Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
urtigas

Problema com alteração de wallpaper devido a malware

Recommended Posts

ola

Eu estou com um problema no meu computador apanhei um virus que me muda o wallpaper e se eu quiser por uma proteçao de ecrã(screensaver) nao consigo eu ja tentei apagar o virus com alguns programas ate mesmo com o anti virus e nao consegui ate ja fui a pasta onde parece estar o virus apaguei o ficheiro mas ele passado uns minutos volta outra vez.Gostaria que me pudesse ajudar.

Esta áqui toda a informaçao que consegui recolher sobre o virus:

lphcpa5j0eadr.exe

C:\Documents and Settings\David Wilson\Definições locais\Temp\.tt7E.tmp.vbs

ANTIMALWARE2009 LICENSE AGREEMENT

Obrigado/Abraços

Editado por urtigas

Compartilhar este post


Link para o post
Compartilhar em outros sites

Leia as instruções deste tópico:

http://forum.clubedohardware.com.br/criando-novo-topico/429891

E poste um log do hijackthis para análise.

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • Logfile of HijackThis v1.99.1

    Scan saved at 19:24:45, on 10-10-2008

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Programas\Alwil Software\Avast4\aswUpdSv.exe

    C:\Programas\Alwil Software\Avast4\ashServ.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Programas\IVT Corporation\BlueSoleil\BTNtService.exe

    C:\WINDOWS\system32\CTSvcCDA.exe

    C:\Programas\Creative\Shared Files\CTDevSrv.exe

    C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

    C:\WINDOWS\system32\PnkBstrA.exe

    C:\Programas\CyberLink\Shared files\RichVideo.exe

    C:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Programas\Alwil Software\Avast4\ashMaiSv.exe

    C:\Programas\Alwil Software\Avast4\ashWebSv.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\atiptaxx.exe

    C:\WINDOWS\system32\rundll32.exe

    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

    C:\Programas\Ficheiros comuns\Microsoft Shared\Works Shared\WkUFind.exe

    C:\Programas\CyberLink\PowerDVD\PDVDServ.exe

    C:\Programas\HP\HP Software Update\HPWuSchd2.exe

    C:\Programas\Messenger\msmsgs.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Programas\Microsoft ActiveSync\wcescomm.exe

    C:\Programas\SRS Labs\Audio Sandbox\SRSSSC.exe

    C:\PROGRA~1\MI3AA1~1\rapimgr.exe

    C:\Programas\IVT Corporation\BlueSoleil\BlueSoleil.exe

    C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe

    C:\Programas\HP\Digital Imaging\bin\hpqimzone.exe

    C:\Programas\HP\Digital Imaging\bin\hpqSTE08.exe

    C:\Programas\Windows Live\Messenger\msnmsgr.exe

    C:\Programas\Windows Media Player\wmplayer.exe

    C:\Programas\Windows Live\Messenger\usnsvc.exe

    C:\Programas\Internet Explorer\iexplore.exe

    C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

    C:\Programas\Internet Explorer\iexplore.exe

    C:\Programas\Internet Explorer\iexplore.exe

    C:\Documents and Settings\David Wilson\Ambiente de trabalho\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/ig?hl=pt-PT

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

    O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

    O2 - BHO: SACert Class - {740FE5FB-65F1-46C5-9E54-A19C8A8D7AC2} - C:\WINDOWS\system32\SoftAheadCert.dll

    O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: e404mgr Class - {A3D76B96-30B9-4DCC-9B3D-D12E31280D29} - (no file)

    O4 - HKLM\..\Run: [ATIPTA] C:\WINDOWS\atiptaxx.exe

    O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programas\Ficheiros comuns\Microsoft Shared\Works Shared\WkUFind.exe

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

    O4 - HKLM\..\Run: [RemoteControl] C:\Programas\CyberLink\PowerDVD\PDVDServ.exe

    O4 - HKLM\..\Run: [LanguageShortcut] C:\Programas\CyberLink\PowerDVD\Language\Language.exe

    O4 - HKLM\..\Run: [HP Software Update] C:\Programas\HP\HP Software Update\HPWuSchd2.exe

    O4 - HKCU\..\Run: [MSMSGS] "C:\Programas\Messenger\msmsgs.exe" /background

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programas\Microsoft ActiveSync\wcescomm.exe"

    O4 - HKCU\..\Run: [sRS Audio Sandbox] "C:\Programas\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme

    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Reader 8.0\Reader\reader_sl.exe

    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

    O4 - Global Startup: Billminder.lnk = C:\quickenw\BILLMIND.EXE

    O4 - Global Startup: BlueSoleil.lnk = ?

