Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

JackDenio

[Resolvido!] Suspeita de infecção

Por , em Tópicos Resolvidos (Seguranca & Malwares)

Recommended Posts

JackDenio    0

JackDenio
Postado

E aê, sei que meu problema pode ser coisa de hardware, pois meu note esquenta muitoooo rápido, mais mesmo assim desde o primeiro momento que eu o ligo, ele dá umas travadas que antes não acontecia :S, vo tentar uns últimos recursos antes de formatar .. vo postar aqui meu log, se alguém puder me dá umas dicas ai ...

 

Logfile of HijackThis v1.99.1

Scan saved at 10:45:26, on 20/12/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\Arquivos de programas\Dell\QuickSet\quickset.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\WINDOWS\stsystra.exe

C:\WINDOWS\stsystra.exe

C:\Arquivos de programas\Oi Velox\Manager\desp2k.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\cmpe.exe

C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe

C:\Documents and Settings\Dênio\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.speedy.com.ar/

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Arquivos de programas\DAEMON Tools Toolbar\DTToolbar.dll

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe

O4 - HKLM\..\Run: [Dell QuickSet] C:\Arquivos de programas\Dell\QuickSet\quickset.exe

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [scanRegistry] C:\W

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [desp2k] C:\Arquivos de programas\Oi Velox\Manager\desp2k.exe

O4 - HKCU\..\Run: [startCCC] C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

O4 - HKCU\..\Run: [tspcm] C:\Arquivos de programas\Telefonica\Speedy\SATConMon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Arquivos de programas\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe -t

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Dênio\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Arquivos de programas\Paltalk Messenger\Paltalk.exe (file missing)

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1218723589484

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Context Manager Process Extension (cmpe) - LightComm - C:\WINDOWS\system32\cmpe.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

 

Obrigado e abraço !!

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Noite! RomanMG

 

<@> Baixe: < BTFix.zip > ( ...par bibi26 )

<@> Descompacte-o para o Desktop ou Disco local ©.

<@> Reinicie o computador em Modo de Segurança. <-- Importante!

<@> Execute o BTFix.exe,com um duplo-clique.

<@> Clique em Rechercher. <-- Função diagnóstico!

 

BTFix 1.075 (par bibi26) - 01/11/2008 14:39:33 - Analyse - Mode sans échec

Lancé depuis C:\Documents and Settings\Administrador\Desktop\BTFix\BTFix.exe

 

---> Fichiers/Dossiers trouvés

 

---> Analyse terminée

<@> Exemplo de relatório,em que nada foi encontrado.

<@> Terminando e,existindo infecções,execute novamente o BTFix.exe.

<@> Faça-o em Modo Seguro! <-- Importante!

 

BTFix 1.075 (par bibi26) - 01/11/2008 14:39:33 - Nettoyage - Mode sans échec

Lancé depuis C:\Documents and Settings\Administrador\Desktop\BTFix\BTFix.exe

 

---> Fichiers/dossiers supprimés (Première passe)

 

- Fichiers temporaires effacés

- C:\WINDOWS\system32\bitsprx4.dll

- C:\Arquivos de programas\AskSBar\bar\1.bin\

- C:\Arquivos de programas\AskSBar\bar\

- C:\Arquivos de programas\AskSBar\SrchAstt\1.bin\

 

---> Nettoyage terminé

<@> Exemplo de relatório,em que foram encontradas infecções.

<@> Clique em Nettoyer. <-- Função Fix!

<@> Terminando,copie/poste os relatórios: ( C:\BTFix\BTFix.txt ) + HJT,atualizado.

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

JackDenio    0

JackDenio
Postado

E ae ...

 

BTFix:

 

BTFix 1.075 (par bibi26) - 21/12/2008 21:59:48 - Nettoyage - Mode sans échec

Lancé depuis C:\Documents and Settings\Dênio\Desktop\BTFix\BTFix.exe

 

---> Fichiers/dossiers supprimés (Première passe)

 

- Fichiers temporaires effacés

- C:\Documents and Settings\Dênio\Dados de aplicativos\Mozilla\Firefox\Profiles\mqx5g2km.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\chrome\

- C:\Documents and Settings\Dênio\Dados de aplicativos\Mozilla\Firefox\Profiles\mqx5g2km.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\defaults\preferences\

- C:\Documents and Settings\Dênio\Dados de aplicativos\Mozilla\Firefox\Profiles\mqx5g2km.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\defaults\

- C:\Documents and Settings\Dênio\Dados de aplicativos\Mozilla\Firefox\Profiles\mqx5g2km.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\META-INF\

- C:\Documents and Settings\Dênio\Dados de aplicativos\Mozilla\Firefox\Profiles\mqx5g2km.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\

 

---> Nettoyage terminé

 

HJT:

 

Logfile of HijackThis v1.99.1

Scan saved at 03:49:53, on 22/12/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Arquivos de programas\Dell\QuickSet\quickset.exe

C:\WINDOWS\system32\cmpe.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\WINDOWS\stsystra.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\stsystra.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\Arquivos de programas\Oi Velox\Manager\desp2k.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe

C:\Documents and Settings\Dênio\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Windows Media Player\wmplayer.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Winamp\winamp.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.speedy.com.ar/

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Arquivos de programas\DAEMON Tools Toolbar\DTToolbar.dll

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe

O4 - HKLM\..\Run: [Dell QuickSet] C:\Arquivos de programas\Dell\QuickSet\quickset.exe

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [scanRegistry] C:\W

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [desp2k] C:\Arquivos de programas\Oi Velox\Manager\desp2k.exe

O4 - HKCU\..\Run: [startCCC] C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

O4 - HKCU\..\Run: [tspcm] C:\Arquivos de programas\Telefonica\Speedy\SATConMon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Arquivos de programas\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe -t

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Dênio\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Arquivos de programas\Paltalk Messenger\Paltalk.exe (file missing)

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1218723589484

O17 - HKLM\System\CCS\Services\Tcpip\..\{E488ED3E-EE3E-462C-8054-93BF29E7A22D}: NameServer = 200.165.132.147 200.165.132.155

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Context Manager Process Extension (cmpe) - LightComm - C:\WINDOWS\system32\cmpe.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Bom Dia! RomanMG

 

<@> Baixe: < avz4en.zip > ou < avz_antiviral_toolkit >

<@> Salve-o em Arquivos de programas,e descompacte-o aí mesmo!

<@> Abra a pasta avz4 e execute o aplicativo,com um duplo-clique. <-- Ícone escudo e espada!

<@> Conecte-se à Internet,e atualize o Toolkit. --> "File" --> "Database Update".

<@> Terminando,não faça ainda nenhuma verificação.

<@> Na aba "Search range",marque todas as caixinhas.

<@> Em "File types",marque o botão "All files".

<@> Em "Actions",marque: "Perform healing"

<@> Nos campos,abaixo de "Perform healing",escolha "Report only",para todos os ítens.

<@> Abaixo de "RiskWare",marque a caixa "Copy suspicious files to Quarantine". <-- Somente esta caixa!

<@> No menu "Search parameters",maximize o ajuste "Heuristic analyses".

<@> Marque a caixa "Extended analysis". <-- Somente esta caixa!

<@> Por default,não desmarque as que estão assinaladas!

<@> Feche os programas que estejam abertos,e rode a ferramenta! <-- Clique em Start.

<@> Terminando o scan,clique no ícone "Save log",para dispormos do relatório. ( avz_log )

<@> Clique,também,no ícone dos "óculos".

<@> Clique em "Save as CSV".

<@> Salve,este relatório,no desktop! <-- Formato de texto. ( *.txt )

<@> Nomeie-o como: view_log

<@> Copie e poste: avz_log.txt + view_log.txt,na sua resposta.

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

JackDenio    0

JackDenio
Postado

E aê ...

 

AVZ_log:

 

AVZ Antiviral Toolkit log; AVZ version is 4.30

Scanning started at 24/12/2008 11:30:13

Database loaded: signatures - 202224, NN profile(s) - 2, microprograms of healing - 56, signature database released 23.12.2008 21:05

Heuristic microprograms loaded: 372

SPV microprograms loaded: 9

Digital signatures of system files loaded: 74370

Heuristic analyzer mode: Maximum heuristics level

Healing mode: enabled

Windows version: 5.1.2600, Service Pack 2 ; AVZ is launched with administrator rights

System Restore: enabled

1. Searching for Rootkits and programs intercepting API functions

1.1 Searching for user-mode API hooks

Analysis: kernel32.dll, export table found in section .text

Analysis: ntdll.dll, export table found in section .text

Analysis: user32.dll, export table found in section .text

Analysis: advapi32.dll, export table found in section .text

Analysis: ws2_32.dll, export table found in section .text

Analysis: wininet.dll, export table found in section .text

Analysis: rasapi32.dll, export table found in section .text

Analysis: urlmon.dll, export table found in section .text

Analysis: netapi32.dll, export table found in section .text

1.2 Searching for kernel-mode API hooks

Driver loaded successfully

SDT found (RVA=07BDA0)

Kernel ntkrnlpa.exe found in memory at address 804D7000

SDT = 80552DA0

KiST = 80501B5C (284)

Function NtCreateKey (29) intercepted (80619E54->F73040E0), hook spih.sys

Function NtCreateThread (35) intercepted (805C6D28->F7B16544), hook not defined

Function NtEnumerateKey (47) intercepted (8061A694->F7322CA2), hook spih.sys

Function NtEnumerateValueKey (49) intercepted (8061A8FE->F7323030), hook spih.sys

Function NtOpenKey (77) intercepted (8061B1EA->F73040C0), hook spih.sys

Function NtOpenProcess (7A) intercepted (805C0DD0->F7B16530), hook not defined

Function NtOpenThread (80) intercepted (805C105C->F7B16535), hook not defined

Function NtQueryKey (A0) intercepted (8061B50E->F7323108), hook spih.sys

Function NtQueryValueKey (B1) intercepted (80617F0E->F7322F88), hook spih.sys

Function NtSetValueKey (F7) intercepted (80618514->F732319A), hook spih.sys

Function NtTerminateProcess (101) intercepted (805C8720->F7B1653F), hook not defined

