1. Este site usa cookies. Ao continuar a usar este site está a concordar com o nosso uso de cookies. Saber Mais.
  2. Informação: Pela 0:30 desta Sexta-feira (9 de Dezembro, 23:30 de Quinta-feira nos Açores) o Fórum e restantes sites da ZWAME vão estar offline para manutenção durante cerca de 1h30.
    Se necessário faremos actualizações via Twitter e Facebook.
    Remover anúncio

Virus no MSN "Eterna amizade"...HELP!!

Discussão em 'Dúvidas e Suporte—Internet, Redes, Segurança' iniciada por kronnuz, 7 de Abril de 2007. (Respostas: 21; Visualizações: 1971)

  1. kronnuz

    kronnuz Power Member

    Bons dias. Ingenuamente cliquei num link que me apareceu numa janela de diálogo em que dizia algo do género "veja esta homenagem que fizz para vc" e depois tinha o link...so depois é que me apercebi que tinha sido infectado.todo o pessoal da minha lista de contactos começou a receber a mesma msg. Como faço para remover???? o AVG não detecta...vou tentar instalar o kaspersky 2006...
     
  2. luikki

    luikki Power Member

    desactiva o restauro de sistema e usa isto....
     
  3. kronnuz

    kronnuz Power Member

    como desactivo o restauro de sistema?
     
  4. luikki

    luikki Power Member

    painel de controle, sistema, restauro de sistema, desactivar restauro de sistema....
     
  5. rodaco

    rodaco Power Member

    O MEU COMPUTADOR/PROPRIEDADES/separador RESTAURO DO SISTEMA

    EDIT: too late...
     
  6. kronnuz

    kronnuz Power Member

    ok...dp de korrer o kaspersky k ja instalei, se n resolver, faço isso...obrigado!
     
  7. kronnuz

    kronnuz Power Member

    hmm...o kaspersky 6 n detectou nd...nao sera estranho?sei que estou infectado porque o pessoal recebe a msg...
     
  8. Kayvlim

    Kayvlim Undefined Moderator
    Staff Member

    Os AntiVirus não costumam detectar esse tipo de ameaças. Apenas detectam o que conhecem, e esses "virus de MSN" (como são vulgarmente chamados) nem sempre chegam às mãos dos fornecedores de AVs.
    Geralmente, são removidos à mão em modo de segurança.

    Uma amiga minha tinha isso. Foi fácil de remover, no caso dela. Tens o HijackThis? Se não o tiveres, faz download em http://majorgeeks.com/downloadget3155-1-885228fc8a76f04c46134f77b7358e15.html
    Depois, executa-o e procura um ficheiro denominado "LSNAS.EXE". Penso que o nome não seja alterado pelo próprio malware.
    Se o encontrares, remove-o. Se não, posta aqui o logfile, ou analisa-o neste site: http://www.hijackthis.de/

    Boa Sorte :)

    Cumps [[[[[]]]]]
    angelofwisdom
     
  9. kronnuz

    kronnuz Power Member

    Logfile of HijackThis v1.99.1
    Scan saved at 13:41:14, on 07-04-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\RunDll32.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Programas\ASUSTeK\ASUSDVD\PDVDServ.exe
    C:\Programas\HP\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\mjhor.exe
    C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
    C:\Programas\MSN Messenger\MsnMsgr.Exe
    C:\Programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Programas\Messenger\msmsgs.exe
    C:\Programas\DAEMON Tools\daemon.exe
    C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
    C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe
    C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Programas\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Programas\DC++\DCPlusPlus.exe
    C:\Programas\MSN Messenger\usnsvc.exe
    C:\Programas\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Documents and Settings\Sergio\Ambiente de trabalho\hijackthis_sfx\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ua.pt/uaonline
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programas\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programas\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [RemoteControl] C:\Programas\ASUSTeK\ASUSDVD\PDVDServ.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [HP Software Update] C:\Programas\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [hnrtbr] C:\WINDOWS\mjhor.exe
    O4 - HKLM\..\Run: [kav] "C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programas\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [MSMSGS] "C:\Programas\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1173449279500
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Programas\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe



    não encontrei nenhum com o nome sugerido...
     
  10. Xkorp

    Xkorp Power Member

    Fazes kill nesta aplicação: mjhor.exe, vais à pasta do Windows e apagas o file.

    Vais ao msconfig e tiras isso do arranque.
     