    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe

    O4 - Global Startup: Inicialização rápida do HP Photosmart Premier.lnk = C:\Programas\HP\Digital Imaging\bin\hpqthb08.exe

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: Publicar em Blogue - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programas\Windows Live\Writer\WriterBrowserExtension.dll

    O9 - Extra 'Tools' menuitem: &Publicar no Blogue no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programas\Windows Live\Writer\WriterBrowserExtension.dll

    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

    O9 - Extra 'Tools' menuitem: Criar Favorito Móvel... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab

    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programas\Alwil Software\Avast4\aswUpdSv.exe

    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

    O23 - Service: avast! Antivirus - ALWIL Software - C:\Programas\Alwil Software\Avast4\ashServ.exe

    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

    O23 - Service: avast! Web Scanner - Unknown owner - C:\Programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programas\IVT Corporation\BlueSoleil\BTNtService.exe

    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.exe

    O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Programas\Creative\Shared Files\CTDevSrv.exe

    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programas\CyberLink\Shared files\RichVideo.exe

    O23 - Service: ServiceLayer - Nokia. - C:\Programas\Ficheiros comuns\PCSuite\Services\ServiceLayer.exe

    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Faça um Online Scan em kaspersky Virusscanner

    • Clique em Clipboard01-1.jpg
    • Quando questionando para instalar o componente ActiveX, clique em Clipboard015.jpg
    • Aguarde a instalação e a actualização e depois clique em Clipboard013.jpg
    • Clique agora em Clipboard016.jpg
    • Nas opções do scan (settings), certifique-se que as entradas abaixo estão selecionadas:
      • Scan using the following Anti-Virus database:

        Extended (if available otherwise Standard)

      • Scan Options:

        Scan Archives
        Scan Mail Bases

      [*]Clique Clipboard014.jpg

      [*]Clique em My Computer para que seja feito um Scan completo no seu Sistema.

      [*]Será iniciado o scan e poderá demorar um pouco. Seja paciente e aguarde.

      [*]No final do Scan, clique no botão Save as Text

      [*]Salve o log com os resultados e poste na sua próxima resposta.

      [*]Gere e cole também um novo log do HijackThis.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Sunday, October 12, 2008

    Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)

    Kaspersky Online Scanner 7 version: 7.0.25.0

    Program database last update: Sunday, October 12, 2008 11:19:44

    Records in database: 1306853

    Scan settingsScan using the following databaseextendedScan archivesyesScan mail databasesyesScan areaMy ComputerA:\

    C:\

    D:\

    E:\

    F:\

    G:\ Scan statisticsFiles scanned151726Threat name4Infected objects5Suspicious objects0Duration of the scan05:37:21

    File nameThreat nameThreats countC:\Documents and Settings\David Wilson\Ambiente de trabalho\dvd\Cópia de PDA aplicações\Pocket PC 13 Applications.zipInfected: not-a-virus:AdWare.Win32.OnFlow1C:\Documents and Settings\David Wilson\Ambiente de trabalho\dvd\Cópia de PDA aplicações\Pocket PC Software\Area Code Reverse Lookup Install File (PocketPC).exeInfected: not-a-virus:AdWare.Win32.OnFlow1C:\Documents and Settings\David Wilson\Ambiente de trabalho\dvd\vdownloader.zipInfected: not-a-virus:Downloader.Win32.VDown.a1C:\Programas\Circle Developement\Uninstall.exeInfected: Trojan.Win32.Obfuscated.gen1C:\WINDOWS\system32\lphcpa5j0eadr.exeInfected: Trojan-Downloader.Win32.Small.aekg1

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Logfile of HijackThis v1.99.1

    Scan saved at 17:11:16, on 12-10-2008

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Programas\Alwil Software\Avast4\aswUpdSv.exe

    C:\Programas\Alwil Software\Avast4\ashServ.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\atiptaxx.exe

    C:\WINDOWS\system32\rundll32.exe

    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

    C:\Programas\Ficheiros comuns\Microsoft Shared\Works Shared\WkUFind.exe

    C:\Programas\CyberLink\PowerDVD\PDVDServ.exe

    C:\Programas\HP\HP Software Update\HPWuSchd2.exe

    C:\Programas\Java\jre1.6.0_07\bin\jusched.exe

    C:\Programas\Messenger\msmsgs.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Programas\Microsoft ActiveSync\wcescomm.exe

