Ir ao conteúdo
  • Cadastre-se
Moxaum

Por favor. Remoção do hellzlittlespy como faço?

Recommended Posts

Bom dia a todos sou novo por aqui...

Gostaria de saber se alguem conhece ou ja ouviu falar desse malware hellzlittlespy...

Ele fica direto no inicializar eu tento remover pelo msconfig e nao remove... e ele fica no system32.

No msconfig na parte de inicializar ele fica ali como system.exe e não consigo remover e ele começa a bugar a maquina e as vezes faz ele a reiniciar ja passei o spybot varias vezes e até o avg original comprado e ele não é removido...

Ja procurei em alguns foruns e parece que não conseguiram ainda resolver isso...

Se alguem me ensinar por etapas como faz o hijack para mostrar os erros e como faz os procedimentos vou agradecer muito.

Obrigado

Logfile of HijackThis v1.99.1

Scan saved at 02:36:50, on 14/10/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscript.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\devldr32.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Garena\Garena.exe

C:\Arquivos de programas\Warcraft III\war3.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe,autorun.bat

O1 - Hosts: 127.1 localhost

O1 - Hosts: 127.1 fffff8888fsgfbghj88.cn

O1 - Hosts: 127.1 61.134.37.12

O1 - Hosts: 127.1 ko.ssa387.cn

O1 - Hosts: 127.1 www.ndxrr.cn

O1 - Hosts: 127.1 12345.ssa387.cn

O1 - Hosts: 127.1 lihai88.com

O1 - Hosts: 127.1 wwwwhf.cn

O1 - Hosts: 127.1 a89369093.sq.u9idc.com

O1 - Hosts: 127.1 www.mmd178.cn

O1 - Hosts: 127.1 www.178mmd.cn

O1 - Hosts: 127.1 www.wenzhuoyyy.cn

O1 - Hosts: 127.1 tw.lovechina.tw.cn

O1 - Hosts: 127.1 222.189.238.151

O1 - Hosts: 127.1 222.179.185.78

O1 - Hosts: 127.1 www.wq9q.cn

O1 - Hosts: 127.1 593ffcey.cn

O1 - Hosts: 127.1 set.yay520.cn

O1 - Hosts: 127.1 tenmoc999.cn

O1 - Hosts: 127.1 lihai88.com

O1 - Hosts: 127.1 121.kcuf-01.com

O1 - Hosts: 127.1 www.ew1q.cn

O1 - Hosts: 127.1 www.b3sk.cn

O1 - Hosts: 127.1 up.bizmd.cn

O1 - Hosts: 127.1 www.ms2a.cn

O1 - Hosts: 127.1 www.wo9188.cn

O1 - Hosts: 127.1 www.fgetchr.cn

O1 - Hosts: 127.1 www.e6zx.cn

O1 - Hosts: 127.1 hai067.com

O1 - Hosts: 127.1 hai088.com

O1 - Hosts: 127.1 778899.jd8j.cn

O1 - Hosts: 127.1 sql.78-11.net

O1 - Hosts: 127.1 www.bbbirdy.com

O1 - Hosts: 127.1 www.s1na1.com.cn

O1 - Hosts: 127.1 www.dianyinjzd.cn

O1 - Hosts: 127.1 www.dj5201314dj.com

O1 - Hosts: 127.1 max-2.cn

O1 - Hosts: 127.1 a.asp-o.cn

O1 - Hosts: 127.1 b.asp-o.cn

O1 - Hosts: 127.1 c.asp-o.cn

O1 - Hosts: 127.1 x.kprobb.cn

O1 - Hosts: 127.1 js.php-k.cn

O1 - Hosts: 127.1 max-1.cn

O1 - Hosts: 127.1 max-3.cn

O1 - Hosts: 127.1 max-4.cn

O1 - Hosts: 127.1 max-5.cn

O1 - Hosts: 127.1 max-6.cn

O1 - Hosts: 127.1 max-7.cn

O1 - Hosts: 127.1 max-8.cn

O1 - Hosts: 127.1 max-9.cn

O1 - Hosts: 127.1 max-10.cn

O1 - Hosts: 127.1 max-11.cn

O1 - Hosts: 127.1 max-12.cn

O1 - Hosts: 127.1 twocannon250.com.cn

O1 - Hosts: 127.1 www.133mm.cn

O1 - Hosts: 127.1 www.51vmm.cn

O1 - Hosts: 127.1 www.7mmoo.cn

O1 - Hosts: 127.1 www.99mmm.org.cn

O1 - Hosts: 127.1 www.hdec.cn

O1 - Hosts: 127.1 www.picc18.com

O1 - Hosts: 127.1 www.kissdh.com

O1 - Hosts: 127.1 www.x7v.cn

O1 - Hosts: 127.1 biqulu.cn

O1 - Hosts: 127.1 2008.qq2006.com.cn

O1 - Hosts: 127.1 giaitrisex.com

O1 - Hosts: 127.1 www.giaitrisex.com

O1 - Hosts: 127.1 www.giaitrituoitre.net

O1 - Hosts: 127.1 mekiep.com

O1 - Hosts: 127.1 www.1sex1day.com

O1 - Hosts: 127.1 a.9ymm.com

O1 - Hosts: 127.1 bobo.7wyt.com

O1 - Hosts: 127.1 www.591caobi.cn

O1 - Hosts: 127.1 www.hrz008.cn

O1 - Hosts: 127.1 asp-15.cn

O1 - Hosts: 127.1 asp-12.cn

O1 - Hosts: 127.1 www.jb88.net

O1 - Hosts: 127.1 6.a88a.com

O1 - Hosts: 127.1 w.b2c3.cn

O1 - Hosts: 127.1 m.c5x8.com

O1 - Hosts: 127.1 www.518sfw.cn

O1 - Hosts: 127.1 www.jjyyzmj.cn

O1 - Hosts: 127.1 u.cnmrx.net

O1 - Hosts: 127.1 duowan.czm.cn

O1 - Hosts: 127.1 xccxcxcxcxcx.cn

O1 - Hosts: 127.1 google-yahoo.org.cn

O1 - Hosts: 127.1 tudou-net.org.cn

O1 - Hosts: 127.1 downloads.zango.com

O1 - Hosts: 127.1 ftp.surfnet.nl

O1 - Hosts: 127.1 bis.180solutions.com

O1 - Hosts: 127.1 installs.hotbar.com

O1 - Hosts: 127.1 www.hbdownloads.com

O1 - Hosts: 127.1 static.zangocash.com

O1 - Hosts: 127.1 www.qq-songli.cn

O1 - Hosts: 127.1 aa.9234.net

O1 - Hosts: 127.1 www.97love.info

O1 - Hosts: 127.1 97love.info

O1 - Hosts: 127.1 www.zyzhuiku.cn

O1 - Hosts: 127.1 zyzhuiku.cn

O1 - Hosts: 127.1 www.lang18.com

O1 - Hosts: 127.1 lang18.com

O1 - Hosts: 127.1 sao6666.com

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll (file missing)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll (file missing)

O4 - HKLM\..\Run: [HBService32] System.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100

O17 - HKLM\System\CCS\Services\Tcpip\..\{0E26CF3D-0CF0-4E6F-A4BE-6A83BB057DCB}: NameServer = 192.168.0.1

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - AppInit_DLLs: HBmhly.dll,HBSO2.dll,HBFY.dll,HBZHUXIAN.dll,HBBO.dll,HBCHIBI.dll,HBQQSG.dll,HBZG.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

O21 - SSODL: msnmsg - {DA191DE0-AA86-4ED0-4B87-293D48B2AE99} - C:\Program Files\Messenger\msgmr.dll

O21 - SSODL: Upnp - {DE01DA19-A6A8-EB80-4D47-248DEB2A9399} - C:\WINDOWS\system32\upnpsrv.dll

O21 - SSODL: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×