.exe

    C:\Programas\HP\hpcoretech\hpcmpmgr.exe

    C:\Programas\QuickTime\qttask.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Programas\Windows Media Player\WMPNSCFG.exe

    C:\Programas\HPQ\SHARED\HPQWMI.exe

    C:\Programas\Software WIDCOMM\Bluetooth\BTTray.exe

    C:\Programas\Messenger\msmsgs.exe

    C:\Programas\Hijackthis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sapo.pt/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sapo.pt/

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sapo.pt/

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by SAPO

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_01\bin\ssv.dll

    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programas\Norton AntiVirus\NavShExt.dll

    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programas\Norton AntiVirus\NavShExt.dll

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_01\bin\jusched.exe"

    O4 - HKLM\..\Run: [updateManager] "C:\Programas\Ficheiros comuns\Sonic\Update Manager\sgtray.exe" /r

    O4 - HKLM\..\Run: [ATIPTA] C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe

    O4 - HKLM\..\Run: [synTPLpr] C:\Programas\Synaptics\SynTP\SynTPLpr.exe

    O4 - HKLM\..\Run: [synTPEnh] C:\Programas\Synaptics\SynTP\SynTPEnh.exe

    O4 - HKLM\..\Run: [ccApp] "C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe"

    O4 - HKLM\..\Run: [Cpqset] C:\Programas\HPQ\Default Settings\cpqset.exe

    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programas\HPQ\Quick Launch Buttons\EabServr.exe /Start

    O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"

    O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

    O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Programas\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon

    O4 - HKLM\..\Run: [HP Software Update] "C:\Programas\HP\HP Software Update\HPWuSchd.exe"

    O4 - HKLM\..\Run: [HP Component Manager] "C:\Programas\HP\hpcoretech\hpcmpmgr.exe"

    O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe

    O4 - HKLM\..\Run: [Windows Defender] "C:\Programas\Windows Defender\MSASCui.exe" -hide

    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

    O4 - HKLM\..\Run: [i downloaded pirated Software from P2P ] FIFA Football 2007

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [WMPNSCFG] C:\Programas\Windows Media Player\WMPNSCFG.exe

    O4 - Global Startup: BTTray.lnk = ?

    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O8 - Extra context menu item: Enviar para &Bluetooth - c:\Programas\Software WIDCOMM\Bluetooth\btsendto_ie_ctx.htm

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_01\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_01\bin\ssv.dll

    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

    O11 - Options group: [iNTERNATIONAL] International*

    O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com

    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab

    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab

    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160063880562

    O17 - HKLM\System\CCS\Services\Tcpip\..\{D0E58500-26AB-4F12-96A7-E2D6D463798B}: NameServer = 212.55.154.174

    O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll

    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

    O23 - Service: Agendador do LiveUpdate automático - Symantec Corporation - C:\Programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe

    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - c:\Programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe

    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe

    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccPwdSvc.exe

    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccSetMgr.exe

    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programas\HPQ\SHARED\HPQWMI.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

    O23 - Service: Serviço do Auto-Protect do Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programas\Norton AntiVirus\navapsvc.exe

    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programas\Norton AntiVirus\IWP\NPFMntor.exe

    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    O23 - Service: SAVScan - Symantec Corporation - C:\Programas\Norton AntiVirus\SAVScan.exe

    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHEI~1\SYMANT~1\SCRIPT~1\SBServ.exe

    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\SNDSrvc.exe

    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\Security Center\SymWSC.exe

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Bom Dia Rui Pedro!

    >@< Desabilite e Reabilite a Restauração do Sistema.Veja como fazê-lo: < Docs >

    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

    >@< Faça um escaneamento OnLine em < BitDefender > e poste o relatório.

    >@< Clique em BitDefender ( Scan OnLine ).

    >@< Abrirá a página: < BitDefender OnLine Scanner >

    >@< Clique em I Agree.

    >@< Aguarde!Permita a instalação do ActiveX,para que possa ocorrer o scan.

    >@< Neste escaneamento,existe a possibilidade de desinfecção!

    >@< Poste,então: Relatório do scan OnLine + Log do HijackThis,atualizado.

    Abraços!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Olá!

    Fiz isso do Bit Defender e disse que não encontrou nenhum vírus.

    Acho estranho, pois o Kaspersky dizia que tinha vírus não é? Será que este não detecta?

    Essa situação do restauro do sistema deixo estar assim ou modifico alguma coisa?