Function NtWriteVirtualMemory (115) intercepted (805A9474->F7B1653A), hook not defined

Functions checked: 284, intercepted: 12, restored: 0

1.3 Checking IDT and SYSENTER

Analysis for CPU 1

Checking IDT and SYSENTER - complete

1.4 Searching for masking processes and drivers

Checking not performed: extended monitoring driver (AVZPM) is not installed

Driver loaded successfully

1.5 Checking of IRP handlers

\FileSystem\ntfs[iRP_MJ_CREATE] = 849821F8 -> hook not defined

\FileSystem\ntfs[iRP_MJ_CLOSE] = 849821F8 -> hook not defined

\FileSystem\ntfs[iRP_MJ_WRITE] = 849821F8 -> hook not defined

\FileSystem\ntfs[iRP_MJ_QUERY_INFORMATION] = 849821F8 -> hook not defined

\FileSystem\ntfs[iRP_MJ_SET_INFORMATION] = 849821F8 -> hook not defined

\FileSystem\ntfs[iRP_MJ_QUERY_EA] = 849821F8 -> hook not defined

\FileSystem\ntfs[iRP_MJ_SET_EA] = 849821F8 -> hook not defined

\FileSystem\ntfs[iRP_MJ_QUERY_VOLUME_INFORMATION] = 849821F8 -> hook not defined

\FileSystem\ntfs[iRP_MJ_SET_VOLUME_INFORMATION] = 849821F8 -> hook not defined

\FileSystem\ntfs[iRP_MJ_DIRECTORY_CONTROL] = 849821F8 -> hook not defined

\FileSystem\ntfs[iRP_MJ_FILE_SYSTEM_CONTROL] = 849821F8 -> hook not defined

\FileSystem\ntfs[iRP_MJ_DEVICE_CONTROL] = 849821F8 -> hook not defined

\FileSystem\ntfs[iRP_MJ_LOCK_CONTROL] = 849821F8 -> hook not defined

\FileSystem\ntfs[iRP_MJ_QUERY_SECURITY] = 849821F8 -> hook not defined

\FileSystem\ntfs[iRP_MJ_SET_SECURITY] = 849821F8 -> hook not defined

\FileSystem\ntfs[iRP_MJ_PNP] = 849821F8 -> hook not defined

Checking - complete

2. Scanning memory

Number of processes found: 43

Analyzer: process under analysis is 144 C:\WINDOWS\System32\WLTRYSVC.EXE

[ES]:Application has no visible windows

[ES]:Located in system folder

Analyzer: process under analysis is 416 C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

[ES]:Contains network functionality

[ES]:Application has no visible windows

[ES]:Loads RASAPI DLL - may use dialing ?

Analyzer: process under analysis is 604 C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

[ES]:Application has no visible windows

[ES]:Registered in autoruns !!

Analyzer: process under analysis is 616 C:\Arquivos de programas\Java\jre6\bin\jusched.exe

[ES]:Contains network functionality

[ES]:Application has no visible windows

[ES]:Registered in autoruns !!

Analyzer: process under analysis is 624 C:\WINDOWS\stsystra.exe

[ES]:Application has no visible windows

[ES]:Located in system folder

[ES]:Registered in autoruns !!

Analyzer: process under analysis is 640 C:\WINDOWS\stsystra.exe

[ES]:Application has no visible windows

[ES]:Located in system folder

[ES]:Registered in autoruns !!

Analyzer: process under analysis is 740 C:\Arquivos de programas\Oi Velox\Manager\desp2k.exe

[ES]:Contains network functionality

[ES]:Application has no visible windows

[ES]:Registered in autoruns !!

[ES]:Loads RASAPI DLL - may use dialing ?

Analyzer: process under analysis is 888 C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

[ES]:Contains network functionality

[ES]:Application has no visible windows

[ES]:Registered in autoruns !!

Analyzer: process under analysis is 1492 C:\Documents and Settings\Dênio\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

[ES]:Contains network functionality

[ES]:Application has no visible windows

[ES]:Registered in autoruns !!

Analyzer: process under analysis is 668 C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

[ES]:Contains network functionality

[ES]:Application has no visible windows

Analyzer: process under analysis is 748 C:\WINDOWS\system32\cmpe.exe

[ES]:Application has no visible windows

[ES]:Located in system folder

Analyzer: process under analysis is 124 C:\Arquivos de programas\Java\jre6\bin\jqs.exe

[ES]:Contains network functionality

[ES]:Listens on TCP ports !

[ES]:Application has no visible windows

[ES]:Loads RASAPI DLL - may use dialing ?

