Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Seu brino

[Resolvido!] Navegadores lentos pra acessar a net, mas downloads

Por , em Tópicos Resolvidos (Seguranca & Malwares)

Recommended Posts

Seu brino    0

Seu brino
Postado

meus navegadores demoram pra acessar a net mas meus downloads chegam a superar a velocidade "normal" da minha conexão

tem vezes que tenho q atualizar a pg várias vezes pra visualizar seu conteúdo

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:45:44, on 10/12/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe

C:\Arquivos de programas\USBScan\USBScan.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\BinarySense\HDDTemp4\hddtemp4.exe

C:\xampp\apache\bin\apache.exe

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Arquivos de programas\Arquivos comuns\BinarySense\disksvc.exe

C:\xampp\mysql\bin\mysqld-nt.exe

C:\Arquivos de programas\Photodex\ProShowGold\ScsiAccess.exe

C:\xampp\apache\bin\apache.exe

C:\Hijack\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Arquivos de programas\TechSmith\SnagIt 9\SnagItBHO.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Arquivos de programas\TechSmith\SnagIt 9\SnagItIEAddin.dll

O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [uSBScan.exe] C:\Arquivos de programas\USBScan\USBScan.exe -Hide

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [HDDtemp4] C:\Arquivos de programas\BinarySense\HDDTemp4\\hddtemp4 /minimized

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Sothink SWF Catcher - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\apache.exe

O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: HDD & SSD access service - BinarySense Ltd. - C:\Arquivos de programas\Arquivos comuns\BinarySense\disksvc.exe

O23 - Service: mysql - Unknown owner - C:\xampp\mysql\bin\mysqld-nt.exe

O23 - Service: ScsiAccess - Unknown owner - C:\Arquivos de programas\Photodex\ProShowGold\ScsiAccess.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

O23 - Service: VideoAcceleratorService - VIA Technologies inc,.ltd - (no file)

O23 - Service: XAMPP Service (XAMPP) - Unknown owner - c:\xampp\service.exe

 

--

End of file - 6452 bytes

 

 

Muito grato pela ajuda

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Opa! Seu brino

 

<!> Aparentemente,tudo Ok com o log. :natal_smile:

-------------------------

<@> Faça um scan online em: < Kaspersky >

<@> Utilize para isso,o navegador Internet Explorer.

 

<!> Acesse o site,e clique em: < kasperdx9.jpg >

 

<@> Na próxima página,clique em: I Accept

<@> Isto,para que se instale o controle ActiveX e,em seguida,atualize o banco de dados.

<@> Na próxima página,clique em: My Computer e faça o scan.

<@> Tenha paciência!

<@> Aguarde a atualização da base de dados,e também do exame,que é demorado.

<@> Terminando,salve e poste o relatório.

<@> Clique em Save Report As... para salvar o log. ( Kaspersky_Online_Scanner_7_Report.txt )

<@> Salve o resultado como .txt,segundo a imagem abaixo:

 

Kas-Savetxt.gif

 

<@> Poste,também,HijackThis atualizado.

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

Seu brino    0

Seu brino
Postado

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:25:52, on 15/12/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\BinarySense\HDDTemp4\hddtemp4.exe

C:\xampp\apache\bin\apache.exe

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Arquivos de programas\Arquivos comuns\BinarySense\disksvc.exe

C:\xampp\mysql\bin\mysqld-nt.exe

C:\Arquivos de programas\Photodex\ProShowGold\ScsiAccess.exe

C:\xampp\apache\bin\apache.exe

C:\Hijack\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Arquivos de programas\TechSmith\SnagIt 9\SnagItBHO.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Arquivos de programas\TechSmith\SnagIt 9\SnagItIEAddin.dll

O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [uSBScan.exe] C:\Arquivos de programas\USBScan\USBScan.exe -Hide

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe" -atboottime

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [HDDtemp4] C:\Arquivos de programas\BinarySense\HDDTemp4\\hddtemp4 /minimized

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Sothink SWF Catcher - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\apache.exe

O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: HDD & SSD access service - BinarySense Ltd. - C:\Arquivos de programas\Arquivos comuns\BinarySense\disksvc.exe

O23 - Service: mysql - Unknown owner - C:\xampp\mysql\bin\mysqld-nt.exe

O23 - Service: ScsiAccess - Unknown owner - C:\Arquivos de programas\Photodex\ProShowGold\ScsiAccess.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

O23 - Service: V

Compartilhar este post

Link para o post
Compartilhar em outros sites

Seu brino    0

Seu brino
Postado

Agora tá aparecendo + 1 probleminha: até os downloads tão ficando devagar (eu já chamei o pessoal da net pra dar 1 olhada, mas no pc deles dá normal... :natal_sad: )

eu coloquei pra escanear com o karpesky, mas a net fica "parando", msm assim tinha dado erro em algo relacionado a java...

 

eu volto à minha idéia inicial de que é um problema de configuração do micro, inclusive já tinha postado aki no fórum:

http://forum.imasters.com.br/index.php?showtopic=320743

 

o pessoal de lá q me mandou postar aki no segurança e malware.

 

tem alguma idéia de alguma configuração errada q pode ter causado isto?

obs.: eu uso firefox, mas o IE7, o Chrome e o K-Meleon dão o msm problema :natal_sad:

dá uma força aí

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Bom Dia! Seu brino

 

<@> Baixe: < RSIT >

<@> Salve-o,diretamente,no Disco Local ( C )!

<@> Dê um duplo clique em RSIT.exe,para executar a ferramenta.

<@> Na janela que abrir,disclamer,clique em "Continue".

<@> Terminando,abrir-se-à o Bloco de Notas com o relatório: log.txt <-- Relatório para postagem!

<@> Poste,também,na sua resposta: info.txt,que estará em C:\rsit\info.txt <--

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

Seu brino    0

Seu brino
Postado

Logfile of random's system information tool 1.04 (written by random/random)

Run by Sabrino at 2008-12-16 13:38:52

Microsoft Windows XP Professional Service Pack 3

System drive C: has 30 GB (40%) free of 76 GB

Total RAM: 959 MB (52% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:39:01, on 16/12/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe

C:\Arquivos de programas\USBScan\USBScan.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\BinarySense\HDDTemp4\hddtemp4.exe

C:\xampp\apache\bin\apache.exe

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Arquivos de programas\Arquivos comuns\BinarySense\disksvc.exe

C:\xampp\mysql\bin\mysqld-nt.exe

C:\Arquivos de programas\Photodex\ProShowGold\ScsiAccess.exe

C:\xampp\apache\bin\apache.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\RSIT.exe

C:\Hijack\Sabrino.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Arquivos de programas\TechSmith\SnagIt 9\SnagItBHO.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Arquivos de programas\TechSmith\SnagIt 9\SnagItIEAddin.dll

O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [uSBScan.exe] C:\Arquivos de programas\USBScan\USBScan.exe -Hide

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe" -atboottime

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [HDDtemp4] C:\Arquivos de programas\BinarySense\HDDTemp4\\hddtemp4 /minimized

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Sothink SWF Catcher - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\apache.exe

O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: HDD & SSD access service - BinarySense Ltd. - C:\Arquivos de programas\Arquivos comuns\BinarySense\disksvc.exe

O23 - Service: mysql - Unknown owner - C:\xampp\mysql\bin\mysqld-nt.exe

O23 - Service: ScsiAccess - Unknown owner - C:\Arquivos de programas\Photodex\ProShowGold\ScsiAccess.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

O23 - Service: VideoAcceleratorService - VIA Technologies inc,.ltd - (no file)

O23 - Service: XAMPP Service (XAMPP) - Unknown owner - c:\xampp\service.exe

 

--

End of file - 6636 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\1-Click Maintenance.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}]

Octh Class - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll [2008-08-01 126152]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00C6482D-C502-44C8-8409-FCE54AD9C208}]

SnagIt Toolbar Loader - C:\Arquivos de programas\TechSmith\SnagIt 9\SnagItBHO.dll [2008-05-15 66888]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]