    C:\Programas\IVT Corporation\BlueSoleil\BlueSoleil.exe

    C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe

    C:\PROGRA~1\MI3AA1~1\rapimgr.exe

    C:\Programas\IVT Corporation\BlueSoleil\BTNtService.exe

    C:\WINDOWS\system32\CTSvcCDA.exe

    C:\Programas\Creative\Shared Files\CTDevSrv.exe

    C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

    C:\WINDOWS\system32\PnkBstrA.exe

    C:\Programas\CyberLink\Shared files\RichVideo.exe

    C:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Programas\HP\Digital Imaging\bin\hpqimzone.exe

    C:\Programas\Alwil Software\Avast4\ashMaiSv.exe

    C:\Programas\Alwil Software\Avast4\ashWebSv.exe

    C:\Programas\HP\Digital Imaging\bin\hpqSTE08.exe

    C:\Programas\Internet Explorer\iexplore.exe

    C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

    C:\Programas\Windows Live\Messenger\usnsvc.exe

    C:\Documents and Settings\David Wilson\Ambiente de trabalho\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/ig?hl=pt-PT

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

    O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

    O2 - BHO: SACert Class - {740FE5FB-65F1-46C5-9E54-A19C8A8D7AC2} - C:\WINDOWS\system32\SoftAheadCert.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_07\bin\ssv.dll

    O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: e404mgr Class - {A3D76B96-30B9-4DCC-9B3D-D12E31280D29} - (no file)

    O4 - HKLM\..\Run: [ATIPTA] C:\WINDOWS\atiptaxx.exe

    O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programas\Ficheiros comuns\Microsoft Shared\Works Shared\WkUFind.exe

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

    O4 - HKLM\..\Run: [RemoteControl] C:\Programas\CyberLink\PowerDVD\PDVDServ.exe

    O4 - HKLM\..\Run: [LanguageShortcut] C:\Programas\CyberLink\PowerDVD\Language\Language.exe

    O4 - HKLM\..\Run: [HP Software Update] C:\Programas\HP\HP Software Update\HPWuSchd2.exe

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_07\bin\jusched.exe"

    O4 - HKCU\..\Run: [MSMSGS] "C:\Programas\Messenger\msmsgs.exe" /background

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programas\Microsoft ActiveSync\wcescomm.exe"

    O4 - HKCU\..\Run: [sRS Audio Sandbox] "C:\Programas\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme

    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Reader 8.0\Reader\reader_sl.exe

    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

    O4 - Global Startup: Billminder.lnk = C:\quickenw\BILLMIND.EXE

    O4 - Global Startup: BlueSoleil.lnk = ?

    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe

    O4 - Global Startup: Inicialização rápida do HP Photosmart Premier.lnk = C:\Programas\HP\Digital Imaging\bin\hpqthb08.exe

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_07\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_07\bin\ssv.dll

    O9 - Extra button: Publicar em Blogue - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programas\Windows Live\Writer\WriterBrowserExtension.dll

    O9 - Extra 'Tools' menuitem: &Publicar no Blogue no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programas\Windows Live\Writer\WriterBrowserExtension.dll

    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

    O9 - Extra 'Tools' menuitem: Criar Favorito Móvel... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab

    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100

    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programas\Alwil Software\Avast4\aswUpdSv.exe

    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

    O23 - Service: avast! Antivirus - ALWIL Software - C:\Programas\Alwil Software\Avast4\ashServ.exe

    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

    O23 - Service: avast! Web Scanner - Unknown owner - C:\Programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programas\IVT Corporation\BlueSoleil\BTNtService.exe

    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.exe

    O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Programas\Creative\Shared Files\CTDevSrv.exe

    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programas\CyberLink\Shared files\RichVideo.exe

    O23 - Service: ServiceLayer - Nokia. - C:\Programas\Ficheiros comuns\PCSuite\Services\ServiceLayer.exe

    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Configure o Windows para mostrar todos os arquivos

    Usando o Windows Explorer (clique com o botão da direita do mouse em cima do Iniciar depois clique em Explorar, procure e apague o seguinte arquivo em vermelho (se estiver[em] presente):

    C:\WINDOWS\system32\lphcpa5j0eadr.exe <-- este arquivo

    No mais seu log está limpo, foi acusado alguns programas de seu uso, fica a seu critério mantê-los ou não.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Logfile of HijackThis v1.99.1

