Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Essential

[Resolvido] Log do HijackThis

Recommended Posts

Segue meu log, tem uns problemas que nem formatando sai, o Ctrl+Alt+Del não funciona corretamente, ele abre por 1 seg e fecha, até o HijackThis ta abrindo e fechando rápido, maior trabalho para conseguir o Log.Logfile of HijackThis v1.99.1Scan saved at 17:26:59, on 4/2/2006Platform: Windows XP (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 (6.00.2600.0000)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\bin\Apache\Apache.exeC:\WINDOWS\Explorer.EXEC:\bin\Apache\Apache.exeC:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exeC:\bin\mysql\bin\mysqld-nt.exeC:\WINDOWS\System32\tcpsvcs.exeC:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exeC:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exeC:\WINDOWS\System32\RUNDLL32.EXEC:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exeC:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exeC:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exeC:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exeC:\Arquivos de programas\Common files\SearchUpgrader\SearchUpgrader.exeC:\WINDOWS\System32\msconfigsd.exeC:\WINDOWS\System32\crssr.exeC:\WINDOWS\System32\ctfmon.exeC:\Arquivos de programas\Messenger\msmsgs.exeC:\Arquivos de programas\Intelig\Discador Intelig\interdial.exeC:\Arquivos de programas\Internet Explorer\iexplore.exeC:\Arquivos de programas\eMule\eMule.exeC:\HijackThis\HijackThis.exeR3 - URLSearchHook: PerfectNavBHO Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\ARQUIV~1\PERFEC~1\BHO\PERFEC~1.DLLO2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\ARQUIV~1\PERFEC~1\BHO\PERFEC~1.DLLO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocxO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [smapp] C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe"O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exeO4 - HKLM\..\Run: [DeviceDiscovery] C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exeO4 - HKLM\..\Run: [urlLSTCK.exe] C:\Arquivos de programas\Norton Internet Security\UrlLstCk.exeO4 - HKLM\..\Run: [searchUpgrader] C:\Arquivos de programas\Common files\SearchUpgrader\SearchUpgrader.exeO4 - HKLM\..\Run: [Microsoft Configusd] msconfigsd.exeO4 - HKLM\..\Run: [MS taskbar] crssr.exeO4 - HKLM\..\RunServices: [Microsoft Configusd] msconfigsd.exeO4 - HKLM\..\RunServices: [MS taskbar] crssr.exeO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [Microsoft Configusd] msconfigsd.exeO4 - HKCU\..\Run: [MS taskbar] crssr.exeO4 - HKCU\..\RunServices: [Microsoft Configusd] msconfigsd.exeO4 - Startup: WinMySQLadmin.lnk = C:\bin\mysql\bin\winmysqladmin.exeO4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXEO8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htmO9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htmO14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.aspO17 - HKLM\System\CCS\Services\Tcpip\..\{EC21249F-F14D-4627-AD49-29914DDD2666}: NameServer = 200.184.26.3 200.184.46.2O23 - Service: Apache - Unknown owner - C:\bin\Apache\Apache.exe" --ntservice (file missing)O23 - Service: hpdj - HP - C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\hpdj.exeO23 - Service: MySQL - Unknown owner - C:\bin\mysql\bin\mysqld-nt".exe (file missing)O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exeO23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro Essential,

 

Vamos lá.

 

Habilite o Windows para mostrar todos os arquivos (até ocultos).

 

Desinstale:

--> PerfectNavBHO Class e/ou NavErrRedir Class

--> SearchUpgrader

 

Utilize Adicionar / Remover programas.

 

Desinstale, um a um, e reinicie após tê-lo desinstalado.

 

Obs.: Caso não encontre algum dos programas na lista, apenas passe para a próxima etapa.

 

1ª Etapa

 

Baixe o Killbox em:

Killbox

 

Baixe, mas não execute ainda.

 

Baixe o tool da Symantec em:

Removal tool Adware.Keenval

 

Baixe, mas não execute ainda.

 

Baixe o SpySweeper em:

SpySweeper

 

Baixe e atualize, mas não execute ainda.

 

2ª Etapa

 

Execute o KillBox:

1) Selecione Delete on reboot;

 

2) Copie a lista abaixo em negrito para a área de transferência. Selecione --> Editar --> Copiar:

C:\WINDOWS\System32\msconfigsd.exe

C:\WINDOWS\System32\crssr.exe

C:\Arquivos de programas\Common files\SearchUpgrader

C:\ARQUIV~1\PERFEC~1

3) Retorne ao Killbox. Clique em File --> Paste from clipboard --> All files.

 

4) Aperte no "X". Responda “não” à pergunta.

 

É prudente que você faça a impressão deste documento ou salve-o em um lugar de fácil acesso, pois na próxima etapa entraremos em Modo Seguro e a conexão à internet não será possível.

 

3ª Etapa

 

Reinicie o computador em Modo Seguro (após reiniciar aperte a tecla F8 até aparecer uma tela preta em DOS e escolha Modo Seguro).

 

Execute o HijackThis, clique em Do a system scan only e marque:

R3 - URLSearchHook: PerfectNavBHO Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\ARQUIV~1\PERFEC~1\BHO\PERFEC~1.DLL

O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\ARQUIV~1\PERFEC~1\BHO\PERFEC~1.DLL

O4 - HKLM\..\Run: [searchUpgrader] C:\Arquivos de programas\Common files\SearchUpgrader\SearchUpgrader.exe

O4 - HKLM\..\Run: [Microsoft Configusd] msconfigsd.exe

O4 - HKLM\..\Run: [MS taskbar] crssr.exe

O4 - HKLM\..\RunServices: [Microsoft Configusd] msconfigsd.exe

O4 - HKLM\..\RunServices: [MS taskbar] crssr.exe

O4 - HKCU\..\Run: [Microsoft Configusd] msconfigsd.exe

O4 - HKCU\..\Run: [MS taskbar] crssr.exe

O4 - HKCU\..\RunServices: [Microsoft Configusd] msconfigsd.exe

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

Clique em Fix Checked.

 

4ª Etapa

 

Ainda em Modo Seguro faça o seguinte:

 

1) Execute o tool da Symantec.

 

2) Execute uma verificação completa com o SpySweeper.

 

5ª Etapa

 

Reinicie em modo normal.

 

Verifique se os problemas foram resolvidos e poste o novo log.

 

Aguardo retorno.

 

Um abraço.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Oi Amigo, desculpe que eu demorei um pouquinho, ja fiz as etapas, agora parece que esta tudo ok, segue o novo Log.Logfile of HijackThis v1.99.1Scan saved at 18:32:15, on 5/2/2006Platform: Windows XP (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 (6.00.2600.0000)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\bin\Apache\Apache.exeC:\WINDOWS\system32\rundll32.exeC:\bin\Apache\Apache.exeC:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exeC:\bin\mysql\bin\mysqld-nt.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\System32\tcpsvcs.exeC:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exeC:\Arquivos de programas\Webroot\Spy Sweeper\WRSSSDK.exeC:\WINDOWS\Explorer.EXEC:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exeC:\WINDOWS\System32\RUNDLL32.EXEC:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exeC:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exeC:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exeC:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exeC:\WINDOWS\system32\itunesff.exeC:\windows\winsysban5.exeC:\WINDOWS\System32\spxp.exeC:\Arquivos de programas\Webroot\Spy Sweeper\SpySweeper.exeC:\WINDOWS\System32\ctfmon.exeC:\Arquivos de programas\Messenger\msmsgs.exeC:\Arquivos de programas\Free Download Manager\fdm.exeC:\Arquivos de programas\Intelig\Discador Intelig\interdial.exeC:\HijackThis\HijackThis.exeO3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocxO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [smapp] C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe"O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exeO4 - HKLM\..\Run: [DeviceDiscovery] C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exeO4 - HKLM\..\Run: [urlLSTCK.exe] C:\Arquivos de programas\Norton Internet Security\UrlLstCk.exeO4 - HKLM\..\Run: [itunesff] C:\WINDOWS\system32\itunesff.exe -go -c200 -wO4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd5.exeO4 - HKLM\..\Run: [winsysban] C:\windows\winsysban5.exeO4 - HKLM\..\Run: [gimmygames] C:\windows\gimmygames.exeO4 - HKLM\..\Run: [The Service Pack Loader] spxp.exeO4 - HKLM\..\Run: [spySweeper] "C:\Arquivos de programas\Webroot\Spy Sweeper\SpySweeper.exe" /startintrayO4 - HKLM\..\RunServices: [The Service Pack Loader] spxp.exeO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [Free Download Manager] C:\Arquivos de programas\Free Download Manager\fdm.exe -autorunO4 - Startup: WinMySQLadmin.lnk = C:\bin\mysql\bin\winmysqladmin.exeO4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXEO8 - Extra context menu item: Download all by Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htmO8 - Extra context menu item: Download by Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htmO8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htmO8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlpage.htmO8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.aspO16 - DPF: {33331111-1111-1111-1111-611111193423} - O16 - DPF: {33331111-1111-1111-1111-611111193429} - O16 - DPF: {33331111-1111-1111-1111-615111193427} - O16 - DPF: {33331111-1131-1111-1111-611111193428} - O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cabO20 - Winlogon Notify: RunServices - C:\WINDOWS\system32\t2r8lc9u1f.dllO20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dllO23 - Service: Apache - Unknown owner - C:\bin\Apache\Apache.exe" --ntservice (file missing)O23 - Service: hpdj - HP - C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\hpdj.exeO23 - Service: MySQL - Unknown owner - C:\bin\mysql\bin\mysqld-nt".exe (file missing)O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exeO23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exeO23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Arquivos de programas\Webroot\Spy Sweeper\WRSSSDK.exeAbraço!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro Essential,

 

Ainda há o que fazer. Vamos lá.

 

1ª Etapa

 

Execute o KillBox:

1) Selecione Delete on reboot;

 

2) Copie a lista abaixo em negrito para a área de transferência. Selecione --> Editar --> Copiar:

C:\WINDOWS\system32\itunesff.exe

C:\WINDOWS\System32\spxp.exe

C:\WINDOWS\system32\t2r8lc9u1f.dll

C:\windows\winsysban5.exe

C:\windows\gimmygames.exe

c:\eied_s7.cab

3) Retorne ao Killbox. Clique em File --> Paste from clipboard --> All files.

 

4) Aperte no "X". Responda “não” à pergunta.

 

É prudente que você faça a impressão deste documento ou salve-o em um lugar de fácil acesso, pois na próxima etapa entraremos em Modo Seguro e a conexão à internet não será possível.

 

2ª Etapa

 

Reinicie o computador em Modo Seguro.

 

Execute o HijackThis, clique em Do a system scan only e marque:

O4 - HKLM\..\Run: [itunesff] C:\WINDOWS\system32\itunesff.exe -go -c200 -w

O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd5.exe

O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban5.exe

O4 - HKLM\..\Run: [gimmygames] C:\windows\gimmygames.exe

O4 - HKLM\..\Run: [The Service Pack Loader] spxp.exe

O4 - HKLM\..\RunServices: [The Service Pack Loader] spxp.exe

O16 - DPF: {33331111-1111-1111-1111-611111193423} -

O16 - DPF: {33331111-1111-1111-1111-611111193429} -

O16 - DPF: {33331111-1111-1111-1111-615111193427} -

O16 - DPF: {33331111-1131-1111-1111-611111193428} -

O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab

O20 - Winlogon Notify: RunServices - C:\WINDOWS\system32\t2r8lc9u1f.dll

Clique em Fix Checked.

 

3ª Etapa

 

Reinicie em modo normal.

 

Vou precisar de um log do L2MFix. Clique aqui e baixe.

 

Extraia os arquivos e rode o l2mfix.bat --> opção "run find log". Depois de alguns minutos o bloco de notas deve abrir com um log. É o conteúdo deste log que você deverá colar em sua próxima resposta, bem como o novo log do Hijack.

 

Aguardo retorno.

 

Um abraço.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Fiz tudo, só não enconteri a linha "O20 - Winlogon Notify: RunServices - C:\WINDOWS\system32\t2r8lc9u1f.dll".

Segue abaixo os Novos Logs:

 

Log do L2MFIX:

 

L2MFIX find log 010406

These are the registry keys present

********************************************************************************

**

Winlogon/notify:

Windows Registry Editor Version 5.00

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]

"Asynchronous"=dword:00000000

"Impersonate"=dword:00000000

"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\

6c,00,00,00

"Logoff"="ChainWlxLogoffEvent"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]

"Asynchronous"=dword:00000000

"Impersonate"=dword:00000000

"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\

6c,00,6c,00,00,00

"Logoff"="CryptnetWlxLogoffEvent"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]

"DLLName"="cscdll.dll"

"Logon"="WinlogonLogonEvent"

"Logoff"="WinlogonLogoffEvent"

"ScreenSaver"="WinlogonScreenSaverEvent"

"Startup"="WinlogonStartupEvent"

"Shutdown"="WinlogonShutdownEvent"

"StartShell"="WinlogonStartShellEvent"

"Impersonate"=dword:00000000

"Asynchronous"=dword:00000001

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Hints]

"Asynchronous"=dword:00000000

"DllName"="C:\\WINDOWS\\system32\\lv0209doe.dll"

"Impersonate"=dword:00000000

"Logon"="WinLogon"

"Logoff"="WinLogoff"

"Shutdown"="WinShutdown"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]

"DLLName"="wlnotify.dll"

"Logon"="SCardStartCertProp"

"Logoff"="SCardStopCertProp"

"Lock"="SCardSuspendCertProp"

"Unlock"="SCardResumeCertProp"

"Enabled"=dword:00000001

"Impersonate"=dword:00000001

"Asynchronous"=dword:00000001

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]

"Asynchronous"=dword:00000000

"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\

6c,00,6c,00,00,00

"Impersonate"=dword:00000000

"StartShell"="SchedStartShell"

"Logoff"="SchedEventLogOff"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]

"Logoff"="WLEventLogoff"

"Impersonate"=dword:00000000

"Asynchronous"=dword:00000001

"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\

6c,00,6c,00,00,00

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]

"DLLName"="WlNotify.dll"

"Lock"="SensLockEvent"

"Logon"="SensLogonEvent"

"Logoff"="SensLogoffEvent"

"Safe"=dword:00000001

"MaxWait"=dword:00000258

"StartScreenSaver"="SensStartScreenSaverEvent"

"StopScreenSaver"="SensStopScreenSaverEvent"

"Startup"="SensStartupEvent"

"Shutdown"="SensShutdownEvent"

"StartShell"="SensStartShellEvent"

"PostShell"="SensPostShellEvent"

"Disconnect"="SensDisconnectEvent"

"Reconnect"="SensReconnectEvent"

"Unlock"="SensUnlockEvent"

"Impersonate"=dword:00000001

"Asynchronous"=dword:00000001

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]

"Asynchronous"=dword:00000000

"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\

6c,00,6c,00,00,00

"Impersonate"=dword:00000000

"Logoff"="TSEventLogoff"

"Logon"="TSEventLogon"

"PostShell"="TSEventPostShell"

"Shutdown"="TSEventShutdown"

"StartShell"="TSEventStartShell"

"Startup"="TSEventStartup"

"MaxWait"=dword:00000258

"Reconnect"="TSEventReconnect"

"Disconnect"="TSEventDisconnect"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]

"DLLName"="wlnotify.dll"

"Logon"="RegisterTicketExpiredNotificationEvent"

"Logoff"="UnregisterTicketExpiredNotificationEvent"

"Impersonate"=dword:00000001

"Asynchronous"=dword:00000001

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]

"Asynchronous"=dword:00000000

"DllName"="WRLogonNTF.dll"

"Impersonate"=dword:00000001

"Lock"="WRLock"

"StartScreenSaver"="WRStartScreenSaver"

"StartShell"="WRStartShell"

"Startup"="WRStartup"

"StopScreenSaver"="WRStopScreenSaver"

"Unlock"="WRUnlock"

"Shutdown"="WRShutdown"

"Logoff"="WRLogoff"

"Logon"="WRLogon"

 

********************************************************************************

**

useragent:

Windows Registry Editor Version 5.00

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

"{041EA9D9-1CDA-4B8A-D611-6499E245113E}"=""

 

********************************************************************************

**

Shell Extension key:

Windows Registry Editor Version 5.00

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"

"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"

"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"

"{9070BF60-701C-4594-B48A-127EFB28AD3E}"=""

"{C66C7087-15D2-445F-91A0-DFDF14C99701}"=""

"{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"="Webroot Spy Sweeper Context Menu Integration"

"{1AA057D9-7BFF-42A7-921D-FF67B9A983DA}"=""

"{B452151B-65FD-43B3-960C-23C03DD4B9C9}"=""

 

********************************************************************************

**

HKEY ROOT CLASSIDS:

Windows Registry Editor Version 5.00

 

[HKEY_CLASSES_ROOT\CLSID\{9070BF60-701C-4594-B48A-127EFB28AD3E}]

@=""

"IDEx"="ADDR"

 

[HKEY_CLASSES_ROOT\CLSID\{9070BF60-701C-4594-B48A-127EFB28AD3E}\Implemented Categories]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{9070BF60-701C-4594-B48A-127EFB28AD3E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{9070BF60-701C-4594-B48A-127EFB28AD3E}\InprocServer32]

@="C:\\WINDOWS\\system32\\dlcdll.dll"

"ThreadingModel"="Apartment"

 

Windows Registry Editor Version 5.00

 

[HKEY_CLASSES_ROOT\CLSID\{C66C7087-15D2-445F-91A0-DFDF14C99701}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{C66C7087-15D2-445F-91A0-DFDF14C99701}\Implemented Categories]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{C66C7087-15D2-445F-91A0-DFDF14C99701}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{C66C7087-15D2-445F-91A0-DFDF14C99701}\InprocServer32]

@="C:\\WINDOWS\\system32\\ddtmsft.dll"

"ThreadingModel"="Apartment"

 

Windows Registry Editor Version 5.00

 

[HKEY_CLASSES_ROOT\CLSID\{1AA057D9-7BFF-42A7-921D-FF67B9A983DA}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{1AA057D9-7BFF-42A7-921D-FF67B9A983DA}\Implemented Categories]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{1AA057D9-7BFF-42A7-921D-FF67B9A983DA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{1AA057D9-7BFF-42A7-921D-FF67B9A983DA}\InprocServer32]

@="C:\\WINDOWS\\system32\\stleay32.dll"

"ThreadingModel"="Apartment"

 

Windows Registry Editor Version 5.00

 

[HKEY_CLASSES_ROOT\CLSID\{B452151B-65FD-43B3-960C-23C03DD4B9C9}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{B452151B-65FD-43B3-960C-23C03DD4B9C9}\Implemented Categories]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{B452151B-65FD-43B3-960C-23C03DD4B9C9}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{B452151B-65FD-43B3-960C-23C03DD4B9C9}\InprocServer32]

@="C:\\WINDOWS\\system32\\cUtsrv.dll"

"ThreadingModel"="Apartment"

 

********************************************************************************

**

Files Found are not all bad files:

 

C:\WINDOWS\SYSTEM32\

cutsrv.dll Sun 5 Feb 2006 22:44:28 ..S.R 236.940 231,39 K

ddtmsft.dll Sun 5 Feb 2006 18:28:36 ..S.R 235.932 230,40 K

dlcdll.dll Sun 5 Feb 2006 15:13:48 ..S.R 234.910 229,40 K

fdftk.dll Sun 27 Nov 2005 22:14:16 A.... 417.792 408,00 K

fribidi.dll Sun 27 Nov 2005 22:14:18 A.... 90.112 88,00 K

gds32.dll Sun 27 Nov 2005 22:14:16 A.... 346.624 338,50 K

libeay32.dll Sun 27 Nov 2005 22:14:16 A.... 1.089.536 1,04 M

libmhash.dll Sun 27 Nov 2005 22:14:16 A.... 165.643 161,76 K

libmysql.dll Sun 27 Nov 2005 22:14:18 A.... 1.069.056 1,02 M

lvlq09~1.dll Sun 5 Feb 2006 22:41:38 ..S.R 235.932 230,40 K

mshtml.dll Sat 4 Feb 2006 23:31:54 A.... 2.793.984 2,66 M

msql.dll Sun 27 Nov 2005 22:14:16 A.... 57.344 56,00 K

msssc.dll Tue 31 Jan 2006 21:29:52 A.... 44 0,04 K

niwrssk.dll Sun 5 Feb 2006 17:32:26 ..S.R 235.290 229,77 K

ntwdblib.dll Sun 27 Nov 2005 22:14:16 A.... 278.800 272,27 K

php5ap~1.dll Sun 27 Nov 2005 22:13:56 A.... 36.925 36,06 K

php5ap~2.dll Sun 27 Nov 2005 22:13:56 A.... 36.924 36,06 K

php5ap~3.dll Sun 27 Nov 2005 22:13:56 A.... 53.314 52,06 K

php5is~1.dll Sun 27 Nov 2005 22:13:56 A.... 28.731 28,05 K

php5ns~1.dll Sun 27 Nov 2005 22:13:56 A.... 28.731 28,05 K

php5ts.dll Sun 27 Nov 2005 22:13:56 A.... 4.272.184 4,07 M

q4nu0e~1.dll Sun 5 Feb 2006 22:43:08 ..S.R 236.077 230,54 K

sacbase.dll Sun 5 Feb 2006 22:42:32 ..S.R 235.761 230,23 K

ssleay32.dll Sun 27 Nov 2005 22:14:16 A.... 200.704 196,00 K

stleay32.dll Sun 5 Feb 2006 22:43:04 ..S.R 235.761 230,23 K

winnb61.dll Sat 4 Feb 2006 23:34:08 A.... 753.787 736,12 K

wrlogo~1.dll Wed 25 Jan 2006 11:06:02 A.... 492.544 481,00 K

wrlzma.dll Wed 25 Jan 2006 11:05:58 A.... 17.920 17,50 K

yaz.dll Sun 27 Nov 2005 22:14:18 A.... 360.448 352,00 K

 

29 items found: 29 files (8 H/S), 0 directories.

Total of file sizes: 14.477.750 bytes 13,80 M

Locate .tmp files:

 

C:\WINDOWS\SYSTEM32\

guard.tmp Sun 5 Feb 2006 22:44:42 A.... 237.010 231,45 K

 

1 item found: 1 file, 0 directories.

Total of file sizes: 237.010 bytes 231,45 K

********************************************************************************

**

Directory Listing of system files:

O volume na unidade C nÆo tem nome.

O n£mero de s‚rie do volume ‚ 74FA-6284

 

Pasta de C:\WINDOWS\System32

 

05/02/2006 22:44 236.940 cUtsrv.dll

05/02/2006 22:43 236.077 q4nu0e59eh.dll

05/02/2006 22:43 235.761 stleay32.dll

05/02/2006 22:42 235.761 sacbase.dll

05/02/2006 22:41 235.932 lvlq0935e.dll

05/02/2006 18:28 235.932 ddtmsft.dll

05/02/2006 17:32 235.290 niwrssk.dll

05/02/2006 15:13 234.910 dlcdll.dll

04/02/2006 23:31 <DIR> dllcache

01/02/2006 21:03 <DIR> Microsoft

8 arquivo(s) 1.886.603 bytes

2 pasta(s) 27.161.673.728 bytes dispon¡veis

 

 

Log do HijackThis:

 

Logfile of HijackThis v1.99.1

Scan saved at 22:50:20, on 5/2/2006

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\bin\Apache\Apache.exe

C:\bin\Apache\Apache.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\bin\mysql\bin\mysqld-nt.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\tcpsvcs.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\Arquivos de programas\Webroot\Spy Sweeper\WRSSSDK.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

C:\WINDOWS\System32\RUNDLL32.EXE

C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe

C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe

C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Arquivos de programas\Webroot\Spy Sweeper\SpySweeper.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Free Download Manager\fdm.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\HijackThis\HijackThis.exe

 

O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [smapp] C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe

O4 - HKLM\..\Run: [DeviceDiscovery] C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

O4 - HKLM\..\Run: [urlLSTCK.exe] C:\Arquivos de programas\Norton Internet Security\UrlLstCk.exe

O4 - HKLM\..\Run: [spySweeper] "C:\Arquivos de programas\Webroot\Spy Sweeper\SpySweeper.exe" /startintray

O4 - HKLM\..\RunServices: [The Service Pack Loader] spxp.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Free Download Manager] C:\Arquivos de programas\Free Download Manager\fdm.exe -autorun

O4 - Startup: WinMySQLadmin.lnk = C:\bin\mysql\bin\winmysqladmin.exe

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: Download all by Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download by Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlpage.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O20 - Winlogon Notify: Hints - C:\WINDOWS\system32\lv0209doe.dll (file missing)

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O23 - Service: Apache - Unknown owner - C:\bin\Apache\Apache.exe" --ntservice (file missing)

O23 - Service: hpdj - HP - C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\hpdj.exe

O23 - Service: MySQL - Unknown owner - C:\bin\mysql\bin\mysqld-nt".exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Arquivos de programas\Webroot\Spy Sweeper\WRSSSDK.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro Essential,

 

Rode o arquivo l2mfix.bat, aperte <Enter>, então digite 2 e aperte Enter novamente. Depois disso, você deverá apertar qualquer tecla e o computador será reiniciado.

 

Após reiniciar, sua área de trabalho deve sumir e reaparecer. A correção ainda não terminou. Quando ela terminar o Bloco de Notas deve abrir com um log. Anexe este log na sua resposta como você fez antes, junto com um novo log do HijackThis.

 

Vá até a pasta l2mfix que foi criada e copie o arquivo ntrights para o C:\

 

Clique em Iniciar --> Executar, digite cmd e clique em OK. Um prompt de comando vai aparecer.

 

Digite o seguinte:

 

cd c:\

Enter. Agora digite o seguinte comando:

 

ntrights -u Administradores +r SeDebugPrivilege > log.txt

Atenção --> Certifique-se digitar este comando corretamente.

 

Enter novamente. Agora deverá existir um arquivo chamado c:\log.txt. Abra-o e cole o conteúdo aqui.

 

Aguardo retorno.

 

Um abraço.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Segue os Novos Logs:

 

Primeiro Log pedido do L2mfix:

 

L2mfix 010406

Creating Account.

Comando conclu¡do com ˆxito.

 

Adding Administrative privleges.

Checking for L2MFix account(0=no 1=yes):

1

Granting SeDebugPrivilege to L2MFIX ... successful

 

Running From:

C:\WINDOWS\system32

 

Killing Processes!

 

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03

Copyright© 2002-2003 Craig.Peacock@beyondlogic.org

Killing PID 568 'smss.exe'

 

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03

Copyright© 2002-2003 Craig.Peacock@beyondlogic.org

Killing PID 672 'winlogon.exe'

Killing PID 672 'winlogon.exe'

 

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03

Copyright© 2002-2003 Craig.Peacock@beyondlogic.org

Killing PID 1288 'explorer.exe'

Killing PID 1288 'explorer.exe'

 

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03

Copyright© 2002-2003 Craig.Peacock@beyondlogic.org

Killing PID 228 'rundll32.exe'

Restoring Sedebugprivilege:

 

Scanning First Pass. Please Wait!

 

First Pass Completed

 

Second Pass Scanning

 

Second pass Completed!

1 arquivo(s) copiado(s).

1 arquivo(s) copiado(s).

1 arquivo(s) copiado(s).

1 arquivo(s) copiado(s).

1 arquivo(s) copiado(s).

1 arquivo(s) copiado(s).

1 arquivo(s) copiado(s).

1 arquivo(s) copiado(s).

1 arquivo(s) copiado(s).

Deleting: C:\WINDOWS\system32\cUtsrv.dll

Successfully Deleted: C:\WINDOWS\system32\cUtsrv.dll

Deleting: C:\WINDOWS\system32\ddtmsft.dll

Successfully Deleted: C:\WINDOWS\system32\ddtmsft.dll

Deleting: C:\WINDOWS\system32\dlcdll.dll

Successfully Deleted: C:\WINDOWS\system32\dlcdll.dll

Deleting: C:\WINDOWS\system32\lvlq0935e.dll

Successfully Deleted: C:\WINDOWS\system32\lvlq0935e.dll

Deleting: C:\WINDOWS\system32\niwrssk.dll

Successfully Deleted: C:\WINDOWS\system32\niwrssk.dll

Deleting: C:\WINDOWS\system32\q4nu0e59eh.dll

Successfully Deleted: C:\WINDOWS\system32\q4nu0e59eh.dll

Deleting: C:\WINDOWS\system32\sacbase.dll

Successfully Deleted: C:\WINDOWS\system32\sacbase.dll

Deleting: C:\WINDOWS\system32\stleay32.dll

Successfully Deleted: C:\WINDOWS\system32\stleay32.dll

Deleting: C:\WINDOWS\system32\guard.tmp

Successfully Deleted: C:\WINDOWS\system32\guard.tmp

 

msg11?.dll

0 arquivo(s) copiado(s).

 

 

 

Restoring Windows Update Certificates.:

 

The following Is the Current Export of the Winlogon notify key:

****************************************************************************

Windows Registry Editor Version 5.00

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]

"Asynchronous"=dword:00000000

"Impersonate"=dword:00000000

"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\

6c,00,00,00

"Logoff"="ChainWlxLogoffEvent"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]

"Asynchronous"=dword:00000000

"Impersonate"=dword:00000000

"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\

6c,00,6c,00,00,00

"Logoff"="CryptnetWlxLogoffEvent"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]

"DLLName"="cscdll.dll"

"Logon"="WinlogonLogonEvent"

"Logoff"="WinlogonLogoffEvent"

"ScreenSaver"="WinlogonScreenSaverEvent"

"Startup"="WinlogonStartupEvent"

"Shutdown"="WinlogonShutdownEvent"

"StartShell"="WinlogonStartShellEvent"

"Impersonate"=dword:00000000

"Asynchronous"=dword:00000001

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Hints]

"Asynchronous"=dword:00000000

"DllName"="C:\\WINDOWS\\system32\\lv0209doe.dll"

"Impersonate"=dword:00000000

"Logon"="WinLogon"

"Logoff"="WinLogoff"

"Shutdown"="WinShutdown"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]

"DLLName"="wlnotify.dll"

"Logon"="SCardStartCertProp"

"Logoff"="SCardStopCertProp"

"Lock"="SCardSuspendCertProp"

"Unlock"="SCardResumeCertProp"

"Enabled"=dword:00000001

"Impersonate"=dword:00000001

"Asynchronous"=dword:00000001

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]

"Asynchronous"=dword:00000000

"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\

6c,00,6c,00,00,00

"Impersonate"=dword:00000000

"StartShell"="SchedStartShell"

"Logoff"="SchedEventLogOff"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]

"Logoff"="WLEventLogoff"

"Impersonate"=dword:00000000

"Asynchronous"=dword:00000001

"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\

6c,00,6c,00,00,00

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]

"DLLName"="WlNotify.dll"

"Lock"="SensLockEvent"

"Logon"="SensLogonEvent"

"Logoff"="SensLogoffEvent"

"Safe"=dword:00000001

"MaxWait"=dword:00000258

"StartScreenSaver"="SensStartScreenSaverEvent"

"StopScreenSaver"="SensStopScreenSaverEvent"

"Startup"="SensStartupEvent"

"Shutdown"="SensShutdownEvent"

"StartShell"="SensStartShellEvent"

"PostShell"="SensPostShellEvent"

"Disconnect"="SensDisconnectEvent"

"Reconnect"="SensReconnectEvent"

"Unlock"="SensUnlockEvent"

"Impersonate"=dword:00000001

"Asynchronous"=dword:00000001

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]

"Asynchronous"=dword:00000000

"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\

6c,00,6c,00,00,00

"Impersonate"=dword:00000000

"Logoff"="TSEventLogoff"

"Logon"="TSEventLogon"

"PostShell"="TSEventPostShell"

"Shutdown"="TSEventShutdown"

"StartShell"="TSEventStartShell"

"Startup"="TSEventStartup"

"MaxWait"=dword:00000258

"Reconnect"="TSEventReconnect"

"Disconnect"="TSEventDisconnect"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]

"DLLName"="wlnotify.dll"

"Logon"="RegisterTicketExpiredNotificationEvent"

"Logoff"="UnregisterTicketExpiredNotificationEvent"

"Impersonate"=dword:00000001

"Asynchronous"=dword:00000001

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]

"Asynchronous"=dword:00000000

"DllName"="WRLogonNTF.dll"

"Impersonate"=dword:00000001

"Lock"="WRLock"

"StartScreenSaver"="WRStartScreenSaver"

"StartShell"="WRStartShell"

"Startup"="WRStartup"

"StopScreenSaver"="WRStopScreenSaver"

"Unlock"="WRUnlock"

"Shutdown"="WRShutdown"

"Logoff"="WRLogoff"

"Logon"="WRLogon"

 

 

The following are the files found:

****************************************************************************

C:\WINDOWS\system32\cUtsrv.dll

C:\WINDOWS\system32\ddtmsft.dll

C:\WINDOWS\system32\dlcdll.dll

C:\WINDOWS\system32\lvlq0935e.dll

C:\WINDOWS\system32\niwrssk.dll

C:\WINDOWS\system32\q4nu0e59eh.dll

C:\WINDOWS\system32\sacbase.dll

C:\WINDOWS\system32\stleay32.dll

C:\WINDOWS\system32\guard.tmp

 

Registry Entries that were Deleted:

Please verify that the listing looks ok.

If there was something deleted wrongly there are backups in the backreg folder.

****************************************************************************

Windows Registry Editor Version 5.00

 

[HKEY_CLASSES_ROOT\CLSID\{9070BF60-701C-4594-B48A-127EFB28AD3E}]

@=""

"IDEx"="ADDR"

 

[HKEY_CLASSES_ROOT\CLSID\{9070BF60-701C-4594-B48A-127EFB28AD3E}\Implemented Categories]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{9070BF60-701C-4594-B48A-127EFB28AD3E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{9070BF60-701C-4594-B48A-127EFB28AD3E}\InprocServer32]

@="C:\\WINDOWS\\system32\\dlcdll.dll"

"ThreadingModel"="Apartment"

 

Windows Registry Editor Version 5.00

 

[HKEY_CLASSES_ROOT\CLSID\{C66C7087-15D2-445F-91A0-DFDF14C99701}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{C66C7087-15D2-445F-91A0-DFDF14C99701}\Implemented Categories]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{C66C7087-15D2-445F-91A0-DFDF14C99701}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{C66C7087-15D2-445F-91A0-DFDF14C99701}\InprocServer32]

@="C:\\WINDOWS\\system32\\ddtmsft.dll"

"ThreadingModel"="Apartment"

 

Windows Registry Editor Version 5.00

 

[HKEY_CLASSES_ROOT\CLSID\{1AA057D9-7BFF-42A7-921D-FF67B9A983DA}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{1AA057D9-7BFF-42A7-921D-FF67B9A983DA}\Implemented Categories]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{1AA057D9-7BFF-42A7-921D-FF67B9A983DA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{1AA057D9-7BFF-42A7-921D-FF67B9A983DA}\InprocServer32]

@="C:\\WINDOWS\\system32\\stleay32.dll"

"ThreadingModel"="Apartment"

 

Windows Registry Editor Version 5.00

 

[HKEY_CLASSES_ROOT\CLSID\{B452151B-65FD-43B3-960C-23C03DD4B9C9}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{B452151B-65FD-43B3-960C-23C03DD4B9C9}\Implemented Categories]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{B452151B-65FD-43B3-960C-23C03DD4B9C9}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{B452151B-65FD-43B3-960C-23C03DD4B9C9}\InprocServer32]

@="C:\\WINDOWS\\system32\\cUtsrv.dll"

"ThreadingModel"="Apartment"

 

REGEDIT4

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

"{9070BF60-701C-4594-B48A-127EFB28AD3E}"=-

"{C66C7087-15D2-445F-91A0-DFDF14C99701}"=-

"{1AA057D9-7BFF-42A7-921D-FF67B9A983DA}"=-

"{B452151B-65FD-43B3-960C-23C03DD4B9C9}"=-

[-HKEY_CLASSES_ROOT\CLSID\{9070BF60-701C-4594-B48A-127EFB28AD3E}]

[-HKEY_CLASSES_ROOT\CLSID\{C66C7087-15D2-445F-91A0-DFDF14C99701}]

[-HKEY_CLASSES_ROOT\CLSID\{1AA057D9-7BFF-42A7-921D-FF67B9A983DA}]

[-HKEY_CLASSES_ROOT\CLSID\{B452151B-65FD-43B3-960C-23C03DD4B9C9}]

REGEDIT4

 

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

****************************************************************************

Desktop.ini Contents:

****************************************************************************

 

****************************************************************************

Checking for L2MFix account(0=no 1=yes):

0

Zipping up files for submission:

adding: dlls/cUtsrv.dll (188 bytes security) (deflated 5%)

adding: dlls/ddtmsft.dll (188 bytes security) (deflated 5%)

adding: dlls/dlcdll.dll (188 bytes security) (deflated 5%)

adding: dlls/guard.tmp (188 bytes security) (deflated 5%)

adding: dlls/lvlq0935e.dll (188 bytes security) (deflated 5%)

adding: dlls/niwrssk.dll (188 bytes security) (deflated 5%)

adding: dlls/q4nu0e59eh.dll (188 bytes security) (deflated 5%)

adding: dlls/sacbase.dll (188 bytes security) (deflated 5%)

adding: dlls/stleay32.dll (188 bytes security) (deflated 5%)

adding: backregs/1AA057D9-7BFF-42A7-921D-FF67B9A983DA.reg (212 bytes security) (deflated 70%)

adding: backregs/9070BF60-701C-4594-B48A-127EFB28AD3E.reg (212 bytes security) (deflated 69%)

adding: backregs/B452151B-65FD-43B3-960C-23C03DD4B9C9.reg (212 bytes security) (deflated 70%)

adding: backregs/C66C7087-15D2-445F-91A0-DFDF14C99701.reg (212 bytes security) (deflated 70%)

adding: backregs/notibac.reg (188 bytes security) (deflated 87%)

adding: backregs/shell.reg (188 bytes security) (deflated 60%)

 

Segundo Log pedido do L2mfix:

Granting SeDebugPrivilege to Adiministradores ... failed (GetAccountSid(Adiministradores)=1332

 

Novo Log do HijackThis:

 

Logfile of HijackThis v1.99.1

Scan saved at 00:11:38, on 9/2/2006

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\bin\Apache\Apache.exe

C:\bin\Apache\Apache.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\bin\mysql\bin\mysqld-nt.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\tcpsvcs.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\Arquivos de programas\Webroot\Spy Sweeper\WRSSSDK.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

C:\WINDOWS\System32\RUNDLL32.EXE

C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe

C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe

C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Arquivos de programas\Webroot\Spy Sweeper\SpySweeper.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Free Download Manager\fdm.exe

C:\Arquivos de programas\Intelig\Discador Intelig\interdial.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\HijackThis\HijackThis.exe

 

O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [smapp] C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe

O4 - HKLM\..\Run: [DeviceDiscovery] C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

O4 - HKLM\..\Run: [urlLSTCK.exe] C:\Arquivos de programas\Norton Internet Security\UrlLstCk.exe

O4 - HKLM\..\Run: [spySweeper] "C:\Arquivos de programas\Webroot\Spy Sweeper\SpySweeper.exe" /startintray

O4 - HKLM\..\RunServices: [The Service Pack Loader] spxp.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Free Download Manager] C:\Arquivos de programas\Free Download Manager\fdm.exe -autorun

O4 - Startup: WinMySQLadmin.lnk = C:\bin\mysql\bin\winmysqladmin.exe

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: Download all by Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download by Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlpage.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{EC21249F-F14D-4627-AD49-29914DDD2666}: NameServer = 200.184.26.3 200.184.46.2

O20 - Winlogon Notify: Hints - C:\WINDOWS\system32\lv0209doe.dll (file missing)

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O23 - Service: Apache - Unknown owner - C:\bin\Apache\Apache.exe" --ntservice (file missing)

O23 - Service: hpdj - HP - C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\hpdj.exe

O23 - Service: MySQL - Unknown owner - C:\bin\mysql\bin\mysqld-nt".exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Arquivos de programas\Webroot\Spy Sweeper\WRSSSDK.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Fiz, mais ai criou um novo usuario e nem sabia a senha, ai começou a dar poblemas impossivel de navegar tive que formatar, segue um novo log do HijackThis:

 

Logfile of HijackThis v1.99.1

Scan saved at 21:08:47, on 12/2/2006

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\Arquivos de programas\Webroot\Spy Sweeper\WRSSSDK.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

C:\WINDOWS\System32\RUNDLL32.EXE

C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe

C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe

C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Arquivos de programas\Webroot\Spy Sweeper\SpySweeper.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Free Download Manager\fdm.exe

C:\Arquivos de programas\Discador iBest\baloon.exe

C:\ARQUIV~1\iGv6\sysbrand.exe

C:\Arquivos de programas\InterVideo\Common\Bin\WinCinemaMgr.exe

C:\Arquivos de programas\Intelig\Discador Intelig\interdial.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\cmd.exe

C:\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://farejador.ig.com.br/ie/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://farejador.ig.com.br

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://farejador.ig.com.br/ie/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.inteligweb.com.br/

O2 - BHO: &iG - {7EEF1E3D-FD97-4401-BCDB-5827F2D11709} - C:\ARQUIV~1\iGv6\igshop.dll

O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Discador iBest - {4F869C58-D71D-4850-8BDD-7B5CDF8EC911} - C:\Arquivos de programas\Discador iBest\ibestbar.dll

O3 - Toolbar: &iG - {7EEF1E3D-FD97-4401-BCDB-5827F2D11709} - C:\ARQUIV~1\iGv6\igshop.dll

O4 - HKLM\..\Run: [smapp] C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe

O4 - HKLM\..\Run: [DeviceDiscovery] C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

O4 - HKLM\..\Run: [Discador iG] "C:\Arquivos de programas\iGv6\Discador iG.exe" boot

O4 - HKLM\..\Run: [spySweeper] "C:\Arquivos de programas\Webroot\Spy Sweeper\SpySweeper.exe" /startintray

O4 - HKLM\..\RunServices: [Microsoft Configusd] msconfigsd.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Free Download Manager] C:\Arquivos de programas\Free Download Manager\fdm.exe -autorun

O4 - HKCU\..\Run: [iBest.baloon] "C:\Arquivos de programas\Discador iBest\baloon.exe"

O4 - HKCU\..\Run: [sysBrand] "C:\ARQUIV~1\iGv6\sysbrand.exe"

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Arquivos de programas\InterVideo\Common\Bin\WinCinemaMgr.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: Download all by Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download by Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlpage.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Barra do iG - {FD1672E0-AE0D-465B-B345-F7B0944A121D} - C:\ARQUIV~1\iGv6\igshop.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{4EC11050-9A84-4F79-BD4A-F18B4CD309A2}: NameServer = 200.184.26.3 200.184.46.2

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O23 - Service: hpdj - HP - C:\DOCUME~1\William\CONFIG~1\Temp\hpdj.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Arquivos de programas\Webroot\Spy Sweeper\WRSSSDK.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro Essential,

 

Não há entradas anormais no log, mas o sistema operacional está bastante desatualizado.

 

Abraços.

Compartilhar este post


Link para o post
Compartilhar em outros sites

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto é necessário enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.