Groove GFS Browser Helper - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

SSVHelper Class - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Auxiliar de Conexão do Windows Live - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - SnagIt - C:\Arquivos de programas\TechSmith\SnagIt 9\SnagItIEAddin.dll [2008-05-15 161096]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"egui"=C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe [2007-10-25 1410304]

"USBScan.exe"=C:\Arquivos de programas\USBScan\USBScan.exe [2008-06-29 1261056]

"QuickTime Task"=C:\Arquivos de programas\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe [2008-08-14 282624]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

"HDDtemp4"=C:\Arquivos de programas\BinarySense\HDDTemp4\\hddtemp4 /minimized []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced WindowsCare V2 Pro]

C:\Arquivos de programas\IObit\Advanced WindowsCare V2 Pro\Awc.exe [2006-11-27 2508288]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]

C:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe [2007-08-24 437160]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe [2005-08-11 249856]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe [2005-08-11 81920]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

C:\Arquivos de programas\Messenger\msmsgs.exe [2008-04-13 1695232]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe [2007-11-07 3739672]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

C:\Arquivos de programas\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe [2008-08-14 282624]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]

C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe [2006-09-07 15872]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBScan]

C:\Arquivos de programas\USBScan\USBScan.exe [2008-06-29 1261056]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]

C:\WINDOWS\system32\VTTimer.exe [2005-03-07 53248]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]

C:\WINDOWS\system32\VTtrayp.exe [2005-03-11 147456]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"EnableLUA"=0

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoResolveSearch"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Arquivos de programas\Orbitdownloader\orbitdm.exe"="C:\Arquivos de programas\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit"

"C:\Arquivos de programas\Orbitdownloader\orbitnet.exe"="C:\Arquivos de programas\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit"

"C:\Arquivos de programas\Messenger\msmsgs.exe"="C:\Arquivos de programas\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\Program Files\Foxit Software\PDF Editor\PDFEdit.exe"="C:\Program Files\Foxit Software\PDF Editor\PDFEdit.exe:*:Enabled:Foxit PDF Editor, the first REAL editor for PDF files!"

"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe"="C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Messenger (Phone)"

"C:\xampp\apache\bin\apache.exe"="C:\xampp\apache\bin\apache.exe:*:Enabled:Apache HTTP Server"

"C:\Arquivos de programas\Microsoft Office\Office12\GROOVE.EXE"="C:\Arquivos de programas\Microsoft Office\Office12\GROOVE.EXE:*:Disabled:Microsoft Office Groove"

"C:\Arquivos de programas\Microsoft Office\Office12\ONENOTE.EXE"="C:\Arquivos de programas\Microsoft Office\Office12\ONENOTE.EXE:*:Disabled:Microsoft Office OneNote"

"C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.EXE:*:Disabled:Microsoft Office Outlook"

"C:\Arquivos de programas\Pando Networks\Pando\pando.exe"="C:\Arquivos de programas\Pando Networks\Pando\pando.exe:*:Disabled:Pando Application"

"C:\Arquivos de programas\Puxa Rápido\PuxaRapido.exe"="C:\Arquivos de programas\Puxa Rápido\PuxaRapido.exe:*:Disabled:Puxa Rápido"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe"="C:\Arquivos de programas%5

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Bom Dia! Seu brino

 

<@> Baixe: < avz4en.zip > ou < avz_antiviral_toolkit >

<@> Salve-o em Arquivos de programas,e descompacte-o aí mesmo!

<@> Abra a pasta avz4 e execute o aplicativo,com um duplo-clique. <-- Ícone escudo e espada!

<@> Conecte-se à Internet,e atualize o Toolkit. --> "File" --> "Database Update".

<@> Terminando,não faça ainda nenhuma verificação.

<@> Na aba "Search range",marque todas as caixinhas.

<@> Em "File types",marque o botão "All files".

<@> Em "Actions",marque: "Perform healing"

<@> Nos campos,abaixo de "Perform healing",escolha "Report only",para todos os ítens.

<@> Abaixo de "RiskWare",marque a caixa "Copy suspicious files to Quarantine". <-- Somente esta caixa!

<@> No menu "Search parameters",maximize o ajuste "Heuristic analyses".

<@> Marque a caixa "Extended analysis". <-- Somente esta caixa!

<@> Por default,não desmarque as que estão assinaladas!

<@> Feche os programas que estejam abertos,e rode a ferramenta! <-- Clique em Start.

<@> Terminando o scan,clique no ícone "Save log",para dispormos do relatório. ( avz_log )

<@> Clique,também,no ícone dos "óculos".

<@> Clique em "Save as CSV".

<@> Salve,este relatório,no desktop! <-- Formato de texto. ( *.txt )

<@> Nomeie-o como: view_log

<@> Copie e poste: avz_log.txt + view_log.txt,na sua resposta.

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

Seu brino    0

Seu brino
Postado

AVZ Antiviral Toolkit log; AVZ version is 4.30

Scanning started at 17/12/2008 09:55:56

Database loaded: signatures - 200988, NN profile(s) - 2, microprograms of healing - 56, signature database released 16.12.2008 22:02

Heuristic microprograms loaded: 371

SPV microprograms loaded: 9

Digital signatures of system files loaded: 74240

Heuristic analyzer mode: Maximum heuristics level

Healing mode: enabled

Windows version: 5.1.2600, Service Pack 3 ; AVZ is launched with administrator rights

System Restore: enabled

1. Searching for Rootkits and programs intercepting API functions

1.1 Searching for user-mode API hooks

Analysis: kernel32.dll, export table found in section .text

Analysis: ntdll.dll, export table found in section .text

Analysis: user32.dll, export table found in section .text

Analysis: advapi32.dll, export table found in section .text

Analysis: ws2_32.dll, export table found in section .text

Analysis: wininet.dll, export table found in section .text

Analysis: rasapi32.dll, export table found in section .text

Analysis: urlmon.dll, export table found in section .text

Analysis: netapi32.dll, export table found in section .text

1.2 Searching for kernel-mode API hooks

Driver loaded successfully

SDT found (RVA=083220)

Kernel TUKERNEL.EXE found in memory at address 804D7000

SDT = 8055A220

KiST = 804E26A8 (284)

Functions checked: 284, intercepted: 0, restored: 0

1.3 Checking IDT and SYSENTER

Analysis for CPU 1

Checking IDT and SYSENTER - complete

1.4 Searching for masking processes and drivers

Checking not performed: extended monitoring driver (AVZPM) is not installed

Driver loaded successfully

1.5 Checking of IRP handlers

Checking - complete

2. Scanning memory

Number of processes found: 23

Analyzer: process under analysis is 528 C:\xampp\apache\bin\apache.exe

[ES]:Contains network functionality

[ES]:Listens on TCP ports !

[ES]:Application has no visible windows

[ES]:Loads RASAPI DLL - may use dialing ?

Analyzer: process under analysis is 1180 C:\Arquivos de programas\Arquivos comuns\BinarySense\disksvc.exe

[ES]:Application has no visible windows

Analyzer: process under analysis is 496 C:\xampp\apache\bin\apache.exe

[ES]:Contains network functionality

[ES]:Application has no visible windows

[ES]:Loads RASAPI DLL - may use dialing ?