    Scan saved at 22:06:52, on 13-10-2008

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Programas\Alwil Software\Avast4\aswUpdSv.exe

    C:\Programas\Alwil Software\Avast4\ashServ.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\atiptaxx.exe

    C:\WINDOWS\system32\rundll32.exe

    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

    C:\Programas\Ficheiros comuns\Microsoft Shared\Works Shared\WkUFind.exe

    C:\Programas\CyberLink\PowerDVD\PDVDServ.exe

    C:\Programas\Java\jre1.6.0_07\bin\jusched.exe

    C:\Programas\Messenger\msmsgs.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Programas\Microsoft ActiveSync\wcescomm.exe

    C:\Programas\SRS Labs\Audio Sandbox\SRSSSC.exe

    C:\Programas\IVT Corporation\BlueSoleil\BTNtService.exe

    C:\PROGRA~1\MI3AA1~1\rapimgr.exe

    C:\WINDOWS\system32\CTSvcCDA.exe

    C:\Programas\Creative\Shared Files\CTDevSrv.exe

    C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

    C:\WINDOWS\system32\PnkBstrA.exe

    C:\Programas\CyberLink\Shared files\RichVideo.exe

    C:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Programas\Alwil Software\Avast4\ashMaiSv.exe

    C:\Programas\Alwil Software\Avast4\ashWebSv.exe

    C:\Programas\Windows Media Player\wmplayer.exe

    C:\Programas\Windows Live\Messenger\msnmsgr.exe

    C:\Programas\Windows Live\Messenger\usnsvc.exe

    C:\WINDOWS\explorer.exe

    C:\Programas\Internet Explorer\iexplore.exe

    C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

    C:\Documents and Settings\David Wilson\Ambiente de trabalho\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/ig?hl=pt-PT

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

    O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

    O2 - BHO: SACert Class - {740FE5FB-65F1-46C5-9E54-A19C8A8D7AC2} - C:\WINDOWS\system32\SoftAheadCert.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_07\bin\ssv.dll

    O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: e404mgr Class - {A3D76B96-30B9-4DCC-9B3D-D12E31280D29} - (no file)

    O4 - HKLM\..\Run: [ATIPTA] C:\WINDOWS\atiptaxx.exe

    O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programas\Ficheiros comuns\Microsoft Shared\Works Shared\WkUFind.exe

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

    O4 - HKLM\..\Run: [RemoteControl] C:\Programas\CyberLink\PowerDVD\PDVDServ.exe

    O4 - HKLM\..\Run: [LanguageShortcut] C:\Programas\CyberLink\PowerDVD\Language\Language.exe

    O4 - HKLM\..\Run: [HP Software Update] C:\Programas\HP\HP Software Update\HPWuSchd2.exe

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_07\bin\jusched.exe"

    O4 - HKCU\..\Run: [MSMSGS] "C:\Programas\Messenger\msmsgs.exe" /background

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programas\Microsoft ActiveSync\wcescomm.exe"

    O4 - HKCU\..\Run: [sRS Audio Sandbox] "C:\Programas\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme

    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Reader 8.0\Reader\reader_sl.exe

    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

    O4 - Global Startup: Billminder.lnk = C:\quickenw\BILLMIND.EXE

    O4 - Global Startup: BlueSoleil.lnk = ?

    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe

    O4 - Global Startup: Inicialização rápida do HP Photosmart Premier.lnk = C:\Programas\HP\Digital Imaging\bin\hpqthb08.exe

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_07\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_07\bin\ssv.dll

    O9 - Extra button: Publicar em Blogue - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programas\Windows Live\Writer\WriterBrowserExtension.dll

    O9 - Extra 'Tools' menuitem: &Publicar no Blogue no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programas\Windows Live\Writer\WriterBrowserExtension.dll

    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

    O9 - Extra 'Tools' menuitem: Criar Favorito Móvel... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab

    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100

    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programas\Alwil Software\Avast4\aswUpdSv.exe

    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

    O23 - Service: avast! Antivirus - ALWIL Software - C:\Programas\Alwil Software\Avast4\ashServ.exe

    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

    O23 - Service: avast! Web Scanner - Unknown owner - C:\Programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programas\IVT Corporation\BlueSoleil\BTNtService.exe

    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.exe

    O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Programas\Creative\Shared Files\CTDevSrv.exe

    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programas\CyberLink\Shared files\RichVideo.exe

    O23 - Service: ServiceLayer - Nokia. - C:\Programas\Ficheiros comuns\PCSuite\Services\ServiceLayer.exe

    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Feche TODOS os programas abertos, principalmente o Internet Explorer e o Windows Explorer. Abra o Hijackthis, clique em Do scan a system only, marque as entradas abaixo e clique no botão Fix Checked (Não se preocupe caso alguma não exista).

    O2 - BHO: SACert Class - {740FE5FB-65F1-46C5-9E54-A19C8A8D7AC2} - C:\WINDOWS\system32\SoftAheadCert.dll

    O2 - BHO: e404mgr Class - {A3D76B96-30B9-4DCC-9B3D-D12E31280D29} - (no file)

    Reinicie normalmente e poste um novo Log do Hijackthis.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Logfile of HijackThis v1.99.1

    Scan saved at 21:51:19, on 22-10-2008

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Programas\Alwil Software\Avast4\aswUpdSv.exe

    C:\Programas\Alwil Software\Avast4\ashServ.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Programas\IVT Corporation\BlueSoleil\BTNtService.exe

    C:\WINDOWS\system32\CTSvcCDA.exe

    C:\Programas\Creative\Shared Files\CTDevSrv.exe

    C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

    C:\WINDOWS\system32\PnkBstrA.exe

    C:\WINDOWS\Explorer.EXE

    C:\Programas\CyberLink\Shared files\RichVideo.exe

    C:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Programas\Alwil Software\Avast4\ashMaiSv.exe

    C:\Programas\Alwil Software\Avast4\ashWebSv.exe

    C:\WINDOWS\atiptaxx.exe

    C:\WINDOWS\system32\rundll32.exe

    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

    C:\Programas\Ficheiros comuns\Microsoft Shared\Works Shared\WkUFind.exe

    C:\Programas\CyberLink\PowerDVD\PDVDServ.exe

    C:\Programas\HP\HP Software Update\HPWuSchd2.exe

    C:\Programas\Java\jre1.6.0_07\bin\jusched.exe

    C:\Programas\Messenger\msmsgs.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Programas\Microsoft ActiveSync\wcescomm.exe

    C:\PROGRA~1\MI3AA1~1\rapimgr.exe

    C:\Programas\Adobe\Reader 8.0\Reader\reader_sl.exe

    C:\Programas\IVT Corporation\BlueSoleil\BlueSoleil.exe

    C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe

    C:\Programas\HP\Digital Imaging\bin\hpqimzone.exe

    C:\Programas\HP\Digital Imaging\bin\hpqSTE08.exe

    C:\Documents and Settings\David Wilson\Ambiente de trabalho\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/ig?hl=pt-PT

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

    O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_07\bin\ssv.dll

    O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O4 - HKLM\..\Run: [ATIPTA] C:\WINDOWS\atiptaxx.exe

    O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programas\Ficheiros comuns\Microsoft Shared\Works Shared\WkUFind.exe

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

    O4 - HKLM\..\Run: [RemoteControl] C:\Programas\CyberLink\PowerDVD\PDVDServ.exe

    O4 - HKLM\..\Run: [LanguageShortcut] C:\Programas\CyberLink\PowerDVD\Language\Language.exe

    O4 - HKLM\..\Run: [HP Software Update] C:\Programas\HP\HP Software Update\HPWuSchd2.exe

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_07\bin\jusched.exe"

    O4 - HKCU\..\Run: [MSMSGS] "C:\Programas\Messenger\msmsgs.exe" /background

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programas\Microsoft ActiveSync\wcescomm.exe"

    O4 - HKCU\..\Run: [sRS Audio Sandbox] "C:\Programas\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme

    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Reader 8.0\Reader\reader_sl.exe

    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

    O4 - Global Startup: Billminder.lnk = C:\quickenw\BILLMIND.EXE

    O4 - Global Startup: BlueSoleil.lnk = ?