Analyzer: process under analysis is 2824 C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

[ES]:Contains network functionality

[ES]:Application has no visible windows

Number of modules loaded: 515

Scanning memory - complete

3. Scanning disks

C:\Documents and Settings\Dênio\Meus documentos\Dênio\Jogos\Tony2\Tony2\THAWK2.BAK - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\Documents and Settings\Dênio\Meus documentos\Dênio\Jogos\Tony2\Tony2\THAWK2.BAK)

C:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\format.com - PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

File quarantined succesfully (C:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\format.com)

C:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\more.com - PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

File quarantined succesfully (C:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\more.com)

C:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\tree.com - PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

File quarantined succesfully (C:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\tree.com)

Direct reading C:\WINDOWS\system32\drivers\sptd.sys

C:\WINDOWS\WinLogT.exe >>> suspicion for Trojan.Win32.StartPage.auv ( 0804FD83 037817B3 0020911F 0023E175 379392)

File quarantined succesfully (C:\WINDOWS\WinLogT.exe)

4. Checking Winsock Layered Service Provider (SPI/LSP)

LSP settings checked. No errors detected

5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)

C:\Arquivos de programas\Dell\QuickSet\dadkeyb.dll --> Suspicion for Keylogger or Trojan DLL

C:\Arquivos de programas\Dell\QuickSet\dadkeyb.dll>>> Behavioural analysis

1. Reacts to events: keyboard

2. Determines PID of current process

C:\Arquivos de programas\Dell\QuickSet\dadkeyb.dll>>> Neural net: file with probability 96.85% like a typical keyboard/mouse events interceptor

File quarantined succesfully (C:\Arquivos de programas\Dell\QuickSet\dadkeyb.dll)

Note: Do NOT delete suspicious files, send them for analysis (see FAQ for more details), because there are lots of useful hooking DLLs

6. Searching for opened TCP/UDP ports used by malicious programs

Checking disabled by user

7. Heuristic system check

Checking - complete

8. Searching for vulnerabilities

>> Services: potentially dangerous service allowed: RemoteRegistry (Registro remoto)

>> Services: potentially dangerous service allowed: TermService (Serviços de terminal)

>> Services: potentially dangerous service allowed: SSDPSRV (Serviço de descoberta SSDP)

>> Services: potentially dangerous service allowed: Schedule (Agendador de tarefas)

>> Services: potentially dangerous service allowed: mnmsrvc (Compartilhamento remoto da área de trabalho do NetMeeting)

>> Services: potentially dangerous service allowed: RDSessMgr (Gerenciador de sessão de ajuda de área de trabalho remota)

> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!

>> Security: disk drives' autorun is enabled

>> Security: administrative shares (C$, D$ ...) are enabled

>> Security: anonymous user access is enabled

>> Security: sending Remote Assistant queries is enabled

Checking - complete

9. Troubleshooting wizard

>> HDD autorun are allowed

>> Autorun from network drives are allowed

>> Removable media autorun are allowed

Checking - complete

Files scanned: 87927, extracted from archives: 51163, malicious software found 0, suspicions - 1

Scanning finished at 24/12/2008 12:10:39

Time of scanning: 00:40:27

If you have a suspicion on presence of viruses or questions on the suspected objects,

you can address http://virusinfo.info conference

 

 

View:

 

spih.sys;4;Kernel-mode hook

C:\Documents and Settings\Dênio\Meus documentos\Dênio\Jogos\Tony2\Tony2\THAWK2.BAK;3;PE file with non-standard extension(dangerousness level is 5%)

C:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\format.com;3;PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

C:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\more.com;3;PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

C:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\tree.com;3;PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

C:\WINDOWS\WinLogT.exe;2;Suspicion for Trojan.Win32.StartPage.auv ( 0804FD83 037817B3 0020911F 0023E175 379392)

C:\Arquivos de programas\Dell\QuickSet\dadkeyb.dll;5;Suspicion for Keylogger or Trojan DLL

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Bom Dia! RomanMG

 

<@> Abra o avz4 e clique em AVZGuard --> Enable AVZGuard --> OK.

<@> Clique em "File" --> "Custom scripts".

<@> Cole,no campo,em "Runing scripts",estas informações sob o QUOTE:

 

begin

SetAVZGuardStatus(True);

SearchRootkit(true, true);

QuarantineFile('C:\Documents and Settings\Dênio\Meus documentos\Dênio\Jogos\Tony2\Tony2\THAWK2.BAK','');

QuarantineFile('C:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\format.com','');

QuarantineFile('C:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\more.com','');

QuarantineFile('C:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\tree.com','');

QuarantineFile('C:\WINDOWS\WinLogT.exe','');

QuarantineFile('C:\Arquivos de programas\Dell\QuickSet\dadkeyb.dll','');

DeleteFile('C:\Arquivos de programas\Dell\QuickSet\dadkeyb.dll');

DeleteFile('C:\WINDOWS\WinLogT.exe');

DeleteFile('C:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\tree.com');

DeleteFile('C:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\more.com');

DeleteFile('C:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\format.com');

DeleteFile('C:\Documents and Settings\Dênio\Meus documentos\Dênio\Jogos\Tony2\Tony2\THAWK2.BAK');

BC_ImportDeletedList;

ExecuteSysClean;

BC_Activate;

RebootWindows(true);

end.