Number of modules loaded: 353

Scanning memory - complete

3. Scanning disks

C:\Arquivos de programas\Sony\Shared Plug-Ins\Audio\sffrgpnv.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\Arquivos de programas\Sony\Shared Plug-Ins\Audio\sffrgpnv.dll.bak)

C:\Arquivos de programas\Sony\Shared Plug-Ins\Audio\sfhammer.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\Arquivos de programas\Sony\Shared Plug-Ins\Audio\sfhammer.dll.bak)

C:\Arquivos de programas\Sony\Shared Plug-Ins\Audio\sfmirror.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\Arquivos de programas\Sony\Shared Plug-Ins\Audio\sfmirror.dll.bak)

C:\Arquivos de programas\Sony\Shared Plug-Ins\Audio\sfppack1.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\Arquivos de programas\Sony\Shared Plug-Ins\Audio\sfppack1.dll.bak)

C:\Arquivos de programas\Sony\Shared Plug-Ins\Audio\sfppack2.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\Arquivos de programas\Sony\Shared Plug-Ins\Audio\sfppack2.dll.bak)

C:\Arquivos de programas\Sony\Shared Plug-Ins\Audio\sfppack3.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\Arquivos de programas\Sony\Shared Plug-Ins\Audio\sfppack3.dll.bak)

C:\Arquivos de programas\Sony\Shared Plug-Ins\Audio\sfxpfx1.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\Arquivos de programas\Sony\Shared Plug-Ins\Audio\sfxpfx1.dll.bak)

C:\Arquivos de programas\Sony\Shared Plug-Ins\Audio\sfxpfx2.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\Arquivos de programas\Sony\Shared Plug-Ins\Audio\sfxpfx2.dll.bak)

C:\Arquivos de programas\Sony\Shared Plug-Ins\Audio\sfxpfx3.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\Arquivos de programas\Sony\Shared Plug-Ins\Audio\sfxpfx3.dll.bak)

C:\Arquivos de programas\Sony\Sound Forge 9.0\FileIO Plug-Ins\ac3plug\ac3market\sfconfigmgr.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\Arquivos de programas\Sony\Sound Forge 9.0\FileIO Plug-Ins\ac3plug\ac3market\sfconfigmgr.dll.bak)

C:\Arquivos de programas\Sony\Sound Forge 9.0\FileIO Plug-Ins\ac3plug\ac3market\sfmarket2.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\Arquivos de programas\Sony\Sound Forge 9.0\FileIO Plug-Ins\ac3plug\ac3market\sfmarket2.dll.bak)

C:\Arquivos de programas\Sony\Sound Forge 9.0\FileIO Plug-Ins\ac3plug\ac3plug.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\Arquivos de programas\Sony\Sound Forge 9.0\FileIO Plug-Ins\ac3plug\ac3plug.dll.bak)

C:\Arquivos de programas\Sony\Sound Forge 9.0\FileIO Plug-Ins\ac3plug\ac3plugrw.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\Arquivos de programas\Sony\Sound Forge 9.0\FileIO Plug-Ins\ac3plug\ac3plugrw.dll.bak)

C:\Arquivos de programas\Sony\Sound Forge 9.0\FileIO Plug-Ins\ac3studioplug\ac3studioplug.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\Arquivos de programas\Sony\Sound Forge 9.0\FileIO Plug-Ins\ac3studioplug\ac3studioplug.dll.bak)

C:\Arquivos de programas\Sony\Sound Forge 9.0\FileIO Plug-Ins\mcmp4plug\mcmp4plug.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\Arquivos de programas\Sony\Sound Forge 9.0\FileIO Plug-Ins\mcmp4plug\mcmp4plug.dll.bak)

C:\Arquivos de programas\Sony\Sound Forge 9.0\FileIO Plug-Ins\mcplug\mcmpegmarket\sfconfigmgr.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\Arquivos de programas\Sony\Sound Forge 9.0\FileIO Plug-Ins\mcplug\mcmpegmarket\sfconfigmgr.dll.bak)

C:\Arquivos de programas\Sony\Sound Forge 9.0\FileIO Plug-Ins\mcplug\mcmpegmarket\sfmarket2.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\Arquivos de programas\Sony\Sound Forge 9.0\FileIO Plug-Ins\mcplug\mcmpegmarket\sfmarket2.dll.bak)

C:\Arquivos de programas\Sony\Sound Forge 9.0\FileIO Plug-Ins\mcplug\mcplug.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\Arquivos de programas\Sony\Sound Forge 9.0\FileIO Plug-Ins\mcplug\mcplug.dll.bak)

C:\Arquivos de programas\Sony\Sound Forge 9.0\FileIO Plug-Ins\mcplug\mcplugrw.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\Arquivos de programas\Sony\Sound Forge 9.0\FileIO Plug-Ins\mcplug\mcplugrw.dll.bak)

C:\Arquivos de programas\Sony\Sound Forge 9.0\FileIO Plug-Ins\mp4plug\mp4plug.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\Arquivos de programas\Sony\Sound Forge 9.0\FileIO Plug-Ins\mp4plug\mp4plug.dll.bak)

C:\Arquivos de programas\Sony\Sound Forge 9.0\FileIO Plug-Ins\wavplug\wavplug.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\Arquivos de programas\Sony\Sound Forge 9.0\FileIO Plug-Ins\wavplug\wavplug.dll.bak)

C:\Arquivos de programas\Sony\Sound Forge 9.0\forge90.exe.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\Arquivos de programas\Sony\Sound Forge 9.0\forge90.exe.bak)

C:\Arquivos de programas\Sony\Sound Forge 9.0\sfconfigmgr.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\Arquivos de programas\Sony\Sound Forge 9.0\sfconfigmgr.dll.bak)

C:\Arquivos de programas\Sony\Sound Forge 9.0\sfmarket2.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\Arquivos de programas\Sony\Sound Forge 9.0\sfmarket2.dll.bak)

C:\Arquivos de programas\Sony\Sound Forge 9.0\sfs4rw.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\Arquivos de programas\Sony\Sound Forge 9.0\sfs4rw.dll.bak)

C:\Arquivos de programas\WinRAR\RAR.exe.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\Arquivos de programas\WinRAR\RAR.exe.bak)

C:\Arquivos de programas\WinRAR\UnRAR.exe.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\Arquivos de programas\WinRAR\UnRAR.exe.bak)

C:\Arquivos de programas\WinRAR\WinRAR.exe.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\Arquivos de programas\WinRAR\WinRAR.exe.bak)

C:\Arquivos de programas\Wondershare\PPT to Video\PPT to Video.exe.BAK - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\Arquivos de programas\Wondershare\PPT to Video\PPT to Video.exe.BAK)

C:\Arquivos de programas\Wondershare\PPT to Video\SlideSource.dll.BAK - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\Arquivos de programas\Wondershare\PPT to Video\SlideSource.dll.BAK)

Direct reading C:\Documents and Settings\All Users\Dados de aplicativos\ESET\ESET NOD32 Antivirus\Charon\CACHE.NDB

Direct reading C:\Documents and Settings\All Users\Dados de aplicativos\ESET\ESET NOD32 Antivirus\Logs\virlog.dat

Direct reading C:\Documents and Settings\All Users\Dados de aplicativos\ESET\ESET NOD32 Antivirus\Logs\warnlog.dat

Direct reading C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Dr Watson\user.dmp

Direct reading C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr0.dat

Direct reading C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr1.dat

Direct reading C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat

Direct reading C:\Documents and Settings\LocalService\NTUSER.DAT

Direct reading C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat

Direct reading C:\Documents and Settings\NetworkService\NTUSER.DAT

Direct reading C:\Documents and Settings\Sabrino\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat

Direct reading C:\Documents and Settings\Sabrino\Configurações locais\Histórico\History.IE5\index.dat

Direct reading C:\Documents and Settings\Sabrino\Configurações locais\Histórico\History.IE5\MSHist012008121720081218\index.dat

Direct reading C:\Documents and Settings\Sabrino\Configurações locais\Temporary Internet Files\Content.IE5\index.dat

Direct reading C:\Documents and Settings\Sabrino\Cookies\index.dat

C:\Documents and Settings\Sabrino\Desktop\Sabrino\Informática\Vídeo-aulas\Visual_Basic-Curso\Extras\Codigo\Cap02\Despertador\Despertador.exe >>> suspicion for Trojan-Clicker.Win32.VB.on ( 003EB753 0029FAE2 00000000 00044F05 24576)

File quarantined succesfully (C:\Documents and Settings\Sabrino\Desktop\Sabrino\Informática\Vídeo-aulas\Visual_Basic-Curso\Extras\Codigo\Cap02\Despertador\Despertador.exe)

C:\Documents and Settings\Sabrino\Desktop\Sabrino\Informática\Vídeo-aulas\Visual_Basic-Curso\Extras\Codigo\Cap03\Informação do Rato\Rato.exe >>> suspicion for Trojan.Win32.VB.aup ( 0046FF19 0027FAA8 00294BE0 002860C2 45056)

