Mr Wolf, a única referência a esse arquivo foi o arquivo OTViewit.txt
Remoção de vírus
- Iniciador de Tópicos Mr.Wolf
- Data de Início
Mr Wolf, a única referência a esse arquivo foi o arquivo OTViewit.txt
Delete o OTMoveIt.txt luisednardo.
Peço que por favor, poste um novo log do HijackThis aqui.
flavinha toledo
Member
Oi Mr.Wolf fiz o que voce pediu e fiz o negócio de esconder o log como voce me ensinou. rsrs
Aqui está
PS.: Aiiii Mr.Wolf te adorooo rsrsrsrsrs. Nossa depois que fiz isso com o programa OTScanIt2 que voce me passou meu micro ja melhorou quase 100%. rsrs
Muitíssimo obrigada Mr.Wolf e tá de parabéns.
Aqui está
Explorer killed successfully
[Processes - Safe List]
Process save.exe killed successfully.
C:\Program Files\Save\Save.exe moved successfully.
[Registry - Safe List]
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{684D164B-B7A6-4723-B242-B01D91895C8D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{684D164B-B7A6-4723-B242-B01D91895C8D}\ deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\rqRJDvUN.dll
C:\WINDOWS\system32\rqRJDvUN.dll NOT unregistered.
C:\WINDOWS\system32\rqRJDvUN.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c2b6557e-fd94-46f6-96a4-b94b54101218}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c2b6557e-fd94-46f6-96a4-b94b54101218}\ deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\goglpp.dll
C:\WINDOWS\system32\goglpp.dll NOT unregistered.
C:\WINDOWS\system32\goglpp.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DD153FDB-E2FB-40D2-8E36-F21C36B51DAD}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DD153FDB-E2FB-40D2-8E36-F21C36B51DAD}\ deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ljJASLFX.dll
C:\WINDOWS\system32\ljJASLFX.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\ljJASLFX.dll scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\d8b20a17 deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\vrgukvgn.dll
C:\WINDOWS\system32\vrgukvgn.dll NOT unregistered.
C:\WINDOWS\system32\vrgukvgn.dll moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\WhenUSave deleted successfully.
File C:\Program Files\Save\Save.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c95fe080-8f5d-11d2-a20b-00aa003c157a}\ deleted successfully.
C:\WINDOWS\Web\related.htm moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c95fe080-8f5d-11d2-a20b-00aa003c157a}\ deleted successfully.
File C:\WINDOWS\Web\related.htm not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c95fe080-8f5d-11d2-a20b-00aa003c157a}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:goglpp.dll deleted successfully.
File C:\WINDOWS\system32\goglpp.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ljJASLFX\ deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ljJASLFX.dll
C:\WINDOWS\system32\ljJASLFX.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\ljJASLFX.dll scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{DD153FDB-E2FB-40D2-8E36-F21C36B51DAD} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DD153FDB-E2FB-40D2-8E36-F21C36B51DAD}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages:C:\WINDOWS\System32\rqRJDvUN deleted successfully.
File C:\WINDOWS\system32\rqRJDvUN.dll moved sucessfully.
[Files/Folders - Created Within 90 Days]
C:\WINDOWS\System32\NUvDJRqr.ini2 moved successfully.
C:\WINDOWS\System32\NUvDJRqr.ini moved successfully.
C:\_OTMoveIt\MovedFiles\10252008_200628\WINDOWS\temp folder moved successfully.
C:\_OTMoveIt\MovedFiles\10252008_200628\WINDOWS\system32 folder moved successfully.
C:\_OTMoveIt\MovedFiles\10252008_200628\WINDOWS folder moved successfully.
C:\_OTMoveIt\MovedFiles\10252008_200628\Program Files\Total.Recorder.Pro.7.0.+3.addons+serials folder moved successfully.
C:\_OTMoveIt\MovedFiles\10252008_200628\Program Files folder moved successfully.
C:\_OTMoveIt\MovedFiles\10252008_200628\DOCUME~1\Owner\Recent folder moved successfully.
C:\_OTMoveIt\MovedFiles\10252008_200628\DOCUME~1\Owner\LOCALS~1\Temp folder moved successfully.
C:\_OTMoveIt\MovedFiles\10252008_200628\DOCUME~1\Owner\LOCALS~1 folder moved successfully.
C:\_OTMoveIt\MovedFiles\10252008_200628\DOCUME~1\Owner\Application Data\Azureus\torrents folder moved successfully.
C:\_OTMoveIt\MovedFiles\10252008_200628\DOCUME~1\Owner\Application Data\Azureus folder moved successfully.
C:\_OTMoveIt\MovedFiles\10252008_200628\DOCUME~1\Owner\Application Data folder moved successfully.
C:\_OTMoveIt\MovedFiles\10252008_200628\DOCUME~1\Owner folder moved successfully.
C:\_OTMoveIt\MovedFiles\10252008_200628\DOCUME~1 folder moved successfully.
C:\_OTMoveIt\MovedFiles\10252008_200628\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\65pm514y.default\Cache folder moved successfully.
C:\_OTMoveIt\MovedFiles\10252008_200628\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\65pm514y.default folder moved successfully.
C:\_OTMoveIt\MovedFiles\10252008_200628\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles folder moved successfully.
C:\_OTMoveIt\MovedFiles\10252008_200628\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox folder moved successfully.
C:\_OTMoveIt\MovedFiles\10252008_200628\Documents and Settings\Owner\Local Settings\Application Data\Mozilla folder moved successfully.
C:\_OTMoveIt\MovedFiles\10252008_200628\Documents and Settings\Owner\Local Settings\Application Data folder moved successfully.
C:\_OTMoveIt\MovedFiles\10252008_200628\Documents and Settings\Owner\Local Settings folder moved successfully.
C:\_OTMoveIt\MovedFiles\10252008_200628\Documents and Settings\Owner folder moved successfully.
C:\_OTMoveIt\MovedFiles\10252008_200628\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5 folder moved successfully.
C:\_OTMoveIt\MovedFiles\10252008_200628\Documents and Settings\LocalService\Local Settings\Temporary Internet Files folder moved successfully.
C:\_OTMoveIt\MovedFiles\10252008_200628\Documents and Settings\LocalService\Local Settings folder moved successfully.
C:\_OTMoveIt\MovedFiles\10252008_200628\Documents and Settings\LocalService folder moved successfully.
C:\_OTMoveIt\MovedFiles\10252008_200628\Documents and Settings folder moved successfully.
C:\_OTMoveIt\MovedFiles\10252008_200628 folder moved successfully.
C:\_OTMoveIt\MovedFiles folder moved successfully.
C:\_OTMoveIt folder moved successfully.
C:\OTMoveIt3.exe moved successfully.
C:\WINDOWS\System32\ngvkugrv.ini moved successfully.
File C:\WINDOWS\System32\vrgukvgn.dll moved successfully!
File C:\WINDOWS\System32\goglpp.dll moved successfully!
DllUnregisterServer procedure not found in C:\WINDOWS\System32\myskbwue.dll
C:\WINDOWS\System32\myskbwue.dll NOT unregistered.
C:\WINDOWS\System32\myskbwue.dll moved successfully.
C:\WINDOWS\System32\fipihjwq.exe moved successfully.
C:\Lop SD folder moved successfully.
C:\LopSD.exe moved successfully.
C:\WINDOWS\System32\bfuekuqn.exe moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\ccuvxioe.dll
C:\WINDOWS\System32\ccuvxioe.dll NOT unregistered.
C:\WINDOWS\System32\ccuvxioe.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\bmtbob.dll
C:\WINDOWS\System32\bmtbob.dll NOT unregistered.
C:\WINDOWS\System32\bmtbob.dll moved successfully.
C:\WINDOWS\System32\mpvpywlv.ini moved successfully.
C:\WINDOWS\System32\gwoysujj.ini moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\bcxcyz.dll
C:\WINDOWS\System32\bcxcyz.dll NOT unregistered.
C:\WINDOWS\System32\bcxcyz.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\gwuvmxhf.dll
C:\WINDOWS\System32\gwuvmxhf.dll NOT unregistered.
C:\WINDOWS\System32\gwuvmxhf.dll moved successfully.
C:\WINDOWS\System32\jpvvmbqe.exe moved successfully.
C:\MGADiag.exe moved successfully.
C:\Norton Anti Virus 2008 Incl Keygens Vista Compatible folder moved successfully.
C:\AVG Anti-Virus 8 Pro + key [Geedunk] folder moved successfully.
C:\WINDOWS\System32\mglfljiq.exe moved successfully.
C:\WINDOWS\System32\smstbuun.ini moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\wdpite.dll
C:\WINDOWS\System32\wdpite.dll NOT unregistered.
C:\WINDOWS\System32\wdpite.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\hrymreqb.dll
C:\WINDOWS\System32\hrymreqb.dll NOT unregistered.
C:\WINDOWS\System32\hrymreqb.dll moved successfully.
C:\WINDOWS\System32\tmp.reg moved successfully.
C:\SmitfraudFix folder moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\vvewki.dll
C:\WINDOWS\System32\vvewki.dll NOT unregistered.
C:\WINDOWS\System32\vvewki.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\ixjbnumc.dll
C:\WINDOWS\System32\ixjbnumc.dll NOT unregistered.
C:\WINDOWS\System32\ixjbnumc.dll moved successfully.
C:\WINDOWS\System32\rrsajrgh.ini moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\hgrjasrr.dll
C:\WINDOWS\System32\hgrjasrr.dll NOT unregistered.
C:\WINDOWS\System32\hgrjasrr.dll moved successfully.
File C:\WINDOWS\System32\rqRJDvUN.dll not found!
LoadLibrary failed for C:\WINDOWS\System32\systeminfo3.dll
C:\WINDOWS\System32\systeminfo3.dll NOT unregistered.
C:\WINDOWS\System32\systeminfo3.dll moved successfully.
C:\Documents and Settings\Owner\Application Data\ezpinst.exe moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\ljJCrOFW.dll
C:\WINDOWS\System32\ljJCrOFW.dll NOT unregistered.
C:\WINDOWS\System32\ljJCrOFW.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\ljJASLFX.dll
C:\WINDOWS\System32\ljJASLFX.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\ljJASLFX.dll moved successfully.
[Empty Temp Folders]
File delete failed. C:\Documents and Settings\Owner\Local Settings\Temp\etilqs_xuGGIZzKjNWfQtg9oc2H moved successfully.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Temp\JET28A7.tmp moved successfully.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat moved successfully.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\ZLT03f0c.TMP scheduled to be deleted on reboot.
Windows Temp folder emptied.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\65pm514y.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\65pm514y.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\65pm514y.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\65pm514y.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\65pm514y.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\65pm514y.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
OTScanIt2 by OldTimer - Version 1.0.0.22b fix logfile created on 10262008_210741
Files moved on Reboot...
File move failed. C:\WINDOWS\system32\ljJASLFX.dll scheduled to be moved on reboot.
File C:\Documents and Settings\Owner\Local Settings\Temp\etilqs_xuGGIZzKjNWfQtg9oc2H not found!
File C:\Documents and Settings\Owner\Local Settings\Temp\JET28A7.tmp not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\ZLT03f0c.TMP not found!
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\65pm514y.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\65pm514y.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\65pm514y.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\65pm514y.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\65pm514y.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\65pm514y.default\XUL.mfl moved successfully.
[Processes - Safe List]
Process save.exe killed successfully.
C:\Program Files\Save\Save.exe moved successfully.
[Registry - Safe List]
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{684D164B-B7A6-4723-B242-B01D91895C8D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{684D164B-B7A6-4723-B242-B01D91895C8D}\ deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\rqRJDvUN.dll
C:\WINDOWS\system32\rqRJDvUN.dll NOT unregistered.
C:\WINDOWS\system32\rqRJDvUN.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c2b6557e-fd94-46f6-96a4-b94b54101218}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c2b6557e-fd94-46f6-96a4-b94b54101218}\ deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\goglpp.dll
C:\WINDOWS\system32\goglpp.dll NOT unregistered.
C:\WINDOWS\system32\goglpp.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DD153FDB-E2FB-40D2-8E36-F21C36B51DAD}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DD153FDB-E2FB-40D2-8E36-F21C36B51DAD}\ deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ljJASLFX.dll
C:\WINDOWS\system32\ljJASLFX.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\ljJASLFX.dll scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\d8b20a17 deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\vrgukvgn.dll
C:\WINDOWS\system32\vrgukvgn.dll NOT unregistered.
C:\WINDOWS\system32\vrgukvgn.dll moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\WhenUSave deleted successfully.
File C:\Program Files\Save\Save.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c95fe080-8f5d-11d2-a20b-00aa003c157a}\ deleted successfully.
C:\WINDOWS\Web\related.htm moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c95fe080-8f5d-11d2-a20b-00aa003c157a}\ deleted successfully.
File C:\WINDOWS\Web\related.htm not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c95fe080-8f5d-11d2-a20b-00aa003c157a}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:goglpp.dll deleted successfully.
File C:\WINDOWS\system32\goglpp.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ljJASLFX\ deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ljJASLFX.dll
C:\WINDOWS\system32\ljJASLFX.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\ljJASLFX.dll scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{DD153FDB-E2FB-40D2-8E36-F21C36B51DAD} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DD153FDB-E2FB-40D2-8E36-F21C36B51DAD}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages:C:\WINDOWS\System32\rqRJDvUN deleted successfully.
File C:\WINDOWS\system32\rqRJDvUN.dll moved sucessfully.
[Files/Folders - Created Within 90 Days]
C:\WINDOWS\System32\NUvDJRqr.ini2 moved successfully.
C:\WINDOWS\System32\NUvDJRqr.ini moved successfully.
C:\_OTMoveIt\MovedFiles\10252008_200628\WINDOWS\temp folder moved successfully.
C:\_OTMoveIt\MovedFiles\10252008_200628\WINDOWS\system32 folder moved successfully.
C:\_OTMoveIt\MovedFiles\10252008_200628\WINDOWS folder moved successfully.
C:\_OTMoveIt\MovedFiles\10252008_200628\Program Files\Total.Recorder.Pro.7.0.+3.addons+serials folder moved successfully.
C:\_OTMoveIt\MovedFiles\10252008_200628\Program Files folder moved successfully.
C:\_OTMoveIt\MovedFiles\10252008_200628\DOCUME~1\Owner\Recent folder moved successfully.
C:\_OTMoveIt\MovedFiles\10252008_200628\DOCUME~1\Owner\LOCALS~1\Temp folder moved successfully.