    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe

    O4 - Global Startup: Inicialização rápida do HP Photosmart Premier.lnk = C:\Programas\HP\Digital Imaging\bin\hpqthb08.exe

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_07\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_07\bin\ssv.dll

    O9 - Extra button: Publicar em Blogue - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programas\Windows Live\Writer\WriterBrowserExtension.dll

    O9 - Extra 'Tools' menuitem: &Publicar no Blogue no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programas\Windows Live\Writer\WriterBrowserExtension.dll

    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

    O9 - Extra 'Tools' menuitem: Criar Favorito Móvel... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab

    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100

    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programas\Alwil Software\Avast4\aswUpdSv.exe

    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

    O23 - Service: avast! Antivirus - ALWIL Software - C:\Programas\Alwil Software\Avast4\ashServ.exe

    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

    O23 - Service: avast! Web Scanner - Unknown owner - C:\Programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programas\IVT Corporation\BlueSoleil\BTNtService.exe

    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.exe

    O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Programas\Creative\Shared Files\CTDevSrv.exe

    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programas\CyberLink\Shared files\RichVideo.exe

    O23 - Service: ServiceLayer - Nokia. - C:\Programas\Ficheiros comuns\PCSuite\Services\ServiceLayer.exe

    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Faça um Online Scan em kaspersky Virusscanner

    • Clique em Clipboard01-1.jpg
    • Quando questionando para instalar o componente ActiveX, clique em Clipboard015.jpg
    • Aguarde a instalação e a actualização e depois clique em Clipboard013.jpg
    • Clique agora em Clipboard016.jpg
    • Nas opções do scan (settings), certifique-se que as entradas abaixo estão selecionadas:
      • Scan using the following Anti-Virus database:

        Extended (if available otherwise Standard)

      • Scan Options:

        Scan Archives
        Scan Mail Bases

      [*]Clique Clipboard014.jpg

      [*]Clique em My Computer para que seja feito um Scan completo no seu Sistema.

      [*]Será iniciado o scan e poderá demorar um pouco. Seja paciente e aguarde.

      [*]No final do Scan, clique no botão Save as Text

      [*]Salve o log com os resultados e poste na sua próxima resposta.

      [*]Gere e cole também um novo log do HijackThis.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Thursday, October 30, 2008

    Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)

    Kaspersky Online Scanner 7 version: 7.0.25.0

    Program database last update: Wednesday, October 29, 2008 18:07:35

    Records in database: 1356800

    Scan settingsScan using the following databaseextendedScan archivesyesScan mail databasesyesScan areaMy ComputerA:\

    C:\

    D:\

    E:\

    F:\

    G:\ Scan statisticsFiles scanned161031Threat name5Infected objects6Suspicious objects0Duration of the scan06:41:21

    File nameThreat nameThreats countC:\Documents and Settings\David Wilson\Ambiente de trabalho\Cd engenheiro\Garth Brooks - The Ultimate Hits\Garth Brooks - The Ultimate Hits [Disc 1 Of 2] - 03 - Shameless.mp3Infected: Trojan-Downloader.WMA.GetCodec.i1C:\Documents and Settings\David Wilson\Ambiente de trabalho\dvd\Cópia de PDA aplicações\Pocket PC 13 Applications.zipInfected: not-a-virus:AdWare.Win32.OnFlow1C:\Documents and Settings\David Wilson\Ambiente de trabalho\dvd\Cópia de PDA aplicações\Pocket PC Software\Area Code Reverse Lookup Install File (PocketPC).exeInfected: not-a-virus:AdWare.Win32.OnFlow1C:\Documents and Settings\David Wilson\Ambiente de trabalho\dvd\vdownloader.zipInfected: not-a-virus:Downloader.Win32.VDown.a1C:\Programas\Circle Developement\Uninstall.exeInfected: Trojan.Win32.Obfuscated.gen1C:\Programas\WarRock\System\vivoxplatform.dllInfected: Trojan-Proxy.Win32.Agent.bcg1The selected area was scanned.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Logfile of HijackThis v1.99.1

    Scan saved at 9:07:42, on 30-10-2008

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Programas\Alwil Software\Avast4\aswUpdSv.exe

    C:\Programas\Alwil Software\Avast4\ashServ.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Programas\IVT Corporation\BlueSoleil\BTNtService.exe

    C:\WINDOWS\system32\CTSvcCDA.exe

    C:\Programas\Creative\Shared Files\CTDevSrv.exe

    C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

    C:\WINDOWS\system32\PnkBstrA.exe

    C:\Programas\CyberLink\Shared files\RichVideo.exe

    C:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Programas\Alwil Software\Avast4\ashMaiSv.exe

    C:\Programas\Alwil Software\Avast4\ashWebSv.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\atiptaxx.exe