File quarantined succesfully (C:\Documents and Settings\Sabrino\Desktop\Sabrino\Informática\Vídeo-aulas\Visual_Basic-Curso\Extras\Codigo\Cap03\Informação do Rato\Rato.exe)

C:\Documents and Settings\Sabrino\Desktop\Sabrino\Informática\Vídeo-aulas\Visual_Basic-Curso\Extras\Codigo\Cap04\Estações do Ano e Animais\Estani.exe >>> suspicion for Trojan-Notifier.Win32.Draktor ( 004A90A6 001EBC01 0021D922 000D6FC3 65536)

File quarantined succesfully (C:\Documents and Settings\Sabrino\Desktop\Sabrino\Informática\Vídeo-aulas\Visual_Basic-Curso\Extras\Codigo\Cap04\Estações do Ano e Animais\Estani.exe)

C:\Documents and Settings\Sabrino\Desktop\Sabrino\Informática\Vídeo-aulas\Visual_Basic-Curso\Extras\Codigo\Cap06\Cores\Cores.exe >>> suspicion for Trojan.Win32.ShareAll.c ( 0041A975 001B74A5 00126E9F 0020D418 24576)

File quarantined succesfully (C:\Documents and Settings\Sabrino\Desktop\Sabrino\Informática\Vídeo-aulas\Visual_Basic-Curso\Extras\Codigo\Cap06\Cores\Cores.exe)

C:\Documents and Settings\Sabrino\Desktop\Sabrino\Informática\Vídeo-aulas\Visual_Basic-Curso\Extras\Codigo\Cap06\Rodas\Rodas.exe >>> suspicion for Trojan.Win32.ShareAll.c ( 00388A33 001B74A5 003F625E 001359E7 24576)

File quarantined succesfully (C:\Documents and Settings\Sabrino\Desktop\Sabrino\Informática\Vídeo-aulas\Visual_Basic-Curso\Extras\Codigo\Cap06\Rodas\Rodas.exe)

Dir

Compartilhar este post

Link para o post
Compartilhar em outros sites

Seu brino    0

Seu brino
Postado

Direct reading C:\Documents and Settings\Sabrino\NTUSER.DAT

C:\Program Files\Foxit Software\PDF Editor\PDFEdit.exe.BAK - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\Program Files\Foxit Software\PDF Editor\PDFEdit.exe.BAK)

C:\System Volume Information\_restore{90619FD7-7161-4272-99FB-A0E9A906B912}\RP205\A0037041.rbf >>> suspicion for Backdoor.Win32.UltimateDefender.grg ( 09E25293 05903389 00213166 002769BD 44544)

File quarantined succesfully (C:\System Volume Information\_restore{90619FD7-7161-4272-99FB-A0E9A906B912}\RP205\A0037041.rbf)

Direct reading C:\System Volume Information\_restore{90619FD7-7161-4272-99FB-A0E9A906B912}\RP205\change.log

Direct reading C:\WINDOWS\SchedLgU.Txt

Direct reading C:\WINDOWS\SoftwareDistribution\ReportingEvents.log

Direct reading C:\WINDOWS\system32\CatRoot2\edb.log

Direct reading C:\WINDOWS\system32\CatRoot2\tmp.edb

Direct reading C:\WINDOWS\system32\config\AppEvent.Evt

Direct reading C:\WINDOWS\system32\config\default

Direct reading C:\WINDOWS\system32\config\Internet.evt

Direct reading C:\WINDOWS\system32\config\NetLimit.evt

Direct reading C:\WINDOWS\system32\config\ODiag.evt

Direct reading C:\WINDOWS\system32\config\OSession.evt

Direct reading C:\WINDOWS\system32\config\SAM

Direct reading C:\WINDOWS\system32\config\SecEvent.Evt

Direct reading C:\WINDOWS\system32\config\SECURITY

Direct reading C:\WINDOWS\system32\config\SysEvent.Evt

Direct reading C:\WINDOWS\system32\config\system

Direct reading C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR

Direct reading C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP

Direct reading C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP

Direct reading C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA

Direct reading C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP

Direct reading C:\WINDOWS\WindowsUpdate.log

Direct reading C:\xampp\apache\logs\access.log

Direct reading C:\xampp\apache\logs\error.log

Direct reading C:\xampp\mysql\data\sabrino.err

Direct reading C:\xampp\mysql\ibdata1

Direct reading C:\xampp\mysql\ib_logfile0

Direct reading C:\xampp\mysql\ib_logfile1

4. Checking Winsock Layered Service Provider (SPI/LSP)

LSP settings checked. No errors detected

5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)

C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll --> Suspicion for Keylogger or Trojan DLL

C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll>>> Behavioural analysis

Behaviour typical for keyloggers not detected

File quarantined succesfully (C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll)

Note: Do NOT delete suspicious files, send them for analysis (see FAQ for more details), because there are lots of useful hooking DLLs

6. Searching for opened TCP/UDP ports used by malicious programs

Checking disabled by user

7. Heuristic system check

Checking - complete

8. Searching for vulnerabilities

>> Services: potentially dangerous service allowed: TermService (Serviços de terminal)

>> Services: potentially dangerous service allowed: SSDPSRV (Serviço de descoberta SSDP)

>> Services: potentially dangerous service allowed: Schedule (Agendador de tarefas)

>> Services: potentially dangerous service allowed: RDSessMgr (Gerenciador de sessão de ajuda de área de trabalho remota)

> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!

>> Security: disk drives' autorun is enabled

>> Security: administrative shares (C$, D$ ...) are enabled

>> Security: anonymous user access is enabled

>> Security: sending Remote Assistant queries is enabled

>> Security: automatic logon is enabled

Checking - complete

9. Troubleshooting wizard

>> Abnormal SCR files association

>> Abnormal REG files association

>> Service termination timeout is out of admissible values

>> HDD autorun are allowed

>> Autorun from network drives are allowed

>> Removable media autorun are allowed

Checking - complete

Files scanned: 207662, extracted from archives: 138001, malicious software found 0, suspicions - 6

Scanning finished at 17/12/2008 10:34:34

Time of scanning: 00:38:40

If you have a suspicion on presence of viruses or questions on the suspected objects,

you can address http://virusinfo.info conference

 

 

 

 

C:\Arquivos de programas\Sony\Shared Plug-Ins\Audio\sffrgpnv.dll.bak;3;PE file with non-standard extension(dangerousness level is 5%)

C:\Arquivos de programas\Sony\Shared Plug-Ins\Audio\sfhammer.dll.bak;3;PE file with non-standard extension(dangerousness level is 5%)

C:\Arquivos de programas\Sony\Shared Plug-Ins\Audio\sfmirror.dll.bak;3;PE file with non-standard extension(dangerousness level is 5%)

C:\Arquivos de programas\Sony\Shared Plug-Ins\Audio\sfppack1.dll.bak;3;PE file with non-standard extension(dangerousness level is 5%)

C:\Arquivos de programas\Sony\Shared Plug-Ins\Audio\sfppack2.dll.bak;3;PE file with non-standard extension(dangerousness level is 5%)

C:\Arquivos de programas\Sony\Shared Plug-Ins\Audio\sfppack3.dll.bak;3;PE file with non-standard extension(dangerousness level is 5%)

C:\Arquivos de programas\Sony\Shared Plug-Ins\Audio\sfxpfx1.dll.bak;3;PE file with non-standard extension(dangerousness level is 5%)

C:\Arquivos de programas\Sony\Shared Plug-Ins\Audio\sfxpfx2.dll.bak;3;PE file with non-standard extension(dangerousness level is 5%)

C:\Arquivos de programas\Sony\Shared Plug-Ins\Audio\sfxpfx3.dll.bak;3;PE file with non-standard extension(dangerousness level is 5%)

C:\Arquivos de programas\Sony\Sound Forge 9.0\FileIO Plug-Ins\ac3plug\ac3market\sfconfigmgr.dll.bak;3;PE file with non-standard extension(dangerousness level is 5%)

C:\Arquivos de programas\Sony\Sound Forge 9.0\FileIO Plug-Ins\ac3plug\ac3market\sfmarket2.dll.bak;3;PE file with non-standard extension(dangerousness level is 5%)