<@> Busque erros de scripts,clicando em "Check syntax" --> OK.

<@> Não havendo erros,clique em Run. <-- Aguarde!

<@> Para completar as remoções,o computador irá reiniciar.

<@> Volte ao menu AVZGuard,e clique em "Disable AVZGuard" --> OK.

<@> Faça um novo scan,com o avz4 e poste o relatório. ( avz_log.txt )

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

JackDenio    0

JackDenio
Postado

E aê Dig .... ta ai o avz_log:

 

AVZ Antiviral Toolkit log; AVZ version is 4.30

Scanning started at 27/12/2008 16:30:50

Database loaded: signatures - 202811, NN profile(s) - 2, microprograms of healing - 56, signature database released 26.12.2008 22:10

Heuristic microprograms loaded: 372

SPV microprograms loaded: 9

Digital signatures of system files loaded: 74370

Heuristic analyzer mode: Maximum heuristics level

Healing mode: enabled

Windows version: 5.1.2600, Service Pack 2 ; AVZ is launched with administrator rights

System Restore: enabled

1. Searching for Rootkits and programs intercepting API functions

1.1 Searching for user-mode API hooks

Analysis: kernel32.dll, export table found in section .text

Analysis: ntdll.dll, export table found in section .text

Analysis: user32.dll, export table found in section .text

Analysis: advapi32.dll, export table found in section .text

Analysis: ws2_32.dll, export table found in section .text

Analysis: wininet.dll, export table found in section .text

Analysis: rasapi32.dll, export table found in section .text

Analysis: urlmon.dll, export table found in section .text

Analysis: netapi32.dll, export table found in section .text

1.2 Searching for kernel-mode API hooks

Driver loaded successfully

SDT found (RVA=07BDA0)

Kernel ntkrnlpa.exe found in memory at address 804D7000

SDT = 80552DA0

KiST = 80501B5C (284)

Function NtCreateKey (29) intercepted (80619E54->F73040E0), hook spew.sys

Function NtCreateThread (35) intercepted (805C6D28->F7BEB544), hook not defined

Function NtEnumerateKey (47) intercepted (8061A694->F7322CA2), hook spew.sys

Function NtEnumerateValueKey (49) intercepted (8061A8FE->F7323030), hook spew.sys

Function NtOpenKey (77) intercepted (8061B1EA->F73040C0), hook spew.sys

Function NtOpenProcess (7A) intercepted (805C0DD0->F7BEB530), hook not defined

Function NtOpenThread (80) intercepted (805C105C->F7BEB535), hook not defined

Function NtQueryKey (A0) intercepted (8061B50E->F7323108), hook spew.sys

Function NtQueryValueKey (B1) intercepted (80617F0E->F7322F88), hook spew.sys

Function NtSetValueKey (F7) intercepted (80618514->F732319A), hook spew.sys

Function NtTerminateProcess (101) intercepted (805C8720->F7BEB53F), hook not defined

Function NtWriteVirtualMemory (115) intercepted (805A9474->F7BEB53A), hook not defined

Functions checked: 284, intercepted: 12, restored: 0

1.3 Checking IDT and SYSENTER

Analysis for CPU 1

Checking IDT and SYSENTER - complete

1.4 Searching for masking processes and drivers

Checking not performed: extended monitoring driver (AVZPM) is not installed

Driver loaded successfully

1.5 Checking of IRP handlers

\FileSystem\ntfs[iRP_MJ_CREATE] = 849821F8 -> hook not defined

\FileSystem\ntfs[iRP_MJ_CLOSE] = 849821F8 -> hook not defined

\FileSystem\ntfs[iRP_MJ_WRITE] = 849821F8 -> hook not defined

\FileSystem\ntfs[iRP_MJ_QUERY_INFORMATION] = 849821F8 -> hook not defined

\FileSystem\ntfs[iRP_MJ_SET_INFORMATION] = 849821F8 -> hook not defined

\FileSystem\ntfs[iRP_MJ_QUERY_EA] = 849821F8 -> hook not defined

\FileSystem\ntfs[iRP_MJ_SET_EA] = 849821F8 -> hook not defined

\FileSystem\ntfs[iRP_MJ_QUERY_VOLUME_INFORMATION] = 849821F8 -> hook not defined

\FileSystem\ntfs[iRP_MJ_SET_VOLUME_INFORMATION] = 849821F8 -> hook not defined

\FileSystem\ntfs[iRP_MJ_DIRECTORY_CONTROL] = 849821F8 -> hook not defined

\FileSystem\ntfs[iRP_MJ_FILE_SYSTEM_CONTROL] = 849821F8 -> hook not defined

\FileSystem\ntfs[iRP_MJ_DEVICE_CONTROL] = 849821F8 -> hook not defined

\FileSystem\ntfs[iRP_MJ_LOCK_CONTROL] = 849821F8 -> hook not defined

\FileSystem\ntfs[iRP_MJ_QUERY_SECURITY] = 849821F8 -> hook not defined

\FileSystem\ntfs[iRP_MJ_SET_SECURITY] = 849821F8 -> hook not defined

\FileSystem\ntfs[iRP_MJ_PNP] = 849821F8 -> hook not defined

Checking - complete

2. Scanning memory

Number of processes found: 44

Analyzer: process under analysis is 1812 C:\WINDOWS\System32\WLTRYSVC.EXE

[ES]:Possible Malware, neural rate = 5000

[ES]:Application has no visible windows

[ES]:Located in system folder

Analyzer: process under analysis is 216 C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

[ES]:Possible Malware, neural rate = 5000

[ES]:Contains network functionality

[ES]:Application has no visible windows

[ES]:Loads RASAPI DLL - may use dialing ?

