Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

MJDCP

[Resolvido!] Wintems

Por , em Tópicos Resolvidos (Seguranca & Malwares)

Recommended Posts

MJDCP    0

MJDCP
Postado

Então, fui invadido por está praga e realmente n consigo elimina-lo. Impediu que eu usa-se os antivirus e muitos outros programas. Já tentei usar o Elibagla.exe mas diz sempre que preciso da versão mais recente. Onde eu a encontro, baixei a versaõ 12.39 mas n consigo achar outra mais recente. Usei tambem o Killbox mas n funcionou muito bem. O Ccleaner não abre de jeito nenhum. Tentei usar o Hijackthis mas quando clico no programa o computador encrava e n faz nada, por isso não vos posso disponibilizar um log do Hijackthis. Mas eu tenho um log do Malwarebites, se é que vos serve.

 

Malwarebytes' Anti-Malware 1.28

Versão do banco de dados: 1205

Windows 5.1.2600 Service Pack 3

 

10/4/2009 09:23:59

mbam-log-2009-04-10 (09-23-59).txt

 

Tipo de Verificação: Completa (A:\|C:\|D:\|E:\|G:\|)

Objetos verificados: 183033

Tempo decorrido: 1 hour(s), 28 minute(s), 48 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 0

Valores do Registro infectados: 1

Ítens do Registro infectados: 0

Pastas infectadas: 2

Arquivos infectados: 8

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

(Nenhum ítem malicioso foi detectado)

 

Valores do Registro infectados:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mule_st_key (Trojan.Agent) -> Delete on reboot.

 

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Pastas infectadas:

C:\WINDOWS\system32\drivers\down (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\SUDATI\Dados de aplicativos\m (Trojan.Agent) -> Delete on reboot.

 

Arquivos infectados:

C:\System Volume Information\_restore{61CF628A-3A85-4B4E-A25F-536D24CD70E1}\RP541\A0148796.sys (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\down\1252140.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\SUDATI\Dados de aplicativos\m\data.oct (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\SUDATI\Dados de aplicativos\m\list.oct (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\SUDATI\Dados de aplicativos\m\srvlist.oct (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\mdelk.exe (Trojan.Spammer) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\wintems.exe (Trojan.Spammer) -> Delete on reboot.

C:\Documents and Settings\SUDATI\Dados de aplicativos\m\flec006.exe (Trojan.Agent) -> Delete on reboot.

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Tarde! MJDCP

 

<@> Baixe: < FindyKill > ( ...par Chiquitine29 )

<@> Salve-a em Arquivos de Programas!

<@> Feche programas que estejam abertos.

<@> Desabilite a proteção residente de antivírus e antispywares.

<@> Ps: A detecção dessa ferramenta,por antivírus,é um falso positivo!

<@> Instale a ferramenta,e aceite todas as condições pedidas.

<@> Terminando;execute a ferramenta com um duplo-clique,em: C:\Arquivos de Programas\FindyKill\FindyKill.bat <--

<@> No prompt,aperte o C. --> Enter. <-- Opção de linguas!

<@> À seguir,aperte o 2. ( "Eliminar los ficheros infectados" )

<@> Aperte Enter --> O computador vai reiniciar,por duas vezes! --> Aguarde!

<@> Terminando,clique em uma área vazia do prompt! --> Aperte Enter.

<@> Abrir-se-à o Bloco de Notas,com o relatório: C:\FindyKill.txt <-- Rapport!

<><><><><><><><><><><>

<@> Baixe: < SPROCESS.EXE 2.6 >

<@> Salve-o no Desktop!

<@> Execute o programa com um duplo clique!

<@> Clique em Salir --> Ok.

<@> Poste o relatório,que estará em: C:\SProcLog.txt

<@> Ps: Esta ferramenta,de diagnóstico,é semelhante ao HijackThis...mas sem a opção de Fix. ( Pseudo! )

<><><><><><><><><><><>

<@> Poste,na sua resposta,o relatório: C:\SProcLog.txt

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

MJDCP    0

MJDCP
Postado

(10-4-2009 18:13:26)

SProces v3.4 ©2009 S.G.H. / Satinfo S.L.

-------------------------------------------

Sistema Operativo: Microsoft Windows XP (v5.1.2600) Service Pack 3

Parche MS08-067 (Servicio Servidor) Instalado.

Internet Explorer: (v8.0.6001.18241) beta 2

Nombre Equipo: PC

Nombre Usuario: SUDATI

 

Procesos Activos:

C:\WINDOWS\SYSTEM32\SMSS.EXE

C:\WINDOWS\SYSTEM32\WINLOGON.EXE

C:\WINDOWS\SYSTEM32\SERVICES.EXE

C:\WINDOWS\SYSTEM32\LSASS.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM32\SPOOLSV.EXE

C:\ARQUIVOS DE PROGRAMAS\JAVA\JRE1.6.0_07\BIN\JUSCHED.EXE

C:\ARQUIVOS DE PROGRAMAS\BONJOUR\MDNSRESPONDER.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\ARQUIVOS DE PROGRAMAS\JAVA\JRE6\BIN\JQS.EXE

C:\ARQUIVOS DE PROGRAMAS\LOGMEIN\X86\RAMAINT.EXE

C:\ARQUIVOS DE PROGRAMAS\ANALOG DEVICES\SOUNDMAX\SMTRAY.EXE

C:\ARQUIVOS DE PROGRAMAS\HP\HP SOFTWARE UPDATE\HPWUSCHD2.EXE

C:\ARQUIVOS DE PROGRAMAS\LOGMEIN\X86\LOGMEINSYSTRAY.EXE

C:\ARQUIVOS DE PROGRAMAS\ADOBE\READER 8.0\READER\READER_SL.EXE

C:\ARQUIVOS DE PROGRAMAS\WINAMP\WINAMPA.EXE

C:\ARQUIVOS DE PROGRAMAS\LOGMEIN\X86\LOGMEIN.EXE

C:\ARQUIVOS DE PROGRAMAS\LOGMEIN\X86\LMIGUARDIAN.EXE

C:\ARQUIVOS DE PROGRAMAS\LOGMEIN\X86\LMIGUARDIAN.EXE

C:\ARQUIVOS DE PROGRAMAS\RAMBOOSTER 2.0\RAMBOOSTER.EXE

C:\ARQUIVOS DE PROGRAMAS\ARQUIVOS COMUNS\MICROSOFT SHARED\VS7DEBUG\MDM.EXE

C:\WINDOWS\SYSTEM32\NVSVC32.EXE

C:\WINDOWS\SYSTEM32\HPZIPM12.EXE

C:\WINDOWS\SYSTEM32\PNKBSTRA.EXE

C:\ARQUIVOS DE PROGRAMAS\SISOFTWARE\SISOFTWARE SANDRA LITE XII.SP2C\RPCAGENTSRV.EXE

C:\ARQUIVOS DE PROGRAMAS\MICROSOFT\SEARCH ENHANCEMENT PACK\SEAPORT\SEAPORT.EXE

C:\ARQUIVOS DE PROGRAMAS\UNIBLUE\SPEEDUPMYPC 3\SPEEDUPMYPC.EXE

C:\ARQUIVOS DE PROGRAMAS\ANALOG DEVICES\SOUNDMAX\SMAGENT.EXE

C:\ARQUIVOS DE PROGRAMAS\UNIBLUE\REGISTRY BOOSTER\REGISTRYBOOSTER.EXE

C:\ARQUIVOS DE PROGRAMAS\ALCOHOL SOFT\ALCOHOL 120\STARWIND\STARWINDSERVICE.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\CTFMON.EXE

C:\ARQUIVOS DE PROGRAMAS\STARDOCK\OBJECTDOCK\OBJECTDOCK.EXE

C:\WINDOWS\SYSTEM32\WSCNTFY.EXE

C:\WINDOWS\SYSTEM32\WBEM\WMIAPSRV.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\WUAUCLT.EXE

C:\DOCUMENTS AND SETTINGS\SUDATI\DESKTOP\SPROCES.EXE

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll

R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\ARQUIV~1\Yahoo!\Companion\Installs\cpn\yt.dll

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\ARQUIV~1\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)

O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\ARQUIV~1\FlashGet\jccatch.dll

O2 - BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - (no file)

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\ARQUIV~1\FlashGet\fgiebar.dll

O3 - Toolbar: (no name) - {F2BADA0D-FD61-45EF-A994-64A073FD6613} - (no file)

O3 - Toolbar: (no name) - SITEguard - (no file)

O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\ARQUIV~1\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - (no file)

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [RamBooster] C:\Arquivos de programas\RamBooster 2.0\Rambooster.exe

O4 - HKCU\..\Run: [uniblue SpeedUpMyPC] C:\Arquivos de programas\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s

O4 - HKCU\..\Run: [uniblue Registry Booster] C:\Arquivos de programas\Uniblue\Registry Booster\RegistryBooster.exe /S

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\SUDATI\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [smapp] C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe"

O4 - Startup: desktop.ini

O4 - Startup: Stardock ObjectDock.lnk

O4 - Global Startup: desktop.ini

O8 - Extra context menu item: Download All by FlashGet - C:\Arquivos de programas\FlashGet\jc_all.htm

O8 - Extra context menu item: Download using FlashGet - C:\Arquivos de programas\FlashGet\jc_link.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - (no file)

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARQUIV~1\FlashGet\flashget.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_07) - http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) - http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Plug-in 1.6.0_05) - http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Plug-in 1.6.0_07) - http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab

O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} (Java Plug-in 1.6.0_11) - http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_07) - http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{CA238865-C00E-4C62-A784-517862F3A509}: NameServer = 192.168.1.1

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Information Retrieval\MSITSS.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\WEBCOM~1\10\OWC10.DLL

O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\WEBCOM~1\11\OWC11.DLL

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll

O20 - Winlogon Notify: DIMSNTFY - %SYSTEMROOT%\SYSTEM32\DIMSNTFY.DLL

O20 - Winlogon Notify: LMIINIT - LMIINIT.DLL

O20 - Winlogon Notify: WBSRV - C:\ARQUIVOS DE PROGRAMAS\STARDOCK\OBJECT DESKTOP\WINDOWBLINDS\WBSRV.DLL

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Pré-carregador Browseui - %SystemRoot%\system32\browseui.dll

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Daemon de cache de categorias de componente - %SystemRoot%\system32\browseui.dll

O22 - SharedTaskScheduler: {91316323-2ad5-4794-9589-52a2eaa60a68} - aposiopetic - (no file)

 

Información Adicional:

----------------------

 

Listado de Servicios (Carga Automatica):

----------------------------------------

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

**O23 - Service: Inicializador de Processo de Servidor DCOM (DcomLaunch) - Unknown owner - C:\WINDOWS\system32\svchost -k DcomLaunch (file missing)

O23 - Service: EAMON (eamon) - Unknown owner - C:\WINDOWS\SYSTEM32\DRIVERS\eamon.sys (file missing)

O23 - Service: ElbyCDIO Driver (ElbyCDIO) - Elaborate Bytes AG - C:\WINDOWS\SYSTEM32\Drivers\ElbyCDIO.sys

O23 - Service: epfw - Unknown owner - C:\WINDOWS\SYSTEM32\DRIVERS\epfw.sys (file missing)

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.con (file missing)

O23 - Service: LogMeIn Kernel Information Provider (LMIInfo) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaInfo.sys

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn Remote File System Driver (LMIRfsDriver) - LogMeIn, Inc. - C:\WINDOWS\system32\drivers\LMIRfsDriver.sys

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PStrip - Unknown owner - C:\WINDOWS\SYSTEM32\drivers\pstrip.sys (file missing)

**O23 - Service: Chamada de procedimento remoto (RPC) (RpcSs) - Unknown owner - C:\WINDOWS\system32\svchost -k rpcss (file missing)

O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Arquivos de programas\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe

O23 - Service: SeaPort - Microsoft Corp. - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

 

Listado de Servicios (Carga Manual):

------------------------------------

O23 - Service: aeaudio - Andrea Electronics Corporation - C:\WINDOWS\SYSTEM32\drivers\aeaudio.sys

**O23 - Service: Serviço administrativo do gerenciador de disco lógico (dmadmin) - Microsoft Corp., Veritas Software - C:\WINDOWS\System32\dmadmin.exe

O23 - Service: ElbyCDFL - SlySoft, Inc. - C:\WINDOWS\SYSTEM32\Drivers\ElbyCDFL.sys

O23 - Service: Eset Personal Firewall (Epfwndis) - Unknown owner - C:\WINDOWS\SYSTEM32\DRIVERS\Epfwndis.sys (file missing)

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Arquivos de programas\WildGames\Game Console - WildGames\GameConsoleService.exe

O23 - Service: Kaspersky Anti-Virus NDIS Filter (klim5) - Unknown owner - C:\WINDOWS\SYSTEM32\DRIVERS\klim5.sys (file missing)

O23 - Service: lmimirr - LogMeIn, Inc. - C:\WINDOWS\SYSTEM32\DRIVERS\lmimirr.sys

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: nocashio - Unknown owner - C:\WINDOWS\SYSTEM32\drivers\nocashio.sys

O23 - Service: nv - NVIDIA Corporation - C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys

O23 - Service: PciCon - Unknown owner - E:\PciCon.sys (file missing)

O23 - Service: Driver de link paralelo direto (Ptilink) - Parallel Technologies, Inc. - C:\WINDOWS\SYSTEM32\DRIVERS\ptilink.sys

O23 - Service: SANDRA - SiSoftware - C:\Arquivos de programas\SiSoftware\SiSoftware Sandra Lite XII.SP2c\WNt500x86\Sandra.sys

O23 - Service: Secdrv - Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. - C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys

O23 - Service: SiS PCI Fast Ethernet Adapter Driver (SISNIC) - SiS Corporation - C:\WINDOWS\SYSTEM32\DRIVERS\sisnic.sys

O23 - Service: SiS PCI Fast Ethernet Adapter Driver for NDIS51 (SISNICXP) - SiS Corporation - C:\WINDOWS\SYSTEM32\DRIVERS\sisnicxp.sys

O23 - Service: smwdm - Analog Devices, Inc. - C:\WINDOWS\SYSTEM32\drivers\smwdm.sys

*O23 - Service: Serviços de terminal (TermService) - Unknown owner - C:\WINDOWS\System32\svchost -k DComLaunch (file missing)

O23 - Service: TVICHW32 - EnTech Taiwan - C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS

 

Listado de Servicios (Deshabilitados):

--------------------------------------

**O23 - Service: dmboot - Microsoft Corp., Veritas Software - C:\WINDOWS\SYSTEM32\drivers\dmboot.sys

 

40 Servicios.

19 de Carga Automatica.

20 de Carga Manual.

1 Deshabilitados.

 

O arquivo SProcLog.txt como vç me pediu.

 

Parece-me que o problema foi resolvido, mas vou aguardar a sua resposta. Muito obrigado, tou á dias a tentar tirar esse virus.

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado
Parece-me que o problema foi resolvido, mas vou aguardar a sua resposta. Muito obrigado, tou á dias a tentar tirar esse virus.

<><><><><><><><><><><><>

Opa! MJDCP

 

<!> A ferramenta SProcess,não é de remoção/desinfecção e não poderia resolver seu problema. Creio que voçê está referindo-se ao Findykill.

<!> Mas...aonde está seu relatório?

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

MJDCP    0

MJDCP
Postado

Eu postei o arquivo SProcLog.txt. Mas vou postar o do Findykill também. Estava a me referir ao Findykill mesmo. Consegui instalar o Nod32 de novo antes n conseguia e o comp ta rapido de novo

 

 

############################## [ FindyKill V4.722 ]

 

 

############################## [ Active Processes ]

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\LogonUI.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\userinit.exe

C:\WINDOWS\Explorer.EXE

 

################## [ C:\WINDOWS # C:\WINDOWS\Prefetch ]

 

Deleted ! C:\WINDOWS\Prefetch\WINUPGRO.EXE-17681AA8.pf

 

################## [ C:\WINDOWS\System32... ]

 

Deleted ! C:\WINDOWS\system32\mdelk.exe

Deleted ! C:\WINDOWS\system32\wintems.exe

Deleted ! C:\WINDOWS\system32\ban_list.txt

 

################## [ C:\Users\...\AppData\Roaming ]

 

Deleted ! "C:\Documents and Settings\SUDATI\Dados de aplicativos\m\flec006.exe"

Deleted ! "C:\Documents and Settings\SUDATI\Dados de aplicativos\m\list.oct"

Deleted ! "C:\Documents and Settings\SUDATI\Dados de aplicativos\m\data.oct"

Deleted ! "C:\Documents and Settings\SUDATI\Dados de aplicativos\m\srvlist.oct"

Deleted ! "C:\Documents and Settings\SUDATI\Dados de aplicativos\drivers\srosa2.sys"

Deleted ! "C:\Documents and Settings\SUDATI\Dados de aplicativos\drivers\wfsintwq.sys"

Deleted ! "C:\Documents and Settings\SUDATI\Dados de aplicativos\drivers\winupgro.exe"

Deleted ! "C:\Documents and Settings\SUDATI\Dados de aplicativos\m\shared"

Deleted ! "C:\Documents and Settings\SUDATI\Dados de aplicativos\m"

Deleted ! "C:\Documents and Settings\SUDATI\Dados de aplicativos\drivers\downld"

Deleted ! "C:\Documents and Settings\SUDATI\Dados de aplicativos\drivers"

 

################## [ Cleaning .. Temp Files... ]

 

 

################## [ Registry / Infected keys ]

 

Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa

Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA

Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sK9Ou0s

Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S

Deleted ! HKEY_CURRENT_USER\Software\bisoft

Deleted ! HKEY_CURRENT_USER\Software\DateTime4

Deleted ! HKEY_CURRENT_USER\Software\FirtR

Deleted ! HKEY_USERS\S-1-5-21-1715567821-1004336348-682003330-1003\Software\FFC

Deleted ! HKEY_USERS\S-1-5-21-1715567821-1004336348-682003330-1003\Software\MuleAppData

Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"drvsyskit"

Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"german.exe"

Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"mule_st_key"

 

################## [ Cleaning Removable drives ]

 

# Deleting Files :

 

Deleted ! "C:\Avenger"

Not deleted ! "G:\autorun.inf"

 

################## [ Registry / Mountpoint2 ]

 

# -> Not found !

 

################## [ States / Restarting of services ]

 

# Services : [ Auto=2 / Request=3 / Disable=4 ]

 

# Ndisuio -> # Type of startup =3

# EapHost -> # Type of startup =2

# Ip6Fw -> # Type of startup =2

# SharedAccess -> # Type of startup =2

# wuauserv -> # Type of startup =2

# wscsvc -> # Type of startup =2

# Safe boot mode restored !

 

################## [ Searching Other Infections ]

 

# Références de comparaison Bagle MD5 :

 

File ... : C:\Documents and Settings\SUDATI\Dados de aplicativos\drivers\winupgro.exe

CRC32 .. : 2054650f

MD5 .... : 91cf47e7fb1c4e357982a7140162e09f

 

Deleted ! : C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

# Taille : 868352 # MD5 : 91CF47E7FB1C4E357982A7140162E09F

 

 

################## [ Corrupted files # Re-Installation required ]

 

C:\Arquivos de programas\IObit\Advanced WindowsCare V2\AutoUpdate.exe

C:\Arquivos de programas\Mozilla Firefox\uninstall\helper.exe

C:\Arquivos de programas\Mozilla Firefox 3 Beta 2\uninstall\helper.exe

C:\Arquivos de programas\Sophos\Sophos Anti-Rootkit\helper.exe

C:\Hijack\HiJackThis.exe

C:\WINDOWS\$hf_mig$\KB873339\update\update.exe

C:\WINDOWS\$hf_mig$\KB885835\update\update.exe

C:\WINDOWS\$hf_mig$\KB885836\update\update.exe

C:\WINDOWS\$hf_mig$\KB886185\update\update.exe

C:\WINDOWS\$hf_mig$\KB887472\update\update.exe

C:\WINDOWS\$hf_mig$\KB888302\update\update.exe

C:\WINDOWS\$hf_mig$\KB890046\update\update.exe

C:\WINDOWS\$hf_mig$\KB890859\update\update.exe

C:\WINDOWS\$hf_mig$\KB891781\update\update.exe

C:\WINDOWS\$hf_mig$\KB893756\update\update.exe

C:\WINDOWS\$hf_mig$\KB894391\update\update.exe

C:\WINDOWS\$hf_mig$\KB896358\update\update.exe

C:\WINDOWS\$hf_mig$\KB896423\update\update.exe

C:\WINDOWS\$hf_mig$\KB896428\update\update.exe

C:\WINDOWS\$hf_mig$\KB898461\update\update.exe

C:\WINDOWS\$hf_mig$\KB899587\update\update.exe

C:\WINDOWS\$hf_mig$\KB899591\update\update.exe

C:\WINDOWS\$hf_mig$\KB900485\update\update.exe

C:\WINDOWS\$hf_mig$\KB900725\update\update.exe

C:\WINDOWS\$hf_mig$\KB901017\update\update.exe

C:\WINDOWS\$hf_mig$\KB901214\update\update.exe

C:\WINDOWS\$hf_mig$\KB902400\update\update.exe

C:\WINDOWS\$hf_mig$\KB905414\update\update.exe

C:\WINDOWS\$hf_mig$\KB905749\update\update.exe

C:\WINDOWS\$hf_mig$\KB908519\update\update.exe

C:\WINDOWS\$hf_mig$\KB908531\update\update.exe

C:\WINDOWS\$hf_mig$\KB910437\update\update.exe

C:\WINDOWS\$hf_mig$\KB911280\update\update.exe

C:\WINDOWS\$hf_mig$\KB911562\update\update.exe

C:\WINDOWS\$hf_mig$\KB911927\update\update.exe

C:\WINDOWS\$hf_mig$\KB913580\update\update.exe

C:\WINDOWS\$hf_mig$\KB914388\update\update.exe

C:\WINDOWS\$hf_mig$\KB914389\update\update.exe

C:\WINDOWS\$hf_mig$\KB916595\update\update.exe

C:\WINDOWS\$hf_mig$\KB917344\update\update.exe

C:\WINDOWS\$hf_mig$\KB918118\update\update.exe

C:\WINDOWS\$hf_mig$\KB918439\update\update.exe

C:\WINDOWS\$hf_mig$\KB919007\update\update.exe

C:\WINDOWS\$hf_mig$\KB920213\update\update.exe

C:\WINDOWS\$hf_mig$\KB920670\update\update.exe

C:\WINDOWS\$hf_mig$\KB920683\update\update.exe

C:\WINDOWS\$hf_mig$\KB920685\update\update.exe

C:\WINDOWS\$hf_mig$\KB920872\update\update.exe

C:\WINDOWS\$hf_mig$\KB921503\update\update.exe

C:\WINDOWS\$hf_mig$\KB922582\update\update.exe

C:\WINDOWS\$hf_mig$\KB922819\update\update.exe

C:\WINDOWS\$hf_mig$\KB923414\update\update.exe

C:\WINDOWS\$hf_mig$\KB923980\update\update.exe

C:\WINDOWS\$hf_mig$\KB924270\update\update.exe

C:\WINDOWS\$hf_mig$\KB924496\update\update.exe

C:\WINDOWS\$hf_mig$\KB925902\update\update.exe

C:\WINDOWS\$hf_mig$\KB926255\update\update.exe

C:\WINDOWS\$hf_mig$\KB926436\update\update.exe

C:\WINDOWS\$hf_mig$\KB927779\update\update.exe

C:\WINDOWS\$hf_mig$\KB927802\update\update.exe

C:\WINDOWS\$hf_mig$\KB927891\update\update.exe

C:\WINDOWS\$hf_mig$\KB928255\update\update.exe

C:\WINDOWS\$hf_mig$\KB928843\update\update.exe

C:\WINDOWS\$hf_mig$\KB929123\update\update.exe

C:\WINDOWS\$hf_mig$\KB930178\update\update.exe

C:\WINDOWS\$hf_mig$\KB930916\update\update.exe

C:\WINDOWS\$hf_mig$\KB931261\update\update.exe

C:\WINDOWS\$hf_mig$\KB931784\update\update.exe

C:\WINDOWS\$hf_mig$\KB932168\update\update.exe

C:\WINDOWS\$hf_mig$\KB933729\update\update.exe

C:\WINDOWS\$hf_mig$\KB935839\update\update.exe

C:\WINDOWS\$hf_mig$\KB935840\update\update.exe

C:\WINDOWS\$hf_mig$\KB936021\update\update.exe

C:\WINDOWS\$hf_mig$\KB936357\update\update.exe

C:\WINDOWS\$hf_mig$\KB937894\update\update.exe

C:\WINDOWS\$hf_mig$\KB938127\update\update.exe

C:\WINDOWS\$hf_mig$\KB938464\update\update.exe

C:\WINDOWS\$hf_mig$\KB938828\update\update.exe

C:\WINDOWS\$hf_mig$\KB938829\update\update.exe

C:\WINDOWS\$hf_mig$\KB941202\update\update.exe

C:\WINDOWS\$hf_mig$\KB941568\update\update.exe

C:\WINDOWS\$hf_mig$\KB941644\update\update.exe

C:\WINDOWS\$hf_mig$\KB941693\update\update.exe

C:\WINDOWS\$hf_mig$\KB942615\update\update.exe

C:\WINDOWS\$hf_mig$\KB942763\update\update.exe

C:\WINDOWS\$hf_mig$\KB942840\update\update.exe

C:\WINDOWS\$hf_mig$\KB943055\update\update.exe

C:\WINDOWS\$hf_mig$\KB943460\update\update.exe

C:\WINDOWS\$hf_mig$\KB943485\update\update.exe

C:\WINDOWS\$hf_mig$\KB944338\update\update.exe

C:\WINDOWS\$hf_mig$\KB944533\update\update.exe

C:\WINDOWS\$hf_mig$\KB944653\update\update.exe

C:\WINDOWS\$hf_mig$\KB945553\update\update.exe

C:\WINDOWS\$hf_mig$\KB946026\update\update.exe

C:\WINDOWS\$hf_mig$\KB946627\update\update.exe

C:\WINDOWS\$hf_mig$\KB946648\update\update.exe

C:\WINDOWS\$hf_mig$\KB947864\update\update.exe

C:\WINDOWS\$hf_mig$\KB948590\update\update.exe

C:\WINDOWS\$hf_mig$\KB948881\update\update.exe

C:\WINDOWS\$hf_mig$\KB950749\update\update.exe

C:\WINDOWS\$hf_mig$\KB950759\update\update.exe

C:\WINDOWS\$hf_mig$\KB950760\update\update.exe

C:\WINDOWS\$hf_mig$\KB950762\update\update.exe

C:\WINDOWS\$hf_mig$\KB950974\update\update.exe

C:\WINDOWS\$hf_mig$\KB951066\update\update.exe

C:\WINDOWS\$hf_mig$\KB951072-v2\update\update.exe

C:\WINDOWS\$hf_mig$\KB951376-v2\update\update.exe

C:\WINDOWS\$hf_mig$\KB951698\update\update.exe

C:\WINDOWS\$hf_mig$\KB951748\update\update.exe

C:\WINDOWS\$hf_mig$\KB951978\update\update.exe

C:\WINDOWS\$hf_mig$\KB952287\update\update.exe

C:\WINDOWS\$hf_mig$\KB952954\update\update.exe

C:\WINDOWS\$hf_mig$\KB953838\update\update.exe

C:\WINDOWS\$hf_mig$\KB953839\update\update.exe

C:\WINDOWS\$hf_mig$\KB954211\update\update.exe

C:\WINDOWS\$hf_mig$\KB954459\update\update.exe

C:\WINDOWS\$hf_mig$\KB955069\update\update.exe

C:\WINDOWS\$hf_mig$\KB956390\update\update.exe

C:\WINDOWS\$hf_mig$\KB956391\update\update.exe

C:\WINDOWS\$hf_mig$\KB956803\update\update.exe

C:\WINDOWS\$hf_mig$\KB956841\update\update.exe

C:\WINDOWS\$hf_mig$\KB957095\update\update.exe

C:\WINDOWS\$hf_mig$\KB957097\update\update.exe

C:\WINDOWS\$hf_mig$\KB958644\update\update.exe

C:\WINDOWS\$NtServicePackUninstall$\sysinfo.exe

C:\WINDOWS\ServicePackFiles\i386\sysinfo.exe

C:\WINDOWS\system32\dllcache\register.exe

D:\Arquivos de programas\netbeans-5.5.1\_uninst\uninstaller.exe

D:\Windows\ebd0dfa8a59ae607886231b5\update\update.exe

 

################## [ ! End of Report # FindyKill V4.722 ! ]

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Tarde! MJDCP

 

<!> Agora que está tudo Ok,execute o Nod32 na busca por malwares.

<><><><><><><><><><><>

<@> Estando tudo Ok,crie um ponto limpo na Restauração do Sistema.

<@> Clique com o direito do mouse,em cima de Meu Computador --> Propriedades --> Restauração do Sistema.

<@> Marque: Desativar Restauração do Sistema --> Aplicar --> Aguarde! --> Ok.

<@> Depois,desmarque novamente! --> Aplicar --> Aguarde! --> Ok.

<@> Para maiores detalhes,leia o Tutorial: < Link >

<><><><><><><><><><><>

<!> O log do SProcess v3.4 está limpo! :thumbsup:

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Resolvidos (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito