[Resolvido!]Problemas no winlogon e janelas do iexplorer com propa

[jgarcia 1]

Opa Vitor Linares,

 

Execute o VundoFix novamente.

 

Retorne com o resultado.

 

Abraços.

[Vitor Linares 0]

Nada Encontrado Garcia... :upset:

[jgarcia 1]

Nada Encontrado Garcia... :upset:

Mais um do ComboFix.

[Vitor Linares 0]

Segue LOG do ComboFIX.... PS.: ele não reiniciou o micro...

 

 

"vitor" - 2007-07-13 17:07:00 - ComboFix 07-07-13.8 - Service Pack 2 NTFS

 

 

((((((((((((((((((((((((( Files Created from 2007-06-13 to 2007-07-13 )))))))))))))))))))))))))))))))

 

 

2007-07-13 15:23 <DIR> d-------- C:\hijackthis

2007-07-13 15:21 <DIR> d-------- C:\backups

2007-07-13 11:52 <DIR> d-------- C:\VundoFix Backups

2007-07-12 18:40 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-07-12 14:08 <DIR> d-------- C:\Arquivos de programas\CCleaner

2007-07-12 13:21 <DIR> d-------- C:\DOCUME~1\vitor\DADOSD~1\MailFrontier

2007-07-11 16:51 7,168 --a------ C:\WINDOWS\system32\snprfdll.dll

2007-07-11 16:51 5,632 --a------ C:\WINDOWS\system32\adsiisex.dll

2007-07-11 16:51 43,520 --a------ C:\WINDOWS\system32\fcachdll.dll

2007-07-11 16:51 23,040 --a------ C:\WINDOWS\system32\regtrace.exe

2007-07-11 16:51 12,800 --a------ C:\WINDOWS\system32\smtpctrs.dll

2007-07-11 16:50 9,216 --a------ C:\WINDOWS\system32\infoctrs.dll

2007-07-11 16:50 7,680 --a------ C:\WINDOWS\system32\ftpctrs2.dll

2007-07-11 16:50 7,168 --a------ C:\WINDOWS\system32\wamregps.dll

2007-07-11 16:50 6,144 --a------ C:\WINDOWS\system32\ftpsapi2.dll

2007-07-11 16:50 6,144 --a------ C:\WINDOWS\system32\admxprox.dll

2007-07-11 16:50 56,832 --a------ C:\WINDOWS\system32\convlog.exe

2007-07-11 16:50 5,632 --a------ C:\WINDOWS\system32\w3svapi.dll

2007-07-11 16:50 5,632 --a------ C:\WINDOWS\system32\iisrstap.dll

2007-07-11 16:50 4,608 --a------ C:\WINDOWS\system32\w3ctrs.dll

2007-07-11 16:50 3,584 --a------ C:\WINDOWS\system32\iismui.dll

2007-07-11 16:50 19,968 --a------ C:\WINDOWS\system32\inetsloc.dll

2007-07-11 16:50 14,848 --a------ C:\WINDOWS\system32\iisreset.exe

2007-07-11 16:50 10,240 --a------ C:\WINDOWS\system32\aspperf.dll

2007-07-11 16:49 9,728 --a------ C:\WINDOWS\system32\rwnh.dll

2007-07-11 16:49 68,608 --a------ C:\WINDOWS\system32\iisext.dll

2007-07-11 16:49 64,512 --a------ C:\WINDOWS\system32\iismap.dll

2007-07-11 16:49 290,816 --a------ C:\WINDOWS\system32\adsiis.dll

2007-07-11 16:49 14,336 --a------ C:\WINDOWS\system32\exstrace.dll

2007-07-11 16:49 133,632 --a------ C:\WINDOWS\system32\iisRtl.dll

2007-07-11 16:49 13,312 --a------ C:\WINDOWS\system32\infoadmn.dll

2007-07-11 16:49 10,752 --a------ C:\WINDOWS\system32\smtpapi.dll

2007-07-09 15:22 1,470,464 --a------ C:\WINDOWS\system32\libmySQL.dll

2007-07-09 15:21 <DIR> d-------- C:\Arquivos de programas\CodeGear

2007-07-06 17:10 <DIR> d-------- C:\Downloads

2007-07-06 17:07 <DIR> d-------- C:\Arquivos de programas\BitComet

2007-07-06 17:03 <DIR> d-------- C:\Arquivos de programas\Aptana

2007-07-05 13:46 <DIR> d-------- C:\Arquivos de programas\MSECache

2007-07-05 12:28 <DIR> d-------- C:\WINDOWS\CSC

2007-07-05 12:15 1,572,864 --ah----- C:\DOCUME~1\cleaner\NTUSER.DAT

2007-07-05 12:15 <DIR> dr-h----- C:\DOCUME~1\cleaner\Dados de aplicativos

2007-07-05 12:15 <DIR> dr------- C:\DOCUME~1\cleaner\Menu Iniciar

2007-07-05 12:15 <DIR> d--h----- C:\DOCUME~1\cleaner\Modelos

2007-07-05 12:15 <DIR> d--h----- C:\DOCUME~1\cleaner\Configura‡äes locais

2007-07-05 12:15 <DIR> d--h----- C:\DOCUME~1\cleaner\Ambiente de rede

2007-07-05 12:15 <DIR> d--h----- C:\DOCUME~1\cleaner\Ambiente de impressÆo

2007-07-05 12:15 <DIR> d-------- C:\DOCUME~1\cleaner\Meus documentos

2007-07-05 12:15 <DIR> d-------- C:\DOCUME~1\cleaner\Favoritos

2007-07-02 19:19 <DIR> d-------- C:\monitor

2007-07-02 17:52 <DIR> d-------- C:\DOCUME~1\vitor\DADOSD~1\Talkback

2007-06-29 09:13 <DIR> d-------- C:\Arquivos de programas\MSXML 4.0

2007-06-28 08:06 56 -r-hs---- C:\WINDOWS\system32\35EE7CDA7D.sys

2007-06-28 08:05 3,350 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys

2007-06-28 08:05 <DIR> d-------- C:\DOCUME~1\vitor\DADOSD~1\Corel

2007-06-28 08:04 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\InstallShield

2007-06-28 08:02 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Corel

2007-06-28 07:58 <DIR> d-------- C:\Arquivos de programas\Corel

2007-06-27 10:16 1,426 --a------ C:\WINDOWS\system32\tmp.reg

2007-06-27 08:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Spybot - Search & Destroy

2007-06-25 08:59 <DIR> d-------- C:\WINDOWS\pss

2007-06-25 08:38 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Symantec

2007-06-25 08:38 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Symantec Shared

2007-06-20 18:03 786,432 --ah----- C:\DOCUME~1\TI\NTUSER.DAT

2007-06-20 18:03 <DIR> dr-h----- C:\DOCUME~1\TI\Dados de aplicativos

2007-06-20 18:03 <DIR> dr------- C:\DOCUME~1\TI\Meus documentos

2007-06-20 18:03 <DIR> dr------- C:\DOCUME~1\TI\Menu Iniciar

2007-06-20 18:03 <DIR> dr------- C:\DOCUME~1\TI\Favoritos

2007-06-20 18:03 <DIR> d--h----- C:\DOCUME~1\TI\Modelos

2007-06-20 18:03 <DIR> d--h----- C:\DOCUME~1\TI\Configura‡äes locais

2007-06-20 18:03 <DIR> d--h----- C:\DOCUME~1\TI\Ambiente de rede

2007-06-20 18:03 <DIR> d--h----- C:\DOCUME~1\TI\Ambiente de impressÆo

2007-06-17 03:59 <DIR> d-------- C:\WINDOWS\system32\QuickTime

2007-06-17 02:00 <DIR> d-------- C:\DOCUME~1\vitor\DADOSD~1\MySQL

2007-06-17 01:59 <DIR> d-------- C:\Arquivos de programas\Data Conversions

2007-06-16 22:47 <DIR> d-------- C:\Arquivos de programas\MySQL

2007-06-16 15:23 <DIR> d---s---- C:\DOCUME~1\vitor\UserData

2007-06-14 15:14 21,504 --a------ C:\WINDOWS\system32\hidserv.dll

2007-06-14 15:13 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys

2007-06-14 08:42 <DIR> d-------- C:\DOCUME~1\vitor\Configuraes locais

2007-06-14 08:29 <DIR> d-------- C:\DOCUME~1\vitor\DADOSD~1\Skype

2007-06-14 07:41 <DIR> d-------- C:\DOCUME~1\vitor\DADOSD~1\WinRAR

2007-06-14 07:36 <DIR> d-------- C:\Arquivos de programas\MSXML 6.0

2007-06-14 07:27 <DIR> d-------- C:\Arquivos de programas\PowerISO

2007-06-14 05:20 4,718,592 --ah----- C:\DOCUME~1\vitor\NTUSER.DAT

2007-06-14 05:20 <DIR> dr------- C:\DOCUME~1\vitor\Meus documentos

2007-06-14 05:20 <DIR> dr------- C:\DOCUME~1\vitor\Favoritos

2007-06-14 05:20 <DIR> d--h----- C:\DOCUME~1\vitor\Modelos

2007-06-14 05:20 <DIR> d--h----- C:\DOCUME~1\vitor\Dados de aplicativos

2007-06-14 05:20 <DIR> d--h----- C:\DOCUME~1\vitor\Configura‡äes locais

2007-06-14 05:20 <DIR> d--h----- C:\DOCUME~1\vitor\Ambiente de rede

2007-06-14 05:20 <DIR> d--h----- C:\DOCUME~1\vitor\Ambiente de impressÆo

2007-06-14 05:20 <DIR> d-------- C:\DOCUME~1\vitor\Menu Iniciar

2007-06-14 05:12 786,432 --ah----- C:\DOCUME~1\teste\NTUSER.DAT

2007-06-14 05:12 <DIR> dr-h----- C:\DOCUME~1\teste\Dados de aplicativos

2007-06-14 05:12 <DIR> dr------- C:\DOCUME~1\teste\Meus documentos

2007-06-14 05:12 <DIR> dr------- C:\DOCUME~1\teste\Menu Iniciar

2007-06-14 05:12 <DIR> dr------- C:\DOCUME~1\teste\Favoritos

2007-06-14 05:12 <DIR> d--h----- C:\DOCUME~1\teste\Modelos

2007-06-14 05:12 <DIR> d--h----- C:\DOCUME~1\teste\Configura‡äes locais

2007-06-14 05:12 <DIR> d--h----- C:\DOCUME~1\teste\Ambiente de rede

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-07-12 16:39:18 53,780 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx

2007-07-12 16:39:18 3,623,456 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat

2007-07-12 16:39:18 20,636 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx

2007-07-12 16:39:18 164,896 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat

2007-07-12 16:14:36 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat

2007-07-12 11:24:55 439,128 ----a-w C:\WINDOWS\system32\perfh016.dat

2007-07-12 11:24:55 113,720 ----a-w C:\WINDOWS\system32\perfc016.dat

2007-07-06 20:10:32 2,560 ----a-w C:\WINDOWS\system32\BitCometRes.dll

2007-06-28 11:04:45 -------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2007-06-17 09:57:06 -------- d-----w C:\Arquivos de programas\Microsoft Visual Studio 8

2007-06-14 10:39:10 -------- d-----w C:\Arquivos de programas\Microsoft SQL Server

2007-06-14 10:37:25 -------- d-----w C:\Arquivos de programas\Microsoft.NET

2007-06-14 07:28:14 25,732 ----a-w C:\WINDOWS\system32\emptyregdb.dat

2007-06-11 15:14:22 -------- d-----w C:\Arquivos de programas\Arquivos comuns\Nero

2007-06-11 15:12:59 -------- d-----w C:\Arquivos de programas\Ahead

2007-06-11 15:12:32 -------- d-----w C:\Arquivos de programas\Arquivos comuns\Ahead

2007-06-04 14:07:45 -------- d-----w C:\Arquivos de programas\RealVNC

2007-06-01 18:25:38 -------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared

2007-05-31 20:30:09 1,188 ----a-w C:\WINDOWS\mozver.dat

2007-05-31 18:25:21 -------- d-----w C:\Arquivos de programas\Skype

2007-05-31 18:25:21 -------- d-----w C:\Arquivos de programas\Arquivos comuns\Skype

2007-05-31 14:28:16 0 ----a-w C:\WINDOWS\nsreg.dat

2007-05-30 19:54:24 -------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2007-05-30 18:00:18 -------- d-----w C:\Arquivos de programas\Microsoft Works

2007-05-30 14:08:58 -------- d-----w C:\Arquivos de programas\Foxit Software

2007-05-30 12:58:31 -------- d-----w C:\Arquivos de programas\Microsoft Device Emulator

2007-05-30 12:58:19 -------- d-----w C:\Arquivos de programas\Microsoft SQL Server 2005 Mobile Edition

2007-05-30 12:50:05 -------- d-----w C:\Arquivos de programas\MSBuild

2007-05-30 12:50:03 -------- d-----w C:\Arquivos de programas\Arquivos comuns\Merge Modules

2007-05-30 12:46:37 -------- d-----w C:\Arquivos de programas\Arquivos comuns\Business Objects

2007-05-30 12:46:10 -------- d-----w C:\Arquivos de programas\CE Remote Tools

2007-05-29 16:08:22 -------- d-----w C:\Arquivos de programas\Microsoft ASP.NET

2007-05-27 14:51:54 -------- d-----w C:\Arquivos de programas\Hewlett-Packard

2007-05-27 14:31:42 -------- d-----w C:\Arquivos de programas\HP

2007-05-27 13:21:09 -------- d-----w C:\Arquivos de programas\Messenger

2007-05-27 12:53:18 -------- d-----w C:\Arquivos de programas\HPQ

2007-05-27 12:53:10 -------- d-----w C:\Arquivos de programas\Arquivos comuns\LightScribe