    C:\WINDOWS\system32\rundll32.exe

    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

    C:\Programas\Ficheiros comuns\Microsoft Shared\Works Shared\WkUFind.exe

    C:\Programas\CyberLink\PowerDVD\PDVDServ.exe

    C:\Programas\HP\HP Software Update\HPWuSchd2.exe

    C:\Programas\Java\jre1.6.0_07\bin\jusched.exe

    C:\Programas\Messenger\msmsgs.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Programas\Microsoft ActiveSync\wcescomm.exe

    C:\PROGRA~1\MI3AA1~1\rapimgr.exe

    C:\Programas\IVT Corporation\BlueSoleil\BlueSoleil.exe

    C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe

    C:\Programas\HP\Digital Imaging\bin\hpqimzone.exe

    C:\Programas\HP\Digital Imaging\bin\hpqSTE08.exe

    C:\Programas\Windows Live\Messenger\usnsvc.exe

    C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

    C:\Programas\Internet Explorer\iexplore.exe

    C:\Programas\Internet Explorer\iexplore.exe

    C:\Documents and Settings\David Wilson\Ambiente de trabalho\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/ig?hl=pt-PT

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

    O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_07\bin\ssv.dll

    O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O4 - HKLM\..\Run: [ATIPTA] C:\WINDOWS\atiptaxx.exe

    O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programas\Ficheiros comuns\Microsoft Shared\Works Shared\WkUFind.exe

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

    O4 - HKLM\..\Run: [RemoteControl] C:\Programas\CyberLink\PowerDVD\PDVDServ.exe

    O4 - HKLM\..\Run: [LanguageShortcut] C:\Programas\CyberLink\PowerDVD\Language\Language.exe

    O4 - HKLM\..\Run: [HP Software Update] C:\Programas\HP\HP Software Update\HPWuSchd2.exe

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_07\bin\jusched.exe"

    O4 - HKCU\..\Run: [MSMSGS] "C:\Programas\Messenger\msmsgs.exe" /background

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programas\Microsoft ActiveSync\wcescomm.exe"

    O4 - HKCU\..\Run: [sRS Audio Sandbox] "C:\Programas\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme

    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Reader 8.0\Reader\reader_sl.exe

    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

    O4 - Global Startup: Billminder.lnk = C:\quickenw\BILLMIND.EXE

    O4 - Global Startup: BlueSoleil.lnk = ?

    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe

    O4 - Global Startup: Inicialização rápida do HP Photosmart Premier.lnk = C:\Programas\HP\Digital Imaging\bin\hpqthb08.exe

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_07\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_07\bin\ssv.dll

    O9 - Extra button: Publicar em Blogue - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programas\Windows Live\Writer\WriterBrowserExtension.dll

    O9 - Extra 'Tools' menuitem: &Publicar no Blogue no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programas\Windows Live\Writer\WriterBrowserExtension.dll

    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

    O9 - Extra 'Tools' menuitem: Criar Favorito Móvel... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab

    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100

    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programas\Alwil Software\Avast4\aswUpdSv.exe

    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

    O23 - Service: avast! Antivirus - ALWIL Software - C:\Programas\Alwil Software\Avast4\ashServ.exe

    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

    O23 - Service: avast! Web Scanner - Unknown owner - C:\Programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programas\IVT Corporation\BlueSoleil\BTNtService.exe

    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.exe

    O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Programas\Creative\Shared Files\CTDevSrv.exe

    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programas\CyberLink\Shared files\RichVideo.exe

    O23 - Service: ServiceLayer - Nokia. - C:\Programas\Ficheiros comuns\PCSuite\Services\ServiceLayer.exe

    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Logfile of HijackThis v1.99.1

    Scan saved at 20:33:16, on 30-10-2008

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Programas\Alwil Software\Avast4\aswUpdSv.exe

    C:\Programas\Alwil Software\Avast4\ashServ.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\spoolsv.exe

    C:\Programas\IVT Corporation\BlueSoleil\BTNtService.exe

    C:\WINDOWS\system32\CTSvcCDA.exe

    C:\Programas\Creative\Shared Files\CTDevSrv.exe

    C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

    C:\WINDOWS\system32\PnkBstrA.exe

    C:\Programas\CyberLink\Shared files\RichVideo.exe

    C:\WINDOWS\atiptaxx.exe

    C:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

    C:\WINDOWS\system32\rundll32.exe

    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

    C:\Programas\Ficheiros comuns\Microsoft Shared\Works Shared\WkUFind.exe

    C:\Programas\CyberLink\PowerDVD\PDVDServ.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Programas\HP\HP Software Update\HPWuSchd2.exe

    C:\Programas\Java\jre1.6.0_07\bin\jusched.exe

    C:\Programas\Messenger\msmsgs.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Programas\Microsoft ActiveSync\wcescomm.exe

    C:\PROGRA~1\MI3AA1~1\rapimgr.exe

    C:\Programas\Adobe\Reader 8.0\Reader\reader_sl.exe

    C:\Programas\Alwil Software\Avast4\ashMaiSv.exe

    C:\Programas\Alwil Software\Avast4\ashWebSv.exe

    C:\Programas\IVT Corporation\BlueSoleil\BlueSoleil.exe

    C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe

    C:\Programas\HP\Digital Imaging\bin\hpqimzone.exe

    C:\Programas\HP\Digital Imaging\bin\hpqSTE08.exe

    C:\Programas\Windows Live\Messenger\msnmsgr.exe

    C:\Programas\Internet Explorer\iexplore.exe

    C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

    C:\Programas\Windows Live\Messenger\usnsvc.exe

    C:\Documents and Settings\David Wilson\Ambiente de trabalho\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/ig?hl=pt-PT

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

    O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_07\bin\ssv.dll

    O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O4 - HKLM\..\Run: [ATIPTA] C:\WINDOWS\atiptaxx.exe

    O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programas\Ficheiros comuns\Microsoft Shared\Works Shared\WkUFind.exe

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

    O4 - HKLM\..\Run: [RemoteControl] C:\Programas\CyberLink\PowerDVD\PDVDServ.exe

    O4 - HKLM\..\Run: [LanguageShortcut] C:\Programas\CyberLink\PowerDVD\Language\Language.exe

    O4 - HKLM\..\Run: [HP Software Update] C:\Programas\HP\HP Software Update\HPWuSchd2.exe

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_07\bin\jusched.exe"

    O4 - HKCU\..\Run: [MSMSGS] "C:\Programas\Messenger\msmsgs.exe" /background

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programas\Microsoft ActiveSync\wcescomm.exe"

    O4 - HKCU\..\Run: [sRS Audio Sandbox] "C:\Programas\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme

    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Reader 8.0\Reader\reader_sl.exe

    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

    O4 - Global Startup: Billminder.lnk = C:\quickenw\BILLMIND.EXE

    O4 - Global Startup: BlueSoleil.lnk = ?

    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe

    O4 - Global Startup: Inicialização rápida do HP Photosmart Premier.lnk = C:\Programas\HP\Digital Imaging\bin\hpqthb08.exe

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_07\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_07\bin\ssv.dll

    O9 - Extra button: Publicar em Blogue - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programas\Windows Live\Writer\WriterBrowserExtension.dll

    O9 - Extra 'Tools' menuitem: &Publicar no Blogue no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programas\Windows Live\Writer\WriterBrowserExtension.dll

    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

    O9 - Extra 'Tools' menuitem: Criar Favorito Móvel... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab

    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100

    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programas\Alwil Software\Avast4\aswUpdSv.exe

    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

    O23 - Service: avast! Antivirus - ALWIL Software - C:\Programas\Alwil Software\Avast4\ashServ.exe

    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

    O23 - Service: avast! Web Scanner - Unknown owner - C:\Programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programas\IVT Corporation\BlueSoleil\BTNtService.exe

    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.exe

    O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Programas\Creative\Shared Files\CTDevSrv.exe

    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programas\CyberLink\Shared files\RichVideo.exe

    O23 - Service: ServiceLayer - Nokia. - C:\Programas\Ficheiros comuns\PCSuite\Services\ServiceLayer.exe

    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Apague o arquivo:

    C:\Documents and Settings\David Wilson\Ambiente de trabalho\Cd engenheiro\Garth Brooks - The Ultimate Hits\Garth Brooks - The Ultimate Hits [Disc 1 Of 2] - 03 - Shameless.mp3

    O computador ainda apresenta problemas?

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Sim o meu computador ainda apresenta problemas a nivel de sreensaver.

    A nivel de 'Proriedade de Visualizaçao' so me aparecem 3 separadores.

    -Temas

    -Aspecto

    -Definiçoes

    Antes apareciam mais separadores mas por causa do virus eles desapareceram e se eu quiser mudar o meu screensaver nao consigo porque nao tem essa opção.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Baixe o CleanDesktop em seu desktop.

    Execute-o e aguarde sua finalização, após isso tente alterar seu wallpaper.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×