C:\Arquivos de programas\Sony\Sound Forge 9.0\FileIO Plug-Ins\ac3plug\ac3plug.dll.bak;3;PE file with non-standard extension(dangerousness level is 5%)

C:\Arquivos de programas\Sony\Sound Forge 9.0\FileIO Plug-Ins\ac3plug\ac3plugrw.dll.bak;3;PE file with non-standard extension(dangerousness level is 5%)

C:\Arquivos de programas\Sony\Sound Forge 9.0\FileIO Plug-Ins\ac3studioplug\ac3studioplug.dll.bak;3;PE file with non-standard extension(dangerousness level is 5%)

C:\Arquivos de programas\Sony\Sound Forge 9.0\FileIO Plug-Ins\mcmp4plug\mcmp4plug.dll.bak;3;PE file with non-standard extension(dangerousness level is 5%)

C:\Arquivos de programas\Sony\Sound Forge 9.0\FileIO Plug-Ins\mcplug\mcmpegmarket\sfconfigmgr.dll.bak;3;PE file with non-standard extension(dangerousness level is 5%)

C:\Arquivos de programas\Sony\Sound Forge 9.0\FileIO Plug-Ins\mcplug\mcmpegmarket\sfmarket2.dll.bak;3;PE file with non-standard extension(dangerousness level is 5%)

C:\Arquivos de programas\Sony\Sound Forge 9.0\FileIO Plug-Ins\mcplug\mcplug.dll.bak;3;PE file with non-standard extension(dangerousness level is 5%)

C:\Arquivos de programas\Sony\Sound Forge 9.0\FileIO Plug-Ins\mcplug\mcplugrw.dll.bak;3;PE file with non-standard extension(dangerousness level is 5%)

C:\Arquivos de programas\Sony\Sound Forge 9.0%5

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Bom Dia! Seu brino

 

<!> Não foram detectados,pelas ferramentas,ficheiros potencialmente maliciosos.

---------------------------

<@> Faça o download do a-squared Free 3.5.

 

<!> Link Opcional: < a2ppf_banner.jpg >

 

<@> Abra o programa e clique em: Atualizar agora --> Aguarde!

<@> Terminando,clique em: Analisar agora

<@> Escolha a opção: A fundo

<@> Clique em Analisar!

<@> Terminando,envie os ítens encontrados para a quarentena.

<@> Aonde,daí,serão excluídos ou restaurados.

<@> Salve o relatório,desta verificação,e poste na sua resposta.

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

Seu brino    0

Seu brino
Postado

a-squared Free - Versão 4.0

Última atualização 19/12/2008 12:36:14

 

Configurações da análise:

 

Objetos: Memória, Rastros, Cookies, C:\

Análise de arquivos: Ligado

Heurística: Ligado

Análise de ADS: Ligado

 

Início da análise: 19/12/2008 12:39:19

 

C:\Documents and Settings\Sabrino\Cookies\sabrino@adserver.dialhost.com[2].txt detectado: Trace.TrackingCookie.adserv!A2

C:\Documents and Settings\Sabrino\Cookies\sabrino@adserver.dialhost.com[2].txt detectado: Trace.TrackingCookie.adserver!A2

C:\Documents and Settings\Sabrino\Cookies\sabrino@google.com[2].txt detectado: Trace.TrackingCookie.google.com!A2

C:\Documents and Settings\Sabrino\Dados de aplicativos\Mozilla\Firefox\Profiles\qqdour55.default\cookies.sqlite:1229122874343751 detectado: Trace.TrackingCookie.count!A2

C:\Arquivos de programas\Deskshare\Video Edit Magic 4.4\ArmAccess.dll detectado: Trojan-PWS.Win32.Delf!IK

C:\Arquivos de programas\RunDLL31.exe detectado: Virus.Win32.Bancos.AWF!IK

C:\WINDOWS\a.dll detectado: Trojan.Win32.VB!IK

C:\WINDOWS\gendel32.exe detectado: Virus.Win32.Trojan!IK

C:\WINDOWS\plugini.exe detectado: Virus.Win32.Bancos.AWF!IK

 

Analisado

 

Arquivos: 100025

Objetos: 516433

Cookies: 545

Processos: 24

 

Encontrado

 

Arquivos: 5

Objetos: 0

Cookies: 4

Processos: 0

Chaves do registro: 0

 

Fim da análise: 19/12/2008 13:54:50

Duração da análise: 1:15:31

 

 

mandei tudo pra quarentena

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Bom Dia! Seu brino

 

<!> Este relatório mostrou a presença do Trojan zonebac. ( Virus.Win32.Bancos.AWF )

--------------------------

<@> Baixe: < FindAWF >

<@> Salve-o no Disco Local-C.

<@> Execute a ferramenta,FindAWF,com um duplo-clique.

<@> Após aparecer a janela de alerta,confirme a execução!

<@> Aguarde o término do scan.

<@> Ao final,abrir-se-á o Bloco de Notas com o log. ( awf.txt ) <-- Poste!

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

Seu brino    0

Seu brino
Postado

a única opção de scan era a 1, porém só deu isso:

 

 

Find AWF report by noahdfear ©2006

Version 1.40

 

bak folders found

~~~~~~~~~~~

 

Duplicate files of bak directory contents

~~~~~~~~~~~~~~~~~~~~~~~

 

end of report

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado
a única opção de scan era a 1, porém só deu isso:

 

 

Find AWF report by noahdfear ©2006

Version 1.40

 

bak folders found

~~~~~~~~~~~

 

Duplicate files of bak directory contents

~~~~~~~~~~~~~~~~~~~~~~~

 

end of report

--------------------------

Opa! Seu brino

Boa Tarde!

 

<!> Isso significa,que a-squared removeu todos os arquivos do Trojan e,não existem pastas duplicadas.

-------------------------

<!> Os ficheiros de seu programa de edição de áudio ( Sound Forge 9.0 ),estão em uma extenção,que não lhe são próprias. Podendo denotar uma ação de legitimação,ou maliciosa. Se foi voçê que permitiu esses renomeamentos,então não execute o procedimento de scripts com o AVZ.

Se o programa de edição,lhe é muito importante,busque baixá-lo de uma fonte legítima,e livre de 'crackeamentos',para a sua funcionalidade.

-------------------------

<@> Abra o avz4 e clique em AVZGuard --> Enable AVZGuard --> OK.

<@> Clique em "File" --> "Custom scripts".

<@> Cole,no campo,em "Runing scripts",estas informações sob o CODE:

 