Analyzer: process under analysis is 376 C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

[ES]:Possible Malware, neural rate = 5000

[ES]:Application has no visible windows

[ES]:Registered in autoruns !!

Analyzer: process under analysis is 388 C:\Arquivos de programas\Java\jre6\bin\jusched.exe

[ES]:Possible Malware, neural rate = 5000

[ES]:Contains network functionality

[ES]:Application has no visible windows

[ES]:Registered in autoruns !!

Analyzer: process under analysis is 396 C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

[ES]:Possible Malware, neural rate = 5000

[ES]:Contains network functionality

[ES]:Application has no visible windows

Analyzer: process under analysis is 428 C:\WINDOWS\stsystra.exe

[ES]:Possible Malware, neural rate = 5000

[ES]:Application has no visible windows

[ES]:Located in system folder

[ES]:Registered in autoruns !!

Analyzer: process under analysis is 476 C:\WINDOWS\system32\cmpe.exe

[ES]:Possible Malware, neural rate = 5000

[ES]:Application has no visible windows

[ES]:Located in system folder

Analyzer: process under analysis is 484 C:\WINDOWS\stsystra.exe

[ES]:Possible Malware, neural rate = 5000

[ES]:Application has no visible windows

[ES]:Located in system folder

[ES]:Registered in autoruns !!

Analyzer: process under analysis is 728 C:\Arquivos de programas\Java\jre6\bin\jqs.exe

[ES]:Possible Malware, neural rate = 5000

[ES]:Contains network functionality

[ES]:Listens on TCP ports !

[ES]:Application has no visible windows

[ES]:Loads RASAPI DLL - may use dialing ?

Analyzer: process under analysis is 804 C:\Arquivos de programas\Oi Velox\Manager\desp2k.exe

[ES]:Possible Malware, neural rate = 5000

[ES]:Contains network functionality

[ES]:Application has no visible windows

[ES]:Registered in autoruns !!

[ES]:Loads RASAPI DLL - may use dialing ?

Analyzer: process under analysis is 1184 C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

[ES]:Possible Malware, neural rate = 5000

[ES]:Contains network functionality

[ES]:Application has no visible windows

[ES]:Registered in autoruns !!

Analyzer: process under analysis is 1524 C:\Documents and Settings\Dênio\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

[ES]:Possible Malware, neural rate = 5000

[ES]:Contains network functionality

[ES]:Application has no visible windows

[ES]:Registered in autoruns !!

Analyzer: process under analysis is 2904 C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

[ES]:Possible Malware, neural rate = 5000

[ES]:Contains network functionality

[ES]:Application has no visible windows

Number of modules loaded: 519

Scanning memory - complete

3. Scanning disks

Direct reading C:\Documents and Settings\Dênio\Configurações locais\Dados de aplicativos\Ahead\Nero Home\bl.db

Direct reading C:\Documents and Settings\Dênio\Configurações locais\Dados de aplicativos\Ahead\Nero Home\is2.db

Direct reading C:\Documents and Settings\Dênio\Configurações locais\Dados de aplicativos\ATI\ACE\Log\MOM-0.log

Direct reading C:\Documents and Settings\Dênio\Configurações locais\Dados de aplicativos\Microsoft\Feeds Cache\index.dat

Direct reading C:\Documents and Settings\Dênio\Configurações locais\Dados de aplicativos\Microsoft\Messenger\zumbilly@arcannos.net\SharingMetadata\Logs\Dfsr00005.log

Direct reading C:\Documents and Settings\Dênio\Configurações locais\Dados de aplicativos\Microsoft\Messenger\zumbilly@arcannos.net\SharingMetadata\Working\database_82EC_50F8_EC50_E7C5\dfsr.db

Direct reading C:\Documents and Settings\Dênio\Configurações locais\Dados de aplicativos\Microsoft\Messenger\zumbilly@arcannos.net\SharingMetadata\Working\database_82EC_50F8_EC50_E7C5\fsr.log

Direct reading C:\Documents and Settings\Dênio\Configurações locais\Dados de aplicativos\Microsoft\Messenger\zumbilly@arcannos.net\SharingMetadata\Working\database_82EC_50F8_EC50_E7C5\fsrtmp.log

Direct reading C:\Documents and Settings\Dênio\Configurações locais\Dados de aplicativos\Microsoft\Messenger\zumbilly@arcannos.net\SharingMetadata\Working\database_82EC_50F8_EC50_E7C5\tmp.edb

