Ir ao conteúdo
  • Cadastre-se
nossakdnome

Virus pen drive em ajuda

Recommended Posts

Logfile of HijackThis v1.99.1

Scan saved at 12:20:51, on 28/8/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Sygate\SSA\smc.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\ActivCard\acautoreg.exe

C:\Program Files\Common Files\ActivCard\accoca.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\PROGRA~1\sygate\ssa\syg_hp.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Remote tools\msraLinkMonitor.exe

C:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\radexecd.exe

C:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\radsched.exe

C:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\Radstgms.exe

C:\Program Files\Symantec AntiVirus\SavRoam.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\Program Files\UPHClean\uphclean.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Hewlett-Packard\PC COE\COEMsgDisplay.exe

C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe

C:\Program Files\Hewlett-Packard\GetIT\GetIT.exe

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\Program Files\Hewlett-Packard\PC COE\IDA.EXE

C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\Microsoft Office Communicator\Communicator.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\CMMON32.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Citrix\ICA Client\Wfcrun32.exe

C:\PROGRA~1\Citrix\ICACLI~1\WFICA32.EXE

C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE

C:\Program Files\Jabber\Messenger\JabberMessenger.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\Documents and Settings\goncalvj\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.portal.hp.com/search/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://athp.hp.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://athp.hp.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Hewlett-Packard

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://autocache.hp.com

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [COEMsgDisplay] C:\Program Files\Hewlett-Packard\PC COE\COEMsgDisplay.exe

O4 - HKLM\..\Run: [QuickPassword] C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe

O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SSA\smc.exe -startgui

O4 - HKLM\..\Run: [GetIT] C:\Program Files\Hewlett-Packard\GetIT\GetIT.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [iDA] C:\Program Files\Hewlett-Packard\PC COE\IDA.EXE

O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe

O4 - HKCU\..\Run: [COMMUNICATOR] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" /silentRetrials /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: Shortcut to importantes.txt.lnk = C:\Documents and Settings\goncalvj\Desktop\Baduba\importantes.txt

O4 - Startup: Shortcut to Modelo.txt.lnk = C:\Documents and Settings\goncalvj\Desktop\Baduba\Modelo.txt

O4 - Startup: Shortcut to revendas.txt.lnk = C:\Documents and Settings\goncalvj\Desktop\Baduba\revendas.txt

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - (no file)

O9 - Extra button: Fix Common Internet Explorer Problems - {E270AB82-96D5-45DB-ABE3-0BC038B92334} - C:\Program Files\Hewlett-Packard\IEToolBar\HP IE Fix.exe

O9 - Extra 'Tools' menuitem: Fix Common Internet Explorer Problems - {E270AB82-96D5-45DB-ABE3-0BC038B92334} - C:\Program Files\Hewlett-Packard\IEToolBar\HP IE Fix.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://athp.hp.com

O15 - Trusted Zone: http://ie.config.asia.compaq.com

O15 - Trusted Zone: http://ie.config.eur.compaq.com

O15 - Trusted Zone: http://ie.config.im.hou.compaq.com

O15 - Trusted Zone: http://ie.config.jp.compaq.com

O15 - Trusted Zone: http://ie.config.ecom.dec.com

O15 - Trusted Zone: http://ie.config.tandem.com

O15 - Trusted Zone: http://ie.config.asia.compaq.com (HKLM)

O15 - Trusted Zone: http://ie.config.eur.compaq.com (HKLM)

O15 - Trusted Zone: http://ie.config.im.hou.compaq.com (HKLM)

O15 - Trusted Zone: http://ie.config.jp.compaq.com (HKLM)

O15 - Trusted Zone: http://ie.config.ecom.dec.com (HKLM)

O15 - Trusted Zone: http://ie.config.tandem.com (HKLM)

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = americas.cpqcorp.net

O17 - HKLM\Software\..\Telephony: DomainName = americas.hpqcorp.net

O17 - HKLM\System\CCS\Services\Tcpip\..\{654E8B95-9DE9-48BD-82BC-8900D85562A9}: NameServer = 16.110.135.51 16.110.135.52

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = americas.cpqcorp.net

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll

O23 - Service: ActivCard Gold Autoregister (acautoreg) - ActivIdentity - C:\Program Files\Common Files\ActivCard\acautoreg.exe

O23 - Service: ActivCard Gold service (Accoca) - ActivCard - C:\Program Files\Common Files\ActivCard\accoca.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: HP Sygate Icon Control (HPSygControl) - Hewlett-Packard Company - C:\PROGRA~1\sygate\ssa\syg_hp.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Lan Discover Agent (magaService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\maga\maga.exe

O23 - Service: MSRA Link Monitor (msralinkmonitor) - Unknown owner - C:\Program Files\Remote tools\msraLinkMonitor.exe

O23 - Service: PictureTaker - LANovation - C:\WINDOWS\system32\PCTKRNT.SYS

O23 - Service: HP OVCM Notify Daemon (radexecd) - Hewlett-Packard - C:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\radexecd.exe

O23 - Service: HP OVCM Scheduler Daemon (radsched) - Hewlett-Packard - C:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\radsched.exe

O23 - Service: HP OVCM MSI Redirector (Radstgms) - Hewlett-Packard - C:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\Radstgms.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Sygate Security Agent (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\smc.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

:(

e tipo assim agora toda vez que eu tento colocar no sitema para liberar acesso dos arquivos ocultos, o mesmo aplica ao abrir de novo ele retorna para não mostrar e não habilita

Compartilhar este post


Link para o post
Compartilhar em outros sites





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×