  11. luikki

    luikki Power Member

    elimina as linhas que tem:
    mjhor.exe
     
  12. kronnuz

    kronnuz Power Member


    calma...trocando isso por miudos...tenho umas luzes, mas não percebi nd...sorry :'(
     
  13. Kayvlim

    Kayvlim Undefined Moderator
    Staff Member

    Não te esqueças que o processo está em execução. Termina-o antes de removeres alguma coisa, senão és tu a remover e o programa a voltar.
    Vai ao gestor de tarefas (control+alt+delete), na tab Processos procura por mjhor.exe. Clica nele e faz Terminar Processo.
    Depois de terminares o processo, e desligando-o pelo HJT, acho que ficará tudo como dantes :)

    btw, afinal o nome muda :x my bad ;) é mesmo o mjhor.exe

    Boa sorte com isso :)
     
  14. kronnuz

    kronnuz Power Member

    entao basta terminar o processo no task manager, dp ir a pasta windows e apaga-lo manualmente?é isso ?
     
  15. kronnuz

    kronnuz Power Member

    aqui esta o log dp ter ter feito o sugerido...


    Logfile of HijackThis v1.99.1
    Scan saved at 14:09:10, on 07-04-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\RunDll32.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Programas\ASUSTeK\ASUSDVD\PDVDServ.exe
    C:\Programas\HP\HP Software Update\HPWuSchd2.exe
    C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
    C:\Programas\MSN Messenger\MsnMsgr.Exe
    C:\Programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Programas\Messenger\msmsgs.exe
    C:\Programas\DAEMON Tools\daemon.exe
    C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
    C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe
    C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Programas\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Programas\MSN Messenger\usnsvc.exe
    C:\Programas\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Programas\DC++\DCPlusPlus.exe
    C:\Documents and Settings\Sergio\Ambiente de trabalho\hijackthis_sfx\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ua.pt/uaonline
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programas\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programas\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [RemoteControl] C:\Programas\ASUSTeK\ASUSDVD\PDVDServ.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [HP Software Update] C:\Programas\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [kav] "C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programas\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [MSMSGS] "C:\Programas\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1173449279500
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Programas\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
     
  16. Kayvlim

    Kayvlim Undefined Moderator
    Staff Member

    Sim, basicamente é isso que o HJT faz, e é assim que eu removo os vírus "à mão".
    Faz isso, mas tens também de remover a entrada no HJT que diz "O4 - HKLM\..\Run: [hnrtbr] C:\WINDOWS\mjhor.exe", porque é com essa entrada que ele arranca com o computador. Se removeres o executável e não removeres essa entrada, provavelmente levas com um erro a cada vez que ligas o computador :P algo como "o programa já não existe".

    edit - esse log parece-me estar limpo :) reinicia o computador, liga o Messenger e vê se ainda "dispara" malware para os teus contactos.
     
  17. kronnuz

    kronnuz Power Member

    ok.ja fix o fix c o hijacker
     
  18. ShadeX

    ShadeX Power Member

    Um cadito OT, mas tambem OT (não adoram acrónimos ambiguos... :D ).

    O taskmanager por vezes não funciona. Alguns virus bloqueiam o dito por nome, alguns vão ao ponto de verificar uma hash MD5 ou SHA1 do executável (não adoram vírus com comportamento de antivírus...).

    Nesses casos, e mesmo em uso "normal", dá sempre jeito ter o Process Explorer que é o TM à base de esteróides de linha dura ou o IBProcman (Itty Bitty Process Manager, mas não digam a ninguem :D ) tambem do autor do HJT e muito util particularmente pela parte de "multi-kill" visto que muitos processos têm necessariamente de ser mortos de uma assentada só.
     