    Ainda assim, fiz o scan com o hijackthis:

    Logfile of HijackThis v1.99.1

    Scan saved at 2:48:11, on 25-07-2005

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16473)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Programas\Windows Defender\MsMpEng.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Programas\Ficheiros comuns\Symantec Shared\ccSetMgr.exe

    C:\Programas\Ficheiros comuns\Symantec Shared\SNDSrvc.exe

    C:\Programas\Ficheiros comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

    C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe

    c:\Programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\Explorer.EXE

    C:\Programas\Norton AntiVirus\navapsvc.exe

    C:\Programas\Norton AntiVirus\IWP\NPFMntor.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Programas\Ficheiros comuns\Symantec Shared\Security Center\SymWSC.exe

    C:\Programas\Java\jre1.6.0_01\bin\jusched.exe

    C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe

    C:\Programas\Synaptics\SynTP\SynTPLpr.exe

    C:\Programas\Synaptics\SynTP\SynTPEnh.exe

    C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe

    C:\Programas\HPQ\Quick Launch Buttons\EabServr.exe

    C:\Programas\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe

    C:\Programas\Alcatel\SpeedTouch USB\Dragdiag.exe

    C:\Programas\HP\HP Software Update\HPWuSchd.exe

    C:\Programas\HP\hpcoretech\hpcmpmgr.exe

    C:\Programas\QuickTime\qttask.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Programas\Windows Media Player\WMPNSCFG.exe

    C:\Programas\HPQ\SHARED\HPQWMI.exe

    C:\Programas\Software WIDCOMM\Bluetooth\BTTray.exe

    C:\Programas\Internet Explorer\iexplore.exe

    C:\Programas\Messenger\msmsgs.exe

    C:\Programas\Hijackthis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sapo.pt/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sapo.pt/

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sapo.pt/

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by SAPO

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_01\bin\ssv.dll

    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programas\Norton AntiVirus\NavShExt.dll

    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programas\Norton AntiVirus\NavShExt.dll

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_01\bin\jusched.exe"

    O4 - HKLM\..\Run: [updateManager] "C:\Programas\Ficheiros comuns\Sonic\Update Manager\sgtray.exe" /r

    O4 - HKLM\..\Run: [ATIPTA] C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe

    O4 - HKLM\..\Run: [synTPLpr] C:\Programas\Synaptics\SynTP\SynTPLpr.exe

    O4 - HKLM\..\Run: [synTPEnh] C:\Programas\Synaptics\SynTP\SynTPEnh.exe

    O4 - HKLM\..\Run: [ccApp] "C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe"

    O4 - HKLM\..\Run: [Cpqset] C:\Programas\HPQ\Default Settings\cpqset.exe

    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programas\HPQ\Quick Launch Buttons\EabServr.exe /Start

    O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"

    O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

    O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Programas\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon

    O4 - HKLM\..\Run: [HP Software Update] "C:\Programas\HP\HP Software Update\HPWuSchd.exe"

    O4 - HKLM\..\Run: [HP Component Manager] "C:\Programas\HP\hpcoretech\hpcmpmgr.exe"

    O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe

    O4 - HKLM\..\Run: [Windows Defender] "C:\Programas\Windows Defender\MSASCui.exe" -hide

    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

    O4 - HKLM\..\Run: [i downloaded pirated Software from P2P ] FIFA Football 2007

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [WMPNSCFG] C:\Programas\Windows Media Player\WMPNSCFG.exe

    O4 - Global Startup: BTTray.lnk = ?

    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O8 - Extra context menu item: Enviar para &Bluetooth - c:\Programas\Software WIDCOMM\Bluetooth\btsendto_ie_ctx.htm

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_01\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_01\bin\ssv.dll

    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

    O11 - Options group: [iNTERNATIONAL] International*

    O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com

    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab

    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab

    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160063880562

    O17 - HKLM\System\CCS\Services\Tcpip\..\{D0E58500-26AB-4F12-96A7-E2D6D463798B}: NameServer = 212.55.154.174

    O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll

    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

    O23 - Service: Agendador do LiveUpdate automático - Symantec Corporation - C:\Programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe

    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - c:\Programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe

    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe

    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccPwdSvc.exe

    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccSetMgr.exe

    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programas\HPQ\SHARED\HPQWMI.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

    O23 - Service: Serviço do Auto-Protect do Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programas\Norton AntiVirus\navapsvc.exe

    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programas\Norton AntiVirus\IWP\NPFMntor.exe

    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    O23 - Service: SAVScan - Symantec Corporation - C:\Programas\Norton AntiVirus\SAVScan.exe

    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHEI~1\SYMANT~1\SCRIPT~1\SBServ.exe

    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\SNDSrvc.exe

    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\Security Center\SymWSC.exe

    Muito obrigado.

    Abraço

    Rui

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Boa Noite Rui Pedro!

    Fiz isso do Bit Defender e disse que não encontrou nenhum vírus.

    >@< O que comprova que o nôvo Ponto de Restauração,é um ponto limpo!

    >@< O BitDefender,varreu um volume limpo,pois,praticamente,todas as infecções estavam na Restauração do Sistema.

    Acho estranho, pois o Kaspersky dizia que tinha vírus não é? Será que este não detecta?

    >@< Se o Ponto de Restauração,não fosse apagado,com certeza teríamos a detecção de malware,pelo BitDefender.

    Essa situação do restauro do sistema deixo estar assim ou modifico alguma coisa?

    >@< Ao desligar e ligar a Restauração do Sistema,criou-se um ponto de restauração limpo!E,creio que nomeado por você.

    >@< O Log está Limpo!

    >@< Bom Trabalho!

    Abraços!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×