Direct reading C:\Documents and Settings\Dênio\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat

C:\Documents and Settings\Dênio\Configurações locais\Dados de aplicativos\Microsoft\Windows Live Contacts\denimarmita@hotmail.com\real\contactcoll.cache >>> suspicion for Trojan-PSW.Win32.OnLineGames.msm ( 0F160E69 0EC65D67 002889DB 0026A3B7 11776)

File quarantined succesfully (C:\Documents and Settings\Dênio\Configurações locais\Dados de aplicativos\Microsoft\Windows Live Contacts\denimarmita@hotmail.com\real\contactcoll.cache)

Direct reading C:\Documents and Settings\Dênio\Configurações locais\Dados de aplicativos\Microsoft\Windows Live Contacts\zumbilly@arcannos.net\real\members.stg

Direct reading C:\Documents and Settings\Dênio\Configurações locais\Dados de aplicativos\Microsoft\Windows Live Contacts\zumbilly@arcannos.net\shadow\members.stg

Direct reading C:\Documents and Settings\Dênio\Configurações locais\Histórico\History.IE5\index.dat

Direct reading C:\Documents and Settings\Dênio\Configurações locais\Histórico\History.IE5\MSHist012008122720081228\index.dat

Direct reading C:\Documents and Settings\Dênio\Configurações locais\Temp\~DFA0D7.tmp

Direct reading C:\Documents and Settings\Dênio\Configurações locais\Temp\~DFB087.tmp

Direct reading C:\Documents and Settings\Dênio\Configurações locais\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat

Direct reading C:\Documents and Settings\Dênio\Configurações locais\Temporary Internet Files\Content.IE5\index.dat

Direct reading C:\Documents and Settings\Dênio\Cookies\index.dat

Direct reading C:\Documents and Settings\Dênio\NTUSER.DAT

Direct reading C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat

Direct reading C:\Documents and Settings\LocalService\Configurações locais\Histórico\History.IE5\index.dat

Direct reading C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\index.dat

Direct reading C:\Documents and Settings\LocalService\Cookies\index.dat

Direct reading C:\Documents and Settings\LocalService\NTUSER.DAT

Direct reading C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat

Direct reading C:\Documents and Settings\NetworkService\Configurações locais\Histórico\History.IE5\index.dat

Direct reading C:\Documents and Settings\NetworkService\Configurações locais\Temporary Internet Files\Content.IE5\index.dat

Direct reading C:\Documents and Settings\NetworkService\Cookies\index.dat

Direct reading C:\Documents and Settings\NetworkService\NTUSER.DAT

C:\System Volume Information\_restore{99C5DBA6-B80C-44FD-A39F-37E9E6C913BA}\RP131\A0025204.exe >>> suspicion for Trojan.Win32.StartPage.auv ( 0804FD83 037817B3 0020911F 0023E175 379392)

File quarantined succesfully (C:\System Volume Information\_restore{99C5DBA6-B80C-44FD-A39F-37E9E6C913BA}\RP131\A0025204.exe)

Direct reading C:\System Volume Information\_restore{99C5DBA6-B80C-44FD-A39F-37E9E6C913BA}\RP131\change.log

Direct reading C:\WINDOWS\SchedLgU.Txt

Direct reading C:\WINDOWS\SoftwareDistribution\ReportingEvents.log

Direct reading C:\WINDOWS\system32\CatRoot2\edb.log

Direct reading C:\WINDOWS\system32\CatRoot2\tmp.edb

Direct reading C:\WINDOWS\system32\config\ACEEvent.evt

Direct reading C:\WINDOWS\system32\config\AppEvent.Evt

Direct reading C:\WINDOWS\system32\config\default

Direct reading C:\WINDOWS\system32\config\Internet.evt

Direct reading C:\WINDOWS\system32\config\SAM

Direct reading C:\WINDOWS\system32\config\SecEvent.Evt

Direct reading C:\WINDOWS\system32\config\SECURITY

Direct reading C:\WINDOWS\system32\config\SysEvent.Evt

Direct reading C:\WINDOWS\system32\config\system

Direct reading C:\WINDOWS\system32\config\system.LOG

Direct reading C:\WINDOWS\system32\drivers\sptd.sys

Direct reading C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR

Direct reading C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP

Direct reading C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP

Direct reading C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA

Direct reading C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP

Direct reading C:\WINDOWS\Temp\Perflib_Perfdata_2d8.dat

Direct reading C:\WINDOWS\WindowsUpdate.log

4. Checking Winsock Layered Service Provider (SPI/LSP)

LSP settings checked. No errors detected

5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)

6. Searching for opened TCP/UDP ports used by malicious programs

Checking disabled by user

7. Heuristic system check

Checking - complete

8. Searching for vulnerabilities

>> Services: potentially dangerous service allowed: RemoteRegistry (Registro remoto)

>> Services: potentially dangerous service allowed: TermService (Serviços de terminal)

>> Services: potentially dangerous service allowed: SSDPSRV (Serviço de descoberta SSDP)

>> Services: potentially dangerous service allowed: Schedule (Agendador de tarefas)

>> Services: potentially dangerous service allowed: mnmsrvc (Compartilhamento remoto da área de trabalho do NetMeeting)

>> Services: potentially dangerous service allowed: RDSessMgr (Gerenciador de sessão de ajuda de área de trabalho remota)

> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!

>> Security: disk drives' autorun is enabled

>> Security: administrative shares (C$, D$ ...) are enabled

>> Security: anonymous user access is enabled

>> Security: sending Remote Assistant queries is enabled

Checking - complete

9. Troubleshooting wizard

>> HDD autorun are allowed

>> Autorun from network drives are allowed

>> Removable media autorun are allowed

Checking - complete

Files scanned: 211051, extracted from archives: 106375, malicious software found 0, suspicions - 2

Scanning finished at 27/12/2008 18:01:23

Time of scanning: 01:30:34

If you have a suspicion on presence of viruses or questions on the suspected objects,

you can address http://virusinfo.info conference

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Noite! RomanMG

 

<@> Abra o avz4 --> Clique em File --> 'Quarantine' Folder Viewer.

 

C:\System Volume Information\_restore{99C5DBA6-B80C-44FD-A39F-37E9E6C913BA}\RP131\A0025204.exe

 

C:\Documents and Settings\Dênio\Configurações locais\Dados de aplicativos\Microsoft\Windows Live Contacts\denimarmita@hotmail.com\real\contactcoll.cache

<@> Marque,àcima,as caixinhas destes ficheiros.

<@> Clique em Delete. ( Fica no topo! )

---------------------------

<@> Abra o HijackThis --> Clique: Do a system scan only

 

O4 - HKLM\..\Run: [scanRegistry] C:\W

<@> Marque,ácima,esta entrada! --> Clique em Fix checked.

---------------------------

<@> Baixe: < CCleaner >

<@> Salve-o no Desktop!

<@> Com a opção < Limpador >,já selecionada,clique em Analisar. --> Aguarde o progresso!

<@> Terminando,clique em Executar Cleaner.

<@> Na janela que surgir,dê o Ok. --> Aguarde o progresso!

<@> Selecionando a opção Registro,clique em Procurar erros.

<@> Terminando,clique em Corrigir erros selecionados...

<@> Na pergunta,clique em Sim!

<@> Nomeie os backups e clique em Salvar.

<@> Por alguns dias,estando tudo Ok,poderá deletar esse arquivo de backup. ( .reg )

<@> Na janela que aparecer,clique em: "Corrigir todos os erros selecionados"

<@> Clique em Ok --> Fechar.

<@> Para maiores detalhes,leia o Tutorial: < Link >

--------------------------

<!> Poste: HijackThis,atualizado.

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

JackDenio    0

JackDenio
Postado

HJT:

 

Logfile of HijackThis v1.99.1

Scan saved at 13:45:29, on 29/12/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\Arquivos de programas\Dell\QuickSet\quickset.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\WINDOWS\stsystra.exe

C:\WINDOWS\stsystra.exe

C:\Arquivos de programas\Oi Velox\Manager\desp2k.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe

C:\Documents and Settings\Dênio\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\system32\cmpe.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Windows Media Player\wmplayer.exe

C:\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.speedy.com.ar/

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Arquivos de programas\DAEMON Tools Toolbar\DTToolbar.dll

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe

O4 - HKLM\..\Run: [Dell QuickSet] C:\Arquivos de programas\Dell\QuickSet\quickset.exe

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [desp2k] C:\Arquivos de programas\Oi Velox\Manager\desp2k.exe

O4 - HKCU\..\Run: [startCCC] C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Dênio\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Arquivos de programas\Paltalk Messenger\Paltalk.exe (file missing)

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab

O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://download.gamedesire.com/g_bin/eng/boards_2_0_0_35.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1218723589484

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Context Manager Process Extension (cmpe) - LightComm - C:\WINDOWS\system32\cmpe.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

 

Edição :

 

Uma dúvida em relação a entrada:

 

C:\Documents and Settings\Dênio\Configurações locais\Dados de aplicativos\Microsoft\Windows Live Contacts\denimarmita@hotmail.com\real\contactcoll.cache

 

Eu não entendi, mais que ligação tem esse e-mail ai com o problema ?

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Bom Dia! RomanMG

 

Eu não entendi, mais que ligação tem esse e-mail ai com o problema ?

<!> Nenhuma ligação! Mas...como foi indicado uma suspeita,pelo avz4,de ser malware e não crítico ao sistema,achei melhor remove-lo. Dispensando-se,portanto,uma pesquisa mais acurada.

 

< suspicion for Trojan-PSW.Win32.OnLineGames.msm >

----------------------------

<!> O log está limpo!

<!> Tudo Ok?

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

JackDenio    0

JackDenio
Postado

Po tranquilo Dig, mais uma vez valeu a força ai, desculpa o atraso em postar .. ^^

Compartilhar este post

Link para o post
Compartilhar em outros sites

Mário Monteiro    179

Mário Monteiro
Postado

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Resolvidos (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito