Essential 0 Denunciar post Postado Fevereiro 4, 2006 Segue meu log, tem uns problemas que nem formatando sai, o Ctrl+Alt+Del não funciona corretamente, ele abre por 1 seg e fecha, até o HijackThis ta abrindo e fechando rápido, maior trabalho para conseguir o Log.Logfile of HijackThis v1.99.1Scan saved at 17:26:59, on 4/2/2006Platform: Windows XP (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 (6.00.2600.0000)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\bin\Apache\Apache.exeC:\WINDOWS\Explorer.EXEC:\bin\Apache\Apache.exeC:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exeC:\bin\mysql\bin\mysqld-nt.exeC:\WINDOWS\System32\tcpsvcs.exeC:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exeC:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exeC:\WINDOWS\System32\RUNDLL32.EXEC:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exeC:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exeC:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exeC:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exeC:\Arquivos de programas\Common files\SearchUpgrader\SearchUpgrader.exeC:\WINDOWS\System32\msconfigsd.exeC:\WINDOWS\System32\crssr.exeC:\WINDOWS\System32\ctfmon.exeC:\Arquivos de programas\Messenger\msmsgs.exeC:\Arquivos de programas\Intelig\Discador Intelig\interdial.exeC:\Arquivos de programas\Internet Explorer\iexplore.exeC:\Arquivos de programas\eMule\eMule.exeC:\HijackThis\HijackThis.exeR3 - URLSearchHook: PerfectNavBHO Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\ARQUIV~1\PERFEC~1\BHO\PERFEC~1.DLLO2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\ARQUIV~1\PERFEC~1\BHO\PERFEC~1.DLLO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocxO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [smapp] C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe"O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exeO4 - HKLM\..\Run: [DeviceDiscovery] C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exeO4 - HKLM\..\Run: [urlLSTCK.exe] C:\Arquivos de programas\Norton Internet Security\UrlLstCk.exeO4 - HKLM\..\Run: [searchUpgrader] C:\Arquivos de programas\Common files\SearchUpgrader\SearchUpgrader.exeO4 - HKLM\..\Run: [Microsoft Configusd] msconfigsd.exeO4 - HKLM\..\Run: [MS taskbar] crssr.exeO4 - HKLM\..\RunServices: [Microsoft Configusd] msconfigsd.exeO4 - HKLM\..\RunServices: [MS taskbar] crssr.exeO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [Microsoft Configusd] msconfigsd.exeO4 - HKCU\..\Run: [MS taskbar] crssr.exeO4 - HKCU\..\RunServices: [Microsoft Configusd] msconfigsd.exeO4 - Startup: WinMySQLadmin.lnk = C:\bin\mysql\bin\winmysqladmin.exeO4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXEO8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htmO9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htmO14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.aspO17 - HKLM\System\CCS\Services\Tcpip\..\{EC21249F-F14D-4627-AD49-29914DDD2666}: NameServer = 200.184.26.3 200.184.46.2O23 - Service: Apache - Unknown owner - C:\bin\Apache\Apache.exe" --ntservice (file missing)O23 - Service: hpdj - HP - C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\hpdj.exeO23 - Service: MySQL - Unknown owner - C:\bin\mysql\bin\mysqld-nt".exe (file missing)O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exeO23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe Compartilhar este post Link para o post Compartilhar em outros sites
jgarcia 1 Denunciar post Postado Fevereiro 5, 2006 Caro Essential, Vamos lá. Habilite o Windows para mostrar todos os arquivos (até ocultos). Desinstale: --> PerfectNavBHO Class e/ou NavErrRedir Class --> SearchUpgrader Utilize Adicionar / Remover programas. Desinstale, um a um, e reinicie após tê-lo desinstalado. Obs.: Caso não encontre algum dos programas na lista, apenas passe para a próxima etapa. 1ª Etapa Baixe o Killbox em: Killbox Baixe, mas não execute ainda. Baixe o tool da Symantec em: Removal tool Adware.Keenval Baixe, mas não execute ainda. Baixe o SpySweeper em: SpySweeper Baixe e atualize, mas não execute ainda. 2ª Etapa Execute o KillBox: 1) Selecione Delete on reboot; 2) Copie a lista abaixo em negrito para a área de transferência. Selecione --> Editar --> Copiar: C:\WINDOWS\System32\msconfigsd.exeC:\WINDOWS\System32\crssr.exe C:\Arquivos de programas\Common files\SearchUpgrader C:\ARQUIV~1\PERFEC~1 3) Retorne ao Killbox. Clique em File --> Paste from clipboard --> All files. 