1. Este site usa cookies. Ao continuar a usar este site está a concordar com o nosso uso de cookies. Saber Mais.
  2. Informação: Pela 0:30 desta Sexta-feira (9 de Dezembro, 23:30 de Quinta-feira nos Açores) o Fórum e restantes sites da ZWAME vão estar offline para manutenção durante cerca de 1h30.
    Se necessário faremos actualizações via Twitter e Facebook.
    Remover anúncio
  3. A secção Microsoft/Windows encontra-se actualmente em processo de reestruturação.
    Remover anúncio

oembios.dat

Discussão em 'Windows 7 e anteriores' iniciada por squallsaris, 25 de Agosto de 2008. (Respostas: 7; Visualizações: 710)

  1. squallsaris

    squallsaris Power Member

    depois de fazer um scam apareceu isto

    Malwarebytes' Anti-Malware 1.25
    Versão do banco de dados: 1083
    Windows 5.1.2600 Service Pack 3

    3:44:58 25-08-2008
    mbam-log-08-25-2008 (03-44-58).txt

    Tipo de Verificação: Completa (C:\|D:\|)
    Objetos verificados: 66927
    Tempo decorrido: 13 minute(s), 47 second(s)

    Processos da Memória infectados: 0
    Módulos de Memória Infectados: 0
    Chaves do Registo infectadas: 0
    Valores do Registo infectados: 0
    Ítens do Registo infectados: 0
    Pastas infectadas: 0
    Ficheiros infectados: 1

    Processos da Memória infectados:
    (Nenhum item malicioso foi detectado)

    Módulos de Memória Infectados:
    (Nenhum item malicioso foi detectado)

    Chaves do Registo infectadas:
    (Nenhum item malicioso foi detectado)

    Valores do Registo infectados:
    (Nenhum item malicioso foi detectado)

    Ítens do Registo infectados:
    (Nenhum item malicioso foi detectado)

    Pastas infectadas:
    (Nenhum item malicioso foi detectado)

    Ficheiros infectados:
    C:\WINDOWS\system32\oembios.dat (Trojan.Agent) -> Quarantined and deleted successfully.

    alguem sabe como tirar isto do pc ?
     
  2. DekkeR

    DekkeR Power Member

    Ficheiros infectados:
    C:\WINDOWS\system32\oembios.dat (Trojan.Agent) -> Quarantined and deleted successfully. :rolleyes:

    Já foi eliminado
     
  3. squallsaris

    squallsaris Power Member

    nepias ja corri 2 vezes e ele ta la senpre ja tentei em safe mode e todo e ele nao desaparece e
    o mais estranho e k se tiver o modem ligado ao pc nem consiguo fazer o windons arrankar tenho k o desligar e so depois de ligado voltar a ligar
     
  4. DekkeR

    DekkeR Power Member

  5. squallsaris

    squallsaris Power Member

    boas desculpa a demora na resposta mas so chegui agora do bules.
    eu fui ao site do malwarebytes aki(http://www.malwarebytes.org/forums/index.php?showtopic=5938) e eles dissem k e um falso positivo( ja agora o k é isso ) e hoje fiz o update para o 1.25 e ja nao detecta nada e no hijackthis esta tudo ok so umas cenas k diz neutral mas sem inportancia

    mas brigado pela ajuda e pelo site k e muito fixe para saber se ta tudo ok com o pc :)

    ja agora meto aki o log para veres

    Logfile of HijackThis v1.99.1
    Scan saved at 1:54:45, on 26-08-2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\PROGRA~1\AVG\AVG8\avgfws8.exe
    C:\Program Files\AlienGUIse\wbload.exe
    C:\Program Files\Comodo\Firewall\cmdagent.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\PROGRA~1\AVG\AVG8\avgam.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\ASUS\PC Probe II\Probe2.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe
    C:\Program Files\ASUS\AASP\1.00.33\aaCenter.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    D:\games\World of Warcraft\WoW-1.12.x-to-2.0.1-enGB-patch-downloader.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\Documents and Settings\sarios\Desktop\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.tele2.pt/redirect/welcome/adsl/eng
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
    O4 - HKLM\..\Run: [Launch PC Probe II] "C:\Program Files\ASUS\PC Probe II\Probe2.exe" 1
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" autostart
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: Alienware Dock.lnk = C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
    O20 - AppInit_DLLs: avgrsstx.dllwbsys.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
    O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
    O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

    ty ;););)
     
  6. Frabex

    Frabex Power Member

    Arranja as seguintes entradas no Hijackthis:
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file).
    O20 - AppInit_DLLs: avgrsstx.dllwbsys.dll.
    O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing).
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe.
    O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe.
    Fica bem.
     
  7. DekkeR

    DekkeR Power Member

    Frabex, porque é que ele recomendas eliminar os serviços e processos do AVG? :confused:
     
  8. Frabex

    Frabex Power Member

    Enganei-me.
    Peço desculpa.
    Mas se fosse comigo e se eu tivesse um vírus, apagava o que ele dizia e depois reinstalava o programa e ficava sem o vírus.
    Também foi à pressa, peço desculpa.
     

Partilhar esta Página