JGRD 0 Denunciar post Postado Agosto 5, 2012 Olá! Esses tempos o meu avira ficava constantemente dando aviso de que havia um grupo de vírus no meu pc. Porém o avira fazia a análise e não deletava nada, resultando em mais avisos sobre os mesmos vírus. Tentei tirá-los usando o NOD32 e o Kaspersky, mas nenhum conseguiu excluir eles e ficam sempre desconfigurando a ordem dos ícones do desktop e deixam o scroll do mouse meio louco, girando sem sentido. Aqui o log do HijackThis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:23:16, on 05/08/2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\ARQUIV~1\GbPlugin\GbpSv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Yuna Software\Messenger Plus!\PlusService.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe C:\Documents and Settings\Administrador\Desktop\Antivirus'\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [NvCplDaemon] ; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [PlusService] C:\Arquivos de programas\Yuna Software\Messenger Plus!\PlusService.exe O4 - HKLM\..\Run: [QuickTime Task] ; "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [inCD] ; C:\Arquivos de programas\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [iSUSPM Startup] ; c:\arquiv~1\arquiv~1\instal~1\update~1\isuspm.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] ; "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [NeroFilterCheck] ; C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [NvMediaCenter] ; RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [nwiz] ; nwiz.exe /install O4 - HKLM\..\Run: [RemoteControl] ; "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [RTHDCPL] ; RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] ; SkyTel.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] ; "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [ZSSnp211] ; C:\WINDOWS\ZSSnp211.exe O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [DAEMON Tools Lite] ; "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-21-1390067357-630328440-839522115-500\..\Run: [DAEMON Tools Lite] ; "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun (User '?') O4 - HKUS\S-1-5-21-1390067357-630328440-839522115-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - S-1-5-21-1390067357-630328440-839522115-500 Startup: _uninst_34452921.lnk = ? (User '?') O4 - Startup: _uninst_34452921.lnk = ? O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Translate with &Babylon - res://C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O15 - Trusted Zone: www.bancobrasil.com.br O15 - Trusted Zone: www14.bancobrasil.com.br O15 - Trusted Zone: www2.bancobrasil.com.br O15 - Trusted Zone: www.bb.com.br O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Avira Programador (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Oracle%ORACLE_HOME_SERVICE%ClientCache80 - Unknown owner - C:\ORANT\BIN\ONRSD80.EXE -- End of file - 8866 bytes Mais uma vez muito obrigado! Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Agosto 7, 2012 Boa Noite! JGRD |- Poste relatório final do seu antivírus,para vermos com o que estamos lidando. ########## ---------- ---------- Término da varredura: domingo, 5 de agosto de 2012 17:52 Tempo de uso: 00:25 Minuto(s) A verificação foi concluída. 0 Diretórios verificados 2638 Foi feita a varredura nos arquivos 0 Vírus e/ou programas indesejados foram encontrados 0 Os arquivos foram classificados como suspeitos 0 Arquivos excluídos 0 Vírus e programas indesejados foram reparados 0 Os arquivos foram movidos para a quarentena 0 Os arquivos foram renomeados 0 Não é possível fazer a varredura dos arquivos 2638 Arquivos não envolvidos 20 Os arquivamentos foram verificados 0 Avisos 0 Notas ########## |- Exemplo de trecho final de um relatório do Avira,sem infecções. -/- |- Baixe: < > ( ... by OldTimer Tools ) |- Clique em Salvar! |- Salve-o no desktop! |- Duplo clique em OTL.exe -> Executar. >> |- Configure "Verificação de Arquivos",segundo a screenshot! |- Ps: Faça o mesmo para estes! |- Em "Exame Extra do Registro",assinale "Nenhum". netsvcs%APPDATA%\Local\*. %APPDATA%\*.exe /s %APPDATA%\*. %USERPROFILE%\AppData\Local\*.* %USERPROFILE%\AppData\Roaming\*.* %systemroot%\assembly\tmp\*.* /S /MD5 %systemroot%\assembly\temp\*.* /S /MD5 %systemroot%\assembly\GAC\*.* /S /MD5 %systemroot%\assembly\GAC_32\*.* /S /MD5 %systemroot%\system32\config\systemprofile\AppData\Local\*.* %windir%\ServiceProfiles\LocalService\AppData\Local\Temp\*.* %windir%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes /md5start explorer.exe userinit.exe winlogon.exe wininit.exe csrss.exe smss.exe svchost.exe services.exe uninst.exe /md5stop regedit /e c:\registrybackup.reg /c %systemroot%\system32\Tasks\*.* /s %windir%\tasks\*.* /s |- Cole estas informações,que estão em verde,para o campo "Exames Personalizados/Correções". |- Clique em Verificar: |- Concluindo,poste o relatório: OTL.txt |- Para grandes relatórios,acesse: < > |- Maiores informações: < |Link| > Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
JGRD 0 Denunciar post Postado Agosto 7, 2012 Olá! Aqui o log do avira: Término da varredura: terça-feira, 7 de agosto de 2012 13:31 Tempo de uso: 1:29:34 Hora(s) A verificação foi concluída. 13956 Diretórios verificados 495934 Foi feita a varredura nos arquivos 0 Vírus e/ou programas indesejados foram encontrados 0 Os arquivos foram classificados como suspeitos 0 Arquivos excluídos 0 Vírus e programas indesejados foram reparados 0 Os arquivos foram movidos para a quarentena 0 Os arquivos foram renomeados 0 Não é possível fazer a varredura dos arquivos 495934 Arquivos não envolvidos 4524 Os arquivamentos foram verificados 0 Avisos 0 Notas 555977 Os objetos foram verificados com a varredura do rootkit 0 Objetos ocultos foram encontrados Aqui o link do CJoint com o log do OTL: http://cjoint.com/?3HiaGzSh8v0 Mais uma vez muito obrigado! Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Agosto 8, 2012 Boa Tarde! JGRD |- Siga,na ordem proposta,estes procedimentos! -/- |- Baixe: < > ( ... par tigzy ) |- Salve-o no desktop! |- Feche aplicativos que estejam abertos! |- Execute RogueKiller.exe e aceite a Eula. |- Ps: Para Windows Vista ou 7,execute RogueKiller.exe como administrador. |- Aguarde a finalização de seu Pre-scan. |- Dê início ao diagnóstico,clicando no botão "Verificar". |- Exemplo: Mode: Verificar -- Date: mm/dd/2012 00:52:24 |- Poste o relatório: RKreport[1].txt -/- |- Execute o OTL.exe. |- Copie estas informações que estão em vermelho,para o campo clipboard da ferramenta. ( "Exames Personalizados Correções" ) #### :OTL [2012/02/16 20:09:43 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\utexnjq5.sys [2012/02/16 19:22:28 | 000,002,048 | -HS- | C] () -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\e3ee29b8\@ [2008/02/08 19:40:51 | 000,181,248 | ---- | C] () -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2004/08/04 00:45:18 | 000,002,048 | -HS- | C] () -- C:\WINDOWS\Installer\{3b53677d-4992-7df8-837f-0145d47844e0}\@ [2004/08/04 00:45:18 | 000,002,048 | -HS- | C] () -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\{3b53677d-4992-7df8-837f-0145d47844e0}\@ [28 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] :Files C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\{3b53677d-4992-7df8-837f-0145d47844e0}\@ C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\{3b53677d-4992-7df8-837f-0145d47844e0} C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\e3ee29b8\@ C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\e3ee29b8 C:\WINDOWS\Installer\{3b53677d-4992-7df8-837f-0145d47844e0}\@ C:\WINDOWS\Installer\{3b53677d-4992-7df8-837f-0145d47844e0} :Services utexnjq5 :Commands [CREATERESTOREPOINT] [purity] [emptytemp] [Reboot] #### |- Clique no botão Consertar -> Aguarde a conclusão! |- O computador vai reiniciar! -> Clique em "Executar". |- Para versões em Inglês,clique em Run Fix que é o mesmo que Consertar. |- Poste o relatório: C:\_OTL\MovedFiles\*.log Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
JGRD 0 Denunciar post Postado Agosto 9, 2012 Olá novamente! Log do RogueKiller: RogueKiller V7.6.5 [08/03/2012] Por Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Sistema Operacional: Windows XP (5.1.2600 Service Pack 3) 32 bits version Iniciado em : Modo Normal Usuario: Administrador [Privilegios de Admnistrador] Modo: Verificar -- Data: 08/09/2012 19:38:17 ¤¤¤ Entradas ruins: 0 ¤¤¤ ¤¤¤ Entradas do Registro: 5 ¤¤¤ [sUSP PATH] _uninst_34452921.lnk @Administrador : C:\Documents and Settings\Administrador\Configurações locais\temp\_uninst_34452921.bat -> FOUND [ZeroAccess] HKCR\[...]\InprocServer32 : (\\.\globalroot\systemroot\Installer\{3b53677d-4992-7df8-837f-0145d47844e0}\n.) -> FOUND [ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\{3b53677d-4992-7df8-837f-0145d47844e0}\n.) -> FOUND [ZeroAccess] HKLM\[...]\InprocServer32 : (\\.\globalroot\systemroot\Installer\{3b53677d-4992-7df8-837f-0145d47844e0}\n.) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Arquivos / Pastas Pessoais: ¤¤¤ [ZeroAccess][FILE] @ : c:\windows\installer\{3b53677d-4992-7df8-837f-0145d47844e0}\@ --> FOUND [ZeroAccess][FOLDER] U : c:\windows\installer\{3b53677d-4992-7df8-837f-0145d47844e0}\U --> FOUND [ZeroAccess][FOLDER] L : c:\windows\installer\{3b53677d-4992-7df8-837f-0145d47844e0}\L --> FOUND [ZeroAccess][FILE] @ : c:\documents and settings\administrador\configurações locais\dados de aplicativos\{3b53677d-4992-7df8-837f-0145d47844e0}\@ --> FOUND [ZeroAccess][FOLDER] U : c:\documents and settings\administrador\configurações locais\dados de aplicativos\{3b53677d-4992-7df8-837f-0145d47844e0}\U --> FOUND [ZeroAccess][FOLDER] L : c:\documents and settings\administrador\configurações locais\dados de aplicativos\{3b53677d-4992-7df8-837f-0145d47844e0}\L --> FOUND ¤¤¤ Driver: [Carregado] ¤¤¤ SSDT[25] : NtClose @ 0x805BC4EC -> HOOKED (Unknown @ 0xBA75AFBC) SSDT[41] : NtCreateKey @ 0x80623786 -> HOOKED (Unknown @ 0xBA75AF76) SSDT[50] : NtCreateSection @ 0x805AB3AE -> HOOKED (Unknown @ 0xBA75AFC6) SSDT[53] : NtCreateThread @ 0x805D0FD4 -> HOOKED (Unknown @ 0xBA75AF6C) SSDT[63] : NtDeleteKey @ 0x80623C16 -> HOOKED (Unknown @ 0xBA75AF7B) SSDT[65] : NtDeleteValueKey @ 0x80623DE6 -> HOOKED (Unknown @ 0xBA75AF85) SSDT[68] : NtDuplicateObject @ 0x805BDFC4 -> HOOKED (Unknown @ 0xBA75AFB7) SSDT[98] : NtLoadKey @ 0x80625982 -> HOOKED (Unknown @ 0xBA75AF8A) SSDT[122] : NtOpenProcess @ 0x805CB3FC -> HOOKED (Unknown @ 0xBA75AF58) SSDT[128] : NtOpenThread @ 0x805CB688 -> HOOKED (Unknown @ 0xBA75AF5D) SSDT[177] : NtQueryValueKey @ 0x806219BE -> HOOKED (Unknown @ 0xBA75AFDF) SSDT[193] : NtReplaceKey @ 0x80625832 -> HOOKED (Unknown @ 0xBA75AF94) SSDT[200] : NtRequestWaitReplyPort @ 0x805A2D5A -> HOOKED (Unknown @ 0xBA75AFD0) SSDT[204] : NtRestoreKey @ 0x8062513E -> HOOKED (Unknown @ 0xBA75AF8F) SSDT[213] : NtSetContextThread @ 0x805D16F6 -> HOOKED (Unknown @ 0xBA75AFCB) SSDT[237] : NtSetSecurityObject @ 0x805C05EA -> HOOKED (Unknown @ 0xBA75AFD5) SSDT[247] : NtSetValueKey @ 0x80621D0C -> HOOKED (Unknown @ 0xBA75AF80) SSDT[255] : NtSystemDebugControl @ 0x8061776E -> HOOKED (Unknown @ 0xBA75AFDA) SSDT[257] : NtTerminateProcess @ 0x805D299E -> HOOKED (Unknown @ 0xBA75AF67) S_SSDT[549] : Unknown -> HOOKED (Unknown @ 0xBA75AFEE) S_SSDT[552] : Unknown -> HOOKED (Unknown @ 0xBA75AFF3) IRP[iRP_MJ_CREATE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9DFCB40) IRP[iRP_MJ_CLOSE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9DFCB40) IRP[iRP_MJ_DEVICE_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9DFCB40) IRP[iRP_MJ_INTERNAL_DEVICE_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9DFCB40) IRP[iRP_MJ_SYSTEM_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9DFCB40) IRP[iRP_MJ_DEVICE_CHANGE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9DFCB40) ¤¤¤ Infecção : ZeroAccess ¤¤¤ ¤¤¤ Arquivo de Hosts: ¤¤¤ 127.0.0.1 localhost ¤¤¤ Verificaçao do MBR: ¤¤¤ +++++ PhysicalDrive0: +++++ --- User --- [MBR] ec87f4ffccecc7a59e47f140c9c67308 [bSP] a8579340ea99d187cee71fe56519c6c0 : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152617 Mo User = LL1 ... OK! User = LL2 ... OK! Concluido : << RKreport[1].txt >> RKreport[1].txt Log do OTL: All processes killed ========== OTL ========== C:\WINDOWS\system32\drivers\utexnjq5.sys moved successfully. C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\e3ee29b8\@ moved successfully. C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully. C:\WINDOWS\Installer\{3b53677d-4992-7df8-837f-0145d47844e0}\@ moved successfully. C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\{3b53677d-4992-7df8-837f-0145d47844e0}\@ moved successfully. C:\WINDOWS\003067_.tmp deleted successfully. C:\WINDOWS\DUMP7704.tmp deleted successfully. C:\WINDOWS\DUMP7d0f.tmp deleted successfully. C:\WINDOWS\DUMP85aa.tmp deleted successfully. C:\WINDOWS\DUMP8bf4.tmp deleted successfully. C:\WINDOWS\DUMP8c42.tmp deleted successfully. C:\WINDOWS\DUMP8c61.tmp deleted successfully. C:\WINDOWS\DUMP8d0d.tmp deleted successfully. C:\WINDOWS\DUMP8d0e.tmp deleted successfully. C:\WINDOWS\DUMP91c0.tmp deleted successfully. C:\WINDOWS\DUMP91ef.tmp deleted successfully. C:\WINDOWS\DUMP9366.tmp deleted successfully. C:\WINDOWS\DUMP9441.tmp deleted successfully. C:\WINDOWS\DUMP9896.tmp deleted successfully. C:\WINDOWS\DUMPa344.tmp deleted successfully. C:\WINDOWS\DUMPa354.tmp deleted successfully. C:\WINDOWS\DUMPa44e.tmp deleted successfully. C:\WINDOWS\DUMPa6bf.tmp deleted successfully. C:\WINDOWS\DUMPa6de.tmp deleted successfully. C:\WINDOWS\DUMPabe0.tmp deleted successfully. C:\WINDOWS\msdownld.tmp folder deleted successfully. C:\WINDOWS\NV20762080.TMP\nv3d.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nv3dara.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nv3dchs.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nv3dcht.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nv3dcsy.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nv3ddan.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nv3ddeu.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nv3dell.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nv3deng.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nv3desm.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nv3desn.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nv3dfin.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nv3dfra.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nv3dheb.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nv3dhun.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nv3dita.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nv3djpn.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nv3dkor.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nv3dnld.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nv3dnor.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nv3dplk.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nv3dptb.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nv3dptg.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nv3drus.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nv3dsky.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nv3dslv.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nv3dsve.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nv3dtha.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nv3dtrk.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nvcpl.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nvcplara.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nvcplchs.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nvcplcht.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nvcplcsy.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nvcpldan.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nvcpldeu.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nvcplell.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nvcpleng.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nvcplesm.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nvcplesn.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nvcplfin.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nvcplfra.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nvcplheb.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nvcplhun.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nvcplita.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nvcpljpn.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nvcplkor.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nvcplnld.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nvcplnor.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nvcplplk.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nvcplptb.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nvcplptg.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nvcplrus.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nvcplsky.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nvcplslv.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nvcplsve.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nvcpltha.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nvcpltrk.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nvdsp.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nvdspara.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nvdspchs.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nvdspcht.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nvdspcsy.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nvdspdan.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nvdspdeu.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nvdspell.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nvdspeng.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nvdspesm.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nvdspesn.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nvdspfin.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nvdspfra.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nvdspheb.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nvdsphun.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nvdspita.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nvdspjpn.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nvdspkor.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nvdspnld.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nvdspnor.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nvdspplk.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nvdspptb.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nvdspptg.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nvdsprus.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nvdspsky.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nvdspslv.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nvdspsve.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nvdsptha.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nvdsptrk.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nvmob.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nvmobara.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nvmobchs.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nvmobcht.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nvmobcsy.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nvmobdan.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nvmobdeu.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nvmobell.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nvmobeng.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nvmobesm.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nvmobesn.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nvmobfin.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nvmobfra.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nvmobheb.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nvmobhun.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nvmobita.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nvmobjpn.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nvmobkor.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nvmobnld.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nvmobnor.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nvmobplk.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nvmobptb.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nvmobptg.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nvmobrus.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nvmobsky.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nvmobslv.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nvmobsve.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nvmobtha.chm deleted successfully. C:\WINDOWS\NV20762080.TMP\nvmobtrk.chm deleted successfully. C:\WINDOWS\NV20762080.TMP folder deleted successfully. C:\WINDOWS\NV33003304.TMP\nv3d.chm deleted successfully. C:\WINDOWS\NV33003304.TMP\nvcpl.chm deleted successfully. C:\WINDOWS\NV33003304.TMP\nvdsp.chm deleted successfully. C:\WINDOWS\NV33003304.TMP\nvmob.chm deleted successfully. C:\WINDOWS\NV33003304.TMP folder deleted successfully. C:\WINDOWS\NV34523464.TMP\nv3d.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nv3dara.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nv3dchs.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nv3dcht.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nv3dcsy.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nv3ddan.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nv3ddeu.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nv3dell.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nv3deng.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nv3desm.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nv3desn.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nv3dfin.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nv3dfra.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nv3dheb.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nv3dhun.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nv3dita.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nv3djpn.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nv3dkor.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nv3dnld.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nv3dnor.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nv3dplk.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nv3dptb.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nv3dptg.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nv3drus.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nv3dsky.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nv3dslv.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nv3dsve.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nv3dtha.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nv3dtrk.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nvcpl.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nvcplara.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nvcplchs.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nvcplcht.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nvcplcsy.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nvcpldan.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nvcpldeu.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nvcplell.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nvcpleng.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nvcplesm.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nvcplesn.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nvcplfin.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nvcplfra.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nvcplheb.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nvcplhun.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nvcplita.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nvcpljpn.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nvcplkor.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nvcplnld.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nvcplnor.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nvcplplk.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nvcplptb.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nvcplptg.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nvcplrus.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nvcplsky.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nvcplslv.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nvcplsve.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nvcpltha.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nvcpltrk.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nvdsp.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nvdspara.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nvdspchs.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nvdspcht.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nvdspcsy.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nvdspdan.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nvdspdeu.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nvdspell.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nvdspeng.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nvdspesm.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nvdspesn.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nvdspfin.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nvdspfra.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nvdspheb.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nvdsphun.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nvdspita.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nvdspjpn.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nvdspkor.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nvdspnld.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nvdspnor.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nvdspplk.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nvdspptb.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nvdspptg.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nvdsprus.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nvdspsky.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nvdspslv.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nvdspsve.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nvdsptha.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nvdsptrk.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nvmob.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nvmobara.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nvmobchs.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nvmobcht.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nvmobcsy.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nvmobdan.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nvmobdeu.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nvmobell.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nvmobeng.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nvmobesm.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nvmobesn.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nvmobfin.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nvmobfra.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nvmobheb.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nvmobhun.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nvmobita.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nvmobjpn.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nvmobkor.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nvmobnld.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nvmobnor.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nvmobplk.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nvmobptb.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nvmobptg.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nvmobrus.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nvmobsky.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nvmobslv.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nvmobsve.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nvmobtha.chm deleted successfully. C:\WINDOWS\NV34523464.TMP\nvmobtrk.chm deleted successfully. C:\WINDOWS\NV34523464.TMP folder deleted successfully. C:\WINDOWS\RGI1.tmp deleted successfully. C:\WINDOWS\SET3.tmp deleted successfully. C:\WINDOWS\SET4.tmp deleted successfully. C:\WINDOWS\SET8.tmp deleted successfully. C:\WINDOWS\System32\CONFIG.TMP deleted successfully. ========== FILES ========== File\Folder C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\{3b53677d-4992-7df8-837f-0145d47844e0}\@ not found. C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\{3b53677d-4992-7df8-837f-0145d47844e0}\U folder moved successfully. C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\{3b53677d-4992-7df8-837f-0145d47844e0}\L folder moved successfully. C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\{3b53677d-4992-7df8-837f-0145d47844e0} folder moved successfully. File\Folder C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\e3ee29b8\@ not found. C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\e3ee29b8\U folder moved successfully. C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\e3ee29b8 folder moved successfully. File\Folder C:\WINDOWS\Installer\{3b53677d-4992-7df8-837f-0145d47844e0}\@ not found. C:\WINDOWS\Installer\{3b53677d-4992-7df8-837f-0145d47844e0}\U folder moved successfully. C:\WINDOWS\Installer\{3b53677d-4992-7df8-837f-0145d47844e0}\L folder moved successfully. C:\WINDOWS\Installer\{3b53677d-4992-7df8-837f-0145d47844e0} folder moved successfully. ========== SERVICES/DRIVERS ========== Service utexnjq5 stopped successfully! Service utexnjq5 deleted successfully! ========== COMMANDS ========== System Restore Service not available. [EMPTYTEMP] User: Administrador ->Temp folder emptied: 15147821 bytes ->Temporary Internet Files folder emptied: 862532 bytes ->Java cache emptied: 4235124 bytes ->FireFox cache emptied: 905869615 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 25479384 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 8377319 bytes RecycleBin emptied: 80194313 bytes Total Files Cleaned = 992,00 mb OTL by OldTimer - Version 3.2.56.0 log created on 08092012_193951 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot... Muito obrigado pela ajuda! Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Agosto 10, 2012 Bom Dia! JGRD |- Baixe: < SFT > ( ... de Pierre13 ) |- Salve-o no desktop! |- Para Windows Vista e 7,execute "SFT.exe" como administrador! |- Execute-o e aguarde seu término,que é rápido. |- Poste o relatório! ( SFT.txt ) |- Acesse,para essa tarefa! < > -/- |- Reinicie o computador,em Modo de Segurança. |- Abra,novamente,a ferramenta RogueKiller. |- Clique em Verificar. |- <1> Clique na guia "Registro" -> Deletar. |- <2> Clique na guia "Arquivos" -> Deletar. |- <3> Clique na guia "Atalhos" -> Reparar Atalhos. |- Reinicie em Modo Normal,e conclua a opção <3>. ( Atalhos ) |- Cabe relatar que teremos vários relatórios,em função das guias utilizadas. |- Poste todos os relatórios,que resultarão dessas operações! Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
JGRD 0 Denunciar post Postado Agosto 10, 2012 Olá! Fiz o que foi pedido no primeiro passo, e quando fui reiniciar o computador em modo seguro ele simplesmente reinicia e quando tento ligar no modo normal aparece a tela azul e ele reinicia novamente. Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Agosto 11, 2012 Olá! Fiz o que foi pedido no primeiro passo, e quando fui reiniciar o computador em modo seguro ele simplesmente reinicia e quando tento ligar no modo normal aparece a tela azul e ele reinicia novamente. Olá! |- A ferramenta SFT,removeu temporário ligado ao Sistema. |- Entre na Bios e configure o 1° boot,para a unidade de CD ou DVD. Confirme a inicialização pelo CD do Windows XP,que estará na unidade. |- Confirme a solicitação para reparar o Windows,que seria apertar a tecla R . |- Entrano pelo Console de Recuperação,execute o reparo da MBR. |- Ps: Informe os resultados,para darmos proseguimento. Abs! Compartilhar este post Link para o post Compartilhar em outros sites
JGRD 0 Denunciar post Postado Agosto 11, 2012 Olá! Vou fazer assim que puder, talvez eu demore para dar uma resposta então se for preciso podem trancar o tópico por enquanto. Assim que eu tiver novas notícias eu comunico. Muito obrigado! Compartilhar este post Link para o post Compartilhar em outros sites
Mário Monteiro 179 Denunciar post Postado Agosto 22, 2012 Tópico Arquivado Como o autor não respondeu por mais de 10 dias, o tópico foi arquivado. Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura. Compartilhar este post Link para o post Compartilhar em outros sites
