[Arquivado] &nbspAnalisem meu log veja se existe keylogger

maceno · Maio 25, 2011

log HIJACK

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 07:12:54, on 25/5/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Tablet\Pen\Pen_TouchService.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Tablet\Pen\Pen_TouchUser.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\system32\svchost.exe

D:\Programas\IObit Security 360\IS360tray.exe

C:\Arquivos de programas\PC Tools Security\BDT\FGuard.exe

D:\Programas\OFFICE XP\Office12\GrooveMonitor.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\PC Tools Security\BDT\BDTUpdateService.exe

D:\Programas\IObit Security 360\IS360srv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe

C:\Arquivos de programas\Tablet\Pen\Pen_Tablet.exe

C:\Arquivos de programas\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe

C:\Arquivos de programas\Tablet\Pen\Pen_TabletUser.exe

C:\Arquivos de programas\CyberLink\TV Enhance\Kernel\TV\TVESched.exe

C:\Arquivos de programas\Tablet\Pen\Pen_Tablet.exe

C:\WINDOWS\System32\alg.exe

D:\Programas\IObit Security 360\is360.exe

C:\WINDOWS\system32\WISPTIS.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

C:\hijack\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R3 - URLSearchHook: BittorrentBar_PT Toolbar - {29acf17c-1713-4286-8f40-bfd05f1e70c8} - C:\Arquivos de programas\BittorrentBar_PT\tbBitt.dll

R3 - URLSearchHook: PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Arquivos de programas\PC Tools Security\BDT\PCTBrowserDefender.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: BittorrentBar_PT Toolbar - {29acf17c-1713-4286-8f40-bfd05f1e70c8} - C:\Arquivos de programas\BittorrentBar_PT\tbBitt.dll

O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Arquivos de programas\PC Tools Security\BDT\PCTBrowserDefender.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Programas\OFFICE XP\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: BittorrentBar_PT Toolbar - {29acf17c-1713-4286-8f40-bfd05f1e70c8} - C:\Arquivos de programas\BittorrentBar_PT\tbBitt.dll

O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Arquivos de programas\PC Tools Security\BDT\PCTBrowserDefender.dll

O4 - HKLM\..\Run: [iObit Security 360] "D:\Programas\IObit Security 360\IS360tray.exe" /autostart

O4 - HKLM\..\Run: [PCTools FGuard] C:\Arquivos de programas\PC Tools Security\BDT\FGuard.exe

O4 - HKLM\..\Run: [GrooveMonitor] "D:\Programas\OFFICE XP\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [DIMDownloading your update...1270498514694] "C:\Arquivos de programas\Corel\CorelDRAW Graphics Suite X5\Programs\DIM.exe" "c:\documents and settings\all users\dados de aplicativos\corel\downloads\540215253_610005\1270498514694\dim_params.xml" -Launch=3 -uibase="c:\documents and settings\user\dados de aplicativos\corel\messages\540215253_610005\br\messagecache1\workflow"

O4 - HKCU\..\Run: [DIMBaixando a sua atualização...1285781003180] "C:\Arquivos de programas\Corel\CorelDRAW Graphics Suite X5\Programs\DIM.exe" "c:\documents and settings\all users\dados de aplicativos\corel\downloads\540215253_610005\1285781003180\dim_params.xml" -Launch=3 -uibase="c:\documents and settings\user\dados de aplicativos\corel\messages\540215253_610005\br\messagecache1\workflow"

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - S-1-5-18 Startup: Dropbox.lnk = C:\Documents and Settings\User\Dados de aplicativos\Dropbox\bin\Dropbox.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: Dropbox.lnk = C:\Documents and Settings\User\Dados de aplicativos\Dropbox\bin\Dropbox.exe (User 'Default user')

O4 - Startup: Dropbox.lnk = C:\Documents and Settings\User\Dados de aplicativos\Dropbox\bin\Dropbox.exe

O8 - Extra context menu item: Add to Evernote 4.0 - res://C:\Arquivos de programas\Evernote\Evernote\EvernoteIE.dll/204

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\PROGRA~1\OFFICE~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\OFFICE~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\OFFICE~1\Office12\ONBttnIE.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\OFFICE~1\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Programas\OFFICE XP\Office12\GrooveSystemServices.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Avira AntiVir Agendamento (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Browser Defender Update Service - Unknown owner - C:\Arquivos de programas\PC Tools Security\BDT\BDTUpdateService.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: IS360service - IObit - D:\Programas\IObit Security 360\IS360srv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\PC Tools Security\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\PC Tools Security\pctsSvc.exe

O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Arquivos de programas\Tablet\Pen\Pen_Tablet.exe

O23 - Service: Wacom Consumer Touch Service (TouchServicePen) - Wacom Technology, Corp. - C:\Arquivos de programas\Tablet\Pen\Pen_TouchService.exe

O23 - Service: TVEnhance Background Capture Service (TBCS) (TVECapSvc) - Unknown owner - C:\Arquivos de programas\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe

O23 - Service: TVEnhance Task Scheduler (TTS)) (TVESched) - Unknown owner - C:\Arquivos de programas\CyberLink\TV Enhance\Kernel\TV\TVESched.exe

--

End of file - 10732 bytes

Obrigado.

Renato Utsch · Maio 27, 2011

Olá!

Seja bem vindo à seção de Remoção de Malwares do iMasters Fórums.

Por favor, siga as instruções abaixo:

<< 1 >>

Faça o Download do DDS e salve no Desktop (Área de trabalho).

Temporariamente desative os seus programas de proteção.
Duplo clique em dds.scr.
Irá surgir uma tela preta com algumas informações. Não clique em nada, apenas aguarde!
Quando terminar, duas janelas abrirão: DDS.txt e Attach.txt.
Salve o resultado e cole-o no seu tópico.

OBS: Caso o link disponibilizado não funcione, tente baixar o DDS por ESTE link.

Abraços :D

maceno · Maio 28, 2011

.

DDS (Ver_11-05-19.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by User at 18:57:55 on 2011-05-28

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2046.1407 [GMT -3:00]

.

AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

C:\WINDOWS\system32\svchost -k rpcss

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Arquivos de programas\Tablet\Pen\Pen_TouchService.exe

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\Arquivos de programas\Tablet\Pen\Pen_TouchUser.exe

C:\WINDOWS\Explorer.EXE

D:\Programas\IObit Security 360\IS360tray.exe

C:\Arquivos de programas\PC Tools Security\BDT\FGuard.exe

D:\Programas\OFFICE XP\Office12\GrooveMonitor.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\PC Tools Security\BDT\BDTUpdateService.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe

D:\Programas\IObit Security 360\IS360srv.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe

C:\Arquivos de programas\Tablet\Pen\Pen_Tablet.exe

C:\Arquivos de programas\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe

C:\Arquivos de programas\Tablet\Pen\Pen_TabletUser.exe

C:\Arquivos de programas\Tablet\Pen\Pen_Tablet.exe

C:\Arquivos de programas\CyberLink\TV Enhance\Kernel\TV\TVESched.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\Outlook Express\msimn.exe

D:\Programas\IObit Security 360\is360.exe

C:\Documents and Settings\User\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\User\Desktop\dds.scr

C:\WINDOWS\system32\WSCRIPT.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uWindow Title =

uURLSearchHooks: BittorrentBar_PT Toolbar: {29acf17c-1713-4286-8f40-bfd05f1e70c8} - c:\arquivos de programas\bittorrentbar_pt\tbBitt.dll

uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\arquivos de programas\pc tools security\bdt\PCTBrowserDefender.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: BittorrentBar_PT Toolbar: {29acf17c-1713-4286-8f40-bfd05f1e70c8} - c:\arquivos de programas\bittorrentbar_pt\tbBitt.dll

BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\arquivos de programas\pc tools security\bdt\PCTBrowserDefender.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - d:\programas\office xp\office12\GrooveShellExtensions.dll

BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\arquivos de programas\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: BittorrentBar_PT Toolbar: {29acf17c-1713-4286-8f40-bfd05f1e70c8} - c:\arquivos de programas\bittorrentbar_pt\tbBitt.dll

TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\arquivos de programas\pc tools security\bdt\PCTBrowserDefender.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [MSMSGS] "c:\arquivos de programas\messenger\msmsgs.exe" /background

uRun: [DIMDownloading your update...1270498514694] "c:\arquivos de programas\corel\coreldraw graphics suite x5\programs\dim.exe" "c:\documents and settings\all users\dados de aplicativos\corel\downloads\540215253_610005\1270498514694\dim_params.xml" -launch=3 -uibase="c:\documents and settings\user\dados de aplicativos\corel\messages\540215253_610005\br\messagecache2\workflow"

uRun: [DIMBaixando a sua atualização...1285781003180] "c:\arquivos de programas\corel\coreldraw graphics suite x5\programs\dim.exe" "c:\documents and settings\all users\dados de aplicativos\corel\downloads\540215253_610005\1285781003180\dim_params.xml" -launch=3 -uibase="c:\documents and settings\user\dados de aplicativos\corel\messages\540215253_610005\br\messagecache2\workflow"

uRun: [DIMBaixando a sua atualização...1300677038363] "c:\arquivos de programas\corel\coreldraw graphics suite x5\programs\dim.exe" "c:\documents and settings\all users\dados de aplicativos\corel\downloads\540215253_610005\1300677038363\dim_params.xml" -launch=3 -uibase="c:\documents and settings\user\dados de aplicativos\corel\messages\540215253_610005\br\messagecache2\workflow"

mRun: [iObit Security 360] "d:\programas\iobit security 360\IS360tray.exe" /autostart

mRun: [PCTools FGuard] c:\arquivos de programas\pc tools security\bdt\FGuard.exe

mRun: [GrooveMonitor] "d:\programas\office xp\office12\GrooveMonitor.exe"

mRun: [avgnt] "c:\arquivos de programas\avira\antivir desktop\avgnt.exe" /min

mRun: [QuickTime Task] "c:\arquivos de programas\quicktime\qttask.exe" -atboottime

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRun: [DWQueuedReporting] "c:\arquiv~1\arquiv~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\user\menuin~1\progra~1\inicia~1\dropbox.lnk - c:\documents and settings\user\dados de aplicativos\dropbox\bin\Dropbox.exe

IE: Add to Evernote 4.0 - c:\arquivos de programas\evernote\evernote\EvernoteIE.dll/204

IE: E&xportar para o Microsoft Excel - d:\progra~1\office~1\office12\EXCEL.EXE/3000

IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - d:\progra~1\office~1\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\office~1\office12\REFIEBAR.DLL

DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - d:\programas\office xp\office12\GrooveSystemServices.dll

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - d:\programas\office xp\office12\GrooveShellExtensions.dll

.

============= SERVICES / DRIVERS ===============

.

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-2-6 237632]

R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-2-6 338880]

R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-2-6 656320]

R1 avgio;avgio;c:\arquivos de programas\avira\antivir desktop\avgio.sys [2011-3-14 11608]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2010-12-4 219200]

R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\arquivos de programas\cyberlink\playmovie\000.fcl [2010-10-13 61424]

R2 AntiVirSchedulerService;Avira AntiVir Agendamento;c:\arquivos de programas\avira\antivir desktop\sched.exe [2011-3-14 136360]

R2 AntiVirService;Avira AntiVir Guard;c:\arquivos de programas\avira\antivir desktop\avguard.exe [2011-3-14 269480]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-3-14 61960]

R2 Browser Defender Update Service;Browser Defender Update Service;c:\arquivos de programas\pc tools security\bdt\BDTUpdateService.exe [2011-2-6 235472]

R2 IS360service;IS360service;d:\programas\iobit security 360\is360srv.exe [2010-10-13 312152]

R2 TabletServicePen;TabletServicePen;c:\arquivos de programas\tablet\pen\Pen_Tablet.exe [2011-4-17 4869488]

R2 TouchServicePen;Wacom Consumer Touch Service;c:\arquivos de programas\tablet\pen\Pen_TouchService.exe [2011-4-17 416112]

R2 TVECapSvc;TVEnhance Background Capture Service (TBCS);c:\arquivos de programas\cyberlink\tv enhance\kernel\tv\TVECapSvc.exe [2010-10-12 364635]

R2 TVESched;TVEnhance Task Scheduler (TTS));c:\arquivos de programas\cyberlink\tv enhance\kernel\tv\TVESched.exe [2010-10-12 172121]

S1 MpKslfebbdf88;MpKslfebbdf88; [x]

S3 sdAuxService;PC Tools Auxiliary Service;c:\arquivos de programas\pc tools security\pctsAuxs.exe [2011-2-6 366840]

S3 sdCoreService;PC Tools Security Service;c:\arquivos de programas\pc tools security\pctsSvc.exe [2011-2-6 1145816]

S3 utm3mtq3;AVZ Kernel Driver; [x]

S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2011-4-17 16240]

.

=============== Created Last 30 ================

.

2011-05-22 14:47:25 -------- d-----w- c:\documents and settings\user\configurações locais\dados de aplicativos\Ahead

2011-05-13 21:29:49 -------- d-----w- c:\documents and settings\user\dados de aplicativos\abgx360

2011-05-13 21:28:13 -------- d-----w- c:\arquivos de programas\abgx360

.

==================== Find3M ====================

.

2011-03-15 21:37:10 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-03-07 05:33:42 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 06:35:00 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-03-03 13:52:15 1867008 ----a-w- c:\windows\system32\win32k.sys

.

============= FINISH: 18:58:42,50 ===============

obrigado.

Renato Utsch · Junho 1, 2011

Olá!

<< 1 >>

Siga o tutorial abaixo e execute o Ad-Remover. Utilize a opção CLEAN. Poste o log gerado.

Tutorial do Ad-Remover

<< 2 >>

Siga o tutorial abaixo e execute o Malwarebyte's Anti-Malware. Poste o log gerado.

Tutorial do Malwarebyte's Anti-Malware

Abraços :D

wings · Julho 1, 2011

Tópico Arquivado

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Entrar

Arquivado

[Arquivado] &nbspAnalisem meu log veja se existe keylogger

Recommended Posts

maceno 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

Renato Utsch 24

Compartilhar este post

Link para o post

Compartilhar em outros sites

maceno 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

Renato Utsch 24

Compartilhar este post

Link para o post

Compartilhar em outros sites

wings 22

Compartilhar este post

Link para o post

Compartilhar em outros sites

Pretty Womans in your city for night

PHP - Cadastro de Faturamento

Passar Hora para Campo Input automaticamente

Este projeto é apoiado pelas empresas

Fóruns

Tempo Real

Informação importante