C:\_OTMoveIt\MovedFiles\10252008_200628\DOCUME~1\Owner\LOCALS~1 folder moved successfully.
C:\_OTMoveIt\MovedFiles\10252008_200628\DOCUME~1\Owner\Application Data\Azureus\torrents folder moved successfully.
C:\_OTMoveIt\MovedFiles\10252008_200628\DOCUME~1\Owner\Application Data\Azureus folder moved successfully.
C:\_OTMoveIt\MovedFiles\10252008_200628\DOCUME~1\Owner\Application Data folder moved successfully.
C:\_OTMoveIt\MovedFiles\10252008_200628\DOCUME~1\Owner folder moved successfully.
C:\_OTMoveIt\MovedFiles\10252008_200628\DOCUME~1 folder moved successfully.
C:\_OTMoveIt\MovedFiles\10252008_200628\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\65pm514y.default\Cache folder moved successfully.
C:\_OTMoveIt\MovedFiles\10252008_200628\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\65pm514y.default folder moved successfully.
C:\_OTMoveIt\MovedFiles\10252008_200628\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles folder moved successfully.
C:\_OTMoveIt\MovedFiles\10252008_200628\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox folder moved successfully.
C:\_OTMoveIt\MovedFiles\10252008_200628\Documents and Settings\Owner\Local Settings\Application Data\Mozilla folder moved successfully.
C:\_OTMoveIt\MovedFiles\10252008_200628\Documents and Settings\Owner\Local Settings\Application Data folder moved successfully.
C:\_OTMoveIt\MovedFiles\10252008_200628\Documents and Settings\Owner\Local Settings folder moved successfully.
C:\_OTMoveIt\MovedFiles\10252008_200628\Documents and Settings\Owner folder moved successfully.
C:\_OTMoveIt\MovedFiles\10252008_200628\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5 folder moved successfully.
C:\_OTMoveIt\MovedFiles\10252008_200628\Documents and Settings\LocalService\Local Settings\Temporary Internet Files folder moved successfully.
C:\_OTMoveIt\MovedFiles\10252008_200628\Documents and Settings\LocalService\Local Settings folder moved successfully.
C:\_OTMoveIt\MovedFiles\10252008_200628\Documents and Settings\LocalService folder moved successfully.
C:\_OTMoveIt\MovedFiles\10252008_200628\Documents and Settings folder moved successfully.
C:\_OTMoveIt\MovedFiles\10252008_200628 folder moved successfully.
C:\_OTMoveIt\MovedFiles folder moved successfully.
C:\_OTMoveIt folder moved successfully.
C:\OTMoveIt3.exe moved successfully.
C:\WINDOWS\System32\ngvkugrv.ini moved successfully.
File C:\WINDOWS\System32\vrgukvgn.dll moved successfully!
File C:\WINDOWS\System32\goglpp.dll moved successfully!
DllUnregisterServer procedure not found in C:\WINDOWS\System32\myskbwue.dll
C:\WINDOWS\System32\myskbwue.dll NOT unregistered.
C:\WINDOWS\System32\myskbwue.dll moved successfully.
C:\WINDOWS\System32\fipihjwq.exe moved successfully.
C:\Lop SD folder moved successfully.
C:\LopSD.exe moved successfully.
C:\WINDOWS\System32\bfuekuqn.exe moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\ccuvxioe.dll
C:\WINDOWS\System32\ccuvxioe.dll NOT unregistered.
C:\WINDOWS\System32\ccuvxioe.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\bmtbob.dll
C:\WINDOWS\System32\bmtbob.dll NOT unregistered.
C:\WINDOWS\System32\bmtbob.dll moved successfully.
C:\WINDOWS\System32\mpvpywlv.ini moved successfully.
C:\WINDOWS\System32\gwoysujj.ini moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\bcxcyz.dll
C:\WINDOWS\System32\bcxcyz.dll NOT unregistered.
C:\WINDOWS\System32\bcxcyz.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\gwuvmxhf.dll
C:\WINDOWS\System32\gwuvmxhf.dll NOT unregistered.
C:\WINDOWS\System32\gwuvmxhf.dll moved successfully.
C:\WINDOWS\System32\jpvvmbqe.exe moved successfully.
C:\MGADiag.exe moved successfully.
C:\Norton Anti Virus 2008 Incl Keygens Vista Compatible folder moved successfully.
C:\AVG Anti-Virus 8 Pro + key [Geedunk] folder moved successfully.
C:\WINDOWS\System32\mglfljiq.exe moved successfully.
C:\WINDOWS\System32\smstbuun.ini moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\wdpite.dll
C:\WINDOWS\System32\wdpite.dll NOT unregistered.
C:\WINDOWS\System32\wdpite.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\hrymreqb.dll
C:\WINDOWS\System32\hrymreqb.dll NOT unregistered.
C:\WINDOWS\System32\hrymreqb.dll moved successfully.
C:\WINDOWS\System32\tmp.reg moved successfully.
C:\SmitfraudFix folder moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\vvewki.dll
C:\WINDOWS\System32\vvewki.dll NOT unregistered.
C:\WINDOWS\System32\vvewki.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\ixjbnumc.dll
C:\WINDOWS\System32\ixjbnumc.dll NOT unregistered.
C:\WINDOWS\System32\ixjbnumc.dll moved successfully.
C:\WINDOWS\System32\rrsajrgh.ini moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\hgrjasrr.dll
C:\WINDOWS\System32\hgrjasrr.dll NOT unregistered.
C:\WINDOWS\System32\hgrjasrr.dll moved successfully.
File C:\WINDOWS\System32\rqRJDvUN.dll not found!
LoadLibrary failed for C:\WINDOWS\System32\systeminfo3.dll
C:\WINDOWS\System32\systeminfo3.dll NOT unregistered.
C:\WINDOWS\System32\systeminfo3.dll moved successfully.
C:\Documents and Settings\Owner\Application Data\ezpinst.exe moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\ljJCrOFW.dll
C:\WINDOWS\System32\ljJCrOFW.dll NOT unregistered.
C:\WINDOWS\System32\ljJCrOFW.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\ljJASLFX.dll
C:\WINDOWS\System32\ljJASLFX.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\ljJASLFX.dll moved successfully.
[Empty Temp Folders]
File delete failed. C:\Documents and Settings\Owner\Local Settings\Temp\etilqs_xuGGIZzKjNWfQtg9oc2H moved successfully.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Temp\JET28A7.tmp moved successfully.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat moved successfully.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\ZLT03f0c.TMP scheduled to be deleted on reboot.
Windows Temp folder emptied.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\65pm514y.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\65pm514y.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\65pm514y.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\65pm514y.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\65pm514y.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\65pm514y.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
OTScanIt2 by OldTimer - Version 1.0.0.22b fix logfile created on 10262008_210741
Files moved on Reboot...
File move failed. C:\WINDOWS\system32\ljJASLFX.dll scheduled to be moved on reboot.
File C:\Documents and Settings\Owner\Local Settings\Temp\etilqs_xuGGIZzKjNWfQtg9oc2H not found!
File C:\Documents and Settings\Owner\Local Settings\Temp\JET28A7.tmp not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\ZLT03f0c.TMP not found!
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\65pm514y.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\65pm514y.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\65pm514y.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\65pm514y.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\65pm514y.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\65pm514y.default\XUL.mfl moved successfully.
PS.: Aiiii Mr.Wolf te adorooo rsrsrsrsrs. Nossa depois que fiz isso com o programa OTScanIt2 que voce me passou meu micro ja melhorou quase 100%. rsrs
Muitíssimo obrigada Mr.Wolf e tá de parabéns.
Ok Mr
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:52:25, on 23/12/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Fraps\fraps.exe
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe
C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\everest.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Windows Live\Messenger\Device Manager\msgrdvmn.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundTray] "C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\Avira Premium Security Suite\avgnt.exe" /min
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\RunServices: [Microsoft Windows Sound] svrhost.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DLD.EXE] C:\Program Files (x86)\Download Direct\DLD.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [EVEREST AutoStart] C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\everest.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira Premium Security Suite Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files (x86)\Avira\Avira Premium Security Suite\avfwsvc.exe
O23 - Service: Avira Premium Security Suite MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files (x86)\Avira\Avira Premium Security Suite\avmailc.exe
O23 - Service: Avira Premium Security Suite Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files (x86)\Avira\Avira Premium Security Suite\sched.exe
O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\Avira Premium Security Suite\avguard.exe
O23 - Service: Avira Premium Security Suite WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files (x86)\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: Avira Premium Security Suite MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files (x86)\Avira\Avira Premium Security Suite\avesvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\Windows\SysWOW64\bgsvcgen.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files (x86)\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 8882 bytes
Scan saved at 02:52:25, on 23/12/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Fraps\fraps.exe
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe
C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\everest.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Windows Live\Messenger\Device Manager\msgrdvmn.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundTray] "C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\Avira Premium Security Suite\avgnt.exe" /min
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\RunServices: [Microsoft Windows Sound] svrhost.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DLD.EXE] C:\Program Files (x86)\Download Direct\DLD.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [EVEREST AutoStart] C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\everest.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira Premium Security Suite Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files (x86)\Avira\Avira Premium Security Suite\avfwsvc.exe
O23 - Service: Avira Premium Security Suite MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files (x86)\Avira\Avira Premium Security Suite\avmailc.exe
O23 - Service: Avira Premium Security Suite Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files (x86)\Avira\Avira Premium Security Suite\sched.exe
O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\Avira Premium Security Suite\avguard.exe
O23 - Service: Avira Premium Security Suite WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files (x86)\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: Avira Premium Security Suite MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files (x86)\Avira\Avira Premium Security Suite\avesvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\Windows\SysWOW64\bgsvcgen.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files (x86)\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 8882 bytes
Opa flavinha vamos lá, e não precisa agradecer não. Estamos aqui pra isso.
Ótimo trabalho, o Rootkit principal foi removido.
Por favor flavinha, delete a pasta OTScanIt2 em seu desktop e em C:. Em seguida prossiga com as instruções abaixo.
- Faça o download do BFU e salve em C:
● Extraia o arquivo do zip para C: e dê um duplo clique em BFU.exe para executar a ferramenta;
● Em "Scriptfile to Execute:" cole esta URL aqui abaixo:
● Clique no botão Execute a aguarde, pois não conseguirá movimentar o mouse e nem utilizar o teclado por uns 3 segundos apenas;
● Clique em OK na próxima janela que aparecerá.
- Baixe o HijackThis e extraia-o para uma pasta própria em C:.
- Execute o HijackThis e clique em Do a system scan and a save logfile.
- Será gerado um log no bloco de notas. Copie e cole-o em sua próxima resposta flavinha.
Ótimo trabalho, o Rootkit principal foi removido.
Por favor flavinha, delete a pasta OTScanIt2 em seu desktop e em C:. Em seguida prossiga com as instruções abaixo.
- Faça o download do BFU e salve em C:
● Extraia o arquivo do zip para C: e dê um duplo clique em BFU.exe para executar a ferramenta;
● Em "Scriptfile to Execute:" cole esta URL aqui abaixo:
Código:
http://fixinwererootkitavenger.bfu● Clique no botão Execute a aguarde, pois não conseguirá movimentar o mouse e nem utilizar o teclado por uns 3 segundos apenas;
● Clique em OK na próxima janela que aparecerá.
- Baixe o HijackThis e extraia-o para uma pasta própria em C:.
- Execute o HijackThis e clique em Do a system scan and a save logfile.
- Será gerado um log no bloco de notas. Copie e cole-o em sua próxima resposta flavinha.
luisednardo
- Baixe o RegSeeker e salve-o no desktop;
● Extraia os arquivos para o desktop e dê um duplo clique no executável RegSeeker para abrir o programa;
● Clique em "Languages" e selecione "Português do Brasil"
● Clique em "Procurar por..." e na caixa digite: svrhost.exe e clique em "Procurar";
● Caso algo seja encontrado, selecione todos os valores encontrados e com o botão direito do mouse, clique em "Apagar entradas selecionadas".
Me diga se tudo ocorreu bem.
Ele achou 3 entradas e agora foram apagadas com sucesso!:thumbs_up
flavinha toledo
Member
Oi Mr.Wolf
Aqui está o que me pediu (coloquei dentro do spoiler dinovo tá?!) rsrs
E voce disse a mim, bom trabalho.
O ótimo trabalho é todo seu Mr.Wolf, o mérito é seu. Se não fosse voce não sei o que seria do meu humilde pc. rsrsrs
Muito obrigada mesmoooo.
Bjinhussssssssssssssssssssssss
Aqui está o que me pediu (coloquei dentro do spoiler dinovo tá?!) rsrs
Logfile of HijackThis v2.0.2
Scan saved at 04:15:18, on 23/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP3 (7.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\Arquivos de programas\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\Arquivos de programas\RALINK\Common\RaUI.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Arquivos de programas\MSN Messenger\usnsvc.exe
C:\Arquivos de programas\Ares\Ares.exe
C:\Arquivos de programas\Internet Explorer\IExplore.exe
C:\Documents and Settings\Flavia\Configurações locais\Temp\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &MSN.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [mmtask] C:\Arquivos de programas\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Arquivos de programas\RALINK\Common\RaUI.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&MSN.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{01B58837-B5FE-4966-89DF-2EC6F89597D7}: NameServer = 200.168.234.130
O17 - HKLM\System\CS1\Services\Tcpip\..\{01B58837-B5FE-4966-89DF-2EC6F89597D7}: NameServer = 200.168.234.130
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 7657 bytes
Scan saved at 04:15:18, on 23/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP3 (7.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\Arquivos de programas\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\Arquivos de programas\RALINK\Common\RaUI.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Arquivos de programas\MSN Messenger\usnsvc.exe
C:\Arquivos de programas\Ares\Ares.exe
C:\Arquivos de programas\Internet Explorer\IExplore.exe
C:\Documents and Settings\Flavia\Configurações locais\Temp\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &MSN.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [mmtask] C:\Arquivos de programas\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Arquivos de programas\RALINK\Common\RaUI.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&MSN.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{01B58837-B5FE-4966-89DF-2EC6F89597D7}: NameServer = 200.168.234.130
O17 - HKLM\System\CS1\Services\Tcpip\..\{01B58837-B5FE-4966-89DF-2EC6F89597D7}: NameServer = 200.168.234.130
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 7657 bytes
O ótimo trabalho é todo seu Mr.Wolf, o mérito é seu. Se não fosse voce não sei o que seria do meu humilde pc. rsrsrs
Muito obrigada mesmoooo.
Bjinhussssssssssssssssssssssss
Poste um novo log do HijackThis aqui luisednardo.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:24:31, on 23/12/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Fraps\fraps.exe
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe
C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\everest.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Windows Live\Messenger\Device Manager\msgrdvmn.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundTray] "C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\Avira Premium Security Suite\avgnt.exe" /min
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DLD.EXE] C:\Program Files (x86)\Download Direct\DLD.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [EVEREST AutoStart] C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\everest.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira Premium Security Suite Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files (x86)\Avira\Avira Premium Security Suite\avfwsvc.exe
O23 - Service: Avira Premium Security Suite MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files (x86)\Avira\Avira Premium Security Suite\avmailc.exe
O23 - Service: Avira Premium Security Suite Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files (x86)\Avira\Avira Premium Security Suite\sched.exe
O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\Avira Premium Security Suite\avguard.exe
O23 - Service: Avira Premium Security Suite WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files (x86)\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: Avira Premium Security Suite MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files (x86)\Avira\Avira Premium Security Suite\avesvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\Windows\SysWOW64\bgsvcgen.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files (x86)\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 8875 bytes
Scan saved at 03:24:31, on 23/12/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Fraps\fraps.exe
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe
C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\everest.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Windows Live\Messenger\Device Manager\msgrdvmn.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundTray] "C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\Avira Premium Security Suite\avgnt.exe" /min
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DLD.EXE] C:\Program Files (x86)\Download Direct\DLD.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [EVEREST AutoStart] C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\everest.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira Premium Security Suite Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files (x86)\Avira\Avira Premium Security Suite\avfwsvc.exe
O23 - Service: Avira Premium Security Suite MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files (x86)\Avira\Avira Premium Security Suite\avmailc.exe
O23 - Service: Avira Premium Security Suite Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files (x86)\Avira\Avira Premium Security Suite\sched.exe
O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\Avira Premium Security Suite\avguard.exe
O23 - Service: Avira Premium Security Suite WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files (x86)\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: Avira Premium Security Suite MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files (x86)\Avira\Avira Premium Security Suite\avesvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\Windows\SysWOW64\bgsvcgen.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files (x86)\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 8875 bytes
Que isso flavinha, mérito nenhum. Como disse, estamos aqui pra isso mesmo. :thumbs_up
- Faça o download do AboutBuster e salve no desktop;
● Extraia o arquivo do zip;
● Feche todas as janelas abertas e desconecte-se da Internet;
● Dê um duplo clique em AboutBuster.exe e clique no botão Begin Removal. Aguarde!
● Ao término do scan clique em OK e feche as duas janelas que serão abertas;
● Será gerado um log em Ab LogFile.txt localizado na pasta do AboutBuster.
Cole este log em sua próxima resposta flavinha.
luisednardo, delete as pastas C:\_OTMoveIt, C:\rsit e os programas OTMoveIt3, RSIT e OTViewIt. Delete também o programa RegSeeker. Enfim, delete todas as ferramentas e logs que utilizamos aqui.
Seu log está limpo luisednardo.
Recomendo uma limpeza com o CCleaner e o MV RegClean.
Seu log está limpo luisednardo.
Recomendo uma limpeza com o CCleaner e o MV RegClean.
Mr Wolf, será que estamos perto de resolver esse caso? É que chegou outra máquina provavelmente infectada hoje aqui e queria saber se posso postar depois o log dessa outra máquina.
Obrigadão por tudo, essa máquina desse trojan.agent é minha máquina pessoal, fico feliz de saber que tudo voltará ao normal.
Grato mesmo!
Obrigadão por tudo, essa máquina desse trojan.agent é minha máquina pessoal, fico feliz de saber que tudo voltará ao normal.
Grato mesmo!
Seu caso já foi resolvido luisednardo, como disse acima, seu log está limpo.
Pode postar o log da máquina que chegou aí sim. :thumbs_up
flavinha toledo
Member
Oi Mr.Wolf voltei rsrs
Olha fiz tudo certinho do jeito que voce passou e pelo que vi cada vez que me passa algum procedimento meu micro melhora mais e mais. Nem sei como agradecer Mr.Wolf, voce é um fofooo.... rssrsrs
Aqui está o log do Abou Buster que voce me pediu querido.
Muitíssimo obrigada viu Mr.Wolf. Se no mundo tivessem mais pessoas como voce, com sua atitude o mundo nao estaria do jeito que esta hoje.
Voce é um fofo atencioso e entende do assunto. rsrsrs
I LOVE YOUUUU
Olha fiz tudo certinho do jeito que voce passou e pelo que vi cada vez que me passa algum procedimento meu micro melhora mais e mais. Nem sei como agradecer Mr.Wolf, voce é um fofooo.... rssrsrs
Aqui está o log do Abou Buster que voce me pediu querido.
AboutBuster 6.03
Scan started on [2008-12-23] at [04:30:02]
-------------------------------------------------------------
Internet Explorer Instances Terminated!
HomeSearch Service stopped if present
-------------------------------------------------------------
No Ads Found!
-------------------------------------------------------------
Removed! : C:\WINDOWS\System32\syslv.dll
Removed! : C:\WINDOWS\System32\tkxqc.dll
Removed! : C:\WINDOWS\System32\trsky.dll
Removed! : C:\WINDOWS\System32\tudmk.dll
Removed! : C:\WINDOWS\System32\vpitu.dll
Removed! : C:\WINDOWS\System32\yqrgz.dll
Removed! : C:\WINDOWS\System32\cqgmp.dat
Removed! : C:\WINDOWS\System32\crlgs.dat
Removed! : C:\WINDOWS\System32\ebrjc.dat
Removed! : C:\WINDOWS\System32\ehwzl.dat
Removed! : C:\WINDOWS\System32\hsgab.dat
Removed! : C:\WINDOWS\System32\jborb.dat
Removed! : C:\WINDOWS\System32\jippx.dat
Removed! : C:\WINDOWS\System32\jyxjw.dat
Removed! : C:\WINDOWS\System32\kofdw.dat
Removed! : C:\WINDOWS\System32\lplqf.dat
Removed! : C:\WINDOWS\System32\ltqor.dat
Removed! : C:\WINDOWS\System32\lyyxy.dat
Removed! : C:\WINDOWS\System32\mgbuc.dat
Removed! : C:\WINDOWS\System32\nfnke.dat
Removed! : C:\WINDOWS\System32\nzdcy.dat
Removed! : C:\WINDOWS\System32\qbfxl.dat
Removed! : C:\WINDOWS\System32\qznji.dat
Removed! : C:\WINDOWS\System32\rvuta.dat
Removed! : C:\WINDOWS\System32\seauk.dat
Removed! : C:\WINDOWS\System32\sssws.dat
Removed! : C:\WINDOWS\System32\tllsd.dat
Removed! : C:\WINDOWS\System32\tudmk.dat
Removed! : C:\WINDOWS\System32\udymn.dat
Removed! : C:\WINDOWS\System32\ugtvm.dat
Removed! : C:\WINDOWS\System32\vslud.dat
Removed! : C:\WINDOWS\System32\vtvct.dat
Removed! : C:\WINDOWS\System32\xdouv.dat
Removed! : C:\WINDOWS\System32\xnykn.dat
Removed! : C:\WINDOWS\System32\xouia.dat
Removed! : C:\WINDOWS\System32\xvdus.dat
Removed! : C:\WINDOWS\System32\yhzqi.dat
Removed! : C:\WINDOWS\System32\yzckk.dat
Removed! : C:\WINDOWS\System32\zcmzu.dat
Attempted Clean Of Temp folder.