  19. Boas, tive o mesmo problema, e o relatório do HijackThis deu-me isto:

    Logfile of HijackThis v1.99.1
    Scan saved at 1:33:49, on 15-04-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16414)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Programas\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programas\Ficheiros comuns\Symantec Shared\ccSetMgr.exe
    C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programas\Ficheiros comuns\Symantec Shared\SNDSrvc.exe
    C:\Programas\Ficheiros comuns\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Programas\Ficheiros comuns\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\ATKKBService.exe
    C:\Programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Programas\Norton AntiVirus\navapsvc.exe
    C:\Programas\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Programas\Logitech\iTouch\iTouch.exe
    C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe
    C:\Programas\Thomson\SpeedTouch USB\Dragdiag.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programas\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
    C:\Programas\Messenger\msmsgs.exe
    C:\Programas\Logitech\MouseWare\system\em_exec.exe
    C:\Programas\Porto Editora Multimedia\Diciopedia X DVD\TaskIconDiciopX.exe
    C:\Programas\Ficheiros comuns\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\Programas\MSN Messenger\usnsvc.exe
    C:\Programas\Skype\Phone\Skype.exe
    C:\Programas\Skype\Plugin Manager\SkypePM.exe
    C:\WINDOWS\fbguad.exe
    C:\WINDOWS\javsu.exe
    C:\Programas\Ficheiros comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Programas\Mozilla Firefox\firefox.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sapo.pt/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
    O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
    O2 - BHO: SolidConverter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Programas\SolidDocuments\SolidConverterPDF\ExploreExtPDF.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.5.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programas\Norton AntiVirus\NavShExt.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programas\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programas\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programas\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: SolidConverter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Programas\SolidDocuments\SolidConverterPDF\ExploreExtPDF.dll
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programas\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [ccApp] "C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programas\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AWMON] "C:\Programas\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Programas\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [LDM] C:\Programas\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: Diciopédia X DVD Tray.lnk = C:\Programas\Porto Editora Multimedia\Diciopedia X DVD\TaskIconDiciopX.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programas\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - SolidConverterPDF - (no file)
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_07\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2EF3FB47-7B1E-4536-BA4D-51427BD45DFA} (PIXACO Drag and Drop upload plugin) - http://www.pixaco.pt/static/download/pixacodndupload.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://amandiomachado.spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1164906835671
    O16 - DPF: {E8524E2F-E79C-4751-891F-648FF28FF1C5} (PeUpdate Control) - http://www.portoeditora.pt/update/cab/peupdate.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C34009EC-D3EE-45F2-8364-6D453A1B56CF}: NameServer = 212.55.154.174
    O18 - Protocol: bw+0 - {1003DFB2-F2CA-4477-8698-775DBA37A561} - C:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {1003DFB2-F2CA-4477-8698-775DBA37A561} - C:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {1003DFB2-F2CA-4477-8698-775DBA37A561} - C:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {1003DFB2-F2CA-4477-8698-775DBA37A561} - C:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {1003DFB2-F2CA-4477-8698-775DBA37A561} - C:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {1003DFB2-F2CA-4477-8698-775DBA37A561} - C:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {1003DFB2-F2CA-4477-8698-775DBA37A561} - C:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {1003DFB2-F2CA-4477-8698-775DBA37A561} - C:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {1003DFB2-F2CA-4477-8698-775DBA37A561} - C:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {1003DFB2-F2CA-4477-8698-775DBA37A561} - C:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {1003DFB2-F2CA-4477-8698-775DBA37A561} - C:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {1003DFB2-F2CA-4477-8698-775DBA37A561} - C:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {1003DFB2-F2CA-4477-8698-775DBA37A561} - C:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {1003DFB2-F2CA-4477-8698-775DBA37A561} - C:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {1003DFB2-F2CA-4477-8698-775DBA37A561} - C:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {1003DFB2-F2CA-4477-8698-775DBA37A561} - C:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {1003DFB2-F2CA-4477-8698-775DBA37A561} - C:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {1003DFB2-F2CA-4477-8698-775DBA37A561} - C:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {1003DFB2-F2CA-4477-8698-775DBA37A561} - C:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {1003DFB2-F2CA-4477-8698-775DBA37A561} - C:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {1003DFB2-F2CA-4477-8698-775DBA37A561} - C:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {1003DFB2-F2CA-4477-8698-775DBA37A561} - C:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {1003DFB2-F2CA-4477-8698-775DBA37A561} - C:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {1003DFB2-F2CA-4477-8698-775DBA37A561} - C:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {1003DFB2-F2CA-4477-8698-775DBA37A561} - C:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {1003DFB2-F2CA-4477-8698-775DBA37A561} - C:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {1003DFB2-F2CA-4477-8698-775DBA37A561} - C:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {1003DFB2-F2CA-4477-8698-775DBA37A561} - C:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {1003DFB2-F2CA-4477-8698-775DBA37A561} - C:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {1003DFB2-F2CA-4477-8698-775DBA37A561} - C:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {1003DFB2-F2CA-4477-8698-775DBA37A561} - C:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {1003DFB2-F2CA-4477-8698-775DBA37A561} - C:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {1003DFB2-F2CA-4477-8698-775DBA37A561} - C:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {1003DFB2-F2CA-4477-8698-775DBA37A561} - C:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {1003DFB2-F2CA-4477-8698-775DBA37A561} - C:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {1003DFB2-F2CA-4477-8698-775DBA37A561} - C:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programas\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {1003DFB2-F2CA-4477-8698-775DBA37A561} - C:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {1003DFB2-F2CA-4477-8698-775DBA37A561} - C:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {1003DFB2-F2CA-4477-8698-775DBA37A561} - C:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {1003DFB2-F2CA-4477-8698-775DBA37A561} - C:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {1003DFB2-F2CA-4477-8698-775DBA37A561} - C:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {1003DFB2-F2CA-4477-8698-775DBA37A561} - C:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {1003DFB2-F2CA-4477-8698-775DBA37A561} - C:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {1003DFB2-F2CA-4477-8698-775DBA37A561} - C:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {1003DFB2-F2CA-4477-8698-775DBA37A561} - C:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {1003DFB2-F2CA-4477-8698-775DBA37A561} - C:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {1003DFB2-F2CA-4477-8698-775DBA37A561} - C:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {1003DFB2-F2CA-4477-8698-775DBA37A561} - C:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {1003DFB2-F2CA-4477-8698-775DBA37A561} - C:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {1003DFB2-F2CA-4477-8698-775DBA37A561} - C:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {1003DFB2-F2CA-4477-8698-775DBA37A561} - C:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {1003DFB2-F2CA-4477-8698-775DBA37A561} - C:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {1003DFB2-F2CA-4477-8698-775DBA37A561} - C:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {1003DFB2-F2CA-4477-8698-775DBA37A561} - C:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {1003DFB2-F2CA-4477-8698-775DBA37A561} - C:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {1003DFB2-F2CA-4477-8698-775DBA37A561} - C:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {1003DFB2-F2CA-4477-8698-775DBA37A561} - C:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {1003DFB2-F2CA-4477-8698-775DBA37A561} - C:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {1003DFB2-F2CA-4477-8698-775DBA37A561} - C:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {1003DFB2-F2CA-4477-8698-775DBA37A561} - C:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {1003DFB2-F2CA-4477-8698-775DBA37A561} - C:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {1003DFB2-F2CA-4477-8698-775DBA37A561} - C:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {1003DFB2-F2CA-4477-8698-775DBA37A561} - C:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {1003DFB2-F2CA-4477-8698-775DBA37A561} - C:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {1003DFB2-F2CA-4477-8698-775DBA37A561} - C:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {1003DFB2-F2CA-4477-8698-775DBA37A561} - C:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {1003DFB2-F2CA-4477-8698-775DBA37A561} - C:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {1003DFB2-F2CA-4477-8698-775DBA37A561} - C:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {1003DFB2-F2CA-4477-8698-775DBA37A561} - C:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {1003DFB2-F2CA-4477-8698-775DBA37A561} - C:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {1003DFB2-F2CA-4477-8698-775DBA37A561} - C:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {1003DFB2-F2CA-4477-8698-775DBA37A561} - C:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {1003DFB2-F2CA-4477-8698-775DBA37A561} - C:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {1003DFB2-F2CA-4477-8698-775DBA37A561} - C:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {1003DFB2-F2CA-4477-8698-775DBA37A561} - C:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {1003DFB2-F2CA-4477-8698-775DBA37A561} - C:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: offline-8876480 - {1003DFB2-F2CA-4477-8698-775DBA37A561} - C:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHEI~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccSetMgr.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Programas\Ficheiros comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Programas\Ficheiros comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programas\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programas\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programas\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\SNDSrvc.exe
    O23 - Service: SPBBCSvc - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programas\TuneUp Utilities 2006\WinStylerThemeSvc.exe

    Se me pudessem ajudar agradecia.
     
  20. Kayvlim

    Kayvlim Undefined Moderator
    Staff Member

    Ler o tópico todo ajuda. Esses logs podem perfeitamente ser verificados no site que já mencionei acima
    O site avisou para o seguinte:
    [?] - C:\Programas\Porto Editora Multimedia\Diciopedia X DVD\TaskIconDiciopX.exe (diciopédia? Nesse caso é seguro)
    [?] - C:\WINDOWS\fbguad.exe
    [?] - C:\WINDOWS\javsu.exe
    [N] - O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    [X] - O4 - HKCU\..\Run: [LDM] C:\Programas\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe (de acordo com o site, é spyware vindo da Logitech. Que tristeza..)
    [?] - O4 - Global Startup: Diciopédia X DVD Tray.lnk = C:\Programas\Porto Editora Multimedia\Diciopedia X DVD\TaskIconDiciopX.exe
    [?] - O16 - DPF: {E8524E2F-E79C-4751-891F-648FF28FF1C5} (PeUpdate Control) - http://www.portoeditora.pt/update/cab/peupdate.cab (Se vem mesmo da porto editora, não me parece ser dúbio...)
    [?] - O17 - HKLM\System\CCS\Services\Tcpip\..\{C34009EC-D3EE-45F2-8364-6D453A1B56CF}: NameServer = 212.55.154.174 (conheces este IP? Se não, remove esta entrada)

    Marca os que achares duvidosos e Fix.
     
    Última edição: 15 de Abril de 2007

Partilhar esta Página