padaria

Avast detecta virus em tudo

20 posts neste tópico

De uns dias atras, meu avast esta detectando virus em tudo, ele moveu tudo pra quarentene, utorrent, msn, hijack, tudo, gostaria de ter o auxilio de vocês nessa enpreitada para solucionar meu problema.

o log do hijack esta ai

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 01:51:38, on 12/10/2010

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe

C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 4\firefox.exe

C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 4\plugin-container.exe

C:\Users\Victor\Desktop\hijack\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: localhost name resolution is handled within dns itself.

O1 - Hosts: ::1 localhost

O1 - Hosts: 78.46.17.80 l2authd.lineage2.com

O1 - Hosts: 78.46.17.80 l2patcher.lineage2.com

O1 - Hosts: 78.46.17.80 nprotect.lineage2.com

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')

O4 - Startup: EZ Macros.lnk = C:\Program Files\American Systems\EZ Macros\EZMacros.exe

O4 - Startup: Xfire.lnk = C:\Program Files (x86)\Xfire\Xfire.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\OFFICE11\REFIEBAR.DLL

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Serviço de estado do ASP.NET (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 7691 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

padaria,

Peço a você, por gentileza, que poste um novo Log do Hijackthis.

Compartilhar este post


Link para o post
Compartilhar em outros sites

esta ai.....

o que o avast diz q tem nos meus arquivos é Win32:Jeefo

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 13:55:18, on 12/10/2010

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 4\firefox.exe

C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 4\plugin-container.exe

C:\Users\Victor\Desktop\hijack\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: localhost name resolution is handled within dns itself.

O1 - Hosts: ::1 localhost

O1 - Hosts: 78.46.17.80 l2authd.lineage2.com

O1 - Hosts: 78.46.17.80 l2patcher.lineage2.com

O1 - Hosts: 78.46.17.80 nprotect.lineage2.com

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')

O4 - Startup: EZ Macros.lnk = C:\Program Files\American Systems\EZ Macros\EZMacros.exe

O4 - Startup: Xfire.lnk = C:\Program Files (x86)\Xfire\Xfire.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\OFFICE11\REFIEBAR.DLL

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Serviço de estado do ASP.NET (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 7629 bytes

Editado por padaria

Compartilhar este post


Link para o post
Compartilhar em outros sites

padaria,

Baixe o Malwarebytes' Anti-Malware (MBAM)

http://download.cnet.com/Malwarebytes-Anti...4-10804572.html

Dê um duplo-clique no mbam-setup.exe, escolha a linguagem e na instalação, aceite todas as opções padrão.

  • Verifique se as caixas Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware estão marcadas e clique então, em Concluir.
  • Se houver atualizações a serem feitas, serão baixadas e instaladas.
  • Ao final da atualização, com o programa aberto, marque Verificação Rápida e clique no botão Verificar.
  • Começará então o exame. Aguarde, pois pode demorar.
  • Ao acabar o exame, clique em OK, depois no botão Mostrar Resultados para ver o relatório.
  • Se houver ítens encontrados, certifique-se de que, estão todos marcados e clique no botão Remover.
  • Ao final da desinfecção, abrirá o Bloco de notas com um log e poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)
  • O log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Logs na janela principal do programa.
  • Selecione, copie e cole todo o conteúdo deste log na sua próxima resposta, juntamente com um novo log do HijackThis.

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

Em caso de dúvidas, leia o tutorial do programa:

http://linhadefensiva.org/forum/index.php?showtopic=75554

Compartilhar este post


Link para o post
Compartilhar em outros sites

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Versão da Base de Dados: 4805

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

12/10/2010 15:30:51

mbam-log-2010-10-12 (15-30-51).txt

Tipo de Verificação: Verificação Rápida

Objetos escaneados: 156759

Tempo decorrido: 6 minuto(s), 10 segundo(s)

Processos de Memória Infectados: 1

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 1

Valores de Registro Infectados: 0

Itens de Dados no Registro Infectados: 0

Pastas Infectadas: 0

Arquivos Infectados: 1

Processos de Memória Infectados:

C:\Windows\svchost.exe (Trojan.Agent) -> Unloaded process successfully.

Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)

Chaves de Registro Infectadas:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\powermanager (Trojan.Agent) -> Quarantined and deleted successfully.

Valores de Registro Infectados:

(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Infectados:

(Não foram detectados ítens maliciosos)

Pastas Infectadas:

(Não foram detectados ítens maliciosos)

Arquivos Infectados:

C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

hijack

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 15:35:17, on 12/10/2010

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe

C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 4\firefox.exe

C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 4\plugin-container.exe

C:\Users\Victor\Desktop\hijack\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: localhost name resolution is handled within dns itself.

O1 - Hosts: ::1 localhost

O1 - Hosts: 78.46.17.80 l2authd.lineage2.com

O1 - Hosts: 78.46.17.80 l2patcher.lineage2.com

O1 - Hosts: 78.46.17.80 nprotect.lineage2.com

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')

O4 - Startup: EZ Macros.lnk = C:\Program Files\American Systems\EZ Macros\EZMacros.exe

O4 - Startup: Xfire.lnk = C:\Program Files (x86)\Xfire\Xfire.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\OFFICE11\REFIEBAR.DLL

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Serviço de estado do ASP.NET (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 7691 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

padaria,

Baixe o Kaspersky AVP Tool de um desses 2 links:

http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/

http://dnl-us6.kaspersky-labs.com/devbuilds/AVPTool/

Salve-o em sua área de trabalho.

Execute o arquivo e vá seguindo os prompts. Quando terminar, entre na pasta Virus Removal Tool, que foi criada no mesmo diretório onde você salvou o arquivo de instalação.

Para abrir o programa, faça duplo clique sobre o atalho

KRT_lnk.png

Marque a caixa ao lado de:


  • Meu Computador
  • Disco local (C:)

Marque também todas as unidades que aparecem abaixo de Disco Local, caso houver.

Clique no botão

play.png

Tenha paciência, é um pouco demorado.

Quando terminar, caso tenha detectado algo, o programa irá lhe perguntar o que fazer.

Clique em Skip (queremos apenas o log).

Obs: Talvez seja necessário clicar em Skip várias vezes, caso o programa encontre vários arquivos, portanto seja paciente.

Enquanto durar o exame, o botão Scan será substituído por um quadrado vermelho, com a mensagem Stop Scan

Quando o exame terminar, o botão Scan aparecerá novamente.

Caso a ferramenta tenha encontrado algo, este botão

light_green.png
ficará vermelho
light_red.png

Quando terminar, clique no botão Report, no rodapé da janela.

Clique no sinal + ao lado do último Autoscan da lista (o mais recente)

SaveReport.png

Clique uma vez sobre Task Started para selecionar a linha, segure a tecla shift pressionada e depois clique uma vez sobre Task Completed

Clique com o direito sobre a seleção, depois clique em Copy

Vá em Iniciar > Executar e digite notepad

Quando o bloco de notas abrir, clique com o direito em qualquer lugar vazio e escolha a opção colar

Salve o log com o nome log.txt, em algum local de fácil acesso.

Copie todo o conteúdo deste log e cole na sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

o log está muito grande e não da para anexar

Dividi ele em partes.. acho que estou com muitos problemas nesse computador :(

Editado por padaria

Compartilhar este post


Link para o post
Compartilhar em outros sites

12/10/2010 17:09:42 Task started

12/10/2010 17:11:59 Detected: Virus.Win32.Hidrag.a C:\Arquivos de Programas\HijackThis\HijackThis.exe

12/10/2010 17:12:15 Untreated: Virus.Win32.Hidrag.a C:\Arquivos de Programas\HijackThis\HijackThis.exe Skipped by user

12/10/2010 17:12:20 Detected: Virus.Win32.Hidrag.a C:\Arquivos de Programas\Microsoft SDKs\Windows\v7.1\Setup\WindowsSdkVer.exe

12/10/2010 17:12:20 Untreated: Virus.Win32.Hidrag.a C:\Arquivos de Programas\Microsoft SDKs\Windows\v7.1\Setup\WindowsSdkVer.exe Skipped by user

12/10/2010 17:12:22 Detected: Virus.Win32.Hidrag.a C:\Arquivos de Programas\Microsoft SDKs\Windows\v7.1\Setup\SDKSetup.exe

12/10/2010 17:12:22 Untreated: Virus.Win32.Hidrag.a C:\Arquivos de Programas\Microsoft SDKs\Windows\v7.1\Setup\SDKSetup.exe Skipped by user

12/10/2010 17:22:02 Detected: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\AppData\Local\Temp\patcher_update.exe

12/10/2010 17:22:02 Untreated: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\AppData\Local\Temp\patcher_update.exe Skipped by user

12/10/2010 17:22:03 Detected: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\AppData\Local\Temp\TempRealCharacterBuilderUpdater.exe

12/10/2010 17:22:03 Untreated: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\AppData\Local\Temp\TempRealCharacterBuilderUpdater.exe Skipped by user

12/10/2010 17:25:07 Detected: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\AppData\Local\Temp\Rar$DR01.159\Patch\main.exe

12/10/2010 17:25:07 Untreated: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\AppData\Local\Temp\Rar$DR01.159\Patch\main.exe Skipped by user

12/10/2010 17:25:08 Detected: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\AppData\Local\Temp\UDK-ca22915a-82f0-49ec-a009-ce8fb6e1ed13\Binaries\UnSetup.exe

12/10/2010 17:25:08 Untreated: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\AppData\Local\Temp\UDK-ca22915a-82f0-49ec-a009-ce8fb6e1ed13\Binaries\UnSetup.exe Skipped by user

12/10/2010 17:25:09 Detected: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\AppData\Local\Temp\Rar$DR08.105\Patch\main.exe

12/10/2010 17:25:09 Untreated: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\AppData\Local\Temp\Rar$DR08.105\Patch\main.exe Skipped by user

12/10/2010 17:25:09 Detected: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\AppData\Local\Temp\Rar$DR05.869\Patch\main.exe

12/10/2010 17:25:09 Untreated: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\AppData\Local\Temp\Rar$DR05.869\Patch\main.exe Skipped by user

12/10/2010 17:26:25 Detected: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\AppData\Roaming\BSplayer\Haali media splitter\gdsmux.exe

12/10/2010 17:26:25 Untreated: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\AppData\Roaming\BSplayer\Haali media splitter\gdsmux.exe Skipped by user

12/10/2010 17:32:33 Detected: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Configurações locais\Temp\patcher_update.exe

12/10/2010 17:32:33 Untreated: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Configurações locais\Temp\patcher_update.exe Skipped by user

12/10/2010 17:32:34 Detected: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Configurações locais\Temp\TempRealCharacterBuilderUpdater.exe

12/10/2010 17:32:34 Untreated: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Configurações locais\Temp\TempRealCharacterBuilderUpdater.exe Skipped by user

12/10/2010 17:34:12 Detected: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Configurações locais\Temp\Rar$DR01.159\Patch\main.exe

12/10/2010 17:34:12 Untreated: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Configurações locais\Temp\Rar$DR01.159\Patch\main.exe Skipped by user

12/10/2010 17:34:22 Detected: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Configurações locais\Temp\UDK-ca22915a-82f0-49ec-a009-ce8fb6e1ed13\Binaries\UnSetup.exe

12/10/2010 17:34:22 Untreated: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Configurações locais\Temp\UDK-ca22915a-82f0-49ec-a009-ce8fb6e1ed13\Binaries\UnSetup.exe Skipped by user

12/10/2010 17:34:24 Detected: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Configurações locais\Temp\Rar$DR05.869\Patch\main.exe

12/10/2010 17:34:24 Detected: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Configurações locais\Temp\Rar$DR08.105\Patch\main.exe

12/10/2010 17:34:24 Untreated: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Configurações locais\Temp\Rar$DR08.105\Patch\main.exe Skipped by user

12/10/2010 17:34:24 Untreated: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Configurações locais\Temp\Rar$DR05.869\Patch\main.exe Skipped by user

12/10/2010 17:34:55 Detected: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Dados de aplicativos\BSplayer\Haali media splitter\gdsmux.exe

12/10/2010 17:34:55 Untreated: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Dados de aplicativos\BSplayer\Haali media splitter\gdsmux.exe Skipped by user

12/10/2010 17:39:16 Detected: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Desktop\82199-AutoClick.exe

12/10/2010 17:39:16 Untreated: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Desktop\82199-AutoClick.exe Skipped by user

12/10/2010 17:39:17 Detected: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Desktop\drivermax.exe

12/10/2010 17:39:17 Untreated: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Desktop\drivermax.exe Skipped by user

12/10/2010 17:39:41 Detected: Trojan-PSW.Win32.QQShou.afk C:\Documents and Settings\Victor\Desktop\Injector dll+Injector Mod+Rmver.rar/Injector dll+Injector Mod+Rmver/Inject Mod e Dll.exe

12/10/2010 17:39:51 Untreated: Trojan-PSW.Win32.QQShou.afk C:\Documents and Settings\Victor\Desktop\Injector dll+Injector Mod+Rmver.rar/Injector dll+Injector Mod+Rmver/Inject Mod e Dll.exe Write not supported

12/10/2010 17:41:32 Detected: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Desktop\MousePointClicker.exe

12/10/2010 17:41:32 Untreated: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Desktop\MousePointClicker.exe Skipped by user

12/10/2010 17:42:31 Detected: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Desktop\Patch.rar/Patch/main.exe

12/10/2010 17:42:31 Untreated: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Desktop\Patch.rar/Patch/main.exe Write not supported

12/10/2010 17:44:22 Detected: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Desktop\Capcom_by_rafaloko\Capcom\Capcom.exe

12/10/2010 17:44:22 Untreated: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Desktop\Capcom_by_rafaloko\Capcom\Capcom.exe Skipped by user

12/10/2010 17:45:01 Detected: Trojan-PSW.Win32.QQShou.afk C:\Documents and Settings\Victor\Desktop\Injector dll+Injector Mod+Rmver\Injector dll+Injector Mod+Rmver\Inject Mod e Dll.exe

12/10/2010 17:45:03 Detected: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Desktop\Mariana Arquivos\eMule\LinkCreator.exe

12/10/2010 17:45:06 Untreated: Trojan-PSW.Win32.QQShou.afk C:\Documents and Settings\Victor\Desktop\Injector dll+Injector Mod+Rmver\Injector dll+Injector Mod+Rmver\Inject Mod e Dll.exe Skipped by user

12/10/2010 17:45:06 Untreated: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Desktop\Mariana Arquivos\eMule\LinkCreator.exe Skipped by user

12/10/2010 17:46:49 Detected: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Desktop\Mariana Arquivos\WKIDS - Clássicos Favoritos das Virtudes\unins000.exe

12/10/2010 17:46:49 Untreated: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Desktop\Mariana Arquivos\WKIDS - Clássicos Favoritos das Virtudes\unins000.exe Skipped by user

12/10/2010 17:46:52 Detected: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Desktop\Mariana Arquivos\WKIDS - Clássicos Favoritos das Virtudes\Clássicos Favoritos das Virtudes.exe

12/10/2010 17:46:52 Untreated: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Desktop\Mariana Arquivos\WKIDS - Clássicos Favoritos das Virtudes\Clássicos Favoritos das Virtudes.exe Skipped by user

12/10/2010 17:46:59 Detected: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Desktop\Nova pasta (2)\sXeInjectedSetup.11.0.exe

12/10/2010 17:46:59 Untreated: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Desktop\Nova pasta (2)\sXeInjectedSetup.11.0.exe Skipped by user

12/10/2010 17:47:00 Detected: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Desktop\rb3e_src_bin_v0.2.1.0\bin\Redblade3e.exe

12/10/2010 17:47:00 Untreated: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Desktop\rb3e_src_bin_v0.2.1.0\bin\Redblade3e.exe Skipped by user

12/10/2010 17:47:03 Detected: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Desktop\tibia\Installer.exe

12/10/2010 17:47:03 Untreated: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Desktop\tibia\Installer.exe Skipped by user

12/10/2010 17:47:14 Detected: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Desktop\tibia\tibia850.exe

12/10/2010 17:47:14 Untreated: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Desktop\tibia\tibia850.exe Skipped by user

12/10/2010 17:47:15 Detected: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Desktop\tibia\TibiaMaps.exe

12/10/2010 17:47:15 Untreated: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Desktop\tibia\TibiaMaps.exe Skipped by user

12/10/2010 17:47:16 Detected: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Desktop\tibia\TibiaMCV.exe

12/10/2010 17:47:16 Untreated: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Desktop\tibia\TibiaMCV.exe Skipped by user

12/10/2010 17:48:07 Detected: Trojan.Win32.Midgare.asqk C:\Documents and Settings\Victor\Desktop\VovoTURBO_by_Alonso_UpBy_M.santana\L33T_Menu_v1.6.dll

12/10/2010 17:48:22 Untreated: Trojan.Win32.Midgare.asqk C:\Documents and Settings\Victor\Desktop\VovoTURBO_by_Alonso_UpBy_M.santana\L33T_Menu_v1.6.dll Skipped by user

12/10/2010 17:48:28 Detected: Trojan.Win32.Midgare.arze C:\Documents and Settings\Victor\Desktop\VovoTURBO_by_Alonso_UpBy_M.santana\L33T_WC_Menu_v1.3.dll

12/10/2010 17:48:33 Untreated: Trojan.Win32.Midgare.arze C:\Documents and Settings\Victor\Desktop\VovoTURBO_by_Alonso_UpBy_M.santana\L33T_WC_Menu_v1.3.dll Skipped by user

12/10/2010 17:48:37 Detected: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Desktop\VovoTURBO_by_Alonso_UpBy_M.santana\mbam-setup-1.46_baixaki.exe

12/10/2010 17:48:37 Untreated: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Desktop\VovoTURBO_by_Alonso_UpBy_M.santana\mbam-setup-1.46_baixaki.exe Skipped by user

12/10/2010 17:48:40 Detected: Backdoor.Win32.Hupigon.mbmq C:\Documents and Settings\Victor\Desktop\VovoTURBO_by_Alonso_UpBy_M.santana\Web Cheats Injetor.exe

12/10/2010 17:48:40 Untreated: Backdoor.Win32.Hupigon.mbmq C:\Documents and Settings\Victor\Desktop\VovoTURBO_by_Alonso_UpBy_M.santana\Web Cheats Injetor.exe Skipped by user

12/10/2010 17:48:40 Detected: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Desktop\VovoTURBO_by_Alonso_UpBy_M.santana\wrar393br.exe

12/10/2010 17:48:40 Untreated: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Desktop\VovoTURBO_by_Alonso_UpBy_M.santana\wrar393br.exe Skipped by user

12/10/2010 17:48:43 Detected: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Desktop\VovoTURBO_by_Alonso_UpBy_M.santana\Nova pasta\rrpg.exe

12/10/2010 17:48:43 Untreated: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Desktop\VovoTURBO_by_Alonso_UpBy_M.santana\Nova pasta\rrpg.exe Skipped by user

12/10/2010 18:01:05 Detected: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Downloads\gifs\orbit.exe

12/10/2010 18:01:05 Untreated: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Downloads\gifs\orbit.exe Skipped by user

12/10/2010 18:03:09 Detected: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Downloads\torrents\junho\DDI_CB.exe

12/10/2010 18:03:09 Untreated: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Downloads\torrents\junho\DDI_CB.exe Skipped by user

12/10/2010 18:03:09 Detected: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Downloads\torrents\junho\DM-HSS-1.47-install-anchorfree-76-conduit.exe

12/10/2010 18:03:09 Untreated: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Downloads\torrents\junho\DM-HSS-1.47-install-anchorfree-76-conduit.exe Skipped by user

12/10/2010 18:03:33 Detected: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Downloads\torrents\junho\wlsetup-web.exe

12/10/2010 18:03:33 Untreated: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Downloads\torrents\junho\wlsetup-web.exe Skipped by user

12/10/2010 18:05:40 Detected: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Downloads\torrents\outubro\hijackthis_sfx.exe

12/10/2010 18:05:40 Untreated: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Downloads\torrents\outubro\hijackthis_sfx.exe Skipped by user

12/10/2010 18:05:49 Detected: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Downloads\torrents\setembro\eMule0.50a-Installer.exe

12/10/2010 18:05:49 Untreated: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Downloads\torrents\setembro\eMule0.50a-Installer.exe Skipped by user

12/10/2010 18:06:03 Detected: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Downloads\torrents\setembro\Mp3EditorforFree.exe

12/10/2010 18:06:03 Untreated: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Downloads\torrents\setembro\Mp3EditorforFree.exe Skipped by user

12/10/2010 18:12:15 Detected: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\temp\TeamViewer\Version5\TeamViewer_.exe

12/10/2010 18:12:15 Untreated: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\temp\TeamViewer\Version5\TeamViewer_.exe Skipped by user

12/10/2010 18:12:17 Detected: Virus.Win32.Hidrag.a C:\Downloads\CheatEngine561.exe

12/10/2010 18:12:17 Untreated: Virus.Win32.Hidrag.a C:\Downloads\CheatEngine561.exe Skipped by user

12/10/2010 18:12:17 Detected: Virus.Win32.Hidrag.a C:\Downloads\kitsusaga_us_downloader.exe

12/10/2010 18:12:17 Untreated: Virus.Win32.Hidrag.a C:\Downloads\kitsusaga_us_downloader.exe Skipped by user

12/10/2010 18:13:12 Detected: Virus.Win32.Hidrag.a C:\Downloads\PhysX_9.10.0513_SystemSoftware.exe

12/10/2010 18:13:12 Untreated: Virus.Win32.Hidrag.a C:\Downloads\PhysX_9.10.0513_SystemSoftware.exe Skipped by user

12/10/2010 18:13:31 Detected: Virus.Win32.Hidrag.a C:\Downloads\setup_av_free.exe

12/10/2010 18:13:31 Untreated: Virus.Win32.Hidrag.a C:\Downloads\setup_av_free.exe Skipped by user

12/10/2010 18:16:50 Detected: Virus.Win32.Hidrag.a C:\DriveKey\HijackThis.exe

12/10/2010 18:16:50 Untreated: Virus.Win32.Hidrag.a C:\DriveKey\HijackThis.exe Skipped by user

12/10/2010 18:17:19 Detected: Virus.Win32.Hidrag.a C:\DriveKey\HPUSBFW.EXE

12/10/2010 18:17:19 Untreated: Virus.Win32.Hidrag.a C:\DriveKey\HPUSBFW.EXE Skipped by user

12/10/2010 18:17:19 Detected: Virus.Win32.Hidrag.a C:\Level Up! Games\Combat Arms\CAV.exe

12/10/2010 18:17:19 Untreated: Virus.Win32.Hidrag.a C:\Level Up! Games\Combat Arms\CAV.exe Skipped by user

12/10/2010 18:17:22 Detected: Virus.Win32.Hidrag.a C:\Downloads\Mudrake_Full_Sem_Som.exe

12/10/2010 18:17:22 Untreated: Virus.Win32.Hidrag.a C:\Downloads\Mudrake_Full_Sem_Som.exe Skipped by user

12/10/2010 18:17:24 Detected: Virus.Win32.Hidrag.a C:\Level Up! Games\Combat Arms\NGM.exe

12/10/2010 18:17:24 Untreated: Virus.Win32.Hidrag.a C:\Level Up! Games\Combat Arms\NGM.exe Skipped by user

12/10/2010 18:17:27 Detected: Virus.Win32.Hidrag.a C:\Level Up! Games\Combat Arms\NMService.exe

12/10/2010 18:17:27 Untreated: Virus.Win32.Hidrag.a C:\Level Up! Games\Combat Arms\NMService.exe Skipped by user

12/10/2010 18:17:36 Detected: Virus.Win32.Hidrag.a C:\Downloads\wesnoth-1.9.1-win32.exe

12/10/2010 18:17:36 Untreated: Virus.Win32.Hidrag.a C:\Downloads\wesnoth-1.9.1-win32.exe Skipped by user

12/10/2010 18:17:51 Detected: Virus.Win32.Hidrag.a C:\Level Up! Games\Combat Arms\HShield\AhnRpt.exe

12/10/2010 18:17:51 Untreated: Virus.Win32.Hidrag.a C:\Level Up! Games\Combat Arms\HShield\AhnRpt.exe Skipped by user

12/10/2010 18:17:54 Detected: Virus.Win32.Hidrag.a C:\Level Up! Games\Combat Arms\HShield\HsLogMgr.exe

12/10/2010 18:17:54 Untreated: Virus.Win32.Hidrag.a C:\Level Up! Games\Combat Arms\HShield\HsLogMgr.exe Skipped by user

12/10/2010 18:17:54 Detected: Virus.Win32.Hidrag.a C:\Level Up! Games\Combat Arms\HShield\HSUpdate.exe

12/10/2010 18:17:54 Untreated: Virus.Win32.Hidrag.a C:\Level Up! Games\Combat Arms\HShield\HSUpdate.exe Skipped by user

12/10/2010 18:18:08 Detected: Virus.Win32.Hidrag.a C:\Level Up! Games\Combat Arms\HShield\Update\autoup.exe

12/10/2010 18:18:08 Untreated: Virus.Win32.Hidrag.a C:\Level Up! Games\Combat Arms\HShield\Update\autoup.exe Skipped by user

12/10/2010 18:19:04 Detected: Virus.Win32.Hidrag.a C:\NVIDIA\DisplayDriver\195.62\WinVista_Win7_64\English\3DVision_195.62.exe

12/10/2010 18:19:04 Untreated: Virus.Win32.Hidrag.a C:\NVIDIA\DisplayDriver\195.62\WinVista_Win7_64\English\3DVision_195.62.exe Skipped by user

12/10/2010 18:19:07 Detected: Virus.Win32.Hidrag.a C:\NVIDIA\DisplayDriver\195.62\WinVista_Win7_64\English\hdaudio_1.00.00.63_xp_vista_win7.exe

12/10/2010 18:19:07 Untreated: Virus.Win32.Hidrag.a C:\NVIDIA\DisplayDriver\195.62\WinVista_Win7_64\English\hdaudio_1.00.00.63_xp_vista_win7.exe Skipped by user

12/10/2010 18:19:29 Detected: Virus.Win32.Hidrag.a C:\NVIDIA\DisplayDriver\195.62\WinVista_Win7_64\English\NvCplSetupEng.exe

12/10/2010 18:19:29 Untreated: Virus.Win32.Hidrag.a C:\NVIDIA\DisplayDriver\195.62\WinVista_Win7_64\English\NvCplSetupEng.exe Skipped by user

12/10/2010 18:19:48 Detected: Virus.Win32.Hidrag.a C:\NVIDIA\DisplayDriver\195.62\WinVista_Win7_64\English\setup.exe

12/10/2010 18:19:48 Untreated: Virus.Win32.Hidrag.a C:\NVIDIA\DisplayDriver\195.62\WinVista_Win7_64\English\setup.exe Skipped by user

12/10/2010 18:19:54 Detected: Virus.Win32.Hidrag.a C:\NVIDIA\DisplayDriver\195.62\WinVista_Win7_64\English\PhysX_9.09.0814_SystemSoftware.exe

12/10/2010 18:19:54 Untreated: Virus.Win32.Hidrag.a C:\NVIDIA\DisplayDriver\195.62\WinVista_Win7_64\English\PhysX_9.09.0814_SystemSoftware.exe Skipped by user

12/10/2010 18:19:55 Detected: Virus.Win32.Hidrag.a C:\NVIDIA\DisplayDriver\196.21\WinVista_Win7_64\English\3DVision_196.21.exe

12/10/2010 18:19:56 Untreated: Virus.Win32.Hidrag.a C:\NVIDIA\DisplayDriver\196.21\WinVista_Win7_64\English\3DVision_196.21.exe Skipped by user

12/10/2010 18:19:58 Detected: Virus.Win32.Hidrag.a C:\NVIDIA\DisplayDriver\196.21\WinVista_Win7_64\English\hdaudio_1.00.00.63_xp_vista_win7.exe

12/10/2010 18:19:58 Untreated: Virus.Win32.Hidrag.a C:\NVIDIA\DisplayDriver\196.21\WinVista_Win7_64\English\hdaudio_1.00.00.63_xp_vista_win7.exe Skipped by user

12/10/2010 18:20:10 Detected: Virus.Win32.Hidrag.a C:\NVIDIA\DisplayDriver\196.21\WinVista_Win7_64\English\NvCplSetupEng.exe

12/10/2010 18:20:10 Untreated: Virus.Win32.Hidrag.a C:\NVIDIA\DisplayDriver\196.21\WinVista_Win7_64\English\NvCplSetupEng.exe Skipped by user

12/10/2010 18:20:14 Detected: Virus.Win32.Hidrag.a C:\NVIDIA\DisplayDriver\197.45\WinVista_Win7_64\English\hdaudio_1.0.9.1_xp_vista_win7.exe

12/10/2010 18:20:14 Untreated: Virus.Win32.Hidrag.a C:\NVIDIA\DisplayDriver\197.45\WinVista_Win7_64\English\hdaudio_1.0.9.1_xp_vista_win7.exe Skipped by user

12/10/2010 18:20:16 Detected: Virus.Win32.Hidrag.a C:\NVIDIA\DisplayDriver\197.45\WinVista_Win7_64\English\3DVision_197.45.exe

12/10/2010 18:20:16 Untreated: Virus.Win32.Hidrag.a C:\NVIDIA\DisplayDriver\197.45\WinVista_Win7_64\English\3DVision_197.45.exe Skipped by user

12/10/2010 18:20:20 Detected: Virus.Win32.Hidrag.a C:\NVIDIA\DisplayDriver\196.21\WinVista_Win7_64\English\PhysX_9.09.1112_SystemSoftware.exe

12/10/2010 18:20:20 Untreated: Virus.Win32.Hidrag.a C:\NVIDIA\DisplayDriver\196.21\WinVista_Win7_64\English\PhysX_9.09.1112_SystemSoftware.exe Skipped by user

12/10/2010 18:20:23 Detected: Virus.Win32.Hidrag.a C:\NVIDIA\DisplayDriver\197.45\WinVista_Win7_64\English\NvCplSetupEng.exe

12/10/2010 18:20:23 Untreated: Virus.Win32.Hidrag.a C:\NVIDIA\DisplayDriver\197.45\WinVista_Win7_64\English\NvCplSetupEng.exe Skipped by user

12/10/2010 18:20:31 Detected: Virus.Win32.Hidrag.a C:\NVIDIA\DisplayDriver\197.45\WinVista_Win7_64\English\setup.exe

12/10/2010 18:20:31 Untreated: Virus.Win32.Hidrag.a C:\NVIDIA\DisplayDriver\197.45\WinVista_Win7_64\English\setup.exe Skipped by user

12/10/2010 18:20:31 Detected: Virus.Win32.Hidrag.a C:\Program Files\HijackThis\HijackThis.exe

12/10/2010 18:20:31 Untreated: Virus.Win32.Hidrag.a C:\Program Files\HijackThis\HijackThis.exe Skipped by user

12/10/2010 18:20:31 Detected: Virus.Win32.Hidrag.a C:\Program Files\Microsoft SDKs\Windows\v7.1\Setup\WindowsSdkVer.exe

12/10/2010 18:20:31 Untreated: Virus.Win32.Hidrag.a C:\Program Files\Microsoft SDKs\Windows\v7.1\Setup\WindowsSdkVer.exe Skipped by user

12/10/2010 18:20:32 Detected: Virus.Win32.Hidrag.a C:\Program Files\Microsoft SDKs\Windows\v7.1\Setup\SDKSetup.exe

12/10/2010 18:20:32 Untreated: Virus.Win32.Hidrag.a C:\Program Files\Microsoft SDKs\Windows\v7.1\Setup\SDKSetup.exe Skipped by user

12/10/2010 18:20:33 Detected: Virus.Win32.Hidrag.a C:\Program Files (x86)\adma\Google Book Downloader\GBDownloader.exe

12/10/2010 18:20:33 Untreated: Virus.Win32.Hidrag.a C:\Program Files (x86)\adma\Google Book Downloader\GBDownloader.exe Skipped by user

12/10/2010 18:20:34 Detected: Virus.Win32.Hidrag.a C:\Program Files (x86)\Adobe\Reader 9.0\Reader\A3DUtility.exe

12/10/2010 18:20:34 Untreated: Virus.Win32.Hidrag.a C:\Program Files (x86)\Adobe\Reader 9.0\Reader\A3DUtility.exe Skipped by user

12/10/2010 18:20:35 Detected: Virus.Win32.Hidrag.a C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroBroker.exe

12/10/2010 18:20:35 Untreated: Virus.Win32.Hidrag.a C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroBroker.exe Skipped by user

12/10/2010 18:20:35 Detected: Virus.Win32.Hidrag.a C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe

12/10/2010 18:20:35 Untreated: Virus.Win32.Hidrag.a C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe Skipped by user

12/10/2010 18:20:36 Detected: Virus.Win32.Hidrag.a C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AdobeCollabSync.exe

12/10/2010 18:20:36 Untreated: Virus.Win32.Hidrag.a C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AdobeCollabSync.exe Skipped by user

12/10/2010 18:21:06 Detected: Virus.Win32.Hidrag.a C:\Program Files (x86)\Asprate\Tibia Multi IP Changer\Tibia MULTI-ip changer.exe

12/10/2010 18:21:06 Untreated: Virus.Win32.Hidrag.a C:\Program Files (x86)\Asprate\Tibia Multi IP Changer\Tibia MULTI-ip changer.exe Skipped by user

12/10/2010 18:21:08 Detected: Virus.Win32.Hidrag.a C:\Program Files (x86)\AxBx\Clean Virus MSN\CleanVirusMSN.exe

12/10/2010 18:21:08 Untreated: Virus.Win32.Hidrag.a C:\Program Files (x86)\AxBx\Clean Virus MSN\CleanVirusMSN.exe Skipped by user

12/10/2010 18:21:14 Detected: Virus.Win32.Hidrag.a C:\Program Files (x86)\Cheat Engine\Systemcallretriever.exe

12/10/2010 18:21:14 Untreated: Virus.Win32.Hidrag.a C:\Program Files (x86)\Cheat Engine\Systemcallretriever.exe Skipped by user

12/10/2010 18:21:16 Detected: Virus.Win32.Hidrag.a C:\Program Files (x86)\Cheat Engine\Tutorial.exe

12/10/2010 18:21:16 Untreated: Virus.Win32.Hidrag.a C:\Program Files (x86)\Cheat Engine\Tutorial.exe Skipped by user

12/10/2010 18:21:18 Detected: Virus.Win32.Hidrag.a C:\Program Files (x86)\Cheat Engine\unins000.exe

12/10/2010 18:21:18 Untreated: Virus.Win32.Hidrag.a C:\Program Files (x86)\Cheat Engine\unins000.exe Skipped by user

12/10/2010 18:21:19 Detected: Virus.Win32.Hidrag.a C:\Program Files (x86)\Cheat Engine\unins001.exe

12/10/2010 18:21:19 Untreated: Virus.Win32.Hidrag.a C:\Program Files (x86)\Cheat Engine\unins001.exe Skipped by user

Compartilhar este post


Link para o post
Compartilhar em outros sites

padaria,

Observações:

1 - É possível que seja necessário executar este procedimento mais de uma vez para garantir que os arquivos infectados tenham sido removidos.

2 - Talvez a ferramenta não consiga restaurar todos os arquivos infectados, o que nos leva para uma formatação necessária. É aconselhável que salve seus documentos, fotos, músicas, vídeos e etc... MENOS ARQUIVOS .EXE e proceda com a formatação.

3 - Por segurança, realize os backups citados acima antes de executar a ferramenta.

4 - Após executar o procedimento abaixo, se ainda for prosseguir com as análises, poste um novo log do Hijackthis.

Baixe Dr.WebCureIt em um PC limpo e grave-a em um CD-RW:

ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

  • Reinicie em Modo de Segurança (Pressione intermitentemente F8 durante a inicialização, no menu que aparecer escolha através da seta de navegação, Modo Seguro).
  • Execute o arquivo drweb-cureit.exe, clique em Iniciar e deixe que ele faça uma verificação expressa no seu pc (express scan).
  • Ele vai escanear os arquivos que estão rodando na memória e quando ele encontrar algo, clique no botão yes para permitir que ele recupere o arquivo infectado.(Esse é um exame rápido)
  • De volta à janela principal, marque a opção Verificação Completa.
  • Clique na seta verde para iniciar o exame, conforme a imagem abaixo:

drwebseta.jpg

  • Se ele perguntar se você deseja curar/mover o arquivo, clique em Sim para todos.
  • Caso o programa não possa curá-los, ele irá movê-los para a pasta Quarentena, no diretório do DoctorWeb.
  • Feito isto, vá no menu superior e clique na opção Ficheiros > Guardar listas de arquivos
  • Salve a lista na sua área de trabalho. A lista será salva como DrWeb.csv
  • Feche o programa.
  • Reinicie seu computador para que o programa termine de deletar/mover os arquivos que estavam sendo usados.

Talvez já seja melhor fazer os backups e formatar em virtude da quantidade de arquivos de programas já comprometidos pelo malware.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ciro, como eu imaginava, resultaria em formatação mesmo, tenho um hd externo para backup, será que os arquivos exe que estao dentro dele tambem esta infectados?

se eu fizer um backup de meus arquivos, menos os exe, não correrei o risco de infectar-me novamente quando copiar estes arquivos novamente para o pc?

Aguardo e agradeço a atenção desprendida

Compartilhar este post


Link para o post
Compartilhar em outros sites

padaria,

Ciro, como eu imaginava, resultaria em formatação mesmo, tenho um hd externo para backup, será que os arquivos exe que estao dentro dele tambem esta infectados?

Se ele está sempre conectado ao PC, sim, é possível que os arquivos .exe contidos nele já estejam comprometidos.

se eu fizer um backup de meus arquivos, menos os exe, não correrei o risco de infectar-me novamente quando copiar estes arquivos novamente para o pc?

O malware afeta a arquivos executáveis, então uma foto ou uma música não oferecerão riscos de nova infecção no futuro.

Compartilhar este post


Link para o post
Compartilhar em outros sites

estou no trabalho e estou baixando a ferramenta que me indicou, mas de qualquer forma, farei o backup antes e executarei as tarefas indicadas, assim que tiver novidades posto aqui.

obrigado mesmo

Compartilhar este post


Link para o post
Compartilhar em outros sites

Cara, esse webcureit aí, é d+...

limpo aparentemente tudo os exe, o avast está ate funcionando de novo ^^

o log do hijack está aí

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 12:02:04, on 14/10/2010

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Users\Victor\Desktop\hijack\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')

O4 - Startup: EZ Macros.lnk = C:\Program Files\American Systems\EZ Macros\EZMacros.exe

O4 - Startup: setup_9.0.0.722_12.10.2010_18-36.lnk = Victor\Desktop\Virus Removal Tool\setup_9.0.0.722_12.10.2010_18-36\startup.exe

O4 - Startup: Xfire.lnk = C:\Program Files (x86)\Xfire\Xfire.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\OFFICE11\REFIEBAR.DLL

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Serviço de estado do ASP.NET (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 7390 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

padaria,

A verificação foi repetida mais de uma vez para verificar se realmente todos os arquivos foram limpos/removidos?

Baixe OTL by OldTimer, e salve na sua área de trabalho.

Feche todas as janelas e execute a ferramenta.

** Usuários do Windows Vista e Windows 7:

Clique com o direito sobre o arquivo, depois clique em

execadmin.png
.

Onde diz Saída, marque Padrão

Marque também estas opções:

  • Data de Criação -> mude para 90 dias
  • Usar WhiteList para Nomes de Companhias.
  • Ignorar Arquivos Microsoft
  • Verificar Lop
  • Verificar Purity

Selecione estas linhas em vermelho, clique com o direito sobre a seleção, e escolha a opção copiar

netsvcs

msconfig

safebootminimal

safebootnetwork

drivers32 /all

%systemroot%\system32\drivers\*.* /90

%SYSTEMDRIVE%\*.*

%PROGRAMFILES%\*.*

%systemroot%\Fonts\*.dll

%systemroot%\Fonts\*.ini

%systemroot%\Fonts\*.ini2

%systemroot%\Fonts\*.com

%systemroot%\Tasks\*.job /lockedfiles

%systemroot%\*. /mp /s

%systemroot%\system32\*.wt

%systemroot%\system32\*.ruy

Volte ao programa, clique com o direito em qualquer parte branca da sessão Exames Personalizados/Correções e escolha colar

Clique no botão Verificar

Não modifique nenhuma outra configuração, a menos que tenha sido orientado (a ) a fazer isso.

O exame demora um pouco, tenha paciência.

Quando terminar, dois blocos de notas serão exibidos: OTL.txt e Extras.txt

Ambos ficarão salvos dentro do mesmo diretório onde está o OTL.exe, ou seja, na sua área de trabalho.

Copie todo o conteúdo do OTL.txt e cole na sua resposta.

Anexe o arquivo Extras.txt

OBS: Caso os logs fiquem muito grandes e exceda o limite do forum, envie-os para um arquivo .zip ou .rar e anexe-os à sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

os dois logs estao no arquivo zipado.

o forum não aceitava meu arquivo rar e nem me deixava postar os log pois era muito grande peço desculpa pelos posts seguidos.

logs.zip

Editado por padaria

Compartilhar este post


Link para o post
Compartilhar em outros sites

padaria,

Selecione estas linhas em vermelho, clique com o direito sobre a seleção e escolha a opção copiar:

:OTL

DRV - [2010/07/17 20:01:31 | 000,011,008 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\system32\drivers\ActUsb.sys -- (ActUsb)

[2010/10/04 21:16:26 | 000,004,966 | ---- | M] () -- C:\ProgramData\qcshnlgj.fwn

[2010/09/10 23:58:49 | 000,004,996 | ---- | M] () -- C:\ProgramData\cmxvgkig.mem

[2010/09/10 23:38:03 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\PJGuard.dll

[2010/07/17 20:01:31 | 000,011,008 | ---- | C] () -- C:\Windows\SysWow64\drivers\ActUsb.sys

@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:93DF240E

:Commands

[createrestorepoint]

[purity]

[emptytemp]

Execute o OTL.exe

** Usuários do Windows Vista e Windows 7:

Clique com o direito sobre o arquivo, depois clique em

execadmin.png
.

Clique com o direito em qualquer parte branca, da sessão Exames Personalizados/Correções e escolha a opção colar

Feche TODAS as janelas (exceto o próprio OTL).

Clique no botão

BotaoConsertar.png

O programa executará o script e reiniciará o seu computador.

Quando o Windows for carregado, o OTL será executado automaticamente. Permita a sua execução.

Um bloco de notas será aberto, contendo algumas informações.

Copie TODO o conteúdo deste bloco de notas e cole na sua resposta.

Uma cópia deste log ficará armazenado na pasta C:\_OTL\MovedFiles com o nome no seguinte formato data_hora.log.

Exemplo: 03142010_145545.log

Poste também um novo log do Hijackthis.

Compartilhar este post


Link para o post
Compartilhar em outros sites

All processes killed

========== OTL ==========

Service ActUsb stopped successfully!

Service ActUsb deleted successfully!

C:\Windows\SysWOW64\drivers\ActUsb.sys moved successfully.

C:\ProgramData\qcshnlgj.fwn moved successfully.

C:\ProgramData\cmxvgkig.mem moved successfully.

C:\Windows\SysWOW64\PJGuard.dll moved successfully.

File C:\Windows\SysWow64\drivers\ActUsb.sys not found.

ADS C:\ProgramData\TEMP:93DF240E deleted successfully.

========== COMMANDS ==========

Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: adm

User: All Users

User: AppData

User: Convidado

->Temp folder emptied: 53243 bytes

->Temporary Internet Files folder emptied: 295943 bytes

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Todos os Usuários

User: Usuário Padrão

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Victor

->Temp folder emptied: 2602814953 bytes

->Temporary Internet Files folder emptied: 29589613 bytes

->Java cache emptied: 32267212 bytes

->FireFox cache emptied: 85175446 bytes

->Opera cache emptied: 5909927 bytes

->Flash cache emptied: 86464151 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 311296 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 103431833 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 68006 bytes

RecycleBin emptied: 1509994 bytes

Total Files Cleaned = 2.811,00 mb

OTL by OldTimer - Version 3.2.15.2 log created on 10152010_184814

Files\Folders moved on Reboot...

C:\Users\Victor\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

-----------------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 18:56:43, on 15/10/2010

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16671)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe

C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 4\firefox.exe

C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 4\plugin-container.exe

C:\Users\Victor\Desktop\hijack\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')

O4 - Startup: EZ Macros.lnk = C:\Program Files\American Systems\EZ Macros\EZMacros.exe

O4 - Startup: setup_9.0.0.722_12.10.2010_18-36.lnk = Victor\Desktop\Virus Removal Tool\setup_9.0.0.722_12.10.2010_18-36\startup.exe

O4 - Startup: Xfire.lnk = C:\Program Files (x86)\Xfire\Xfire.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\OFFICE11\REFIEBAR.DLL

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Serviço de estado do ASP.NET (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 7587 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

padaria,

Para finalizar:


  1. Execute o OTL.exe
    Clique no botão
    Botao_Limpeza_OTL.png
    .
    Permita que seu computador seja reiniciado.
  2. java2.png
    Atualize o Java. Versões antigas têm vunerabilidades que alguns malwares podem usar para infectar seu sistema.
    • Faça download da última versão do Java Runtime Environment (JRE) 6u22.
    • Procure onde está escrito "Java Platform, Standard Edition".
    • Clique no botão Download JRE.
    • Em Plataform: selecione Windows.
    • Marque a caixa I agree to the Java SE Runtime Environment 6u22 with JavaFX License Agreement..
    • Clique em Continue.
    • Clique no link para download Windows Offline Installation e salve no seu desktop.
    • Feche qualquer programa que esteja executando, especialmente navegadores.
    • Vá em Iniciar > Painel de Controle duplo clique em Adicionar ou Remover Programas e remova todas as versões antigas do Java.
      Exemplos de versões antigas
      Java 2 Runtime Environment, SE v1.4.2
      J2SE Runtime Environment 5.0
      J2SE Runtime Environment 5.0 Update 6
    • Selecione qualquer item com nome Java Runtime Environment (JRE ou J2SE).
    • Clique no botão Remover ou Alterar/Remover.
    • Repita quantas vezes for necessária para remover cada versão do Java.
    • Reincie seu computador uma vez que todas as versões do Java tenham sido removidas.
    • Agora vá no seu desktop, clique duas vezes em jre-6u22-windows-i586.exe para instalar a mais nova versão.

[*]

AdobeReader.png
Atualize o Adobe Reader. Versões antigas têm vulnerabilidades que são exploradas por malwares.

Clique aqui e instale a mais nova versão.

[*]Para manutenção de sistema, remoção de arquivos temporários e inválidos, baixe TFC, by OldTimer.

Feche TODOS os programas e execute o TFC. Clique no botão Start e aguarde. Sua área de trabalho irá desaparecer, não se preocupe, isso faz parte do processo.

Tenha paciência, conforme a quantidade de dados a serem excluídos, o processo pode demorar mais de 2 minutos.

Quando terminar, você será solicitado a reiniciar seu computador. REINICIE.

Caso não lhe seja solicitado, reinicie manualmente.

[*]Visite o Windows Update regularmente e verifique por atualizações.

Novas brechas de segurança são descobertas com freqüência. Muitos malwares exploram essas brechas, infectando sistemas sem depender de nenhuma ação do usuário. A Microsoft corrige essas brechas através das atualizações.

Por isso é fundamental manter o seu sistema atualizado.

[*]Aprenda alguns cuidados e dicas para manter seu computador limpo. Leia o artigo Proteja seu pc:

http://linhadefensiva.org/artigos/proteja-seu-pc/

[*]Se não há mais nenhum problema relacionado a malwares, clique no botão

ReportButton.png
e peça para fecharem seu tópico.

Se você tiver alguma dúvida relacionada a informática e tecnologia, sinta-se à vontade para postar em qualquer área do forum Linha Defensiva.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Problema Resolvido!

Caso o autor necessite que o tópico seja reaberto, entre em contato com um dos membros da equipe de moderação.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.

  • Quem Está Navegando   0 membros estão online

    Nenhum usuário registrado visualizando esta página.