beginSetAVZGuardStatus(True);SearchRootkit(true, true);QuarantineFile('C:\Arquivos de programas\Sony\Shared Plug-Ins\Audio\sffrgpnv.dll.bak','');QuarantineFile('C:\Arquivos de programas\Sony\Shared Plug-Ins\Audio\sfhammer.dll.bak','');QuarantineFile('C:\Arquivos de programas\Sony\Shared Plug-Ins\Audio\sfmirror.dll.bak','');QuarantineFile('C:\Arquivos de programas\Sony\Shared Plug-Ins\Audio\sfppack1.dll.bak','');QuarantineFile('C:\Arquivos de programas\Sony\Shared Plug-Ins\Audio\sfppack2.dll.bak','');QuarantineFile('C:\Arquivos de programas\Sony\Shared Plug-Ins\Audio\sfppack3.dll.bak','');QuarantineFile('C:\Arquivos de programas\Sony\Shared Plug-Ins\Audio\sfxpfx1.dll.bak','');QuarantineFile('C:\Arquivos de programas\Sony\Shared Plug-Ins\Audio\sfxpfx2.dll.bak','');QuarantineFile('C:\Arquivos de programas\Sony\Shared Plug-Ins\Audio\sfxpfx3.dll.bak','');QuarantineFile('C:\Arquivos de programas\Sony\Sound Forge 9.0\FileIO Plug-Ins\ac3plug\ac3market\sfconfigmgr.dll.bak','');QuarantineFile('C:\Arquivos de programas\Sony\Sound Forge 9.0\FileIO Plug-Ins\ac3plug\ac3market\sfmarket2.dll.bak','');QuarantineFile('C:\Arquivos de programas\Sony\Sound Forge 9.0\FileIO Plug-Ins\ac3plug\ac3plug.dll.bak','');QuarantineFile('C:\Arquivos de programas\Sony\Sound Forge 9.0\FileIO Plug-Ins\ac3plug\ac3plugrw.dll.bak','');QuarantineFile('C:\Arquivos de programas\Sony\Sound Forge 9.0\FileIO Plug-Ins\ac3studioplug\ac3studioplug.dll.bak','');QuarantineFile('C:\Arquivos de programas\Sony\Sound Forge 9.0\FileIO Plug-Ins\mcmp4plug\mcmp4plug.dll.bak','');QuarantineFile('C:\Arquivos de programas\Sony\Sound Forge 9.0\FileIO Plug-Ins\mcplug\mcmpegmarket\sfconfigmgr.dll.bak','');QuarantineFile('C:\Arquivos de programas\Sony\Sound Forge 9.0\FileIO Plug-Ins\mcplug\mcmpegmarket\sfmarket2.dll.bak','');QuarantineFile('C:\Arquivos de programas\Sony\Sound Forge 9.0\FileIO Plug-Ins\mcplug\mcplug.dll.bak','');QuarantineFile('C:\Arquivos de programas\Sony\Sound Forge 9.0\FileIO Plug-Ins\mcplug\mcplugrw.dll.bak','');QuarantineFile('C:\Arquivos de programas\Sony\Sound Forge 9.0\FileIO Plug-Ins\mp4plug\mp4plug.dll.bak','');QuarantineFile('C:\Arquivos de programas\Sony\Sound Forge 9.0\FileIO Plug-Ins\wavplug\wavplug.dll.bak','');QuarantineFile('C:\Arquivos de programas\Sony\Sound Forge 9.0\forge90.exe.bak','');QuarantineFile('C:\Arquivos de programas\Sony\Sound Forge 9.0\sfconfigmgr.dll.bak','');QuarantineFile('C:\Arquivos de programas\Sony\Sound Forge 9.0\sfmarket2.dll.bak','');QuarantineFile('C:\Arquivos de programas\Sony\Sound Forge 9.0\sfs4rw.dll.bak','');QuarantineFile('C:\Arquivos de programas\WinRAR\RAR.exe.bak','');QuarantineFile('C:\Arquivos de programas\WinRAR\UnRAR.exe.bak','');QuarantineFile('C:\Arquivos de programas\WinRAR\WinRAR.exe.bak','');QuarantineFile('C:\Arquivos de programas\Wondershare\PPT to Video\PPT to Video.exe.BAK','');QuarantineFile('C:\Arquivos de programas\Wondershare\PPT to Video\SlideSource.dll.BAK','');QuarantineFile('C:\Program Files\Foxit Software\PDF Editor\PDFEdit.exe.BAK','');QuarantineFile('C:\System Volume Information\_restore{90619FD7-7161-4272-99FB-A0E9A906B912}\RP205\A0037041.rbf','');DeleteFile('C:\System Volume Information\_restore{90619FD7-7161-4272-99FB-A0E9A906B912}\RP205\A0037041.rbf');DeleteFile('C:\Program Files\Foxit Software\PDF Editor\PDFEdit.exe.BAK');DeleteFile('C:\Arquivos de programas\Wondershare\PPT to Video\SlideSource.dll.BAK');DeleteFile('C:\Arquivos de programas\Wondershare\PPT to Video\PPT to Video.exe.BAK');DeleteFile('C:\Arquivos de programas\WinRAR\WinRAR.exe.bak');DeleteFile('C:\Arquivos de programas\WinRAR\UnRAR.exe.bak');DeleteFile('C:\Arquivos de programas\WinRAR\RAR.exe.bak');DeleteFile('C:\Arquivos de programas\Sony\Sound Forge 9.0\sfs4rw.dll.bak');DeleteFile('C:\Arquivos de programas\Sony\Sound Forge 9.0\sfmarket2.dll.bak');DeleteFile('C:\Arquivos de programas\Sony\Sound Forge 9.0\sfconfigmgr.dll.bak');DeleteFile('C:\Arquivos de programas\Sony\Sound Forge 9.0\forge90.exe.bak');DeleteFile('C:\Arquivos de programas\Sony\Sound Forge 9.0\FileIO Plug-Ins\wavplug\wavplug.dll.bak');DeleteFile('C:\Arquivos de programas\Sony\Sound Forge 9.0\FileIO Plug-Ins\mp4plug\mp4plug.dll.bak');DeleteFile('C:\Arquivos de programas\Sony\Sound Forge 9.0\FileIO Plug-Ins\mcplug\mcplugrw.dll.bak');DeleteFile('C:\Arquivos de programas\Sony\Sound Forge 9.0\FileIO Plug-Ins\mcplug\mcplug.dll.bak');DeleteFile('C:\Arquivos de programas\Sony\Sound Forge 9.0\FileIO Plug-Ins\mcplug\mcmpegmarket\sfmarket2.dll.bak');DeleteFile('C:\Arquivos de programas\Sony\Sound Forge 9.0\FileIO Plug-Ins\mcplug\mcmpegmarket\sfconfigmgr.dll.bak');DeleteFile('C:\Arquivos de programas\Sony\Sound Forge 9.0\FileIO Plug-Ins\mcmp4plug\mcmp4plug.dll.bak');DeleteFile('C:\Arquivos de programas\Sony\Sound Forge 9.0\FileIO Plug-Ins\ac3studioplug\ac3studioplug.dll.bak');DeleteFile('C:\Arquivos de programas\Sony\Sound Forge 9.0\FileIO Plug-Ins\ac3plug\ac3plugrw.dll.bak');DeleteFile('C:\Arquivos de programas\Sony\Sound Forge 9.0\FileIO Plug-Ins\ac3plug\ac3plug.dll.bak');DeleteFile('C:\Arquivos de programas\Sony\Sound Forge 9.0\FileIO Plug-Ins\ac3plug\ac3market\sfmarket2.dll.bak');DeleteFile('C:\Arquivos de programas\Sony\Sound Forge 9.0\FileIO Plug-Ins\ac3plug\ac3market\sfconfigmgr.dll.bak');DeleteFile('C:\Arquivos de programas\Sony\Shared Plug-Ins\Audio\sfxpfx3.dll.bak');DeleteFile('C:\Arquivos de programas\Sony\Shared Plug-Ins\Audio\sfxpfx2.dll.bak');DeleteFile('C:\Arquivos de programas\Sony\Shared Plug-Ins\Audio\sfxpfx1.dll.bak');DeleteFile('C:\Arquivos de programas\Sony\Shared Plug-Ins\Audio\sfppack3.dll.bak');DeleteFile('C:\Arquivos de programas\Sony\Shared Plug-Ins\Audio\sfppack2.dll.bak');DeleteFile('C:\Arquivos de programas\Sony\Shared Plug-Ins\Audio\sfppack1.dll.bak');DeleteFile('C:\Arquivos de programas\Sony\Shared Plug-Ins\Audio\sfmirror.dll.bak');DeleteFile('C:\Arquivos de programas\Sony\Shared Plug-Ins\Audio\sfhammer.dll.bak');DeleteFile('C:\Arquivos de programas\Sony\Shared Plug-Ins\Audio\sffrgpnv.dll.bak');BC_ImportDeletedList;ExecuteSysClean;BC_Activate;RebootWindows(true);end.

<@> Busque erros de scripts,clicando em "Check syntax" --> OK.

<@> Não havendo erros,clique em Run. <-- Aguarde!

<@> Para completar as remoções,o computador poderá reiniciar.

<@> Terminando,clique em "Save".

<@> Salve este relatório no desktop,nomeado como: AVZScript.log <-- Poste!

<@> Volte ao menu AVZGuard,e clique em "Disable AVZGuard" --> OK.

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

Seu brino    0

Seu brino
Postado

o pc reiniciou e não deu tempo de salvar o log, mas aparentemente deu tudo certo e eu olhei na quarentena do programa e vi que hoje ele pôs 31 arquivos lá (além de 31 parãmetros de configuração - um pra cada arquivo).