2007-05-27 12:51:16 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll

2007-05-27 12:51:16 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll

2007-05-27 12:30:19 -------- d-----w C:\Arquivos de programas\Movie Maker

2007-05-27 12:26:30 -------- d-----w C:\Arquivos de programas\Windows NT

2007-05-26 19:47:27 -------- d-----w C:\Arquivos de programas\CONEXANT

2007-05-26 19:46:18 -------- d--h--w C:\Arquivos de programas\WindowsUpdate

2007-05-26 19:45:22 -------- d-----w C:\Arquivos de programas\NetWaiting

2007-05-26 19:42:47 -------- d-----w C:\Arquivos de programas\DIFX

2007-05-26 19:41:23 -------- d-----w C:\Arquivos de programas\Broadcom

2007-05-26 19:04:31 -------- d-----w C:\Arquivos de programas\microsoft frontpage

2007-05-26 19:04:11 0 --sha-r C:\MSDOS.SYS

2007-05-26 19:04:11 0 --sha-r C:\IO.SYS

2007-05-26 19:04:11 0 ----a-w C:\CONFIG.SYS

2007-05-26 19:04:11 0 ----a-w C:\AUTOEXEC.BAT

2007-05-26 19:01:35 -------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

2007-05-26 19:01:26 -------- d-----w C:\Arquivos de programas\Arquivos comuns\MSSoap

2007-05-26 18:59:25 -------- d-----w C:\Arquivos de programas\Serviços on-line

2007-05-26 18:59:09 -------- d-----w C:\Arquivos de programas\MSN Gaming Zone

2007-05-26 18:50:23 -------- d-----w C:\Arquivos de programas\Arquivos comuns\ODBC

2007-05-26 18:50:19 -------- d-----w C:\Arquivos de programas\Arquivos comuns\SpeechEngines

2007-05-16 15:13:54 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll

2007-04-25 14:22:27 144,896 ----a-w C:\WINDOWS\system32\schannel.dll

2007-04-18 16:13:00 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll

2007-04-17 01:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll

2007-04-17 01:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll

2007-04-17 01:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll

2007-04-17 01:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll

2007-04-17 01:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll

2007-04-17 01:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll

2007-04-17 01:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe

2007-04-17 01:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll

2007-04-13 06:21:14 271,360 ----a-w C:\WINDOWS\system32\mscoree.dll

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]

2007-02-08 02:04 158272 --a------ C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.1.2.7.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

2005-05-31 01:04 853672 --a------ C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540007}]

2007-06-15 15:29 330424 --a------ C:\Arquivos de programas\GbPlugin\gbiehabn.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpWirelessAssistant"="%ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" []

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399007}"="C:\Arquivos de programas\GbPlugin\gbiehabn.dll" [2007-06-15 15:29]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efccyyx]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]

C:\Arquivos de programas\Hewlett-Packard\Default Settings\cpqset.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]

CHDAudPropShortcut.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]

%ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

"C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe" -startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

"C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

%systemroot%\system32\dumprep 0 -k

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

 

 

**************************************************************************

 

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-07-13 17:10:20

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySQL]

"ImagePath"="\"C:\Arquivos de programas\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"C:\Arquivos de programas\MySQL\MySQL Server 5.0\my.ini\" MySQL"

 

Completion time: 2007-07-13 17:10:51

 

--- E O F ---

[jgarcia 1]

Opa Vitor Linares,

 

Tudo tranqüilo. Não esquenta a cabeça com aquela entrada. :thumbsup:

 

Execute as ações do Post #19 e:

 

Utilize o CCleaner -> baixe aqui.

 

1. Para efetivar a limpeza basta marcar a opção Limpador – no alto e à esquerda – e clicar em Executar Cleaner – abaixo e à direita. Neste caso você poderá optar pela limpeza do Windows, de Programas ou de ambos;

 

2. Para a correção de erros basta escolher a opção Erros – no alto e à esquerda – clicar em Localizar erros – abaixo e à esquerda – e depois em Corrigir Erros Selecionados – abaixo e à direita (por padrão todos serão selecionados);

 

3. Em Ferramentas – no alto e à esquerda – você poderá efetivar a desinstalação de programas (os mesmos contidos em Adicionar / Remover programas) ou ainda remover processos de programas contidos na inicialização (somente para usuários experientes);

 

4. Em Opções encontram-se os dispositivos de configuração do CCleaner, os quais sugiro que permaneçam inalterados.

 

Execute as ações acima (apenas 1. e 2.) e o micro ficará uma beleza.

 

Abraços.

[Vitor Linares 0]

Jgarcia,aquela entrada continua lah , mas como voce disse não vou esquentar a cabeça com ela...queria agradecer muito essa ajuda que voce me deu, foi mt mt mt mt importante, senão eu jah estava apelando pro bom e velho format c: rsrsrsrsagora pararam as janelas que ficam pulando com propaganda e o diabo...obrigado mesmoabraço

[jgarcia 1]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto é necessário enviar uma Mensagem Privada para um Moderador com um link para o tópico.