4) Aperte no "X". Responda “não” à pergunta. É prudente que você faça a impressão deste documento ou salve-o em um lugar de fácil acesso, pois na próxima etapa entraremos em Modo Seguro e a conexão à internet não será possível. 3ª Etapa Reinicie o computador em Modo Seguro (após reiniciar aperte a tecla F8 até aparecer uma tela preta em DOS e escolha Modo Seguro). Execute o HijackThis, clique em Do a system scan only e marque: R3 - URLSearchHook: PerfectNavBHO Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\ARQUIV~1\PERFEC~1\BHO\PERFEC~1.DLLO2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\ARQUIV~1\PERFEC~1\BHO\PERFEC~1.DLL O4 - HKLM\..\Run: [searchUpgrader] C:\Arquivos de programas\Common files\SearchUpgrader\SearchUpgrader.exe O4 - HKLM\..\Run: [Microsoft Configusd] msconfigsd.exe O4 - HKLM\..\Run: [MS taskbar] crssr.exe O4 - HKLM\..\RunServices: [Microsoft Configusd] msconfigsd.exe O4 - HKLM\..\RunServices: [MS taskbar] crssr.exe O4 - HKCU\..\Run: [Microsoft Configusd] msconfigsd.exe O4 - HKCU\..\Run: [MS taskbar] crssr.exe O4 - HKCU\..\RunServices: [Microsoft Configusd] msconfigsd.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm Clique em Fix Checked. 4ª Etapa Ainda em Modo Seguro faça o seguinte: 1) Execute o tool da Symantec. 2) Execute uma verificação completa com o SpySweeper. 5ª Etapa Reinicie em modo normal. Verifique se os problemas foram resolvidos e poste o novo log. Aguardo retorno. Um abraço. Compartilhar este post Link para o post Compartilhar em outros sites
Essential 0 Denunciar post Postado Fevereiro 5, 2006 Oi Amigo, desculpe que eu demorei um pouquinho, ja fiz as etapas, agora parece que esta tudo ok, segue o novo Log.Logfile of HijackThis v1.99.1Scan saved at 18:32:15, on 5/2/2006Platform: Windows XP (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 (6.00.2600.0000)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\bin\Apache\Apache.exeC:\WINDOWS\system32\rundll32.exeC:\bin\Apache\Apache.exeC:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exeC:\bin\mysql\bin\mysqld-nt.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\System32\tcpsvcs.exeC:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exeC:\Arquivos de programas\Webroot\Spy Sweeper\WRSSSDK.exeC:\WINDOWS\Explorer.EXEC:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exeC:\WINDOWS\System32\RUNDLL32.EXEC:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exeC:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exeC:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exeC:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exeC:\WINDOWS\system32\itunesff.exeC:\windows\winsysban5.exeC:\WINDOWS\System32\spxp.exeC:\Arquivos de programas\Webroot\Spy Sweeper\SpySweeper.exeC:\WINDOWS\System32\ctfmon.exeC:\Arquivos de programas\Messenger\msmsgs.exeC:\Arquivos de programas\Free Download Manager\fdm.exeC:\Arquivos de programas\Intelig\Discador Intelig\interdial.exeC:\HijackThis\HijackThis.exeO3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocxO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [smapp] C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe"O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exeO4 - HKLM\..\Run: [DeviceDiscovery] C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exeO4 - HKLM\..\Run: [urlLSTCK.exe] C:\Arquivos de programas\Norton Internet Security\UrlLstCk.exeO4 - HKLM\..\Run: [itunesff] C:\WINDOWS\system32\itunesff.exe -go -c200 -wO4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd5.exeO4 - HKLM\..\Run: [winsysban] C:\windows\winsysban5.exeO4 - HKLM\..\Run: [gimmygames] C:\windows\gimmygames.exeO4 - HKLM\..\Run: [The Service Pack Loader] spxp.exeO4 - HKLM\..\Run: [spySweeper] "C:\Arquivos de programas\Webroot\Spy Sweeper\SpySweeper.exe" /startintrayO4 - HKLM\..\RunServices: [The Service Pack Loader] spxp.exeO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [Free Download Manager] C:\Arquivos de programas\Free Download Manager\fdm.exe -autorunO4 - Startup: WinMySQLadmin.lnk = C:\bin\mysql\bin\winmysqladmin.exeO4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXEO8 - Extra context menu item: Download all by Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htmO8 - Extra context menu item: Download by Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htmO8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htmO8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlpage.htmO8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.aspO16 - DPF: {33331111-1111-1111-1111-611111193423} - O16 - DPF: {33331111-1111-1111-1111-611111193429} - O16 - DPF: {33331111-1111-1111-1111-615111193427} - O16 - DPF: {33331111-1131-1111-1111-611111193428} - O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cabO20 - Winlogon Notify: RunServices - C:\WINDOWS\system32\t2r8lc9u1f.dllO20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dllO23 - Service: Apache - Unknown owner - C:\bin\Apache\Apache.exe" --ntservice (file missing)O23 - Service: hpdj - HP - C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\hpdj.exeO23 - Service: MySQL - Unknown owner - C:\bin\mysql\bin\mysqld-nt".exe (file missing)O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exeO23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exeO23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Arquivos de programas\Webroot\Spy Sweeper\WRSSSDK.exeAbraço! Compartilhar este post Link para o post Compartilhar em outros sites
jgarcia 1 Denunciar post Postado Fevereiro 5, 2006 Caro Essential, Ainda há o que fazer. Vamos lá. 1ª Etapa Execute o KillBox: 1) Selecione Delete on reboot; 2) Copie a lista abaixo em negrito para a área de transferência. Selecione --> Editar --> Copiar: C:\WINDOWS\system32\itunesff.exeC:\WINDOWS\System32\spxp.exe C:\WINDOWS\system32\t2r8lc9u1f.dll C:\windows\winsysban5.exe C:\windows\gimmygames.exe c:\eied_s7.cab 3) Retorne ao Killbox. Clique em File --> Paste from clipboard --> All files. 4) Aperte no "X". Responda “não” à pergunta. É prudente que você faça a impressão deste documento ou salve-o em um lugar de fácil acesso, pois na próxima etapa entraremos em Modo Seguro e a conexão à internet não será possível. 2ª Etapa Reinicie o computador em Modo Seguro. Execute o HijackThis, clique em Do a system scan only e marque: O4 - HKLM\..\Run: [itunesff] C:\WINDOWS\system32\itunesff.exe -go -c200 -wO4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd5.exe O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban5.exe O4 - HKLM\..\Run: [gimmygames] C:\windows\gimmygames.exe O4 - HKLM\..\Run: [The Service Pack Loader] spxp.exe O4 - HKLM\..\RunServices: [The Service Pack Loader] spxp.exe O16 - DPF: {33331111-1111-1111-1111-611111193423} - O16 - DPF: {33331111-1111-1111-1111-611111193429} - O16 - DPF: {33331111-1111-1111-1111-615111193427} - O16 - DPF: {33331111-1131-1111-1111-611111193428} - O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab O20 - Winlogon Notify: RunServices - C:\WINDOWS\system32\t2r8lc9u1f.dll Clique em Fix Checked. 3ª Etapa Reinicie em modo normal. Vou precisar de um log do L2MFix. Clique aqui e baixe. Extraia os arquivos e rode o l2mfix.bat --> opção "run find log". Depois de alguns minutos o bloco de notas deve abrir com um log. É o conteúdo deste log que você deverá colar em sua próxima resposta, bem como o novo log do Hijack. Aguardo retorno. Um abraço. Compartilhar este post Link para o post Compartilhar em outros sites
Essential 0 Denunciar post Postado Fevereiro 6, 2006 Fiz tudo, só não enconteri a linha "O20 - Winlogon Notify: RunServices - C:\WINDOWS\system32\t2r8lc9u1f.dll". Segue abaixo os Novos Logs: Log do L2MFIX: L2MFIX find log 010406 These are the registry keys present ******************************************************************************** ** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Hints] "Asynchronous"=dword:00000000 "DllName"="C:\\WINDOWS\\system32\\lv0209doe.dll" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier] "Asynchronous"=dword:00000000 "DllName"="WRLogonNTF.dll" "Impersonate"=dword:00000001 "Lock"="WRLock" "StartScreenSaver"="WRStartScreenSaver" "StartShell"="WRStartShell" "Startup"="WRStartup" "StopScreenSaver"="WRStopScreenSaver" "Unlock"="WRUnlock" "Shutdown"="WRShutdown" "Logoff"="WRLogoff" "Logon"="WRLogon" ******************************************************************************** ** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "{041EA9D9-1CDA-4B8A-D611-6499E245113E}"="" ******************************************************************************** ** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler" "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler" "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler" "{9070BF60-701C-4594-B48A-127EFB28AD3E}"="" "{C66C7087-15D2-445F-91A0-DFDF14C99701}"="" "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"="Webroot Spy Sweeper Context Menu Integration" "{1AA057D9-7BFF-42A7-921D-FF67B9A983DA}"="" "{B452151B-65FD-43B3-960C-23C03DD4B9C9}"="" ******************************************************************************** ** HKEY ROOT CLASSIDS: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{9070BF60-701C-4594-B48A-127EFB28AD3E}] @="" "IDEx"="ADDR" [HKEY_CLASSES_ROOT\CLSID\{9070BF60-701C-4594-B48A-127EFB28AD3E}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{9070BF60-701C-4594-B48A-127EFB28AD3E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{9070BF60-701C-4594-B48A-127EFB28AD3E}\InprocServer32] @="C:\\WINDOWS\\system32\\dlcdll.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{C66C7087-15D2-445F-91A0-DFDF14C99701}] @="" [HKEY_CLASSES_ROOT\CLSID\{C66C7087-15D2-445F-91A0-DFDF14C99701}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{C66C7087-15D2-445F-91A0-DFDF14C99701}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{C66C7087-15D2-445F-91A0-DFDF14C99701}\InprocServer32] @="C:\\WINDOWS\\system32\\ddtmsft.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{1AA057D9-7BFF-42A7-921D-FF67B9A983DA}] @="" [HKEY_CLASSES_ROOT\CLSID\{1AA057D9-7BFF-42A7-921D-FF67B9A983DA}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{1AA057D9-7BFF-42A7-921D-FF67B9A983DA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{1AA057D9-7BFF-42A7-921D-FF67B9A983DA}\InprocServer32] @="C:\\WINDOWS\\system32\\stleay32.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{B452151B-65FD-43B3-960C-23C03DD4B9C9}] @="" [HKEY_CLASSES_ROOT\CLSID\{B452151B-65FD-43B3-960C-23C03DD4B9C9}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{B452151B-65FD-43B3-960C-23C03DD4B9C9}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{B452151B-65FD-43B3-960C-23C03DD4B9C9}\InprocServer32] @="C:\\WINDOWS\\system32\\cUtsrv.dll" "ThreadingModel"="Apartment" ******************************************************************************** ** Files Found are not all bad files: C:\WINDOWS\SYSTEM32\ cutsrv.dll Sun 5 Feb 2006 22:44:28 ..S.R 236.940 231,39 K ddtmsft.dll Sun 5 Feb 2006 18:28:36 ..S.R 235.932 230,40 K dlcdll.dll Sun 5 Feb 2006 15:13:48 ..S.R 234.910 229,40 K fdftk.dll Sun 27 Nov 2005 22:14:16 A.... 417.792 408,00 K fribidi.dll Sun 27 Nov 2005 22:14:18 A.... 90.112 88,00 K gds32.dll Sun 27 Nov 2005 22:14:16 A.... 346.624 338,50 K libeay32.dll Sun 27 Nov 2005 22:14:16 A.... 1.089.536 1,04 M libmhash.dll Sun 27 Nov 2005 22:14:16 A.... 165.643 161,76 K libmysql.dll Sun 27 Nov 2005 22:14:18 A.... 1.069.056 1,02 M lvlq09~1.dll Sun 5 Feb 2006 22:41:38 ..S.R 235.932 230,40 K mshtml.dll Sat 4 Feb 2006 23:31:54 A.... 2.793.984 2,66 M msql.dll Sun 27 Nov 2005 22:14:16 A.... 57.344 56,00 K msssc.dll Tue 31 Jan 2006 21:29:52 A.... 44 0,04 K niwrssk.dll Sun 5 Feb 2006 17:32:26 ..S.R 235.290 229,77 K ntwdblib.dll Sun 27 Nov 2005 22:14:16 A.... 278.800 272,27 K php5ap~1.dll Sun 27 Nov 2005 22:13:56 A.... 36.925 36,06 K php5ap~2.dll Sun 27 Nov 2005 22:13:56 A.... 36.924 36,06 K php5ap~3.dll Sun 27 Nov 2005 22:13:56 A.... 53.314 52,06 K php5is~1.dll Sun 27 Nov 2005 22:13:56 A.... 28.731 28,05 K php5ns~1.dll Sun 27 Nov 2005 22:13:56 A.... 28.731 28,05 K php5ts.dll Sun 27 Nov 2005 22:13:56 A.... 4.272.184 4,07 M q4nu0e~1.dll Sun 5 Feb 2006 22:43:08 ..S.R 236.077 230,54 K sacbase.dll Sun 5 Feb 2006 22:42:32 ..S.R 235.761 230,23 K ssleay32.dll Sun 27 Nov 2005 22:14:16 A.... 200.704 196,00 K stleay32.dll Sun 5 Feb 2006 22:43:04 ..S.R 235.761 230,23 K winnb61.dll Sat 4 Feb 2006 23:34:08 A.... 753.787 736,12 K wrlogo~1.dll Wed 25 Jan 2006 11:06:02 A.... 492.544 481,00 K wrlzma.dll Wed 25 Jan 2006 11:05:58 A.... 17.920 17,50 K yaz.dll Sun 27 Nov 2005 22:14:18 A.... 360.448 352,00 K 29 items found: 29 files (8 H/S), 0 directories. Total of file sizes: 14.477.750 bytes 13,80 M Locate .tmp files: C:\WINDOWS\SYSTEM32\ guard.tmp Sun 5 Feb 2006 22:44:42 A.... 237.010 231,45 K 1 item found: 1 file, 0 directories. Total of file sizes: 237.010 bytes 231,45 K ******************************************************************************** ** Directory Listing of system files: O volume na unidade C nÆo tem nome. O n£mero de s‚rie do volume ‚ 74FA-6284 Pasta de C:\WINDOWS\System32 05/02/2006 22:44 236.940 cUtsrv.dll 05/02/2006 22:43 236.077 q4nu0e59eh.dll 05/02/2006 22:43 235.761 stleay32.dll 05/02/2006 22:42 235.761 sacbase.dll 05/02/2006 22:41 235.932 lvlq0935e.dll 05/02/2006 18:28 235.932 ddtmsft.dll 05/02/2006 17:32 235.290 niwrssk.dll 05/02/2006 15:13 234.910 dlcdll.dll 04/02/2006 23:31 <DIR> dllcache 01/02/2006 21:03 <DIR> Microsoft 8 arquivo(s) 1.886.603 bytes 2 pasta(s) 27.161.673.728 bytes dispon¡veis Log do HijackThis: Logfile of HijackThis v1.99.1 Scan saved at 22:50:20, on 5/2/2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\bin\Apache\Apache.exe C:\bin\Apache\Apache.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe C:\bin\mysql\bin\mysqld-nt.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\tcpsvcs.exe C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe C:\Arquivos de programas\Webroot\Spy Sweeper\WRSSSDK.exe C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Arquivos de programas\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\System32\ctfmon.exe C:\Arquivos de programas\Messenger\msmsgs.exe C:\Arquivos de programas\Free Download Manager\fdm.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\HijackThis\HijackThis.exe O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [smapp] C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [DeviceDiscovery] C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM\..\Run: [urlLSTCK.exe] C:\Arquivos de programas\Norton Internet Security\UrlLstCk.exe O4 - HKLM\..\Run: [spySweeper] "C:\Arquivos de programas\Webroot\Spy Sweeper\SpySweeper.exe" /startintray O4 - HKLM\..\RunServices: [The Service Pack Loader] spxp.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Free Download Manager] C:\Arquivos de programas\Free Download Manager\fdm.exe -autorun O4 - Startup: WinMySQLadmin.lnk = C:\bin\mysql\bin\winmysqladmin.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Download all by Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm O8 - Extra context menu item: Download by Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm O8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlpage.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000 O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O20 - Winlogon Notify: Hints - C:\WINDOWS\system32\lv0209doe.dll (file missing) O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: Apache - Unknown owner - C:\bin\Apache\Apache.exe" --ntservice (file missing) O23 - Service: hpdj - HP - C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\hpdj.exe O23 - Service: MySQL - Unknown owner - C:\bin\mysql\bin\mysqld-nt".exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Arquivos de programas\Webroot\Spy Sweeper\WRSSSDK.exe Compartilhar este post Link para o post Compartilhar em outros sites
jgarcia 1 Denunciar post Postado Fevereiro 6, 2006 Caro Essential, Rode o arquivo l2mfix.bat, aperte <Enter>, então digite 2 e aperte Enter novamente. Depois disso, você deverá apertar qualquer tecla e o computador será reiniciado. Após reiniciar, sua área de trabalho deve sumir e reaparecer. A correção ainda não terminou. Quando ela terminar o Bloco de Notas deve abrir com um log. Anexe este log na sua resposta como você fez antes, junto com um novo log do HijackThis. Vá até a pasta l2mfix que foi criada e copie o arquivo ntrights para o C:\ Clique em Iniciar --> Executar, digite cmd e clique em OK. Um prompt de comando vai aparecer. Digite o seguinte: cd c:\ Dê Enter. Agora digite o seguinte comando: ntrights -u Administradores +r SeDebugPrivilege > log.txt Atenção --> Certifique-se digitar este comando corretamente. Dê Enter novamente. Agora deverá existir um arquivo chamado c:\log.txt. Abra-o e cole o conteúdo aqui. Aguardo retorno. Um abraço. Compartilhar este post Link para o post Compartilhar em outros sites
Essential 0 Denunciar post Postado Fevereiro 9, 2006 Segue os Novos Logs: Primeiro Log pedido do L2mfix: L2mfix 010406 Creating Account. Comando conclu¡do com ˆxito. Adding Administrative privleges. Checking for L2MFix account(0=no 1=yes): 1 Granting SeDebugPrivilege to L2MFIX ... successful Running From: C:\WINDOWS\system32 Killing Processes! Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright© 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 568 'smss.exe' Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright© 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 672 'winlogon.exe' Killing PID 672 'winlogon.exe' Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright© 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 1288 'explorer.exe' Killing PID 1288 'explorer.exe' Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright© 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 228 'rundll32.exe' Restoring Sedebugprivilege: Scanning First Pass. Please Wait! First Pass Completed Second Pass Scanning Second pass Completed! 1 arquivo(s) copiado(s). 1 arquivo(s) copiado(s). 1 arquivo(s) copiado(s). 1 arquivo(s) copiado(s). 1 arquivo(s) copiado(s). 1 arquivo(s) copiado(s). 1 arquivo(s) copiado(s). 1 arquivo(s) copiado(s). 1 arquivo(s) copiado(s). Deleting: C:\WINDOWS\system32\cUtsrv.dll Successfully Deleted: C:\WINDOWS\system32\cUtsrv.dll Deleting: C:\WINDOWS\system32\ddtmsft.dll Successfully Deleted: C:\WINDOWS\system32\ddtmsft.dll Deleting: C:\WINDOWS\system32\dlcdll.dll Successfully Deleted: C:\WINDOWS\system32\dlcdll.dll Deleting: C:\WINDOWS\system32\lvlq0935e.dll Successfully Deleted: C:\WINDOWS\system32\lvlq0935e.dll Deleting: C:\WINDOWS\system32\niwrssk.dll Successfully Deleted: C:\WINDOWS\system32\niwrssk.dll Deleting: C:\WINDOWS\system32\q4nu0e59eh.dll Successfully Deleted: C:\WINDOWS\system32\q4nu0e59eh.dll Deleting: C:\WINDOWS\system32\sacbase.dll Successfully Deleted: C:\WINDOWS\system32\sacbase.dll Deleting: C:\WINDOWS\system32\stleay32.dll Successfully Deleted: C:\WINDOWS\system32\stleay32.dll Deleting: C:\WINDOWS\system32\guard.tmp Successfully Deleted: C:\WINDOWS\system32\guard.tmp msg11?.dll 0 arquivo(s) copiado(s). Restoring Windows Update Certificates.: The following Is the Current Export of the Winlogon notify key: **************************************************************************** Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Hints] "Asynchronous"=dword:00000000 "DllName"="C:\\WINDOWS\\system32\\lv0209doe.dll" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier] "Asynchronous"=dword:00000000 "DllName"="WRLogonNTF.dll" "Impersonate"=dword:00000001 "Lock"="WRLock" "StartScreenSaver"="WRStartScreenSaver" "StartShell"="WRStartShell" "Startup"="WRStartup" "StopScreenSaver"="WRStopScreenSaver" "Unlock"="WRUnlock" "Shutdown"="WRShutdown" "Logoff"="WRLogoff" "Logon"="WRLogon" The following are the files found: **************************************************************************** C:\WINDOWS\system32\cUtsrv.dll C:\WINDOWS\system32\ddtmsft.dll C:\WINDOWS\system32\dlcdll.dll C:\WINDOWS\system32\lvlq0935e.dll C:\WINDOWS\system32\niwrssk.dll C:\WINDOWS\system32\q4nu0e59eh.dll C:\WINDOWS\system32\sacbase.dll C:\WINDOWS\system32\stleay32.dll C:\WINDOWS\system32\guard.tmp Registry Entries that were Deleted: Please verify that the listing looks ok. If there was something deleted wrongly there are backups in the backreg folder. **************************************************************************** Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{9070BF60-701C-4594-B48A-127EFB28AD3E}] @="" "IDEx"="ADDR" [HKEY_CLASSES_ROOT\CLSID\{9070BF60-701C-4594-B48A-127EFB28AD3E}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{9070BF60-701C-4594-B48A-127EFB28AD3E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{9070BF60-701C-4594-B48A-127EFB28AD3E}\InprocServer32] @="C:\\WINDOWS\\system32\\dlcdll.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{C66C7087-15D2-445F-91A0-DFDF14C99701}] @="" [HKEY_CLASSES_ROOT\CLSID\{C66C7087-15D2-445F-91A0-DFDF14C99701}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{C66C7087-15D2-445F-91A0-DFDF14C99701}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{C66C7087-15D2-445F-91A0-DFDF14C99701}\InprocServer32] @="C:\\WINDOWS\\system32\\ddtmsft.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{1AA057D9-7BFF-42A7-921D-FF67B9A983DA}] @="" [HKEY_CLASSES_ROOT\CLSID\{1AA057D9-7BFF-42A7-921D-FF67B9A983DA}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{1AA057D9-7BFF-42A7-921D-FF67B9A983DA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{1AA057D9-7BFF-42A7-921D-FF67B9A983DA}\InprocServer32] @="C:\\WINDOWS\\system32\\stleay32.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{B452151B-65FD-43B3-960C-23C03DD4B9C9}] @="" [HKEY_CLASSES_ROOT\CLSID\{B452151B-65FD-43B3-960C-23C03DD4B9C9}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{B452151B-65FD-43B3-960C-23C03DD4B9C9}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{B452151B-65FD-43B3-960C-23C03DD4B9C9}\InprocServer32] @="C:\\WINDOWS\\system32\\cUtsrv.dll" "ThreadingModel"="Apartment" REGEDIT4 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{9070BF60-701C-4594-B48A-127EFB28AD3E}"=- "{C66C7087-15D2-445F-91A0-DFDF14C99701}"=- "{1AA057D9-7BFF-42A7-921D-FF67B9A983DA}"=- "{B452151B-65FD-43B3-960C-23C03DD4B9C9}"=- [-HKEY_CLASSES_ROOT\CLSID\{9070BF60-701C-4594-B48A-127EFB28AD3E}] [-HKEY_CLASSES_ROOT\CLSID\{C66C7087-15D2-445F-91A0-DFDF14C99701}] [-HKEY_CLASSES_ROOT\CLSID\{1AA057D9-7BFF-42A7-921D-FF67B9A983DA}] [-HKEY_CLASSES_ROOT\CLSID\{B452151B-65FD-43B3-960C-23C03DD4B9C9}] REGEDIT4 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] **************************************************************************** Desktop.ini Contents: **************************************************************************** **************************************************************************** Checking for L2MFix account(0=no 1=yes): 0 Zipping up files for submission: adding: dlls/cUtsrv.dll (188 bytes security) (deflated 5%) adding: dlls/ddtmsft.dll (188 bytes security) (deflated 5%) adding: dlls/dlcdll.dll (188 bytes security) (deflated 5%) adding: dlls/guard.tmp (188 bytes security) (deflated 5%) adding: dlls/lvlq0935e.dll (188 bytes security) (deflated 5%) adding: dlls/niwrssk.dll (188 bytes security) (deflated 5%) adding: dlls/q4nu0e59eh.dll (188 bytes security) (deflated 5%) adding: dlls/sacbase.dll (188 bytes security) (deflated 5%) adding: dlls/stleay32.dll (188 bytes security) (deflated 5%) adding: backregs/1AA057D9-7BFF-42A7-921D-FF67B9A983DA.reg (212 bytes security) (deflated 70%) adding: backregs/9070BF60-701C-4594-B48A-127EFB28AD3E.reg (212 bytes security) (deflated 69%) adding: backregs/B452151B-65FD-43B3-960C-23C03DD4B9C9.reg (212 bytes security) (deflated 70%) adding: backregs/C66C7087-15D2-445F-91A0-DFDF14C99701.reg (212 bytes security) (deflated 70%) adding: backregs/notibac.reg (188 bytes security) (deflated 87%) adding: backregs/shell.reg (188 bytes security) (deflated 60%) Segundo Log pedido do L2mfix: Granting SeDebugPrivilege to Adiministradores ... failed (GetAccountSid(Adiministradores)=1332 Novo Log do HijackThis: Logfile of HijackThis v1.99.1 Scan saved at 00:11:38, on 9/2/2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\bin\Apache\Apache.exe C:\bin\Apache\Apache.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe C:\bin\mysql\bin\mysqld-nt.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\tcpsvcs.exe C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe C:\Arquivos de programas\Webroot\Spy Sweeper\WRSSSDK.exe C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Arquivos de programas\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\System32\ctfmon.exe C:\Arquivos de programas\Messenger\msmsgs.exe C:\Arquivos de programas\Free Download Manager\fdm.exe C:\Arquivos de programas\Intelig\Discador Intelig\interdial.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\HijackThis\HijackThis.exe O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [smapp] C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [DeviceDiscovery] C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM\..\Run: [urlLSTCK.exe] C:\Arquivos de programas\Norton Internet Security\UrlLstCk.exe O4 - HKLM\..\Run: [spySweeper] "C:\Arquivos de programas\Webroot\Spy Sweeper\SpySweeper.exe" /startintray O4 - HKLM\..\RunServices: [The Service Pack Loader] spxp.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Free Download Manager] C:\Arquivos de programas\Free Download Manager\fdm.exe -autorun O4 - Startup: WinMySQLadmin.lnk = C:\bin\mysql\bin\winmysqladmin.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Download all by Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm O8 - Extra context menu item: Download by Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm O8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlpage.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000 O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O17 - HKLM\System\CCS\Services\Tcpip\..\{EC21249F-F14D-4627-AD49-29914DDD2666}: NameServer = 200.184.26.3 200.184.46.2 O20 - Winlogon Notify: Hints - C:\WINDOWS\system32\lv0209doe.dll (file missing) O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: Apache - Unknown owner - C:\bin\Apache\Apache.exe" --ntservice (file missing) O23 - Service: hpdj - HP - C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\hpdj.exe O23 - Service: MySQL - Unknown owner - C:\bin\mysql\bin\mysqld-nt".exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Arquivos de programas\Webroot\Spy Sweeper\WRSSSDK.exe Compartilhar este post Link para o post Compartilhar em outros sites
jgarcia 1 Denunciar post Postado Fevereiro 9, 2006 Caro Essential, Execute o L2MFIX (opção 2) novamente. Abraços. Compartilhar este post Link para o post Compartilhar em outros sites
Essential 0 Denunciar post Postado Fevereiro 13, 2006 Fiz, mais ai criou um novo usuario e nem sabia a senha, ai começou a dar poblemas impossivel de navegar tive que formatar, segue um novo log do HijackThis: Logfile of HijackThis v1.99.1 Scan saved at 21:08:47, on 12/2/2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\nvsvc32.exe C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe C:\Arquivos de programas\Webroot\Spy Sweeper\WRSSSDK.exe C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Arquivos de programas\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\System32\ctfmon.exe C:\Arquivos de programas\Messenger\msmsgs.exe C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe C:\Arquivos de programas\Free Download Manager\fdm.exe C:\Arquivos de programas\Discador iBest\baloon.exe C:\ARQUIV~1\iGv6\sysbrand.exe C:\Arquivos de programas\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Arquivos de programas\Intelig\Discador Intelig\interdial.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\cmd.exe C:\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://farejador.ig.com.br/ie/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://farejador.ig.com.br R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://farejador.ig.com.br/ie/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.inteligweb.com.br/ O2 - BHO: &iG - {7EEF1E3D-FD97-4401-BCDB-5827F2D11709} - C:\ARQUIV~1\iGv6\igshop.dll O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Discador iBest - {4F869C58-D71D-4850-8BDD-7B5CDF8EC911} - C:\Arquivos de programas\Discador iBest\ibestbar.dll O3 - Toolbar: &iG - {7EEF1E3D-FD97-4401-BCDB-5827F2D11709} - C:\ARQUIV~1\iGv6\igshop.dll O4 - HKLM\..\Run: [smapp] C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [DeviceDiscovery] C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM\..\Run: [Discador iG] "C:\Arquivos de programas\iGv6\Discador iG.exe" boot O4 - HKLM\..\Run: [spySweeper] "C:\Arquivos de programas\Webroot\Spy Sweeper\SpySweeper.exe" /startintray O4 - HKLM\..\RunServices: [Microsoft Configusd] msconfigsd.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Free Download Manager] C:\Arquivos de programas\Free Download Manager\fdm.exe -autorun O4 - HKCU\..\Run: [iBest.baloon] "C:\Arquivos de programas\Discador iBest\baloon.exe" O4 - HKCU\..\Run: [sysBrand] "C:\ARQUIV~1\iGv6\sysbrand.exe" O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Arquivos de programas\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Download all by Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm O8 - Extra context menu item: Download by Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm O8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlpage.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Barra do iG - {FD1672E0-AE0D-465B-B345-F7B0944A121D} - C:\ARQUIV~1\iGv6\igshop.dll O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O17 - HKLM\System\CCS\Services\Tcpip\..\{4EC11050-9A84-4F79-BD4A-F18B4CD309A2}: NameServer = 200.184.26.3 200.184.46.2 O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: hpdj - HP - C:\DOCUME~1\William\CONFIG~1\Temp\hpdj.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Arquivos de programas\Webroot\Spy Sweeper\WRSSSDK.exe Compartilhar este post Link para o post Compartilhar em outros sites
jgarcia 1 Denunciar post Postado Fevereiro 13, 2006 Caro Essential, Não há entradas anormais no log, mas o sistema operacional está bastante desatualizado. Abraços. Compartilhar este post Link para o post Compartilhar em outros sites
Shine 0 Denunciar post Postado Outubro 1, 2006 PROBLEMA RESOLVIDO! Caso o autor necessite que o tópico seja reaberto é necessário enviar uma Mensagem Privada para um Moderador com um link para o tópico. Compartilhar este post Link para o post Compartilhar em outros sites