 

e agora?

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado
o pc reiniciou e não deu tempo de salvar o log, mas aparentemente deu tudo certo e eu olhei na quarentena do programa e vi que hoje ele pôs 31 arquivos lá (além de 31 parãmetros de configuração - um pra cada arquivo).

 

e agora?

-------------------------

Opa! Seu brino

Boa Tarde!

 

<!> Rode,novamente,o avz4 e poste o relatório. ( avz_log.txt )

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

Seu brino    0

Seu brino
Postado

AVZ Antiviral Toolkit log; AVZ version is 4.30

Scanning started at 22/12/2008 07:59:45

Database loaded: signatures - 200988, NN profile(s) - 2, microprograms of healing - 56, signature database released 16.12.2008 22:02

Heuristic microprograms loaded: 371

SPV microprograms loaded: 9

Digital signatures of system files loaded: 74240

Heuristic analyzer mode: Maximum heuristics level

Healing mode: enabled

Windows version: 5.1.2600, Service Pack 3 ; AVZ is launched with administrator rights

System Restore: enabled

1. Searching for Rootkits and programs intercepting API functions

1.1 Searching for user-mode API hooks

Analysis: kernel32.dll, export table found in section .text

Analysis: ntdll.dll, export table found in section .text

Analysis: user32.dll, export table found in section .text

Analysis: advapi32.dll, export table found in section .text

Analysis: ws2_32.dll, export table found in section .text

Analysis: wininet.dll, export table found in section .text

Analysis: rasapi32.dll, export table found in section .text

Analysis: urlmon.dll, export table found in section .text

Analysis: netapi32.dll, export table found in section .text

1.2 Searching for kernel-mode API hooks

Driver loaded successfully

SDT found (RVA=083220)

Kernel TUKERNEL.EXE found in memory at address 804D7000

SDT = 8055A220

KiST = 804E26A8 (284)

Functions checked: 284, intercepted: 0, restored: 0

1.3 Checking IDT and SYSENTER

Analysis for CPU 1

Checking IDT and SYSENTER - complete

1.4 Searching for masking processes and drivers

Checking not performed: extended monitoring driver (AVZPM) is not installed

Driver loaded successfully

1.5 Checking of IRP handlers

Checking - complete

2. Scanning memory

Number of processes found: 24

Analyzer: process under analysis is 264 C:\Arquivos de programas\a-squared Free\a2service.exe

[ES]:Application has no visible windows

[ES]:EXE runtime packer ?

Analyzer: process under analysis is 332 C:\xampp\apache\bin\apache.exe

[ES]:Contains network functionality

[ES]:Listens on TCP ports !

[ES]:Application has no visible windows

[ES]:Loads RASAPI DLL - may use dialing ?

Analyzer: process under analysis is 480 C:\Arquivos de programas\Arquivos comuns\BinarySense\disksvc.exe

[ES]:Application has no visible windows

Analyzer: process under analysis is 904 C:\xampp\apache\bin\apache.exe

[ES]:Contains network functionality

[ES]:Application has no visible windows

[ES]:Loads RASAPI DLL - may use dialing ?

Number of modules loaded: 352

Scanning memory - complete

3. Scanning disks

Direct reading C:\Documents and Settings\All Users\Dados de aplicativos\ESET\ESET NOD32 Antivirus\Charon\CACHE.NDB

Direct reading C:\Documents and Settings\All Users\Dados de aplicativos\ESET\ESET NOD32 Antivirus\Logs\virlog.dat

Direct reading C:\Documents and Settings\All Users\Dados de aplicativos\ESET\ESET NOD32 Antivirus\Logs\warnlog.dat

Direct reading C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Dr Watson\user.dmp

Direct reading C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr0.dat

Direct reading C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr1.dat

Direct reading C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat

Direct reading C:\Documents and Settings\LocalService\NTUSER.DAT

Direct reading C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat

Direct reading C:\Documents and Settings\NetworkService\NTUSER.DAT

Direct reading C:\Documents and Settings\Sabrino\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat

Direct reading C:\Documents and Settings\Sabrino\Configurações locais\Histórico\History.IE5\index.dat

Direct reading C:\Documents and Settings\Sabrino\Configurações locais\Temporary Internet Files\Content.IE5\index.dat

Direct reading C:\Documents and Settings\Sabrino\Cookies\index.dat

C:\Documents and Settings\Sabrino\Desktop\Sabrino\Informática\Vídeo-aulas\Visual_Basic-Curso\Extras\Codigo\Cap02\Despertador\Despertador.exe >>> suspicion for Trojan-Clicker.Win32.VB.on ( 003EB753 0029FAE2 00000000 00044F05 24576)

File quarantined succesfully (C:\Documents and Settings\Sabrino\Desktop\Sabrino\Informática\Vídeo-aulas\Visual_Basic-Curso\Extras\Codigo\Cap02\Despertador\Despertador.exe)

C:\Documents and Settings\Sabrino\Desktop\Sabrino\Informática\Vídeo-aulas\Visual_Basic-Curso\Extras\Codigo\Cap03\Informação do Rato\Rato.exe >>> suspicion for Trojan.Win32.VB.aup ( 0046FF19 0027FAA8 00294BE0 002860C2 45056)

File quarantined succesfully (C:\Documents and Settings\Sabrino\Desktop\Sabrino\Informática\Vídeo-aulas\Visual_Basic-Curso\Extras\Codigo\Cap03\Informação do Rato\Rato.exe)

C:\Documents and Settings\Sabrino\Desktop\Sabrino\Informática\Vídeo-aulas\Visual_Basic-Curso\Extras\Codigo\Cap04\Estações do Ano e Animais\Estani.exe >>> suspicion for Trojan-Notifier.Win32.Draktor ( 004A90A6 001EBC01 0021D922 000D6FC3 65536)

File quarantined succesfully (C:\Documents and Settings\Sabrino\Desktop\Sabrino\Informática\Vídeo-aulas\Visual_Basic-Curso\Extras\Codigo\Cap04\Estações do Ano e Animais\Estani.exe)

C:\Documents and Settings\Sabrino\Desktop\Sabrino\Informática\Vídeo-aulas\Visual_Basic-Curso\Extras\Codigo\Cap06\Cores\Cores.exe >>> suspicion for Trojan.Win32.ShareAll.c ( 0041A975 001B74A5 00126E9F 0020D418 24576)

File quarantined succesfully (C:\Documents and Settings\Sabrino\Desktop\Sabrino\Informática\Vídeo-aulas\Visual_Basic-Curso\Extras\Codigo\Cap06\Cores\Cores.exe)

C:\Documents and Settings\Sabrino\Desktop\Sabrino\Informática\Vídeo-aulas\Visual_Basic-Curso\Extras\Codigo\Cap06\Rodas\Rodas.exe >>> suspicion for Trojan.Win32.ShareAll.c ( 00388A33 001B74A5 003F625E 001359E7 24576)

File quarantined succesfully (C:\Documents and Settings\Sabrino\Desktop\Sabrino\Informática\Vídeo-aulas\Visual_Basic-Curso\Extras\Codigo\Cap06\Rodas\Rodas.exe)

Direct reading C:\Documents and Settings\Sabrino\NTUSER.DAT

Direct reading C:\WINDOWS\SchedLgU.Txt

Direct reading C:\WINDOWS\SoftwareDistribution\ReportingEvents.log

Direct reading C:\WINDOWS\system32\CatRoot2\edb.log

Direct reading C:\WINDOWS\system32\CatRoot2\tmp.edb

Direct reading C:\WINDOWS\system32\config\AppEvent.Evt

Direct reading C:\WINDOWS\system32\config\default

Direct reading C:\WINDOWS\system32\config\Internet.evt

Direct reading C:\WINDOWS\system32\config\NetLimit.evt

Direct reading C:\WINDOWS\system32\config\ODiag.evt

Direct reading C:\WINDOWS\system32\config\OSession.evt

Direct reading C:\WINDOWS\system32\config\SAM

Direct reading C:\WINDOWS\system32\config\SecEvent.Evt

Direct reading C:\WINDOWS\system32\config\SECURITY

Direct reading C:\WINDOWS\system32\config\SysEvent.Evt

Direct reading C:\WINDOWS\system32\config\system

Direct reading C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR

Direct reading C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP

Direct reading C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP

Direct reading C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA

Direct reading C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP

Direct reading C:\WINDOWS\WindowsUpdate.log

Direct reading C:\xampp\apache\logs\access.log

Direct reading C:\xampp\apache\logs\error.log

Direct reading C:\xampp\mysql\data\sabrino.err

Direct reading C:\xampp\mysql\ibdata1

Direct reading C:\xampp\mysql\ib_logfile0

Direct reading C:\xampp\mysql\ib_logfile1

4. Checking Winsock Layered Service Provider (SPI/LSP)

LSP settings checked. No errors detected

5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)

C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll --> Suspicion for Keylogger or Trojan DLL

C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll>>> Behavioural analysis

Behaviour typical for keyloggers not detected

File quarantined succesfully (C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll)

Note: Do NOT delete suspicious files, send them for analysis (see FAQ for more details), because there are lots of useful hooking DLLs

6. Searching for opened TCP/UDP ports used by malicious programs

Checking disabled by user

7. Heuristic system check

Checking - complete

8. Searching for vulnerabilities

>> Services: potentially dangerous service allowed: TermService (Serviços de terminal)

>> Services: potentially dangerous service allowed: SSDPSRV (Serviço de descoberta SSDP)

>> Services: potentially dangerous service allowed: Schedule (Agendador de tarefas)

>> Services: potentially dangerous service allowed: RDSessMgr (Gerenciador de sessão de ajuda de área de trabalho remota)

> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!

>> Security: disk drives' autorun is enabled

>> Security: administrative shares (C$, D$ ...) are enabled

>> Security: anonymous user access is enabled

>> Security: sending Remote Assistant queries is enabled

>> Security: automatic logon is enabled

Checking - complete

9. Troubleshooting wizard

>> Abnormal SCR files association

>> Abnormal REG files association

>> Service termination timeout is out of admissible values

>> HDD autorun are allowed

>> Autorun from network drives are allowed

>> Removable media autorun are allowed

Checking - complete

Files scanned: 203473, extracted from archives: 134946, malicious software found 0, suspicions - 5

Scanning finished at 22/12/2008 09:01:16

Time of scanning: 01:01:35

If you have a suspicion on presence of viruses or questions on the suspected objects,

you can address http://virusinfo.info conference

 

view_log

 

C:\Documents and Settings\Sabrino\Desktop\Sabrino\Informática\Vídeo-aulas\Visual_Basic-Curso\Extras\Codigo\Cap02\Despertador\Despertador.exe;2;Suspicion for Trojan-Clicker.Win32.VB.on ( 003EB753 0029FAE2 00000000 00044F05 24576)

C:\Documents and Settings\Sabrino\Desktop\Sabrino\Informática\Vídeo-aulas\Visual_Basic-Curso\Extras\Codigo\Cap03\Informação do Rato\Rato.exe;2;Suspicion for Trojan.Win32.VB.aup ( 0046FF19 0027FAA8 00294BE0 002860C2 45056)

C:\Documents and Settings\Sabrino\Desktop\Sabrino\Informática\Vídeo-aulas\Visual_Basic-Curso\Extras\Codigo\Cap04\Estações do Ano e Animais\Estani.exe;2;Suspicion for Trojan-Notifier.Win32.Draktor ( 004A90A6 001EBC01 0021D922 000D6FC3 65536)

C:\Documents and Settings\Sabrino\Desktop\Sabrino\Informática\Vídeo-aulas\Visual_Basic-Curso\Extras\Codigo\Cap06\Cores\Cores.exe;2;Suspicion for Trojan.Win32.ShareAll.c ( 0041A975 001B74A5 00126E9F 0020D418 24576)

C:\Documents and Settings\Sabrino\Desktop\Sabrino\Informática\Vídeo-aulas\Visual_Basic-Curso\Extras\Codigo\Cap06\Rodas\Rodas.exe;2;Suspicion for Trojan.Win32.ShareAll.c ( 00388A33 001B74A5 003F625E 001359E7 24576)

C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll;5;Suspicion for Keylogger or Trojan DLL

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Bom Dia! Seu brino

 

<!> Como está o computador? Houve alguma melhora,no acesso à Net?

 

C:\Documents and Settings\Sabrino\Desktop\Sabrino\Informática\Vídeo-aulas\Visual_Basic-Curso\Extras\Codigo\Cap02\Despertador\Despertador.exe

 

C:\Documents and Settings\Sabrino\Desktop\Sabrino\Informática\Vídeo-aulas\Visual_Basic-Curso\Extras\Codigo\Cap03\Informação do Rato\Rato.exe

 

C:\Documents and Settings\Sabrino\Desktop\Sabrino\Informática\Vídeo-aulas\Visual_Basic-Curso\Extras\Codigo\Cap04\Estações do Ano e Animais\Estani.exe

 

C:\Documents and Settings\Sabrino\Desktop\Sabrino\Informática\Vídeo-aulas\Visual_Basic-Curso\Extras\Codigo\Cap06\Cores\Cores.exe

 

C:\Documents and Settings\Sabrino\Desktop\Sabrino\Informática\Vídeo-aulas\Visual_Basic-Curso\Extras\Codigo\Cap06\Rodas\Rodas.exe

<!> Estes ficheiros,que estão na quarentena do AVZ,e se não lhe for de grande importância...,pode apagar. Marque-os e elimine-os!

-------------------------

<@> Faça um escaneamento de desinfecção,em < BitDefender > e poste o relatório.

<@> Abrirá a página: < BitDefender OnLine Scanner >

 

<@> Clique em: < agree2.gif >

 

<@> Aguarde e aceite a instalação do ActiveX,para que possa ocorrer o scan.

<@> Terminando,poste o relatório: C:\Windows\BDOSCAN8\bdoscan.log <--

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

Seu brino    0

Seu brino
Postado

<!> Ficheiros requisitados foram apagados

<!> O scan eu tentei mts e mts vezes mas não iniciava, mesmo depois de clicar em I Agree. Também tentei com o Internet Explorer algumas vezes mas não saia do lugar. Apaenas ia pra um "link" que era o mesmo link com uma tralha (#) no final.

 

<@> Às vezes, parece que a net melhorou, mas às vezes não...

<@> Eu sei que os malwares, de uma forma ou de outra, provocam mal no pc, e agradeço muito a sua ajuda para retirá-los, mas estou tendendo a voltar à idéia de que o problemapode ser alguma configuração ou alteração no registro do windows... Não sei... O que você acha?!

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado
<!> Ficheiros requisitados foram apagados

<!> O scan eu tentei mts e mts vezes mas não iniciava, mesmo depois de clicar em I Agree. Também tentei com o Internet Explorer algumas vezes mas não saia do lugar. Apaenas ia pra um "link" que era o mesmo link com uma tralha (#) no final.

 

<@> Às vezes, parece que a net melhorou, mas às vezes não...

<@> Eu sei que os malwares, de uma forma ou de outra, provocam mal no pc, e agradeço muito a sua ajuda para retirá-los, mas estou tendendo a voltar à idéia de que o problema pode ser alguma configuração ou alteração no registro do windows... Não sei... O que você acha?!

----------------------

Bom Dia! Seu brino

 

<!> Não no registro,mas em suas configurações de acesso à Internet...é possível. ( Placa de Fax-Modem...)

<!> Utilize o programinha,abaixo,para acesso à navegação.Aonde,utilizando o Google como atalho,terás um bom teste,em relação ao seu provedor de Internet.

<!> Configure-o,de acordo com seu tipo de conecção à Net: Adsl ou Dial-Up.

---------------------

<!> Para acelerar a navegação,baixe: Google Web Accelerator

 

<!> Link:

 

< http://portuguese.icrfast.com/lv/group/vie...Accelerator.htm >

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Resolvidos (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito