[Resolvido!] Vírus do Som

[Gamarano 0]

Há alguns dias, o meu computador começou a aparecer um sons que surgem rapidamente, param e logo em seguida voltam...

Tentei acompanhar um tópico que já tinha sido resolvido : http://forum.imasters.com.br/index.php?/topic/368010-virus-do-som/

Porém o Windows que uso, é o Windows 7, o qual apresentou imcompatibilidade com o ComboFix!

Preciso muito dessa ajuda, não aguento mais esse som...

 

Logfile of HijackThis v1.99.1

Scan saved at 01:20:43, on 05/11/2009

Platform: Unknown Windows (WinNT 6.01.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

 

Running processes:

C:\Program Files (x86)\Outlook Express\data\bin\Explorer.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Users\Guilherme\Desktop\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\K-Lite Codec Pack\Real\rpbrowserrecordplugin.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [sys] C:\Program Files (x86)\Outlook Express\data\bin\Explorer.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O11 - Options group: [iNTERNATIONAL] International

O13 - Gopher Prefix:

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)

[DigRam 144]

Bom Dia! Gamarano

 

<@> Faça um scan online em: < > <-- Link!

<@> Utilize para isso,o navegador Internet Explorer.

<@> Acesse o site,e clique em Verificação On-line Kaspersky.

<@> Na próxima página,clique em: I Accept

<@> Isto,para que se instale o controle ActiveX e,em seguida,atualize o banco de dados.

<@> Na próxima página,clique em: My Computer e faça o scan.

<@> Tenha paciência!

<@> Aguarde a atualização da base de dados,e também do exame,que é demorado.

<@> Terminando,salve e poste o relatório.

<@> Clique em Save Report As... para salvar o log. ( Kaspersky_Online_Scanner_7_Report.txt )

<@> Salve o resultado como .txt,segundo a imagem abaixo:

 

 

<@> Poste,também,HijackThis atualizado.

 

Abraços!

[Gamarano 0]

Vlw pelo apoio, DigRam...

Como pedido ai está o Hijackthis atualizado e o relatório.

 

 

Hijackthis:

 

Logfile of HijackThis v1.99.1

Scan saved at 17:43:00, on 08/11/2009

Platform: Unknown Windows (WinNT 6.01.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

 

Running processes:

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

C:\Program Files (x86)\Windows Media Player\wmplayer.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\SysWow64\Macromed\Flash\FlashUtil10c.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\PROGRA~2\Java\jre6\bin\jp2launcher.exe

C:\Program Files (x86)\Java\jre6\bin\java.exe

C:\Users\Guilherme\Desktop\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\K-Lite Codec Pack\Real\rpbrowserrecordplugin.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [sys] C:\Program Files (x86)\Outlook Express\data\bin\Explorer.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O11 - Options group: [iNTERNATIONAL] International

O13 - Gopher Prefix:

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)

 

Relatório do kaspersky:

 

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7.0: scan report

Sunday, November 8, 2009

Operating system: Microsoft (build 7600)

Kaspersky Online Scanner version: 7.0.26.13

Last database update: Sunday, November 08, 2009 16:36:11

Records in database: 3177034

--------------------------------------------------------------------------------

 

Scan settings:

scan using the following database: extended

Scan archives: yes

Scan e-mail databases: yes

 

Scan area - My Computer:

A:\

C:\

D:\

E:\

F:\

G:\

 

Scan statistics:

Objects scanned: 84981

Threats found: 0

Infected objects found: 0

Suspicious objects found: 0

Scan duration: 01:15:23

 

No threats found. Scanned area is clean.

 

Selected area has been scanned.

[DigRam 144]

Boa Noite! Gamarano

 

<@> Submeta este ficheiro,abaixo,à uma análise em: < VirSCAN.org >

 

<!> C:\Program Files (x86)\Outlook Express\data\bin\Explorer.exe <--

 

<@> Clique em "Enviar arquivo...".

<@> Localizado o ficheiro,em seu PC,clique em "Upload" --> Aguarde!

<@> Na mensagem,clique em: "Verificar novamente"

<@> Concluindo,copie e envie-nos o link ao relatório.

<@> Exemplo: Foi verificado o arquivo NodeRefresh.dll,cujo link ao relatório segue abaixo:

<@> Link: --> < >

 

Abraços!

[Gamarano 0]

DigRam, boa noite!

 

http://virscan.org/report/a87a54aa2c067177351a9ba9f181afc2.html

 

Submeti o ficheiro como você pediu, espero que eu tenha feito tudo corretamente...

Confira por favor e me indique um caminho!

Obrigado

[DigRam 144]

Bom Dia! Gamarano

 

<@> Abra o HijackThis,e dê Fix nesta entrada:

 

O4 - HKCU\..\Run: [sys] C:\Program Files (x86)\Outlook Express\data\bin\Explorer.exe

 

<@> Abra: Malwarebytes! --> Clique em Ferramentas.

<@> Clique em Executar ferramenta. <-- File Assassin!

<@> Na janela Open e Examinar,busque o arquivo em destaque:

 

<!> C:\Program Files (x86)\Outlook Express\data\bin\Explorer.exe

 

<@> Clique em Abrir.

<@> Na mensagem,clique em Sim! --> OK.

<><><><><><><><><><><>

<@> Baixe: < > ( ...by EmsiSoft )

<@> Salve-o em Arquivos de programas.

<@> Abra o programa e clique em: Atualizar agora --> Aguarde!

<@> Terminando,clique em: "Scan PC"

<@> Escolha a opção: "A fundo" --> Clique,à seguir,em "Analisar".

<@> Terminando,marque as caixinhas dos ítens encontrados e clique em "Enviar marcados à Quarentena".

<@> Salve e poste o relatório desta verificação. ( a2scan_xxyy09-xxxxxx.txt ) <--

<@> Poste,também,HijackThis atualizado.

 

Abraços!

[Gamarano 0]

Boa tarde, DigRam...

Estou enviando como pediu o relatório e o HijackThis atualizado

Obrigado novamente por toda ajuda e desculpe pela demora da minha resposta, estive ausente alguns dias

Me envie novas instruções, por favor.

 

----------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

a-squared Free - Versão 4.5

Última atualização 15/11/2009 11:39:18

 

Configurações da análise:

 

Scan type: deep

Objetos: Memória, Rastros, Cookies, C:\, D:\

Análise de arquivos: Ligado

Heurística: Desligado

Análise de ADS: Ligado

 

Início da análise: 15/11/2009 11:40:31

 

C:\Users\Guilherme\AppData\Roaming\Microsoft\Windows\Cookies\guilherme@atdmt[1].txt detectado: Trace.TrackingCookie.atdmt!A2

C:\Users\Guilherme\AppData\Roaming\Microsoft\Windows\Cookies\guilherme@atdmt[2].txt detectado: Trace.TrackingCookie.atdmt!A2

C:\Users\Guilherme\AppData\Roaming\Mozilla\Firefox\Profiles\ojr66rn1.default\cookies.sqlite:1256518085010000 detectado: Trace.TrackingCookie.doubleclick.net!A2

C:\Users\Guilherme\AppData\Roaming\Mozilla\Firefox\Profiles\ojr66rn1.default\cookies.sqlite:1256592598084002 detectado: Trace.TrackingCookie.ad.yieldmanager.com!A2

C:\Users\Guilherme\AppData\Roaming\Mozilla\Firefox\Profiles\ojr66rn1.default\cookies.sqlite:1256592598084003 detectado: Trace.TrackingCookie.ad.yieldmanager.com!A2

C:\Users\Guilherme\AppData\Roaming\Mozilla\Firefox\Profiles\ojr66rn1.default\cookies.sqlite:1256594427010002 detectado: Trace.TrackingCookie.searchportal.information.com!A2

C:\Users\Guilherme\AppData\Roaming\Mozilla\Firefox\Profiles\ojr66rn1.default\cookies.sqlite:1256594756235000 detectado: Trace.TrackingCookie.tribalfusion.com!A2

C:\Users\Guilherme\AppData\Roaming\Mozilla\Firefox\Profiles\ojr66rn1.default\cookies.sqlite:1256598337442000 detectado: Trace.TrackingCookie.ad.adnetwork.com.br!A2

C:\Users\Guilherme\AppData\Roaming\Mozilla\Firefox\Profiles\ojr66rn1.default\cookies.sqlite:1256598337442001 detectado: Trace.TrackingCookie.ad.adnetwork.com.br!A2

C:\Users\Guilherme\AppData\Roaming\Mozilla\Firefox\Profiles\ojr66rn1.default\cookies.sqlite:1256682551250000 detectado: Trace.TrackingCookie.m.webtrends.com!A2

C:\Users\Guilherme\AppData\Roaming\Mozilla\Firefox\Profiles\ojr66rn1.default\cookies.sqlite:1256776622270000 detectado: Trace.TrackingCookie.ad.adnetwork.com.br!A2

C:\Users\Guilherme\AppData\Roaming\Mozilla\Firefox\Profiles\ojr66rn1.default\cookies.sqlite:1257118655855000 detectado: Trace.TrackingCookie.www.ez-tracks.com!A2

C:\Users\Guilherme\AppData\Roaming\Mozilla\Firefox\Profiles\ojr66rn1.default\cookies.sqlite:1257118655855001 detectado: Trace.TrackingCookie.www.ez-tracks.com!A2

C:\Users\Guilherme\AppData\Roaming\Mozilla\Firefox\Profiles\ojr66rn1.default\cookies.sqlite:1257118655855002 detectado: Trace.TrackingCookie.www.ez-tracks.com!A2

C:\Users\Guilherme\AppData\Roaming\Mozilla\Firefox\Profiles\ojr66rn1.default\cookies.sqlite:1257133093095000 detectado: Trace.TrackingCookie.ad.yieldmanager.com!A2

C:\Users\Guilherme\AppData\Roaming\Mozilla\Firefox\Profiles\ojr66rn1.default\cookies.sqlite:1257267134203000 detectado: Trace.TrackingCookie.ad.adnetwork.com.br!A2

C:\Users\Guilherme\AppData\Roaming\Mozilla\Firefox\Profiles\ojr66rn1.default\cookies.sqlite:1257282683343000 detectado: Trace.TrackingCookie.ads.prisacom.com!A2

C:\Users\Guilherme\AppData\Roaming\Mozilla\Firefox\Profiles\ojr66rn1.default\cookies.sqlite:1257554258657000 detectado: Trace.TrackingCookie.ad.yieldmanager.com!A2

C:\Users\Guilherme\AppData\Roaming\Mozilla\Firefox\Profiles\ojr66rn1.default\cookies.sqlite:1257555391783000 detectado: Trace.TrackingCookie.www.googleadservices.com!A2

C:\Users\Guilherme\AppData\Roaming\Mozilla\Firefox\Profiles\ojr66rn1.default\cookies.sqlite:1257659780094000 detectado: Trace.TrackingCookie.ad.adnetwork.com.br!A2

C:\Users\Guilherme\AppData\Roaming\Mozilla\Firefox\Profiles\ojr66rn1.default\cookies.sqlite:1257717129643000 detectado: Trace.TrackingCookie.ad.yieldmanager.com!A2

C:\Users\Guilherme\AppData\Roaming\Mozilla\Firefox\Profiles\ojr66rn1.default\cookies.sqlite:1257718789033001 detectado: Trace.TrackingCookie.clicktorrent.info!A2

C:\Users\Guilherme\AppData\Roaming\Mozilla\Firefox\Profiles\ojr66rn1.default\cookies.sqlite:1257718790615000 detectado: Trace.TrackingCookie.clicktorrent.info!A2

C:\Users\Guilherme\AppData\Roaming\Mozilla\Firefox\Profiles\ojr66rn1.default\cookies.sqlite:1257718790615002 detectado: Trace.TrackingCookie.clicktorrent.info!A2

C:\Users\Guilherme\AppData\Roaming\Mozilla\Firefox\Profiles\ojr66rn1.default\cookies.sqlite:1257993788691000 detectado: Trace.TrackingCookie.adserv!A2

C:\Users\Guilherme\AppData\Roaming\Mozilla\Firefox\Profiles\ojr66rn1.default\cookies.sqlite:1258033820591001 detectado: Trace.TrackingCookie.ad.yieldmanager.com!A2

C:\$Recycle.Bin\S-1-5-21-1784491823-2233230717-3621721550-1000\$RP55KD3\Programas\ESET_NOD32_204.0.314.0_by.coleron.thegenius.us\ESET NOD32 4.0.314.0\Crack\Crack.exe detectado: Trojan-Downloader.Win32.AutoIt.fs!IK

C:\$Recycle.Bin\S-1-5-21-1784491823-2233230717-3621721550-1000\$RP55KD3\Programas\ESET_NOD32_204.0.314.0_by.coleron.thegenius.us.rar/Crack.exe detectado: Trojan-Downloader.Win32.AutoIt.fs!IK

C:\Program Files (x86)\RkSoft\PacMaster\PACMASTER.exe detectado: Trojan-Spy.Win32.Bancos.ze!IK

C:\Users\Guilherme\Downloads\gta_2_br[www.gamevicio.com.br].exe detectado: Backdoor.IRC.Flood!IK

C:\Users\Guilherme\Downloads\zoo_tycoon_2_br[www.gamevicio.com.br].exe detectado: Backdoor.IRC.Flood!IK

D:\Guilherme\Programas\ESET_NOD32_204.0.314.0_by.coleron.thegenius.us\ESET NOD32 4.0.314.0\Crack\Crack.exe detectado: Trojan-Downloader.Win32.AutoIt.fs!IK

D:\Guilherme\Programas\ESET_NOD32_204.0.314.0_by.coleron.thegenius.us.rar/Crack.exe detectado: Trojan-Downloader.Win32.AutoIt.fs!IK

 

Analisado

 

Arquivos: 170983

Objetos: 550194

Cookies: 827

Processos: 32

 

Encontrado

 

Arquivos: 7

Objetos: 0

Cookies: 27

Processos: 0

Chaves do registro: 0

 

Fim da análise: 15/11/2009 12:07:32

Duração da análise: 0:27:01

 

C:\Users\Guilherme\Downloads\gta_2_br[www.gamevicio.com.br].exe Em quarentena Backdoor.IRC.Flood!IK

C:\Users\Guilherme\Downloads\zoo_tycoon_2_br[www.gamevicio.com.br].exe Em quarentena Backdoor.IRC.Flood!IK

C:\Program Files (x86)\RkSoft\PacMaster\PACMASTER.exe Em quarentena Trojan-Spy.Win32.Bancos.ze!IK

C:\$Recycle.Bin\S-1-5-21-1784491823-2233230717-3621721550-1000\$RP55KD3\Programas\ESET_NOD32_204.0.314.0_by.coleron.thegenius.us\ESET NOD32 4.0.314.0\Crack\Crack.exe Em quarentena Trojan-Downloader.Win32.AutoIt.fs!IK

C:\$Recycle.Bin\S-1-5-21-1784491823-2233230717-3621721550-1000\$RP55KD3\Programas\ESET_NOD32_204.0.314.0_by.coleron.thegenius.us.rar/Crack.exe Em quarentena Trojan-Downloader.Win32.AutoIt.fs!IK

D:\Guilherme\Programas\ESET_NOD32_204.0.314.0_by.coleron.thegenius.us\ESET NOD32 4.0.314.0\Crack\Crack.exe Em quarentena Trojan-Downloader.Win32.AutoIt.fs!IK

D:\Guilherme\Programas\ESET_NOD32_204.0.314.0_by.coleron.thegenius.us.rar/Crack.exe Em quarentena Trojan-Downloader.Win32.AutoIt.fs!IK

C:\Users\Guilherme\AppData\Roaming\Mozilla\Firefox\Profiles\ojr66rn1.default\cookies.sqlite:1257118655855002 Em quarentena Trace.TrackingCookie.www.ez-tracks.com!A2

C:\Users\Guilherme\AppData\Roaming\Mozilla\Firefox\Profiles\ojr66rn1.default\cookies.sqlite:1256682551250000 Em quarentena Trace.TrackingCookie.m.webtrends.com!A2

C:\Users\Guilherme\AppData\Roaming\Mozilla\Firefox\Profiles\ojr66rn1.default\cookies.sqlite:1256598337442000 Em quarentena Trace.TrackingCookie.ad.adnetwork.com.br!A2

C:\Users\Guilherme\AppData\Roaming\Mozilla\Firefox\Profiles\ojr66rn1.default\cookies.sqlite:1256598337442001 Em quarentena Trace.TrackingCookie.ad.adnetwork.com.br!A2

C:\Users\Guilherme\AppData\Roaming\Mozilla\Firefox\Profiles\ojr66rn1.default\cookies.sqlite:1256776622270000 Em quarentena Trace.TrackingCookie.ad.adnetwork.com.br!A2

C:\Users\Guilherme\AppData\Roaming\Mozilla\Firefox\Profiles\ojr66rn1.default\cookies.sqlite:1257267134203000 Em quarentena Trace.TrackingCookie.ad.adnetwork.com.br!A2

C:\Users\Guilherme\AppData\Roaming\Mozilla\Firefox\Profiles\ojr66rn1.default\cookies.sqlite:1257659780094000 Em quarentena Trace.TrackingCookie.ad.adnetwork.com.br!A2

C:\Users\Guilherme\AppData\Roaming\Mozilla\Firefox\Profiles\ojr66rn1.default\cookies.sqlite:1256594756235000 Em quarentena Trace.TrackingCookie.tribalfusion.com!A2

C:\Users\Guilherme\AppData\Roaming\Mozilla\Firefox\Profiles\ojr66rn1.default\cookies.sqlite:1256594427010002 Em quarentena Trace.TrackingCookie.searchportal.information.com!A2

C:\Users\Guilherme\AppData\Roaming\Mozilla\Firefox\Profiles\ojr66rn1.default\cookies.sqlite:1256592598084002 Em quarentena Trace.TrackingCookie.ad.yieldmanager.com!A2

C:\Users\Guilherme\AppData\Roaming\Mozilla\Firefox\Profiles\ojr66rn1.default\cookies.sqlite:1256592598084003 Em quarentena Trace.TrackingCookie.ad.yieldmanager.com!A2

C:\Users\Guilherme\AppData\Roaming\Mozilla\Firefox\Profiles\ojr66rn1.default\cookies.sqlite:1257133093095000 Em quarentena Trace.TrackingCookie.ad.yieldmanager.com!A2

C:\Users\Guilherme\AppData\Roaming\Mozilla\Firefox\Profiles\ojr66rn1.default\cookies.sqlite:1257554258657000 Em quarentena Trace.TrackingCookie.ad.yieldmanager.com!A2

C:\Users\Guilherme\AppData\Roaming\Mozilla\Firefox\Profiles\ojr66rn1.default\cookies.sqlite:1257717129643000 Em quarentena Trace.TrackingCookie.ad.yieldmanager.com!A2

C:\Users\Guilherme\AppData\Roaming\Mozilla\Firefox\Profiles\ojr66rn1.default\cookies.sqlite:1258033820591001 Em quarentena Trace.TrackingCookie.ad.yieldmanager.com!A2

C:\Users\Guilherme\AppData\Roaming\Mozilla\Firefox\Profiles\ojr66rn1.default\cookies.sqlite:1256518085010000 Em quarentena Trace.TrackingCookie.doubleclick.net!A2

C:\Users\Guilherme\AppData\Roaming\Microsoft\Windows\Cookies\guilherme@atdmt[1].txt Em quarentena Trace.TrackingCookie.atdmt!A2

C:\Users\Guilherme\AppData\Roaming\Microsoft\Windows\Cookies\guilherme@atdmt[2].txt Em quarentena Trace.TrackingCookie.atdmt!A2

C:\Users\Guilherme\AppData\Roaming\Mozilla\Firefox\Profiles\ojr66rn1.default\cookies.sqlite:1257993788691000 Em quarentena Trace.TrackingCookie.adserv!A2

C:\Users\Guilherme\AppData\Roaming\Mozilla\Firefox\Profiles\ojr66rn1.default\cookies.sqlite:1257718789033001 Em quarentena Trace.TrackingCookie.clicktorrent.info!A2

C:\Users\Guilherme\AppData\Roaming\Mozilla\Firefox\Profiles\ojr66rn1.default\cookies.sqlite:1257718790615000 Em quarentena Trace.TrackingCookie.clicktorrent.info!A2

C:\Users\Guilherme\AppData\Roaming\Mozilla\Firefox\Profiles\ojr66rn1.default\cookies.sqlite:1257718790615002 Em quarentena Trace.TrackingCookie.clicktorrent.info!A2

C:\Users\Guilherme\AppData\Roaming\Mozilla\Firefox\Profiles\ojr66rn1.default\cookies.sqlite:1257555391783000 Em quarentena Trace.TrackingCookie.www.googleadservices.com!A2

C:\Users\Guilherme\AppData\Roaming\Mozilla\Firefox\Profiles\ojr66rn1.default\cookies.sqlite:1257282683343000 Em quarentena Trace.TrackingCookie.ads.prisacom.com!A2

C:\Users\Guilherme\AppData\Roaming\Mozilla\Firefox\Profiles\ojr66rn1.default\cookies.sqlite:1257118655855000 Em quarentena Trace.TrackingCookie.www.ez-tracks.com!A2

C:\Users\Guilherme\AppData\Roaming\Mozilla\Firefox\Profiles\ojr66rn1.default\cookies.sqlite:1257118655855001 Em quarentena Trace.TrackingCookie.www.ez-tracks.com!A2

 

Em quarentena

 

Arquivos: 7

Objetos: 0

Cookies: 35

 

----------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

Logfile of HijackThis v1.99.1

Scan saved at 12:39:29, on 15/11/2009

Platform: Unknown Windows (WinNT 6.01.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

 

Running processes:

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files (x86)\Internet Explorer\IELowutil.exe

C:\Program Files (x86)\uTorrent\uTorrent.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Users\Guilherme\Desktop\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\K-Lite Codec Pack\Real\rpbrowserrecordplugin.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O11 - Options group: [iNTERNATIONAL] International

O13 - Gopher Prefix:

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files (x86)\a-squared Free\a2service.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)

[DigRam 144]

Bom Dia! Gamarano

 

<!> Seus logs estão limpos! :thumbsup:

<!> Tudo Ok?

 

Abraços!

[Gamarano 0]

Boa noite, DigRam!

Obrigado por todo apoio, desde ontem o vírus sumiu...

Agradeço a você pela paciência!

Abraços.

[DigRam 144]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.