[Resolvido] &nbspErro Socket Error 11004!

[Renan Alemaum 0]

Olá, galera sou novo, no fórum e to com o problema Socket Error 11004 eta janelinhas chatas!

Segue o Log abaixo :

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 12:59:20, on 30/08/2011

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16839)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe

C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

C:\Program Files (x86)\Bywifi\bywifi.exe

C:\Users\galina\AppData\Local\Megamedia\Megakey\MegakeyUpdater.exe

C:\windy\Avast.exe

C:\windy\scmd.exe

C:\windy\Panda.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\windy\Avast.exe

C:\windy\scmd.exe

C:\windy\Panda.exe

C:\Users\galina\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\galina\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\galina\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\galina\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\galina\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Users\galina\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\galina\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\galina\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Orbitdownloader\orbitdm.exe

C:\Program Files (x86)\Orbitdownloader\orbitnet.exe

C:\Downloads\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search-us.linkury.com/results.htm?cx=partner-pub-7890126930977991:5731629158&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search-us.linkury.com/results.htm?cx=partner-pub-7890126930977991:5731629158&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search-us.linkury.com/results.htm?cx=partner-pub-7890126930977991:5731629158&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search-us.linkury.com/results.htm?cx=partner-pub-7890126930977991:5731629158&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9000/proxy.pac

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: MegaIeHelperBHO - {77F4E711-789B-447F-9614-96759B2F83C6} - C:\Users\galina\AppData\Local\Megamedia\Megakey\MegaIeHelper.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll

O2 - BHO: BywifiBHO - {C4743D3E-20D7-4B52-84F2-5E4E277B2D82} - C:\Program Files (x86)\Bywifi\bywifiie.dll

O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - (no file)

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - (no file)

O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: (no name) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - (no file)

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\Run: [bywifi] C:\Program Files (x86)\Bywifi\bywifi.exe "-silent"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

O4 - HKLM\..\Run: [ctfmon] c:\windows\\winsxss\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKCU\..\Run: [Google Update] "C:\Users\galina\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"

O4 - HKCU\..\Run: [bywifi] C:\Program Files (x86)\Bywifi\bywifi.exe "-silent"

O4 - HKCU\..\Run: [Megakey] C:\Users\galina\AppData\Local\Megamedia\Megakey\Megakey.exe /Tray

O4 - HKCU\..\Run: [MegakeyUpdater] C:\Users\galina\AppData\Local\Megamedia\Megakey\MegakeyUpdater.exe

O4 - HKCU\..\Run: [CwpkveB] c:\ProgramData\PrqxntI\FloqqwM\CwpkveB.exe

O4 - HKCU\..\Run: [javaw] C:\windy\Avast.exe

O4 - HKCU\..\Run: [Explor] C:\windy\scmd.exe

O4 - HKCU\..\Run: [Jusched] C:\windy\Panda.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - Global Startup: Orbit.lnk = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Capture Web Page - C:\Users\galina\AppData\Local\Megamedia\Megakey\CaptureWebPage.htm

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Fetch to Megaupload - C:\Users\galina\AppData\Local\Megamedia\Megakey\MegaUpload.htm

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O15 - Trusted Zone: www.bancobrasil.com.br

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: www.bb.com.br

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab

O16 - DPF: {C2F301FE-9C19-49B9-B6BD-1244DD971900} (EnWEB20 Control) - http://niceddns.com/web/EnWEB20.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll

O20 - Winlogon Notify: GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dll

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files (x86)\GVT\Protect\Anti-Virus\fsgk32st.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - Unknown owner - C:\Program Files (x86)\GVT\Protect\FWES\Program\fsdfwd.exe (file missing)

O23 - Service: F-Secure Management Agent (FSMA) - Unknown owner - C:\Program Files (x86)\GVT\Protect\Common\FSMA32.EXE (file missing)

O23 - Service: F-Secure ORSP Client (FSORSPClient) - Unknown owner - C:\Program Files (x86)\GVT\Protect\ORSP Client\fsorsp.exe (file missing)

O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~2\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: Sound Manager (soundmngr) - Unknown owner - C:\Windows\system32\config\svchost.exe   

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 15295 bytes

[wings 22]

Olá Renan Alemaum

 

 

1.

*Desative temporariamente seu antivírus

Clique com o botão direito do mouse no ícone do Avast ao lado do relógio > Selecione "Pausar a proteção residente" > Confirme.

*Baixe o ComboFix e salve-o no desktop

*Execute-o, aceite o contrato e aguarde a conclusão das etapas

*Não use o mouse nem o teclado durante as etapas!!

*Cole o relatório apresentado

[Renan Alemaum 0]

Olá wings, eu não consegui emitir nenhum relátorio pelo ComboFix. Ele deu uma mensagem mais ai eu fechei sem querer e não vi. Já tentei executar outras vezes e não dá certo. O que eu faço ?

[wings 22]

*Baixe o OTS e salve-o no desktop

*Execute-o e selecione a opção:

[x] Scan All Users

*Clique [Quick Scan] e cole o relatório apresentado

 

Caso o relatório fique demasiadamente grande...

 

*Acesse este link

*Selecione [x] 4 jours

*Clique [Enviar arquivo]

*Localize o arquivo OTS.txt no desktop

*Clique [Abrir] > [Créer le lien Cjoint]

*Cole o endereço criado

[Renan Alemaum 0]

O endereço: http://cjoint.com/?3HFtIxHFg3T

[wings 22]

Você enviou o OTS.exe!!

 

Eu solicitei o OTS.txt.

 

Vamos fazer diferente para facilitar...

 

*Execute o OTS e selecione as opções:

[x] Scan All Users

[x] Use Company Name WhiteList

[x] Skip Microsoft Files

*Em "Additional Scans" selecione:

[X] Reg - NetSvcs

[X] File - Lop Check

[X] File - Purity Scan

*Clique no espaço abaixo de "Custom Scans" e cole o código:

%systemdrive%\*

%systemdrive%\programfiles\*.*

%systemdrive%\programdata\*

%systemdrive%\users\*\AppData\Local\Microsoft\Windows\Temporary Internet Files\*.xps

 

*Clique [Run Scan]

*Cole o relatório OTS.txt localizado no desktop

 

Caso o relatório fique demasiadamente grande...

 

*Acesse este link

*Clique [Enviar arquivo]

*Localize o arquivo OTS.txt no desktop

*Clique [Abrir] > [Créer le lien Cjoint]

*Cole o endereço criado

[Renan Alemaum 0]

http://cjoint.com/11sp/AIbqzOpT2Cg.htm

[wings 22]

1. Conhece o conteúdo destas pastas?

 

C:\Users\galina\Documents\a

C:\Users\galina\Desktop\mula

 

2. Localize e envie o arquivo para análise em http://virusscan.jotti.org

 

C:\ProgramData\sysqcl1129139270.dat

 

*Cole o link do resultado

 

3. Você necessita usar o Bywifi?

[Renan Alemaum 0]

1. Conhece o conteúdo destas pastas?

 

C:\Users\galina\Documents\a

C:\Users\galina\Desktop\mula

 

2. Localize e envie o arquivo para análise em http://virusscan.jotti.org

 

C:\ProgramData\sysqcl1129139270.dat

 

*Cole o link do resultado

 

3. Você necessita usar o Bywifi?

1. Conheço. Já deletei-as

2. Que arquivo?

E não conheço essa pasta C:\ProgramData\sysqcl1129139270.dat

3. Não uso não.

 

Quando eu passo o OTS, sai as janela, mais hoje eu liguei ele e volto ai passei denovo e saiu.

[wings 22]

1.

*Baixe o Suspicious File Packer e salve-o no desktop

*Extraia para o desktop

*Execute-o

*Em Step 1: Paste text cole o código:

C:\ProgramData\sysqcl1129139270.dat

C:\Users\galina\Desktop\PQAAANj7LchmChyUiRsprjATD4NUMpw3pAXUMUbDji6M0SNZeeVeBNwV8u1u950SnIYB_N8BBhzFMgVJoI8YXP-o93YAm1T1UGRT9SWxyNkoSP1WxyJ_eroUi-ug.jpg

*Clique [Continue]

*Será criado um arquivo .cab no seu desktop

 

2.

*Selecione e copie o código abaixo:

[unregister Dlls]

[Processes - Safe List]

YY -> panda.exe -> C:\windy\Panda.exe

YY -> scmd.exe -> C:\windy\scmd.exe

[Modules - No Company Name]

YY -> panda.exe -> C:\windy\Panda.exe

YY -> scmd.exe -> C:\windy\scmd.exe

YY -> funcoes.dll -> C:\windy\Funcoes.dll

[Registry - Safe List]

< Run [HKEY_USERS\S-1-5-21-1123803708-3870431014-237734166-1001\] > -> HKEY_USERS\S-1-5-21-1123803708-3870431014-237734166-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

YN -> "CwpkveB" -> [c:\ProgramData\PrqxntI\FloqqwM\CwpkveB.exe]

YY -> "Explor" -> C:\windy\scmd.exe [C:\windy\scmd.exe]

YN -> "javaw" -> [C:\windy\Avast.exe]

YY -> "Jusched" -> C:\windy\Panda.exe [C:\windy\Panda.exe]

[Files/Folders - Created Within 30 Days]

NY -> windy -> C:\windy

[Files/Folders - Modified Within 30 Days]

NY -> whv3.exe -> C:\Windows\SysWow64\whv3.exe

NY -> mod_stl1.gif -> C:\Windows\SysWow64\mod_stl1.gif

NY -> mod_down5.gif -> C:\Windows\SysWow64\mod_down5.gif

NY -> winbkl_8008.gif -> C:\Windows\SysWow64\winbkl_8008.gif

[Files - No Company Name]

NY -> Start_.cmd -> C:\Start_.cmd

NY -> whv3.exe -> C:\Windows\SysWow64\whv3.exe

NY -> mod_stl1.gif -> C:\Windows\SysWow64\mod_stl1.gif

NY -> mod_down5.gif -> C:\Windows\SysWow64\mod_down5.gif

NY -> mod_cfg_1.gif -> C:\Windows\SysWow64\mod_cfg_1.gif

NY -> PQAAANj7LchmChyUiRsprjATD4NUMpw3pAXUMUbDji6M0SNZeeVeBNwV8u1u950SnIYB_N8BBhzFMgVJoI8YXP-o93YAm1T1UGRT9SWxyNkoSP1WxyJ_eroUi-ug.jpg -> C:\Users\galina\Desktop\PQAAANj7LchmChyUiRsprjATD4NUMpw3pAXUMUbDji6M0SNZeeVeBNwV8u1u950SnIYB_N8BBhzFMgVJoI8YXP-o93YAm1T1UGRT9SWxyNkoSP1WxyJ_eroUi-ug.jpg

NY -> sysqcl1129139270.dat -> C:\ProgramData\sysqcl1129139270.dat

[Empty Temp Folders]

[Reboot]

*Execute o OTS

*Clique no espaço abaixo de Paste Fix Here e cole o código

*Clique [Run Fix]

*O PC será reiniciado. Cole o relatório apresentado

[Renan Alemaum 0]

All Processes Killed

[Processes - Safe List]

No active process named panda.exe was found!

C:\windy\Panda.exe moved successfully.

No active process named scmd.exe was found!

C:\windy\scmd.exe moved successfully.

[Modules - No Company Name]

[Registry - Safe List]

Registry value HKEY_USERS\S-1-5-21-1123803708-3870431014-237734166-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\CwpkveB deleted successfully.

Registry value HKEY_USERS\S-1-5-21-1123803708-3870431014-237734166-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Explor deleted successfully.

File C:\windy\scmd.exe not found.

Registry value HKEY_USERS\S-1-5-21-1123803708-3870431014-237734166-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\javaw deleted successfully.

Registry value HKEY_USERS\S-1-5-21-1123803708-3870431014-237734166-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Jusched deleted successfully.

File C:\windy\Panda.exe not found.

[Files/Folders - Created Within 30 Days]

C:\windy folder moved successfully.

[Files/Folders - Modified Within 30 Days]

C:\Windows\SysWow64\whv3.exe moved successfully.

C:\Windows\SysWow64\mod_stl1.gif moved successfully.

C:\Windows\SysWow64\mod_down5.gif moved successfully.

C:\Windows\SysWow64\winbkl_8008.gif moved successfully.

[Files - No Company Name]

C:\Start_.cmd moved successfully.

File C:\Windows\SysWow64\whv3.exe not found!

File C:\Windows\SysWow64\mod_stl1.gif not found!

File C:\Windows\SysWow64\mod_down5.gif not found!

C:\Windows\SysWow64\mod_cfg_1.gif moved successfully.

C:\Users\galina\Desktop\PQAAANj7LchmChyUiRsprjATD4NUMpw3pAXUMUbDji6M0SNZeeVeBNwV8u1u950SnIYB_N8BBhzFMgVJoI8YXP-o93YAm1T1UGRT9SWxyNkoSP1WxyJ_eroUi-ug.jpg moved successfully.

C:\ProgramData\sysqcl1129139270.dat moved successfully.

[Empty Temp Folders]

 

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: galina

->Temp folder emptied: 9771032 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Java cache emptied: 2495844 bytes

->FireFox cache emptied: 46692520 bytes

->Google Chrome cache emptied: 160901695 bytes

->Flash cache emptied: 7637 bytes

 

User: LogMeInRemoteUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 0 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67563 bytes

RecycleBin emptied: 35206806 bytes

 

Total Files Cleaned = 243,00 mb

 

< End of fix log >

OTS by OldTimer - Version 3.1.44.4 fix logfile created on 09012011_135225

 

Files\Folders moved on Reboot...

C:\Users\galina\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

 

Registry entries deleted on Reboot...

[wings 22]

1.

*Renomei o Combofix para Uninstall

*Execute-o e aguarde a mensagem de que o combofix foi desinstalado

 

2.

*Desinstale o Bywifi

 

3.

*Baixe o Kaspersky Virus Removal Tool e salve-o no desktop

*Instale o programa

*Selecione a opção:

[X] Meu Computador

*Clique na frase "Perguntar o que fazer" e selecione "Perguntar ao concluir"

*Clique [iniciar verificação]

*Caso encontre algo, selecione [x] Aplicar para todos os arquivos e clique "Ignorar"

*Ao término, clique [Relatório]

*Clique no sinal + ao lado de Verificação automática: concluído para expandir o relatório

 

 

*Clique com o botão direito do mouse no relatório e selecione a opção Selecionar tudo

*Clique novamente com o botão direito do mouse no relatório e selecione a opção Copiar

 

 

*Abra o bloco de notas, cole (Ctrl+v) e salve no desktop como log.txt

*Feche a janela e na janela principal do programa clique [sair] > [Não]

*Cole o relatório log.txt salvo no desktop

[Renan Alemaum 0]

Não consegui baixar o Kaspersky pesado demais.

[wings 22]

Cole novo log do hijack e informe se o problema foi resolvido..

[Renan Alemaum 0]

Cole novo log do hijack e informe se o problema foi resolvido..

Obrigado por tudo wings, o problema já foi resolvido!

[wings 22]

PROBLEMA RESOLVIDO

 

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.