Removed LEGACY___NS_Service_3 Key
Removed Uninstall Key (HSA)
Removed Uninstall Key (SE)
Removed Uninstall Key (SW)
-------------------------------------------------------------
Removed Temp Files
Internet Explorer Settings Reset!
-------------------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 04:45:33
Scan started on [2008-12-23] at [04:30:02]
-------------------------------------------------------------
Internet Explorer Instances Terminated!
HomeSearch Service stopped if present
-------------------------------------------------------------
No Ads Found!
-------------------------------------------------------------
Removed! : C:\WINDOWS\System32\syslv.dll
Removed! : C:\WINDOWS\System32\tkxqc.dll
Removed! : C:\WINDOWS\System32\trsky.dll
Removed! : C:\WINDOWS\System32\tudmk.dll
Removed! : C:\WINDOWS\System32\vpitu.dll
Removed! : C:\WINDOWS\System32\yqrgz.dll
Removed! : C:\WINDOWS\System32\cqgmp.dat
Removed! : C:\WINDOWS\System32\crlgs.dat
Removed! : C:\WINDOWS\System32\ebrjc.dat
Removed! : C:\WINDOWS\System32\ehwzl.dat
Removed! : C:\WINDOWS\System32\hsgab.dat
Removed! : C:\WINDOWS\System32\jborb.dat
Removed! : C:\WINDOWS\System32\jippx.dat
Removed! : C:\WINDOWS\System32\jyxjw.dat
Removed! : C:\WINDOWS\System32\kofdw.dat
Removed! : C:\WINDOWS\System32\lplqf.dat
Removed! : C:\WINDOWS\System32\ltqor.dat
Removed! : C:\WINDOWS\System32\lyyxy.dat
Removed! : C:\WINDOWS\System32\mgbuc.dat
Removed! : C:\WINDOWS\System32\nfnke.dat
Removed! : C:\WINDOWS\System32\nzdcy.dat
Removed! : C:\WINDOWS\System32\qbfxl.dat
Removed! : C:\WINDOWS\System32\qznji.dat
Removed! : C:\WINDOWS\System32\rvuta.dat
Removed! : C:\WINDOWS\System32\seauk.dat
Removed! : C:\WINDOWS\System32\sssws.dat
Removed! : C:\WINDOWS\System32\tllsd.dat
Removed! : C:\WINDOWS\System32\tudmk.dat
Removed! : C:\WINDOWS\System32\udymn.dat
Removed! : C:\WINDOWS\System32\ugtvm.dat
Removed! : C:\WINDOWS\System32\vslud.dat
Removed! : C:\WINDOWS\System32\vtvct.dat
Removed! : C:\WINDOWS\System32\xdouv.dat
Removed! : C:\WINDOWS\System32\xnykn.dat
Removed! : C:\WINDOWS\System32\xouia.dat
Removed! : C:\WINDOWS\System32\xvdus.dat
Removed! : C:\WINDOWS\System32\yhzqi.dat
Removed! : C:\WINDOWS\System32\yzckk.dat
Removed! : C:\WINDOWS\System32\zcmzu.dat
Attempted Clean Of Temp folder.
Removed LEGACY___NS_Service_3 Key
Removed Uninstall Key (HSA)
Removed Uninstall Key (SE)
Removed Uninstall Key (SW)
-------------------------------------------------------------
Removed Temp Files
Internet Explorer Settings Reset!
-------------------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 04:45:33
Voce é um fofo atencioso e entende do assunto. rsrsrs
I LOVE YOUUUU
Pronto Mr Wolf, log da otra máquina.
RapidShare: Easy Filehosting
Ultimamente ando tendo problemas de database erro com frequência não sei o porquê.
RapidShare: Easy Filehosting
Ultimamente ando tendo problemas de database erro com frequência não sei o porquê.
Opa flavinha, obrigado pelas palavras.
Delete a pasta AboutBuster e programa também.
- Faça o download do RatsCheddar e salve em Meus Documentos;
● Extraia o arquivo do zip;
● Dê um duplo clique em RatsCheddar.exe para executar a ferramenta;
● Desça a barra até os itens abaixo e em cada um deles selecione a opção Enable.
Start Menu - Run
Shutdown Windows
Control Panel - Display Option
Change Wallpaper
● Clique no botão Exit e reinicie o computador.
Após reiniciar, por favor, cole um novo log do HijackThis em sua próxima resposta flavinha.
Delete a pasta AboutBuster e programa também.
- Faça o download do RatsCheddar e salve em Meus Documentos;
● Extraia o arquivo do zip;
● Dê um duplo clique em RatsCheddar.exe para executar a ferramenta;
● Desça a barra até os itens abaixo e em cada um deles selecione a opção Enable.
Start Menu - Run
Shutdown Windows
Control Panel - Display Option
Change Wallpaper
● Clique no botão Exit e reinicie o computador.
Após reiniciar, por favor, cole um novo log do HijackThis em sua próxima resposta flavinha.
luisednardo, o problema de database error é do fórum.
Execute o HijackThis e clique em Do a system scan only. Marque as duas entradas abaixo no log e clique em Fix Checked.
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
Em seguida prossiga com as instruções abaixo luisednardo.
- Faça o download do ComboFix e salve-o na área de trabalho;
OBS: Antes de dar dois cliques na ferramenta, renomeie o ComboFix para Kombo.exe.
● Desative temporariamente o seu antivirus para não detectar a ferramenta como vírus;
● Duplo clique no ícone combofix.exe para iniciar o scan;
● Leia o contrato que aparecerá e clique em Sim para continuar;
● Abrirá uma janela do Console de Recuperação, clique em Sim para instalar. Se aparecer outra janela do Console, clique em OK > Sim;
● Aguarde enquanto o ComboFix faz o scan;
● Se ocorrer algum problema durante o scan, reinicie seu computador em Modo de Segurança e repita o procedimento;
● Não clique na janela do ComboFix e procure não utilizar o teclado também, para não atrapalhar a varredura da ferramenta;
● Se quiser sair ou parar o ComboFix, tecle N;
● Quando terminar seu micro será reiniciado. Após o reinicio, a ferramenta executará novamente, aguarde;
● Será gerado um log em C:\ComboFix.txt.
Cole este log em sua próxima resposta.
OBS: Antes de dar dois cliques na ferramenta, renomeie o ComboFix para Kombo.exe.
● Desative temporariamente o seu antivirus para não detectar a ferramenta como vírus;
● Duplo clique no ícone combofix.exe para iniciar o scan;
● Leia o contrato que aparecerá e clique em Sim para continuar;
● Abrirá uma janela do Console de Recuperação, clique em Sim para instalar. Se aparecer outra janela do Console, clique em OK > Sim;
● Aguarde enquanto o ComboFix faz o scan;
● Se ocorrer algum problema durante o scan, reinicie seu computador em Modo de Segurança e repita o procedimento;
● Não clique na janela do ComboFix e procure não utilizar o teclado também, para não atrapalhar a varredura da ferramenta;
● Se quiser sair ou parar o ComboFix, tecle N;
● Quando terminar seu micro será reiniciado. Após o reinicio, a ferramenta executará novamente, aguarde;
● Será gerado um log em C:\ComboFix.txt.
Cole este log em sua próxima resposta.
flavinha toledo
Member
Oie Mr.Wolf
Prontinhu fiz o que o professor me pediu. rsrsrs
Aqui esta o novo log do Hijackthis.
Obrigada Mr.Wolf, muito obrigada mesmo. Nossa meu micro esta tao rapido que ate pra reiniciar ele ta voando. Sabe aquele negocinho do windows que aparece no começo do sistema? então ele esta mais rapido ainda, que demais. Uau...... rsrsrsrs
Voce é fera demais Mr.Wolf, nunca vi ninguem assim. Imagina saber o que esta acontecendo no micro de outra pessoa assim com apenas um log de um programa, voce conseguir solucionar o problema apenas analisando. Pirei em voce cara. hihihihih
É quase um médico da informática. rsrsrs
Obrigada Mr.Wolf
Bjinhusssss grandões viu
Ahhhh e me adiciona no msn?? Pleaseeeeee
Eu mandei meu msn por uma mensagem pessoal pra voce tem problema?
Prontinhu fiz o que o professor me pediu. rsrsrs
Aqui esta o novo log do Hijackthis.
Logfile of HijackThis v2.0.2
Scan saved at 05:07:55, on 23/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP3 (7.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\Arquivos de programas\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\Arquivos de programas\RALINK\Common\RaUI.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Arquivos de programas\MSN Messenger\usnsvc.exe
C:\Arquivos de programas\Ares\Ares.exe
C:\Arquivos de programas\Internet Explorer\IExplore.exe
C:\Documents and Settings\Flavia\Configurações locais\Temp\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [mmtask] C:\Arquivos de programas\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Arquivos de programas\RALINK\Common\RaUI.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{01B58837-B5FE-4966-89DF-2EC6F89597D7}: NameServer = 200.168.234.130
O17 - HKLM\System\CS1\Services\Tcpip\..\{01B58837-B5FE-4966-89DF-2EC6F89597D7}: NameServer = 200.168.234.130
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 6521 bytes
Scan saved at 05:07:55, on 23/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP3 (7.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\Arquivos de programas\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\Arquivos de programas\RALINK\Common\RaUI.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Arquivos de programas\MSN Messenger\usnsvc.exe
C:\Arquivos de programas\Ares\Ares.exe
C:\Arquivos de programas\Internet Explorer\IExplore.exe
C:\Documents and Settings\Flavia\Configurações locais\Temp\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [mmtask] C:\Arquivos de programas\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Arquivos de programas\RALINK\Common\RaUI.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{01B58837-B5FE-4966-89DF-2EC6F89597D7}: NameServer = 200.168.234.130
O17 - HKLM\System\CS1\Services\Tcpip\..\{01B58837-B5FE-4966-89DF-2EC6F89597D7}: NameServer = 200.168.234.130
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 6521 bytes
Voce é fera demais Mr.Wolf, nunca vi ninguem assim. Imagina saber o que esta acontecendo no micro de outra pessoa assim com apenas um log de um programa, voce conseguir solucionar o problema apenas analisando. Pirei em voce cara. hihihihih
É quase um médico da informática. rsrsrs
Obrigada Mr.Wolf
Bjinhusssss grandões viu
Ahhhh e me adiciona no msn?? Pleaseeeeee
Eu mandei meu msn por uma mensagem pessoal pra voce tem problema?
flavinha, por favor, vá em Iniciar > Executar, copie e cole o comando abaixo e dê um OK:
Poderá aparecer duas mensagens após aplicar este comando. Ou será esta abaixo:
SCRIPT EXECUTED SUCCESSFULLY
Ou
SCRIPT ERROR AVENGER
Caso apareça a primeira mensagem, poste um novo log do HijackThis. Se aparecer a segunda, execute a ferramenta Gmer novamente, clique na aba Rootkit/Malware e selecione apenas as opções: IAT/EAT e Sections.
Poste o log do HijackThis (se for a primeira mensagem) ou poste o log do Gmer (se for a segunda) amiga flavinha.
Poderá aparecer duas mensagens após aplicar este comando. Ou será esta abaixo:
SCRIPT EXECUTED SUCCESSFULLY
Ou
SCRIPT ERROR AVENGER
Caso apareça a primeira mensagem, poste um novo log do HijackThis. Se aparecer a segunda, execute a ferramenta Gmer novamente, clique na aba Rootkit/Malware e selecione apenas as opções: IAT/EAT e Sections.
Poste o log do HijackThis (se for a primeira mensagem) ou poste o log do Gmer (se for a segunda) amiga flavinha.
Mr Wolf, tive problemas na execução do combofix nessa máquina, provavelmente devido a um problema que acontece na inicialização do windows. Ele não consegue encontrar o arquivo C:\Windows\csrss.exe
Tentei executar o combofix em modo de segurança mas mesmo assim não deu. ELe reinicia sem gerar o log
Tentei executar o combofix em modo de segurança mas mesmo assim não deu. ELe reinicia sem gerar o log
flavinha toledo
Member
Oii Mr.Wolf
Olha apareceu a primeira mensagem que é SCRIPT EXECUTED SUCCESSFULLY. Depois disso meu micro melhor ainda, tipo os programas estão abrindo mais rapidamente, o antivirus nao esta mais detectando aquele virus do começo que voce disse que é o tal rootkit.
Nossa esta perfeita o meu micro querido mr.Wolf.
DEUS LHE PAGUE PQ VOCE MERECE!
Aqui está o novo log do Hijackthis
PS.: Amei esse tal de spoiler. rsrsrs
Mil bjinhusssssssssssssssssssssss
Obrigadaço Mr.Wolf
My herói. rsrs
Olha apareceu a primeira mensagem que é SCRIPT EXECUTED SUCCESSFULLY. Depois disso meu micro melhor ainda, tipo os programas estão abrindo mais rapidamente, o antivirus nao esta mais detectando aquele virus do começo que voce disse que é o tal rootkit.
Nossa esta perfeita o meu micro querido mr.Wolf.
DEUS LHE PAGUE PQ VOCE MERECE!
Aqui está o novo log do Hijackthis
PS.: Amei esse tal de spoiler. rsrsrs
Logfile of HijackThis v2.0.2
Scan saved at 05:28:37, on 23/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP3 (7.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\Arquivos de programas\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\Arquivos de programas\RALINK\Common\RaUI.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Arquivos de programas\MSN Messenger\usnsvc.exe
C:\Arquivos de programas\Ares\Ares.exe
C:\Arquivos de programas\Internet Explorer\IExplore.exe
C:\Documents and Settings\Flavia\Configurações locais\Temp\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [mmtask] C:\Arquivos de programas\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Arquivos de programas\RALINK\Common\RaUI.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{01B58837-B5FE-4966-89DF-2EC6F89597D7}: NameServer = 200.168.234.130
O17 - HKLM\System\CS1\Services\Tcpip\..\{01B58837-B5FE-4966-89DF-2EC6F89597D7}: NameServer = 200.168.234.130
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 6401 bytes
Scan saved at 05:28:37, on 23/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP3 (7.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\Arquivos de programas\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\Arquivos de programas\RALINK\Common\RaUI.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Arquivos de programas\MSN Messenger\usnsvc.exe
C:\Arquivos de programas\Ares\Ares.exe
C:\Arquivos de programas\Internet Explorer\IExplore.exe
C:\Documents and Settings\Flavia\Configurações locais\Temp\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [mmtask] C:\Arquivos de programas\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Arquivos de programas\RALINK\Common\RaUI.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{01B58837-B5FE-4966-89DF-2EC6F89597D7}: NameServer = 200.168.234.130
O17 - HKLM\System\CS1\Services\Tcpip\..\{01B58837-B5FE-4966-89DF-2EC6F89597D7}: NameServer = 200.168.234.130
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 6401 bytes
Obrigadaço Mr.Wolf
My herói. rsrs
Este arquivo csrss é simplesmente o vírus da máquina luisednardo. Por isso mandei você renomear o ComboFix, fez isso? Este malware impede a execução do mesmo. Prossiga como abaixo luisednardo.
- Faça o download do SDFix e salve no desktop;
● Dê um duplo clique no SDFix.exe e a ferramenta será instalada em C:\SDFix. Mas não o execute ainda;
● Reinicie seu computador seu computador em Modo de Segurança (segurando a tecla F8 durante a inicialização do sistema e escolhendo a opção Modo Seguro);
● Entre na pasta do SDFix que foi instalada no seu computador e dê um duplo clique no arquivo RunThis.bat;
● Tecle Y para que a ferramenta inicie o processo de remoção;
● Quando tudo terminar, você verá um aviso dizendo para apertar qualquer tecla para continuar. Então pressione qualquer. Seu computador será reiniciado automaticamente;
● Após reiniciar, a ferramenta ainda será executada novamente e irá terminar o seu trabalho e a palavra Finished irá aparecer. Pressione qualquer tecla novamente;
● Uma janela com o relatório do SDFix irá aparecer;
● O log abrirá automaticamente para você. Estará salvo na pasta do SDFix com o nome Report.txt;
Faça um novo log do HijackThis e cole na sua próxima resposta, juntamente com o log do SDFix.
● Dê um duplo clique no SDFix.exe e a ferramenta será instalada em C:\SDFix. Mas não o execute ainda;
● Reinicie seu computador seu computador em Modo de Segurança (segurando a tecla F8 durante a inicialização do sistema e escolhendo a opção Modo Seguro);
● Entre na pasta do SDFix que foi instalada no seu computador e dê um duplo clique no arquivo RunThis.bat;
● Tecle Y para que a ferramenta inicie o processo de remoção;
● Quando tudo terminar, você verá um aviso dizendo para apertar qualquer tecla para continuar. Então pressione qualquer. Seu computador será reiniciado automaticamente;
● Após reiniciar, a ferramenta ainda será executada novamente e irá terminar o seu trabalho e a palavra Finished irá aparecer. Pressione qualquer tecla novamente;
● Uma janela com o relatório do SDFix irá aparecer;
● O log abrirá automaticamente para você. Estará salvo na pasta do SDFix com o nome Report.txt;
Faça um novo log do HijackThis e cole na sua próxima resposta, juntamente com o log do SDFix.
flavinha toledo, o log está limpo.
Se aparecesse a segunda mensagem o Rootkit ainda estaria aí. Mas como apareceu a primeira, e seu log não apresenta infecções, lhe digo com felicidade que seu computador está livre de vírus.
Delete a ferramenta Gmer e sua pasta. Delete todos os programas que utilizamos aqui suas respectivas pastas e logs flavinha. Caso encontre algum erro ao remover o Gmer, vá em Iniciar > Executar, digite: gmer /u e dê um Enter.
Desative e ative novamente a Restauração do Sistema.
Recomendo que leia o artigo Proteja seu PC para maiores informações sobre como evitar infecções.
Feliz Natal e um abraço flavinha. :thumbs_up
Se aparecesse a segunda mensagem o Rootkit ainda estaria aí. Mas como apareceu a primeira, e seu log não apresenta infecções, lhe digo com felicidade que seu computador está livre de vírus.
Delete a ferramenta Gmer e sua pasta. Delete todos os programas que utilizamos aqui suas respectivas pastas e logs flavinha. Caso encontre algum erro ao remover o Gmer, vá em Iniciar > Executar, digite: gmer /u e dê um Enter.
Desative e ative novamente a Restauração do Sistema.
Recomendo que leia o artigo Proteja seu PC para maiores informações sobre como evitar infecções.
Feliz Natal e um abraço flavinha. :thumbs_up
flavinha toledo
Member
Nossa Mr.Wolf olha se eu fosse lhe agradecer o tanto que merece, ficaria dias e dias aqui. Voce é simplesmente um anjo. Voce nao sabe como meu micro tava ruim, desde quando peguei esse virus, eu instalei avast, instalei avira, kaspersky, e todos antivirus que existem, srsrsrsr. Nenhum conseguiu tirar esse tal rootkit daqui. Daí vem uma alma bondosa e com coração aberto igual a voce, que na verdade é um antivirus humano (rsrsrs) para me salvar desse pesadelo.
Nao tava conseguindo acessar nenhuma pasta, meu micro travava toda hora, o antivirus nao parava de detectar esse rootkit e nao removia ele. E voce foi o unico que conseguiu me ajudar.
Olha meus sinceros agradecimentos e meus sinceros parabéns. Voce merece tudo de bom em sua vida, que Deus te ilumine, de força para sempre continuar este otimo ser humano que é.
Um feliz natal para voce e sua familia tambem Mr.Wolf. Sua mãe deve ter orgulho de voce, pq eu teria. rsrsrs
I LOVE YOUUUUUUUUUU FOREVERRRRRRRRRRRRRRR.....
Vou ler esses artigos que me passou, ja deletei todos os programas que usamos, meu micro ta uma belezinha, amorzinho, nunca vi meu bebe assim. hihihihihihihih
Obrigadíssima viu Mr.Wolf, muita paz, saúde e tudo de bom pra ti sempre sempre e sempre.
BJINHUSSSSSSSSS BJÕESSSSSSSSS E BJÃOOOOOOOOOOOOOO
Flavinha
PS.: AHHH me adiciona no msn vai por favor??? Lhe peço de pés juntos. Quero muito conhece-lo melhor.
Bjos
Nao tava conseguindo acessar nenhuma pasta, meu micro travava toda hora, o antivirus nao parava de detectar esse rootkit e nao removia ele. E voce foi o unico que conseguiu me ajudar.
Olha meus sinceros agradecimentos e meus sinceros parabéns. Voce merece tudo de bom em sua vida, que Deus te ilumine, de força para sempre continuar este otimo ser humano que é.
Um feliz natal para voce e sua familia tambem Mr.Wolf. Sua mãe deve ter orgulho de voce, pq eu teria. rsrsrs
I LOVE YOUUUUUUUUUU FOREVERRRRRRRRRRRRRRR.....
Vou ler esses artigos que me passou, ja deletei todos os programas que usamos, meu micro ta uma belezinha, amorzinho, nunca vi meu bebe assim. hihihihihihihih
Obrigadíssima viu Mr.Wolf, muita paz, saúde e tudo de bom pra ti sempre sempre e sempre.
BJINHUSSSSSSSSS BJÕESSSSSSSSS E BJÃOOOOOOOOOOOOOO
Flavinha
PS.: AHHH me adiciona no msn vai por favor??? Lhe peço de pés juntos. Quero muito conhece-lo melhor.
Bjos