[Resolvido!] Pc lento e Desktop sumiu

[Rodolfosk8 0]

Bem, meu pc ta muito lento nos ultimos dias, e hoje o meu desktop sumiu sem mais nem menos, os icones e todas as coisas, eu abro ele pelo explorer e ta normal, mais pelo proprio desktop não aparece nada.

 

Log:

 

Logfile of HijackThis v1.99.1

Scan saved at 20:28 , on 6/5/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\AntiVir\avguard.exe

C:\Arquivos de programas\AntiVir\avgnt.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\S3Trayp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\4t Tray Minimizer\4t-min.exe

C:\Arquivos de programas\AntiVir\sched.exe

C:\Arquivos de programas\xampp\apache\bin\apache.exe

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Arquivos de programas\xampp\mysql\bin\mysqld-nt.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\xampp\apache\bin\apache.exe

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AcroRd32.exe

C:\Hijack\HijackThis.exe

 

R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - C:\ARQUIV~1\DAP\SBSearch.dll

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,C:\WINDOWS\system32\CatRoot\lsass.exe

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: ActivationManager module - {86A44EF7-78FC-4e18-A564-B18F806F7F56} - C:\Arquivos de programas\ActivationManager\ActivationManager.dll (file missing)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\ARQUIV~1\GbPlugin\gbiehuni.dll

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\AntiVir\avgnt.exe" /min

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [s3Trayp] S3Trayp.exe

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: 4t Tray Minimizer.lnk = C:\Arquivos de programas\4t Tray Minimizer\4t-min.exe

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img2.orkut.com/activex/10035/photouploader.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlug...GbPluginUni.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{B105623B-5BAF-467A-A007-D4C130CA52AF}: NameServer = 201.10.128.3,201.10.120.3

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O20 - Winlogon Notify: GbPluginUni - C:\ARQUIV~1\GbPlugin\gbiehuni.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\AntiVir\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\AntiVir\avguard.exe

O23 - Service: Apache2 - Unknown owner - C:\Arquivos de programas\xampp\apache\bin\apache.exe" -k runservice (file missing)

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: mysql - Unknown owner - C:\Arquivos de programas\xampp\mysql\bin\mysqld-nt.exe" "--defaults-file=C:\Arquivos de programas\xampp\mysql\bin\my.cnf" mysql (file missing)

O23 - Service: ProtexisLicensing - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PSIService.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\Arquivos comuns\PCSuite\Services\ServiceLayer.exe

 

Espero que possam me ajudar.

Obrigado

 

 

 

EDIT - Eu andei lendo alguns tópicos aqui do forum, e consegui resolver o problema do desktop.

Gostaria de saber agora se há algum arquivo malicioso que esteja abaixando o rendimento do meu pc.

 

Mais uma vez obrigado ;)

[DigRam 144]

Bom Dia! Rodolfosk8

 

>@< Faça o download do MSNFix.

>@< Salve-o no Desktop!

>@< Reinicie o computador,em Modo de Segurança.

>@< Descompacte-o e na pasta MSNFix,dê um duplo clique em MSNFix.bat

>@< Abrir-se-à a janela: MSN_Fix-menu

>@< Aperte a opção R,para dar início ao scan.

>@< Caso seja detectado algum problema,aparecerá a mensagem: Infection Présente

>@< Aperte Enter. Se,por algum motivo,queira sair do programa,aperte Q!

>@< O processo de remoção comecará. Aguarde! Pois pode demorar alguns minutos.

>@< Ao final, abrir-se-à o Bloco de Notas,com o Log. ( Relatório )

>@< Selecione e copie o seu conteúdo,que estará na pasta MSNFix.( msnfix.txt )

>@< Poste,também: HijackThis,atualizado.

 

Abraços!

[Rodolfosk8 0]

Bom dia DigRam,

 

Os logs tão ai:

 

MSNFix:

MSNFix 1.715

 

C:\Documents and Settings\EU\Desktop\MSNFix

Fix lançado dia qua 07/05/2008 - 12:53:24,73 By EU

modo de segurança

 

************************ Procurando os arquivos presentes

 

Nenhum arquivo encontrado

 

************************ Procurando as pastas presentes

 

Nenhuma pasta encontrada

 

 

************************ Arquivos suspeitos

 

/!\ Estes arquivos necessitam de uma opiniao de alguem competente antes de qualquer intervencao

 

[C:\DOCUME~1\EU\CONFIG~1\Temp\azemp-win32_1.9.11.zip] 92774C9AFE1F090877A36F58AD2CA53D

[C:\DOCUME~1\EU\CONFIG~1\Temp\ghastly_panic.zip] 64BD7B092B3D2EBC2A431EFD48F06E5B

[C:\DOCUME~1\EU\CONFIG~1\Temp\Grey_Solution.zip] FEFC5FF9F51CBAC2BBF13E4FD43680AE

[C:\DOCUME~1\EU\CONFIG~1\Temp\ja_sabina.zip] D77CFD1D21EA54410CE1FB69EFA00E27

[C:\DOCUME~1\EU\CONFIG~1\Temp\server.zip] 02B807259A9918F66D21F30E13078FAE

[C:\DOCUME~1\EU\CONFIG~1\Temp\visitor.zip] 080D65D21A71A3FC56290E393AABA910

 

==> Por favor não esqueça de mandar o arquivo C:\DOCUME~1\EU\Desktop\Upload_Me.zip no http://upload.changelog.fr

 

 

 

************************ HKLM\...\Winlogon\Userinit

 

Userinit = C:\WINDOWS\system32\userinit.exe,,C:\WINDOWS\system32\CatRoot\lsass.exe

 

 

------------------------------------------------------------------------

Autor : !aur3n7 Contact: http://changelog.fr

------------------------------------------------------------------------

 

--------------------------------------------- END ---------------------------------------------

 

 

HijackThis

Logfile of HijackThis v1.99.1

Scan saved at 12:55 , on 7/5/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Hijack\HijackThis.exe

 

R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - C:\ARQUIV~1\DAP\SBSearch.dll

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,C:\WINDOWS\system32\CatRoot\lsass.exe

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: ActivationManager module - {86A44EF7-78FC-4e18-A564-B18F806F7F56} - C:\Arquivos de programas\ActivationManager\ActivationManager.dll (file missing)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\ARQUIV~1\GbPlugin\gbiehuni.dll

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\AntiVir\avgnt.exe" /min

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [s3Trayp] S3Trayp.exe

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\RunOnce: [ GbPluginBb] RunDll32.exe C:\ARQUIV~1\GbPlugin\gbieh.dll,Gbieh

O4 - HKLM\..\RunOnce: [ GbPluginUni] RunDll32.exe C:\ARQUIV~1\GbPlugin\gbiehuni.dll,Gbieh

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: 4t Tray Minimizer.lnk = C:\Arquivos de programas\4t Tray Minimizer\4t-min.exe

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img2.orkut.com/activex/10035/photouploader.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlug...GbPluginUni.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{B105623B-5BAF-467A-A007-D4C130CA52AF}: NameServer = 201.10.128.3,201.10.120.3

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O20 - Winlogon Notify: GbPluginUni - C:\ARQUIV~1\GbPlugin\gbiehuni.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\AntiVir\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\AntiVir\avguard.exe

O23 - Service: Apache2 - Unknown owner - C:\Arquivos de programas\xampp\apache\bin\apache.exe" -k runservice (file missing)

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: mysql - Unknown owner - C:\Arquivos de programas\xampp\mysql\bin\mysqld-nt.exe" "--defaults-file=C:\Arquivos de programas\xampp\mysql\bin\my.cnf" mysql (file missing)

O23 - Service: ProtexisLicensing - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PSIService.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\Arquivos comuns\PCSuite\Services\ServiceLayer.exe

[DigRam 144]

Boa Tarde! Rodolfosk8

 

>@< BAIXE: < KillBox >

>@< Salve-o numa pasta,em C:/

------------------------------

>@< Abra o KillBox >> Marque a opção: Delete on Reboot

>@< Copie o ficheiro,sob o QUOTE,para o Bloco de Notas.( Ctrl + a ) >> ( ctrl + c )

 

C:\WINDOWS\system32\CatRoot\lsass.exe

>@< No Bloco de Notas,deixe: >> ( ctrl + c )

>@< No KillBox: Clique em File >> Paste from clipboard >> All Files

>@< Clique no X e,na pergunta.Diga Não!

>@< Reinicie o computador,em Modo de Segurança.

>@< Abra o HijackThis >> Clique: Do a system scan only

 

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,C:\WINDOWS\system32\CatRoot\lsass.exe

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: ActivationManager module - {86A44EF7-78FC-4e18-A564-B18F806F7F56} - C:\Arquivos de programas\ActivationManager\ActivationManager.dll (file missing)

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

>@< Marque as entradas,àcima,e clique em Fix checked.

>@< Terminando,reinicie em Modo Normal.

------------------------------

 

>@< Faça e poste: HijackThis,atualizado.

 

Abraços!

[Rodolfosk8 0]

Bom Dia.

 

Eu tive um pouco de dificuldade na explicação do KillBox.. Por isso eu não sei se fiz certo.

Mas o log ta ai:

 

Logfile of HijackThis v1.99.1

Scan saved at 10:22 , on 8/5/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\AntiVir\avguard.exe

C:\Arquivos de programas\AntiVir\avgnt.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\S3Trayp.exe

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\4t Tray Minimizer\4t-min.exe

C:\Arquivos de programas\AntiVir\sched.exe

C:\Arquivos de programas\xampp\apache\bin\apache.exe

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Arquivos de programas\xampp\mysql\bin\mysqld-nt.exe

C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PSIService.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\xampp\apache\bin\apache.exe

C:\Hijack\HijackThis.exe

 

R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - C:\ARQUIV~1\DAP\SBSearch.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\ARQUIV~1\GbPlugin\gbiehuni.dll

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\AntiVir\avgnt.exe" /min

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [s3Trayp] S3Trayp.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: 4t Tray Minimizer.lnk = C:\Arquivos de programas\4t Tray Minimizer\4t-min.exe

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img2.orkut.com/activex/10035/photouploader.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlug...GbPluginUni.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{B105623B-5BAF-467A-A007-D4C130CA52AF}: NameServer = 201.10.128.3,201.10.120.3

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O20 - Winlogon Notify: GbPluginUni - C:\ARQUIV~1\GbPlugin\gbiehuni.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\AntiVir\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\AntiVir\avguard.exe

O23 - Service: Apache2 - Unknown owner - C:\Arquivos de programas\xampp\apache\bin\apache.exe" -k runservice (file missing)

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: mysql - Unknown owner - C:\Arquivos de programas\xampp\mysql\bin\mysqld-nt.exe" "--defaults-file=C:\Arquivos de programas\xampp\mysql\bin\my.cnf" mysql (file missing)

O23 - Service: ProtexisLicensing - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PSIService.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\Arquivos comuns\PCSuite\Services\ServiceLayer.exe

 

Obrigado.

[DigRam 144]

Boa Noite! Rodolfosk8

 

>@< Faça um scan on line em: < Kaspersky >

 

<!> Acesse o site, clique em: < >

 

>@< Na próxima página,clique em: I Accept

>@< Isto,para que se instale o controle activeX e,em seguida,atualize o banco de dados.

>@< Na próxima página,clique em: My Computer e faça o scan.

>@< Tenha paciência! Aguarde a atualização da base de dados,e o próprio exame que é demorado.

>@< Terminando,salve e poste o relatório.

 

Abraços!

[Rodolfosk8 0]

Tem cada arquivo velho nesse log, que eu nem sabia q ainda tinha aki...

ehehehe

 

Log:

 

Scan Statistics Total number of scanned objects 133409 Number of viruses found 10 Number of infected objects 40 Number of suspicious objects 0 Duration of the scan process 02:11:01

Infected Object Name Virus Name Last Action C:\Arquivos de programas\xampp\apache\logs\access.log Object is locked skipped

C:\Arquivos de programas\xampp\apache\logs\error.log Object is locked skipped

C:\Arquivos de programas\xampp\apache\logs\ssl_request.log Object is locked skipped

C:\Arquivos de programas\xampp\mysql\data\rodolfo.err Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\EU\Configurações locais\Dados de aplicativos\Microsoft\Media Player\CurrentDatabase_59R.wmdb Object is locked skipped

C:\Documents and Settings\EU\Configurações locais\Dados de aplicativos\Microsoft\Messenger\rodolfoo_sk8@hotmail.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped

C:\Documents and Settings\EU\Configurações locais\Dados de aplicativos\Microsoft\Messenger\rodolfoo_sk8@hotmail.com\SharingMetadata\pending.dat Object is locked skipped

C:\Documents and Settings\EU\Configurações locais\Dados de aplicativos\Microsoft\Messenger\rodolfoo_sk8@hotmail.com\SharingMetadata\Working\database_C4A4_9212_A492_758\dfsr.db Object is locked skipped

C:\Documents and Settings\EU\Configurações locais\Dados de aplicativos\Microsoft\Messenger\rodolfoo_sk8@hotmail.com\SharingMetadata\Working\database_C4A4_9212_A492_758\fsr.log Object is locked skipped

C:\Documents and Settings\EU\Configurações locais\Dados de aplicativos\Microsoft\Messenger\rodolfoo_sk8@hotmail.com\SharingMetadata\Working\database_C4A4_9212_A492_758\fsrtmp.log Object is locked skipped

C:\Documents and Settings\EU\Configurações locais\Dados de aplicativos\Microsoft\Messenger\rodolfoo_sk8@hotmail.com\SharingMetadata\Working\database_C4A4_9212_A492_758\tmp.edb Object is locked skipped

C:\Documents and Settings\EU\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\EU\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\EU\Configurações locais\Dados de aplicativos\Microsoft\Windows Live Contacts\rodolfoo_sk8@hotmail.com\real\members.stg Object is locked skipped

C:\Documents and Settings\EU\Configurações locais\Dados de aplicativos\Microsoft\Windows Media\9.0\WMSDKNSD.XML Object is locked skipped

C:\Documents and Settings\EU\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\a5h8xzkq.default\Cache\_CACHE_001_ Object is locked skipped

C:\Documents and Settings\EU\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\a5h8xzkq.default\Cache\_CACHE_002_ Object is locked skipped

C:\Documents and Settings\EU\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\a5h8xzkq.default\Cache\_CACHE_003_ Object is locked skipped

C:\Documents and Settings\EU\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\a5h8xzkq.default\Cache\_CACHE_MAP_ Object is locked skipped

C:\Documents and Settings\EU\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\EU\Configurações locais\Temp\~DF11F6.tmp Object is locked skipped

C:\Documents and Settings\EU\Configurações locais\Temp\~DF121F.tmp Object is locked skipped

C:\Documents and Settings\EU\Configurações locais\Temp\~DF7113.tmp Object is locked skipped

C:\Documents and Settings\EU\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\EU\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\EU\Dados de aplicativos\Mozilla\Firefox\Profiles\a5h8xzkq.default\cert8.db Object is locked skipped

C:\Documents and Settings\EU\Dados de aplicativos\Mozilla\Firefox\Profiles\a5h8xzkq.default\formhistory.dat Object is locked skipped

C:\Documents and Settings\EU\Dados de aplicativos\Mozilla\Firefox\Profiles\a5h8xzkq.default\history.dat Object is locked skipped

C:\Documents and Settings\EU\Dados de aplicativos\Mozilla\Firefox\Profiles\a5h8xzkq.default\key3.db Object is locked skipped

C:\Documents and Settings\EU\Dados de aplicativos\Mozilla\Firefox\Profiles\a5h8xzkq.default\parent.lock Object is locked skipped

C:\Documents and Settings\EU\Dados de aplicativos\Mozilla\Firefox\Profiles\a5h8xzkq.default\search.sqlite Object is locked skipped

C:\Documents and Settings\EU\Dados de aplicativos\Mozilla\Firefox\Profiles\a5h8xzkq.default\urlclassifier2.sqlite Object is locked skipped

C:\Documents and Settings\EU\Meus documentos\Meus arquivos recebidos\DnWalcker III.rar/DnWalcker III/DnWalcker/YurOTs by Nord.exe Infected: Trojan.Win32.Delf.bod skipped

C:\Documents and Settings\EU\Meus documentos\Meus arquivos recebidos\DnWalcker III.rar RAR: infected - 1 skipped

C:\Documents and Settings\EU\Meus documentos\Rodolfo\OTServs\Aries_0.4.0_XML.rar/Aries 0.4.0 XML/Aries-XML.exe Infected: Trojan.Win32.Delf.bwf skipped

C:\Documents and Settings\EU\Meus documentos\Rodolfo\OTServs\Aries_0.4.0_XML.rar RAR: infected - 1 skipped

C:\Documents and Settings\EU\Meus documentos\Rodolfo\OTServs\Cópia de Templarium Server\Templarium Server.zip/Templarium.exe Infected: Trojan.Win32.Delf.brt skipped

C:\Documents and Settings\EU\Meus documentos\Rodolfo\OTServs\Cópia de Templarium Server\Templarium Server.zip ZIP: infected - 1 skipped

C:\Documents and Settings\EU\Meus documentos\Rodolfo\OTServs\Cópia de Templarium Server.zip/Templarium Server/Templarium Server.exe Infected: Trojan.Win32.Delf.cdw skipped

C:\Documents and Settings\EU\Meus documentos\Rodolfo\OTServs\Cópia de Templarium Server.zip ZIP: infected - 1 skipped

C:\Documents and Settings\EU\Meus documentos\Rodolfo\OTServs\ot\Aries-Server-XML-0.3.0.rar/Aries-Server-XML-0.3.0/AriesServer_XML.exe Infected: Trojan.Win32.Delf.bob skipped

C:\Documents and Settings\EU\Meus documentos\Rodolfo\OTServs\ot\Aries-Server-XML-0.3.0.rar RAR: infected - 1 skipped

C:\Documents and Settings\EU\Meus documentos\Rodolfo\OTServs\ot\LorDz_0.0.2.rar/LorDz 0.0.2/Evolutions-XML.exe Infected: Trojan.Win32.Delf.bod skipped

C:\Documents and Settings\EU\Meus documentos\Rodolfo\OTServs\ot\LorDz_0.0.2.rar RAR: infected - 1 skipped

C:\Documents and Settings\EU\Meus documentos\Rodolfo\OTServs\Pvp_enfo_by_Nelsen.rar/Pvp_enfo by Nelsen/Otserver_pvp.exe Infected: Trojan.Win32.Delf.bpv skipped

C:\Documents and Settings\EU\Meus documentos\Rodolfo\OTServs\Pvp_enfo_by_Nelsen.rar RAR: infected - 1 skipped

C:\Documents and Settings\EU\Meus documentos\Rodolfo\OTServs\server.zip/server/Aries-XML.exe Infected: Trojan.Win32.Delf.bwf skipped

C:\Documents and Settings\EU\Meus documentos\Rodolfo\OTServs\server.zip ZIP: infected - 1 skipped

C:\Documents and Settings\EU\Meus documentos\Rodolfo\OTServs\server1\Aries-XML.exe Infected: Trojan.Win32.Delf.bwf skipped

C:\Documents and Settings\EU\Meus documentos\Rodolfo\OTServs\Shadows Temple Server.zip/Shadows Temple Server/Shadows Temple.exe Infected: Trojan.Win32.Delf.brt skipped

C:\Documents and Settings\EU\Meus documentos\Rodolfo\OTServs\Shadows Temple Server.zip ZIP: infected - 1 skipped

C:\Documents and Settings\EU\Meus documentos\Rodolfo\OTServs\Templarium Server.rar/Templarium Server/Templarium Server.exe Infected: Trojan.Win32.Delf.cdw skipped

C:\Documents and Settings\EU\Meus documentos\Rodolfo\OTServs\Templarium Server.rar RAR: infected - 1 skipped

C:\Documents and Settings\EU\Meus documentos\Rodolfo\OTServs\Templarium Server.zip/Templarium Server/Templarium Server.exe Infected: Trojan.Win32.Delf.cdw skipped

C:\Documents and Settings\EU\Meus documentos\Rodolfo\OTServs\Templarium Server.zip ZIP: infected - 1 skipped

C:\Documents and Settings\EU\Meus documentos\Rodolfo\OTServs\Thyrania_0.2.0_XML.rar/Thyrania 0.2.0 XML/Aries-XML.exe Infected: Trojan.Win32.Delf.bwf skipped

C:\Documents and Settings\EU\Meus documentos\Rodolfo\OTServs\Thyrania_0.2.0_XML.rar RAR: infected - 1 skipped

C:\Documents and Settings\EU\Meus documentos\Rodolfo\OTServs\Thyrania_XML_0.0.3.rar/Thyrania XML 0.0.3/AriesServer_XML.exe Infected: Trojan.Win32.Delf.bob skipped

C:\Documents and Settings\EU\Meus documentos\Rodolfo\OTServs\Thyrania_XML_0.0.3.rar RAR: infected - 1 skipped

C:\Documents and Settings\EU\Meus documentos\Rodolfo\OTServs\Thyrania_XML_0.0.5.rar/Thyrania XML 0.0.5/AriesServer_XML.exe Infected: Trojan.Win32.Delf.bob skipped

C:\Documents and Settings\EU\Meus documentos\Rodolfo\OTServs\Thyrania_XML_0.0.5.rar RAR: infected - 1 skipped

C:\Documents and Settings\EU\Meus documentos\Rodolfo\OTServs\Yurots_1.2__Vers_o_8.1_.rar/Yurots 1.2 (Versão 8.1)/Yurots 1.2.exe Infected: Trojan.Win32.Delf.bob skipped

C:\Documents and Settings\EU\Meus documentos\Rodolfo\OTServs\Yurots_1.2__Vers_o_8.1_.rar RAR: infected - 1 skipped

C:\Documents and Settings\EU\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\EU\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{77013539-433D-4F69-88E4-10B68E3F502B}\RP104\change.log Object is locked skipped

C:\System Volume Information\_restore{77013539-433D-4F69-88E4-10B68E3F502B}\RP46\A0051811.dll Infected: not-a-virus:AdWare.Win32.Agent.uj skipped

C:\System Volume Information\_restore{77013539-433D-4F69-88E4-10B68E3F502B}\RP47\A0052865.exe Infected: Trojan.Win32.Delf.bwf skipped

C:\System Volume Information\_restore{77013539-433D-4F69-88E4-10B68E3F502B}\RP50\A0058849.dll Infected: not-a-virus:AdWare.Win32.Agent.uj skipped

C:\System Volume Information\_restore{77013539-433D-4F69-88E4-10B68E3F502B}\RP67\A0075426.exe Infected: Trojan.Win32.Delf.bwf skipped

C:\System Volume Information\_restore{77013539-433D-4F69-88E4-10B68E3F502B}\RP70\A0079099.exe/data0008 Infected: not-a-virus:AdWare.Win32.Relevant.a skipped

C:\System Volume Information\_restore{77013539-433D-4F69-88E4-10B68E3F502B}\RP70\A0079099.exe Inno: infected - 1 skipped

C:\System Volume Information\_restore{77013539-433D-4F69-88E4-10B68E3F502B}\RP70\A0079105.exe Infected: not-a-virus:AdWare.Win32.Relevant.d skipped

C:\System Volume Information\_restore{77013539-433D-4F69-88E4-10B68E3F502B}\RP70\A0079106.exe Infected: not-a-virus:AdWare.Win32.Relevant.a skipped

C:\System Volume Information\_restore{77013539-433D-4F69-88E4-10B68E3F502B}\RP80\A0082866.exe Infected: not-a-virus:NetTool.Win32.Delf.d skipped

C:\System Volume Information\_restore{77013539-433D-4F69-88E4-10B68E3F502B}\RP89\A0104245.exe Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

[DigRam 144]

Boa Tarde! Rodolfosk8

 

>@< BAIXE: < KillBox >

>@< Salve-o numa pasta,em C:/

------------------------------

>@< Abra o KillBox >> Marque a opção: Delete on Reboot

>@< Copie a lista,sob o QUOTE,para o Bloco de Notas.( Ctrl + a ) >> ( ctrl + c )

 

C:\Documents and Settings\EU\Meus documentos\Meus arquivos recebidos\DnWalcker III.rar

C:\Documents and Settings\EU\Meus documentos\Meus arquivos recebidos\DnWalcker III\DnWalcker\YurOTs by Nord.exe

C:\Documents and Settings\EU\Meus documentos\Rodolfo\OTServs\Aries_0.4.0_XML.rar

C:\Documents and Settings\EU\Meus documentos\Rodolfo\OTServs\Aries 0.4.0 XML\Aries-XML.exe

C:\Documents and Settings\EU\Meus documentos\Rodolfo\OTServs\Cópia de Templarium Server\Templarium Server.zip

C:\Documents and Settings\EU\Meus documentos\Rodolfo\OTServs\Cópia de Templarium Server\Templarium.exe

C:\Documents and Settings\EU\Meus documentos\Rodolfo\OTServs\Cópia de Templarium Server.zip

C:\Documents and Settings\EU\Meus documentos\Rodolfo\OTServs\Templarium Server\Templarium Server.exe

C:\Documents and Settings\EU\Meus documentos\Rodolfo\OTServs\ot\Aries-Server-XML-0.3.0.rar

C:\Documents and Settings\EU\Meus documentos\Rodolfo\OTServs\ot\Aries-Server-XML-0.3.0\AriesServer_XML.exe

C:\Documents and Settings\EU\Meus documentos\Rodolfo\OTServs\ot\LorDz_0.0.2.rar

C:\Documents and Settings\EU\Meus documentos\Rodolfo\OTServs\ot\LorDz 0.0.2\Evolutions-XML.exe

C:\Documents and Settings\EU\Meus documentos\Rodolfo\OTServs\Pvp_enfo_by_Nelsen.rar

C:\Documents and Settings\EU\Meus documentos\Rodolfo\OTServs\Pvp_enfo by Nelsen\Otserver_pvp.exe

C:\Documents and Settings\EU\Meus documentos\Rodolfo\OTServs\server.zip

C:\Documents and Settings\EU\Meus documentos\Rodolfo\server\Aries-XML.exe

C:\Documents and Settings\EU\Meus documentos\Rodolfo\OTServs\server1\Aries-XML.exe

C:\Documents and Settings\EU\Meus documentos\Rodolfo\OTServs\Shadows Temple Server.zip

C:\Documents and Settings\EU\Meus documentos\Rodolfo\OTServs\Shadows Temple Server\Shadows Temple.exe

C:\Documents and Settings\EU\Meus documentos\Rodolfo\OTServs\Templarium Server.rar

C:\Documents and Settings\EU\Meus documentos\Rodolfo\OTServs\Templarium Server\Templarium Server.exe

C:\Documents and Settings\EU\Meus documentos\Rodolfo\OTServs\Templarium Server.zip

C:\Documents and Settings\EU\Meus documentos\Rodolfo\OTServs\Thyrania_0.2.0_XML.rar

C:\Documents and Settings\EU\Meus documentos\Rodolfo\OTServs\Thyrania 0.2.0 XML\Aries-XML.exe

C:\Documents and Settings\EU\Meus documentos\Rodolfo\OTServs\Thyrania_XML_0.0.3.rar

C:\Documents and Settings\EU\Meus documentos\Rodolfo\OTServs\Thyrania XML 0.0.3\AriesServer_XML.exe

C:\Documents and Settings\EU\Meus documentos\Rodolfo\OTServs\Thyrania_XML_0.0.5.rar

C:\Documents and Settings\EU\Meus documentos\Rodolfo\OTServs\Thyrania XML 0.0.5\AriesServer_XML.exe

C:\Documents and Settings\EU\Meus documentos\Rodolfo\OTServs\Yurots_1.2__Vers_o_8.1_.rar

C:\Documents and Settings\EU\Meus documentos\Rodolfo\OTServs\Yurots 1.2 (Versão 8.1)\Yurots 1.2.exe

C:\System Volume Information\_restore{77013539-433D-4F69-88E4-10B68E3F502B}\RP46\A0051811.dll

C:\System Volume Information\_restore{77013539-433D-4F69-88E4-10B68E3F502B}\RP47\A0052865.exe

C:\System Volume Information\_restore{77013539-433D-4F69-88E4-10B68E3F502B}\RP50\A0058849.dll

C:\System Volume Information\_restore{77013539-433D-4F69-88E4-10B68E3F502B}\RP67\A0075426.exe

C:\System Volume Information\_restore{77013539-433D-4F69-88E4-10B68E3F502B}\RP70\A0079099.exe

C:\System Volume Information\_restore{77013539-433D-4F69-88E4-10B68E3F502B}\RP70\A0079105.exe

C:\System Volume Information\_restore{77013539-433D-4F69-88E4-10B68E3F502B}\RP70\A0079106.exe

C:\System Volume Information\_restore{77013539-433D-4F69-88E4-10B68E3F502B}\RP80\A0082866.exe

>@< No Bloco de Notas,deixe: >> ( ctrl + c ) /ou: Clique em Editar >> Copiar.

>@< No KillBox: Clique em File >> Paste from clipboard >> All Files

>@< Clique no X e,na pergunta.Diga Não!

>@< Reinicie o computador!

-----------------------------

>@< Faça um escaneamento de desinfecção em < BitDefender > e poste o relatório.

>@< Abrirá a página: < BitDefender OnLine Scanner >

 

>@< Clique em: <>

 

>@< Aguarde!Permita a instalação do ActiveX,para que possa ocorrer o scan.

 

<!> Leia o Tutorial: < Link >

 

>@< Poste,então: Relatório do BitDefender

>@< Ps: O relatório do BitDefender,estará em: C:\Windows\BDOSCAN8\bdoscan.log

 

Abraços!

[Rodolfosk8 0]

Bom dia DigRam

 

Log do BitDefender:

 

[General]

App = "BitDefender Online Scanner v8"

Date = 10:05:2008

Time = 19:43:30

Scan Path = A:\;C:\;D:\;

 

[Engines Info]

Virus Definitions = 1191123

Engine build = "AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)"

Scan plugins = 16

Archive plugins = 42

Unpack plugins = 7

E-mail plugins = 6

System plugins = 5

 

[scan Statistics]

Folders = 7348

Files = 322259

Archives = 2194

Packed files = 17268

Identified viruses = 8

Infected files = 27

Warnings = 0

Suspect files = 0

Disinfected files = 0

Deleted files = 27

Copied files = 0

Moved files = 0

Renamed files = 0

I/O Errors = 36

 

[scan Settings]

SecondAction = Delete

FirstAction = Disinfect

Heuristics = 1

Enable Warnings = 1

Exclude Ext =

Extensions = *;

Scan Emails = 1

Scan Archives = 1

Scan Packed = 1

Scan Files = 1

Scan Boot = 1

Verify Memory = 0

 

[scan Results]

Line00000062 = "C:\!KillBox\A0075426.exe Infected with: Trojan.Generic.159004"

Line00000061 = "C:\!KillBox\A0075426.exe Deleted"

Line00000060 = "C:\!KillBox\A0079099.exe=>(Instyler o)=>(Instyler Module 7) Detected with: Adware.Relevant.A"

Line00000059 = "C:\!KillBox\A0079099.exe=>(Instyler o)=>(Instyler Module 7) Deleted"

Line00000058 = "C:\!KillBox\A0079099.exe=>(Instyler o) Update failed"

Line00000057 = "C:\!KillBox\A0079105.exe Detected with: Adware.Generic.12504"

Line00000056 = "C:\!KillBox\A0079105.exe Deleted"

Line00000055 = "C:\!KillBox\A0079106.exe Detected with: Adware.Relevant.A"

Line00000054 = "C:\!KillBox\A0079106.exe Deleted"

Line00000053 = "C:\!KillBox\Aries-XML.exe Infected with: Trojan.Generic.159004"

Line00000052 = "C:\!KillBox\Aries-XML.exe Deleted"

Line00000051 = "C:\!KillBox\Aries_0.4.0_XML.rar=>Aries 0.4.0 XML\Aries-XML.exe Infected with: Trojan.Generic.159004"

Line00000050 = "C:\!KillBox\Aries_0.4.0_XML.rar=>Aries 0.4.0 XML\Aries-XML.exe Deleted"

Line00000049 = "C:\!KillBox\Aries_0.4.0_XML.rar Update failed"

Line00000048 = "C:\!KillBox\DnWalcker III.rar=>DnWalcker III\DnWalcker\YurOTs by Nord.exe Infected with: Trojan.Generic.206252"

Line00000047 = "C:\!KillBox\DnWalcker III.rar=>DnWalcker III\DnWalcker\YurOTs by Nord.exe Deleted"

Line00000046 = "C:\!KillBox\DnWalcker III.rar Update failed"

Line00000045 = "C:\!KillBox\server.zip=>server/Aries-XML.exe Infected with: Trojan.Generic.159004"

Line00000044 = "C:\!KillBox\server.zip=>server/Aries-XML.exe Deleted"

Line00000043 = "C:\!KillBox\server.zip Updated"

Line00000042 = "C:\!KillBox\Thyrania_0.2.0_XML.rar=>Thyrania 0.2.0 XML\Aries-XML.exe Infected with: Trojan.Generic.159004"

Line00000041 = "C:\!KillBox\Thyrania_0.2.0_XML.rar=>Thyrania 0.2.0 XML\Aries-XML.exe Deleted"

Line00000040 = "C:\!KillBox\Thyrania_0.2.0_XML.rar Update failed"

Line00000039 = "C:\Arquivos de programas\ActivationManager\Uninstall.exe Infected with: Dropped:Adware.BHO.WQB"

Line00000038 = "C:\Arquivos de programas\ActivationManager\Uninstall.exe Disinfection failed"

Line00000037 = "C:\Arquivos de programas\ActivationManager\Uninstall.exe Deleted"

Line00000036 = "C:\Documents and Settings\EU\Meus documentos\Rodolfo\CS\XoRa_EmO_Teste.rar=>XoRa_EmO_Teste\XoRa.exe Infected with: Trojan.Generic.111616"

Line00000035 = "C:\Documents and Settings\EU\Meus documentos\Rodolfo\CS\XoRa_EmO_Teste.rar=>XoRa_EmO_Teste\XoRa.exe Deleted"

Line00000034 = "C:\Documents and Settings\EU\Meus documentos\Rodolfo\CS\XoRa_EmO_Teste.rar Update failed"

Line00000033 = "C:\Jogos\MuManiacos\main.exe Infected with: Trojan.Generic.123397"

Line00000032 = "C:\Jogos\MuManiacos\main.exe Deleted"

Line00000031 = "C:\System Volume Information\_restore{77013539-433D-4F69-88E4-10B68E3F502B}\RP105\A0135311.exe Infected with: Trojan.Generic.159004"

Line00000030 = "C:\System Volume Information\_restore{77013539-433D-4F69-88E4-10B68E3F502B}\RP105\A0135311.exe Deleted"

Line00000029 = "C:\System Volume Information\_restore{77013539-433D-4F69-88E4-10B68E3F502B}\RP105\A0135312.exe Detected with: Adware.Generic.12504"

Line00000028 = "C:\System Volume Information\_restore{77013539-433D-4F69-88E4-10B68E3F502B}\RP105\A0135312.exe Deleted"

Line00000027 = "C:\System Volume Information\_restore{77013539-433D-4F69-88E4-10B68E3F502B}\RP105\A0135313.exe Detected with: Adware.Relevant.A"

Line00000026 = "C:\System Volume Information\_restore{77013539-433D-4F69-88E4-10B68E3F502B}\RP105\A0135313.exe Deleted"

Line00000025 = "C:\System Volume Information\_restore{77013539-433D-4F69-88E4-10B68E3F502B}\RP105\A0135314.exe Infected with: Trojan.Generic.159004"

Line00000024 = "C:\System Volume Information\_restore{77013539-433D-4F69-88E4-10B68E3F502B}\RP105\A0135314.exe Deleted"

Line00000023 = "C:\System Volume Information\_restore{77013539-433D-4F69-88E4-10B68E3F502B}\RP105\A0135315.exe Infected with: Dropped:Adware.BHO.WQB"

Line00000022 = "C:\System Volume Information\_restore{77013539-433D-4F69-88E4-10B68E3F502B}\RP105\A0135315.exe Disinfection failed"

Line00000021 = "C:\System Volume Information\_restore{77013539-433D-4F69-88E4-10B68E3F502B}\RP105\A0135315.exe Deleted"

Line00000020 = "C:\System Volume Information\_restore{77013539-433D-4F69-88E4-10B68E3F502B}\RP105\A0135316.exe Infected with: Trojan.Generic.123397"

Line00000019 = "C:\System Volume Information\_restore{77013539-433D-4F69-88E4-10B68E3F502B}\RP105\A0135316.exe Deleted"

Line00000018 = "C:\System Volume Information\_restore{77013539-433D-4F69-88E4-10B68E3F502B}\RP67\A0075426.exe Infected with: Trojan.Generic.159004"

Line00000017 = "C:\System Volume Information\_restore{77013539-433D-4F69-88E4-10B68E3F502B}\RP67\A0075426.exe Deleted"

Line00000016 = "C:\System Volume Information\_restore{77013539-433D-4F69-88E4-10B68E3F502B}\RP70\A0079099.exe=>(Instyler o)=>(Instyler Module 7) Detected with: Adware.Relevant.A"

Line00000015 = "C:\System Volume Information\_restore{77013539-433D-4F69-88E4-10B68E3F502B}\RP70\A0079099.exe=>(Instyler o)=>(Instyler Module 7) Deleted"

Line00000014 = "C:\System Volume Information\_restore{77013539-433D-4F69-88E4-10B68E3F502B}\RP70\A0079099.exe=>(Instyler o) Update failed"

Line00000013 = "C:\System Volume Information\_restore{77013539-433D-4F69-88E4-10B68E3F502B}\RP70\A0079105.exe Detected with: Adware.Generic.12504"

Line00000012 = "C:\System Volume Information\_restore{77013539-433D-4F69-88E4-10B68E3F502B}\RP70\A0079105.exe Deleted"

Line00000011 = "C:\System Volume Information\_restore{77013539-433D-4F69-88E4-10B68E3F502B}\RP70\A0079106.exe Detected with: Adware.Relevant.A"

Line00000010 = "C:\System Volume Information\_restore{77013539-433D-4F69-88E4-10B68E3F502B}\RP70\A0079106.exe Deleted"

Line00000009 = "C:\System Volume Information\_restore{77013539-433D-4F69-88E4-10B68E3F502B}\RP80\A0082890.exe Infected with: IRC-Worm.Generic.2612"

Line00000008 = "C:\System Volume Information\_restore{77013539-433D-4F69-88E4-10B68E3F502B}\RP80\A0082890.exe Deleted"

Line00000007 = "C:\System Volume Information\_restore{77013539-433D-4F69-88E4-10B68E3F502B}\RP80\A0082907.exe Infected with: IRC-Worm.Generic.2612"

Line00000006 = "C:\System Volume Information\_restore{77013539-433D-4F69-88E4-10B68E3F502B}\RP80\A0082907.exe Deleted"

Line00000005 = "C:\System Volume Information\_restore{77013539-433D-4F69-88E4-10B68E3F502B}\RP80\A0082941.exe Infected with: IRC-Worm.Generic.2612"

Line00000004 = "C:\System Volume Information\_restore{77013539-433D-4F69-88E4-10B68E3F502B}\RP80\A0082941.exe Deleted"

Line00000003 = "C:\System Volume Information\_restore{77013539-433D-4F69-88E4-10B68E3F502B}\RP81\A0088206.exe Infected with: Trojan.Generic.123397"

Line00000002 = "C:\System Volume Information\_restore{77013539-433D-4F69-88E4-10B68E3F502B}\RP81\A0088206.exe Deleted"

Line00000001 = "C:\System Volume Information\_restore{77013539-433D-4F69-88E4-10B68E3F502B}\RP91\A0110563.exe Infected with: Trojan.Generic.123397"

Line00000000 = "C:\System Volume Information\_restore{77013539-433D-4F69-88E4-10B68E3F502B}\RP91\A0110563.exe Deleted"

[DigRam 144]

Bom Dia! Rodolfosk8

 

<@> DELETE: !KillBox << A pasta!

----------------------------

<@> Faça outro scan,em BitDefender,e poste o relatório. Delete o anterior!

 

Abraços!

[Rodolfosk8 0]

Desculpe a demora.

 

Ai está:

 

[General]

App = "BitDefender Online Scanner v8"

Date = 17:05:2008

Time = 19:10:52

Scan Path = A:\;C:\;D:\;

 

[Engines Info]

Virus Definitions = 1194985

Engine build = "AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)"

Scan plugins = 16

Archive plugins = 42

Unpack plugins = 7

E-mail plugins = 6

System plugins = 5

 

[scan Statistics]

Folders = 7656

Files = 295284

Archives = 1978

Packed files = 17567

Identified viruses = 3

Infected files = 5

Warnings = 0

Suspect files = 0

Disinfected files = 0

Deleted files = 5

Copied files = 0

Moved files = 0

Renamed files = 0

I/O Errors = 33

 

[scan Settings]

SecondAction = Delete

FirstAction = Disinfect

Heuristics = 1

Enable Warnings = 1

Exclude Ext =

Extensions = *;

Scan Emails = 1

Scan Archives = 1

Scan Packed = 1

Scan Files = 1

Scan Boot = 1

Verify Memory = 0

 

[scan Results]

Line00000012 = "C:\Documents and Settings\EU\Meus documentos\Rodolfo\CS\XoRa_EmO_Teste.rar=>XoRa_EmO_Teste\XoRa.exe Infected with: Trojan.Generic.111616"

Line00000011 = "C:\Documents and Settings\EU\Meus documentos\Rodolfo\CS\XoRa_EmO_Teste.rar=>XoRa_EmO_Teste\XoRa.exe Deleted"

Line00000010 = "C:\Documents and Settings\EU\Meus documentos\Rodolfo\CS\XoRa_EmO_Teste.rar Update failed"

Line00000009 = "C:\Jogos\MuManiacos\main.exe Infected with: Trojan.Generic.123397"

Line00000008 = "C:\Jogos\MuManiacos\main.exe Deleted"

Line00000007 = "C:\System Volume Information\_restore{77013539-433D-4F69-88E4-10B68E3F502B}\RP108\A0139959.exe=>(Instyler o)=>(Instyler Module 7) Detected with: Adware.Relevant.A"

Line00000006 = "C:\System Volume Information\_restore{77013539-433D-4F69-88E4-10B68E3F502B}\RP108\A0139959.exe=>(Instyler o)=>(Instyler Module 7) Deleted"

Line00000005 = "C:\System Volume Information\_restore{77013539-433D-4F69-88E4-10B68E3F502B}\RP108\A0139959.exe=>(Instyler o) Update failed"

Line00000004 = "C:\System Volume Information\_restore{77013539-433D-4F69-88E4-10B68E3F502B}\RP108\A0139988.exe Infected with: Trojan.Generic.123397"

Line00000003 = "C:\System Volume Information\_restore{77013539-433D-4F69-88E4-10B68E3F502B}\RP108\A0139988.exe Deleted"

Line00000002 = "C:\System Volume Information\_restore{77013539-433D-4F69-88E4-10B68E3F502B}\RP70\A0079099.exe=>(Instyler o)=>(Instyler Module 7) Detected with: Adware.Relevant.A"

Line00000001 = "C:\System Volume Information\_restore{77013539-433D-4F69-88E4-10B68E3F502B}\RP70\A0079099.exe=>(Instyler o)=>(Instyler Module 7) Deleted"

Line00000000 = "C:\System Volume Information\_restore{77013539-433D-4F69-88E4-10B68E3F502B}\RP70\A0079099.exe=>(Instyler o) Update failed"

[DigRam 144]

Bom Dia! rodolfosk8

 

>@< Faça o download do CCleaner.

>@< Baixe-o para o Desktop!

>@< Abra o programa e clique em Analisar >> Executar Limpeza.

>@< Terminando,clique em Registro >> Procurar erros >> Corrigir erros selecionados.

--------------------------------

Estando tudo Ok com o PC,crie um Ponto de Restauração do Sistema,completamente Limpo!

Clique com o botão direito do mouse em cima de Meu Computador >> Propriedades >> Restauração do Sistema >> Marque: Desativar Restauração do Sistema >> Aplicar >> Ok.

Depois,desmarque novamente! >> Aplicar >> Ok.

Para maiores detalhes,vá em:< Docs >

>@< Algum problema,ainda?

>@< O log está limpo!

--------------------------------

<@> Atendendo as suas dúvidas,sobre a Restauração do Sistema,leia este outro Tutorial!

 

< http://forum.imasters.com.br/index.php?showtopic=143766 >

 

Abraços!

[Rodolfosk8 0]

Valeu mesmo DigRam, ja ta belezinha ja :D

uma duvida.. Pra que serve essa restauração do sistema? e como fasso pra resaturá-lo se eu tiver aqlgum problema futuramente?

O link que tem mais detalhes ali ta off..

 

Mais uma vez obrigado :P

[DigRam 144]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o Tópico seja reaberto é preciso enviar uma Mensagem Privada,para um Moderador,com um Link para o Tópico.