[Arquivado] Problema comservice.exe

[Nee 0]

Ola! Preciso de tua ajuda! Meu pc esta com problemas semelhantes ao do topico resolvido Problemas com service.exe, so que o meu aparece a msg que vai desligar mais não desliga, e o pc ta muito lento, e pesadosem nenhum apliocativo aberto! tentei resolver o prb, olhandu o topico resolvido mais o pc continua dando pau. Pelo para que me ajude!Obrigado

[jgarcia 1]

Opa Nee,

 

Faça o seguinte:

 

Baixe o HijackThis versão 1.99.1.

 

Depois > Iniciar > Meu Computador > 02 cliques no C > Coloca o HijackThis no C (extraindo do zip --> para uma pasta própria tipo c:/Hijack).

 

Execute o Hijack a partir do C, fechando os demais programas (deixando somente a área de trabalho).

 

Clique em Do a system scan and save a logfile, mas não marque nada, apenas poste o log gerado aqui neste mesmo tópico.

 

Abraços.

[Nee 0]

E ae! Blzz?!

Tenhu novidades, meu pc parou de mandar a msg mas mesmu assim acho que a origem desse problema naum foi desapareceu. Agora aparece um erro no explorer.exe, mas mesmu assim fiz o que pedi, ae esta o log!

Obrigado

Logfile of HijackThis v1.99.1

Scan saved at 01:34:32, on 24/7/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

 

Running processes:

C:\WINDOWS.3\System32\smss.exe

C:\WINDOWS.3\system32\winlogon.exe

C:\WINDOWS.3\system32\services.exe

C:\WINDOWS.3\system32\lsass.exe

C:\WINDOWS.3\system32\svchost.exe

C:\WINDOWS.3\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS.3\system32\spoolsv.exe

C:\WINDOWS.3\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS.3\Explorer.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe

C:\WINDOWS.3\system32\ctfmon.exe

C:\ARQUIVOS DE PROGRAMAS\MSN Messenger\msnmsgr.exe

C:\ARQUIVOS DE PROGRAMAS\eMule\emule.exe

C:\ARQUIVOS DE PROGRAMAS\Internet Explorer\iexplore.exe

C:\HijackThis.exe

 

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [MemoryManager] rundll32.exe "C:\WINDOWS.3\system32\obniirom.dll",forkonce

O4 - HKLM\..\Run: [Picasa Media Detector] C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.3\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\ARQUIVOS DE PROGRAMAS\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [eMuleAutoStart] C:\ARQUIVOS DE PROGRAMAS\eMule\emule.exe -AutoStart

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by112fd.bay112.hotmail.msn.com/resources/MsnPUpld.cab

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia LTDA - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\ARQUIVOS DE PROGRAMAS\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

[jgarcia 1]

Opa Nee,

 

Vamos lá.

 

* Baixe o VundoFix.

 

* Dê duplo-clique sobre VundoFix.exe para iniciá-lo;

 

* Quando o VundoFix abrir clique em Scan for Vundo. Aguarde o término do scan que pode demorar algum tempo. Seja paciente;

 

* Terminado o scan clique em Remove Vundo;

 

* Você receberá um alerta perguntando se deseja remover os arquivos. Clique em YES. O seu desktop irá apagar (isto é normal);

 

* Para completar o scan será necessário reinicializar a máquina. Clique em OK;

 

* Favor postar o log do VundoFix (C:\vundofix.txt) em sua próxima resposta, juntamente com um novo do HijackThis.

 

Abraços.

[Nee 0]

Ola, kra!!

Somente relatandu, apareçe um erro ao inicalizar, que e o seguinte:

rbkgukvi - rundll.exe "C:\WINDOWS\system32\rbkgukvi.dll", forkonce

 

 

Ao que foi pedido! o 2º log naum marquei nd, seguindo o que foi feito na primeira vez que foi posta-do!

 

VundoFix V6.5.6

 

Checking Java version...

 

Sun Java not detected

Scan started at 00:32:44 25/7/2007

 

Listing files found while scanning....

 

C:\WINDOWS.3\system32\gebyxyw.dll

C:\WINDOWS.3\system32\opqss.bak1

C:\WINDOWS.3\system32\opqss.bak2

C:\WINDOWS.3\system32\opqss.ini

C:\WINDOWS.3\system32\opqss.ini2

C:\WINDOWS.3\system32\opqss.tmp

C:\WINDOWS.3\system32\sdxuocmk.dll

C:\WINDOWS.3\system32\ssqpo.dll

 

Beginning removal...

 

Attempting to delete C:\WINDOWS.3\system32\gebyxyw.dll

C:\WINDOWS.3\system32\gebyxyw.dll Has been deleted!

 

Attempting to delete C:\WINDOWS.3\system32\opqss.bak1

C:\WINDOWS.3\system32\opqss.bak1 Has been deleted!

 

Attempting to delete C:\WINDOWS.3\system32\opqss.bak2

C:\WINDOWS.3\system32\opqss.bak2 Has been deleted!

 

Attempting to delete C:\WINDOWS.3\system32\opqss.ini

C:\WINDOWS.3\system32\opqss.ini Has been deleted!

 

Attempting to delete C:\WINDOWS.3\system32\opqss.ini2

C:\WINDOWS.3\system32\opqss.ini2 Has been deleted!

 

Attempting to delete C:\WINDOWS.3\system32\opqss.tmp

C:\WINDOWS.3\system32\opqss.tmp Has been deleted!

 

Attempting to delete C:\WINDOWS.3\system32\sdxuocmk.dll

C:\WINDOWS.3\system32\sdxuocmk.dll Has been deleted!

 

Attempting to delete C:\WINDOWS.3\system32\ssqpo.dll

C:\WINDOWS.3\system32\ssqpo.dll Has been deleted!

 

Performing Repairs to the registry.

Done!

 

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 00:44:26, on 25/7/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

 

Running processes:

C:\WINDOWS.3\System32\smss.exe

C:\WINDOWS.3\system32\winlogon.exe

C:\WINDOWS.3\system32\services.exe

C:\WINDOWS.3\system32\lsass.exe

C:\WINDOWS.3\system32\svchost.exe

C:\WINDOWS.3\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS.3\system32\spoolsv.exe

C:\WINDOWS.3\Explorer.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe

C:\WINDOWS.3\system32\ctfmon.exe

C:\ARQUIVOS DE PROGRAMAS\MSN Messenger\msnmsgr.exe

C:\ARQUIVOS DE PROGRAMAS\eMule\emule.exe

C:\WINDOWS.3\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\ARQUIVOS DE PROGRAMAS\Internet Explorer\iexplore.exe

C:\WINDOWS.3\system32\NOTEPAD.EXE

C:\HijackThis.exe

 

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\ARQUIVOS DE PROGRAMAS\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\ARQUIV~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL

O2 - BHO: (no name) - {308D677F-E4D0-42AC-899E-29871F414164} - (no file)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {670231CF-FF50-4ABA-A440-7E3848596CFD} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7F08009D-BA12-46D2-8F10-2B95747BCA8A} - C:\WINDOWS.3\system32\ssqpo.dll (file missing)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Arquivos de programas\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS.3\Downloaded Program Files\gbieh.dll

O2 - BHO: (no name) - {C643CD86-1203-4FC8-89AE-9552FEFFFAA2} - (no file)

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Picasa Media Detector] C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe

O4 - HKLM\..\Run: [MemoryManager] rundll32.exe "C:\WINDOWS.3\system32\rbkgukvi.dll",forkonce

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.3\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\ARQUIVOS DE PROGRAMAS\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [eMuleAutoStart] C:\ARQUIVOS DE PROGRAMAS\eMule\emule.exe -AutoStart

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by112fd.bay112.hotmail.msn.com/resources/MsnPUpld.cab

O20 - Winlogon Notify: geebc - C:\WINDOWS.3\system32\geebc.dll (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS.3\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: winbjv32 - C:\WINDOWS.3\

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia LTDA - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\ARQUIVOS DE PROGRAMAS\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

[jgarcia 1]

Opa Nee,

 

Baixe o ComboFix em:

ComboFix

 

1) Dê um duplo-clique no combofix.exe e tecle "Y" para prosseguir. O processo vai durar, em média, 10 minutos;

2) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção);

3) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt;

4) Não clique na janela do ComboFix, nem feche clicando no X, enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco);

5) Para parar ou sair do ComboFix, tecle "N";

6) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta.

 

Abraços.

[Nee 0]

E ae!

 

fiz o que pediu!

Somente relatando, ta um pouco pesado!

 

"Nee" - 2007-07-26 1:22:41 [GMT -3:00] - ComboFix 07-07-24 - Service Pack 2 NTFS

 

 

(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\WINDOWS.3\system32\ajbjdjqh.dll

C:\WINDOWS.3\system32\bxgutugu.dll

C:\WINDOWS.3\system32\cbxuttt.dll

C:\WINDOWS.3\system32\cduwshar.dll

C:\WINDOWS.3\system32\dstkdjgc.dll

C:\WINDOWS.3\system32\ehgormad.dll

C:\WINDOWS.3\system32\eljcvdut.dll

C:\WINDOWS.3\system32\endsbutb.dll

C:\WINDOWS.3\system32\eqpfmevu.dll

C:\WINDOWS.3\system32\eqsqqbce.dll

C:\WINDOWS.3\system32\ewmwjbci.dll

C:\WINDOWS.3\system32\hhrjluef.dll

C:\WINDOWS.3\system32\kbabepex.dll

C:\WINDOWS.3\system32\kcmivput.dll

C:\WINDOWS.3\system32\melfnfqb.dll

C:\WINDOWS.3\system32\okcfejga.dll

C:\WINDOWS.3\system32\vkrcxmkw.dll

C:\WINDOWS.3\system32\wmkbieun.dll

C:\WINDOWS.3\system32\xsrqxbng.dll

C:\WINDOWS.3\system32\adqpxuyy.dll

C:\WINDOWS.3\system32\assxqkfp.dll

C:\WINDOWS.3\system32\axsiaenh.dll

C:\WINDOWS.3\system32\bgqmayrd.dll

C:\WINDOWS.3\system32\bpdavwmf.dll

C:\WINDOWS.3\system32\cfcwmjfh.dll

C:\WINDOWS.3\system32\cgcfphkw.dll

C:\WINDOWS.3\system32\ckenmeoe.dll

C:\WINDOWS.3\system32\dbvfifva.dll

C:\WINDOWS.3\system32\djfpostb.dll

C:\WINDOWS.3\system32\dwfrdlkr.dll

C:\WINDOWS.3\system32\eyjyxsua.dll

C:\WINDOWS.3\system32\fchmjkjk.dll

C:\WINDOWS.3\system32\fownjkis.dll

C:\WINDOWS.3\system32\ggrdeanp.dll

C:\WINDOWS.3\system32\gonxlfac.dll

C:\WINDOWS.3\system32\hjluibqy.dll

C:\WINDOWS.3\system32\icaeskyq.dll

C:\WINDOWS.3\system32\iuctcxav.dll

C:\WINDOWS.3\system32\jgskhhaw.dll

C:\WINDOWS.3\system32\jjnogmxb.dll

C:\WINDOWS.3\system32\jlbaqrne.dll

C:\WINDOWS.3\system32\jprlsfue.dll

C:\WINDOWS.3\system32\jyslmprk.dll

C:\WINDOWS.3\system32\kdhxyswn.dll

C:\WINDOWS.3\system32\kqepjfwo.dll

C:\WINDOWS.3\system32\kuulpagg.dll

C:\WINDOWS.3\system32\kwhkvebh.dll

C:\WINDOWS.3\system32\meocvyqe.dll

C:\WINDOWS.3\system32\mohtjtnw.dll

C:\WINDOWS.3\system32\mxagqqbd.dll

C:\WINDOWS.3\system32\odrguaiu.dll

C:\WINDOWS.3\system32\oerxnepc.dll

C:\WINDOWS.3\system32\oysvykyq.dll

C:\WINDOWS.3\system32\pbisgoej.dll

C:\WINDOWS.3\system32\poafltsx.dll

C:\WINDOWS.3\system32\qvhqcvlr.dll

C:\WINDOWS.3\system32\rmkjfcxx.dll

C:\WINDOWS.3\system32\rttuiofb.dll

C:\WINDOWS.3\system32\rxhgtddc.dll

C:\WINDOWS.3\system32\tvlximqm.dll

C:\WINDOWS.3\system32\vbsnchmc.dll

C:\WINDOWS.3\system32\vjchnjfq.dll

C:\WINDOWS.3\system32\vyldfmga.dll

C:\WINDOWS.3\system32\wroxyxli.dll

C:\WINDOWS.3\system32\xmgvxdta.dll

C:\WINDOWS.3\system32\xrkualtl.dll

C:\WINDOWS.3\system32\ykajeybj.dll

C:\WINDOWS.3\system32\ylahtyoq.dll

C:\WINDOWS.3\system32\ynlsuytt.dll

C:\WINDOWS.3\system32\ysffwlvf.dll

C:\WINDOWS.3\system32\yxmlawoh.dll

C:\WINDOWS.3\system32\cbxuttt.dll

C:\WINDOWS.3\system32\hqjdjbja.ini

C:\WINDOWS.3\system32\ugutugxb.ini

C:\WINDOWS.3\system32\rahswudc.ini

C:\WINDOWS.3\system32\cgjdktsd.ini

C:\WINDOWS.3\system32\damroghe.ini

C:\WINDOWS.3\system32\tudvcjle.ini

C:\WINDOWS.3\system32\btubsdne.ini

C:\WINDOWS.3\system32\uvemfpqe.ini

C:\WINDOWS.3\system32\ecbqqsqe.ini

C:\WINDOWS.3\system32\icbjwmwe.ini

C:\WINDOWS.3\system32\feuljrhh.ini

C:\WINDOWS.3\system32\xepebabk.ini

C:\WINDOWS.3\system32\tupvimck.ini

C:\WINDOWS.3\system32\bqfnflem.ini

C:\WINDOWS.3\system32\agjefcko.ini

C:\WINDOWS.3\system32\wkmxcrkv.ini

C:\WINDOWS.3\system32\nueibkmw.ini

C:\WINDOWS.3\system32\cbeeg.bak1

C:\WINDOWS.3\system32\cbeeg.bak2

C:\WINDOWS.3\system32\cbeeg.ini

C:\WINDOWS.3\system32\cbeeg.ini2

C:\WINDOWS.3\system32\cbeeg.tmp

C:\WINDOWS.3\system32\cbeeg.bak1

C:\WINDOWS.3\system32\cbeeg.bak2

C:\WINDOWS.3\system32\cbeeg.ini

C:\WINDOWS.3\system32\cbeeg.ini2

C:\WINDOWS.3\system32\cbeeg.tmp

 

 

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

 

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\DOCUME~1\Renee\Desktop.\internet explorer.lnk

C:\WINDOWS.3\system32\acasfjrk.exe

C:\WINDOWS.3\system32\acatuhkg.exe

C:\WINDOWS.3\system32\aexxlgll.exe

C:\WINDOWS.3\system32\aoabwwcp.exe

C:\WINDOWS.3\system32\ayuylxds.exe

C:\WINDOWS.3\system32\azip32.dll

C:\WINDOWS.3\system32\bjarhrre.exe

C:\WINDOWS.3\system32\bxxdsakf.exe

C:\WINDOWS.3\system32\cluedkgs.exe

C:\WINDOWS.3\system32\cnlnmsxi.exe

C:\WINDOWS.3\system32\didtcxle.exe

C:\WINDOWS.3\system32\dmrwgsyh.exe

C:\WINDOWS.3\system32\dyfvneoh.exe

C:\WINDOWS.3\system32\ecsnrppp.exe

C:\WINDOWS.3\system32\eidfkplt.exe

C:\WINDOWS.3\system32\enbfuyua.exe

C:\WINDOWS.3\system32\eotohqvt.exe

C:\WINDOWS.3\system32\fdenndwq.exe

C:\WINDOWS.3\system32\fjtoagvb.exe

C:\WINDOWS.3\system32\fmncopuw.exe

C:\WINDOWS.3\system32\fvbgxatl.exe

C:\WINDOWS.3\system32\gbnwungn.exe

C:\WINDOWS.3\system32\hkpxroay.exe

C:\WINDOWS.3\system32\hswlfybn.exe

C:\WINDOWS.3\system32\hwswygli.exe

C:\WINDOWS.3\system32\hxlwiaqt.exe

C:\WINDOWS.3\system32\ipigtftj.exe

C:\WINDOWS.3\system32\jtuwxwsd.exe

C:\WINDOWS.3\system32\juojqwth.exe

C:\WINDOWS.3\system32\jwlshhaf.exe

C:\WINDOWS.3\system32\knxwvrlq.exe

C:\WINDOWS.3\system32\ktyldpnm.exe

C:\WINDOWS.3\system32\lfbcjbbf.exe

C:\WINDOWS.3\system32\lppshdfj.exe

C:\WINDOWS.3\system32\ltmtkwpm.exe

C:\WINDOWS.3\system32\luflrrob.exe

C:\WINDOWS.3\system32\maeulkgk.exe

C:\WINDOWS.3\system32\mqygcbon.exe

C:\WINDOWS.3\system32\mtetnfso.exe

C:\WINDOWS.3\system32\mwakuaim.exe

C:\WINDOWS.3\system32\mxcfshvp.exe

C:\WINDOWS.3\system32\mykijwnr.exe

C:\WINDOWS.3\system32\nllmstpx.exe

C:\WINDOWS.3\system32\npgahufe.exe

C:\WINDOWS.3\system32\nrqbtwda.exe

C:\WINDOWS.3\system32\oejhtbcb.exe

C:\WINDOWS.3\system32\olferdmn.exe

C:\WINDOWS.3\system32\oqiupwnp.exe

C:\WINDOWS.3\system32\ornqaods.exe

C:\WINDOWS.3\system32\ouoafnct.exe

C:\WINDOWS.3\system32\oxkiiqul.exe

C:\WINDOWS.3\system32\pafgvfgw.exe

C:\WINDOWS.3\system32\pdnfuirt.exe

C:\WINDOWS.3\system32\pelvujru.exe

C:\WINDOWS.3\system32\pmsdgcqr.exe

C:\WINDOWS.3\system32\poldvrfp.exe

C:\WINDOWS.3\system32\prbxaddi.exe

C:\WINDOWS.3\system32\puorufuf.exe

C:\WINDOWS.3\system32\pvldhmfn.exe

C:\WINDOWS.3\system32\qmmijcbt.exe

C:\WINDOWS.3\system32\qvhdgrsc.exe

C:\WINDOWS.3\system32\qxbmlahw.exe

C:\WINDOWS.3\system32\ramlqtwc.exe

C:\WINDOWS.3\system32\shsxqfby.exe

C:\WINDOWS.3\system32\srrllavw.exe

C:\WINDOWS.3\system32\sxtkvpcr.exe

C:\WINDOWS.3\system32\tdawdlip.exe

C:\WINDOWS.3\system32\tjyflxnn.exe

C:\WINDOWS.3\system32\tmgktsac.exe

C:\WINDOWS.3\system32\tnebigul.exe

C:\WINDOWS.3\system32\tthkyers.exe

C:\WINDOWS.3\system32\ukgmsjmd.exe

C:\WINDOWS.3\system32\urtvxxbc.exe

C:\WINDOWS.3\system32\vdobxrgn.exe

C:\WINDOWS.3\system32\vjgvbyxk.exe

C:\WINDOWS.3\system32\vnecuxuq.exe

C:\WINDOWS.3\system32\vniikuyo.exe

C:\WINDOWS.3\system32\vtklwyhq.exe

C:\WINDOWS.3\system32\vveoaspm.exe

C:\WINDOWS.3\system32\vymdnqov.exe

C:\WINDOWS.3\system32\wciyttui.exe

C:\WINDOWS.3\system32\wmebcxig.exe

C:\WINDOWS.3\system32\wrbxiwfk.exe

C:\WINDOWS.3\system32\wsngsxqw.exe

C:\WINDOWS.3\system32\wyhghdrx.exe

C:\WINDOWS.3\system32\xbljdvxk.exe

C:\WINDOWS.3\system32\xgqwkmuk.exe

C:\WINDOWS.3\system32\xpdx.sys

C:\WINDOWS.3\system32\xppkwugr.exe

C:\WINDOWS.3\system32\ykptedqg.exe

C:\WINDOWS.3\system32\yxmeodqf.exe

 

 

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

-------\LEGACY_ASC3550U

-------\LEGACY_DOMAINSERVICE

-------\asc3550u

-------\DomainService

-------\xpdx

 

 

((((((((((((((((((((((((( Files Created from 2007-06-26 to 2007-07-26 )))))))))))))))))))))))))))))))

 

 

2007-07-26 01:20 51,200 --a------ C:\WINDOWS.3\nircmd.exe

2007-07-25 00:41 <DIR> d----c--- C:\Nova pasta

2007-07-25 00:32 <DIR> d----c--- C:\VundoFix Backups

2007-07-25 00:30 109,056 --a--c--- C:\VundoFix.exe

2007-07-24 19:37 66,112 --a------ C:\WINDOWS.3\system32\fgupevlo.exe

2007-07-24 19:37 126,016 --a------ C:\WINDOWS.3\system32\rbkgukvi.dll

2007-07-24 01:27 218,112 --a--c--- C:\HijackThis.exe

2007-07-23 21:08 66,112 --a------ C:\WINDOWS.3\system32\dvqbpvyu.exe

2007-07-23 21:08 126,016 --a------ C:\WINDOWS.3\system32\kplnfylf.dll

2007-07-23 19:46 66,112 --a------ C:\WINDOWS.3\system32\irtghgnl.exe

2007-07-23 00:44 128,576 --a------ C:\WINDOWS.3\system32\xtjtmfhh.dll

2007-07-23 00:41 66,112 --a------ C:\WINDOWS.3\system32\lxsqxqxb.exe

2007-07-22 23:34 66,112 --a------ C:\WINDOWS.3\system32\rmhmjops.exe

2007-07-22 23:24 66,112 --a------ C:\WINDOWS.3\system32\wwdjbggb.exe

2007-07-22 23:11 66,112 --a------ C:\WINDOWS.3\system32\lbyajipu.exe

2007-07-22 21:56 66,112 --a------ C:\WINDOWS.3\system32\cxsrbyro.exe

2007-07-22 21:37 66,112 --a------ C:\WINDOWS.3\system32\pxvwpomn.exe

2007-07-22 21:18 66,112 --a------ C:\WINDOWS.3\system32\mrycfnnw.exe

2007-07-22 20:52 66,112 --a------ C:\WINDOWS.3\system32\iwwwrbsp.exe

2007-07-22 20:25 66,112 --a------ C:\WINDOWS.3\system32\okpmocqb.exe

2007-07-22 20:00 66,112 --a------ C:\WINDOWS.3\system32\viaueuxl.exe

2007-07-22 19:49 66,112 --a------ C:\WINDOWS.3\system32\ipdlqdjj.exe

2007-07-22 19:29 66,112 --a------ C:\WINDOWS.3\system32\ruyhsvok.exe

2007-07-22 19:15 66,112 --a------ C:\WINDOWS.3\system32\oqnopjob.exe

2007-07-22 19:04 66,112 --a------ C:\WINDOWS.3\system32\oybubojp.exe

2007-07-22 17:57 66,112 --a------ C:\WINDOWS.3\system32\wntrrgty.exe

2007-07-22 16:29 66,112 --a------ C:\WINDOWS.3\system32\yvwkamys.exe

2007-07-22 15:54 66,112 --a------ C:\WINDOWS.3\system32\ncvybqbr.exe

2007-07-22 14:46 66,112 --a------ C:\WINDOWS.3\system32\hipifhox.exe

2007-07-22 14:26 66,112 --a------ C:\WINDOWS.3\system32\kwqxqxuv.exe

2007-07-22 14:04 66,112 --a------ C:\WINDOWS.3\system32\emhkptxx.exe

2007-07-22 12:49 66,112 --a------ C:\WINDOWS.3\system32\cgijlaow.exe

2007-07-22 02:10 66,112 --a------ C:\WINDOWS.3\system32\rjuyrxps.exe

2007-07-22 02:00 66,112 --a------ C:\WINDOWS.3\system32\ultdscaq.exe

2007-07-22 01:49 66,112 --a------ C:\WINDOWS.3\system32\bgicsgvt.exe

2007-07-22 01:34 66,112 --a------ C:\WINDOWS.3\system32\ndtdrsrw.exe

2007-07-22 00:54 66,112 --a------ C:\WINDOWS.3\system32\eskmdnnf.exe

2007-07-22 00:21 128,576 --a------ C:\WINDOWS.3\system32\girmovir.dll

2007-07-22 00:19 66,112 --a------ C:\WINDOWS.3\system32\qkuduyjr.exe

2007-07-22 00:01 66,112 --a------ C:\WINDOWS.3\system32\ehjjohkk.exe

2007-07-21 23:47 66,112 --a------ C:\WINDOWS.3\system32\udktjhom.exe

2007-07-21 23:39 66,112 --a------ C:\WINDOWS.3\system32\kplukokh.exe

2007-07-21 23:33 66,112 --a------ C:\WINDOWS.3\system32\otxmynxx.exe

2007-07-21 23:01 66,112 --a------ C:\WINDOWS.3\system32\slrahubo.exe

2007-07-21 22:44 66,112 --a------ C:\WINDOWS.3\system32\soryrejg.exe

2007-07-21 21:13 66,112 --a------ C:\WINDOWS.3\system32\lmmqluag.exe

2007-07-21 20:54 66,112 --a------ C:\WINDOWS.3\system32\dposhbkl.exe

2007-07-21 20:39 66,112 --a------ C:\WINDOWS.3\system32\osykhfwt.exe

2007-07-21 20:27 66,112 --a------ C:\WINDOWS.3\system32\eswukjwx.exe

2007-07-21 20:15 66,112 --a------ C:\WINDOWS.3\system32\uplqowpv.exe

2007-07-21 20:00 66,112 --a------ C:\WINDOWS.3\system32\gimwnqbv.exe

2007-07-21 19:40 66,112 --a------ C:\WINDOWS.3\system32\kuaaviyu.exe

2007-07-21 19:15 66,112 --a------ C:\WINDOWS.3\system32\xsrnsbuy.exe

2007-07-21 09:03 66,112 --a------ C:\WINDOWS.3\system32\uwybqawm.exe

2007-07-21 09:03 128,576 --a------ C:\WINDOWS.3\system32\umyvoydu.dll

2007-07-21 08:50 66,112 --a------ C:\WINDOWS.3\system32\qdrbgqxy.exe

2007-07-21 08:44 66,112 --a------ C:\WINDOWS.3\system32\vjlvboon.exe

2007-07-20 12:47 128,576 --a------ C:\WINDOWS.3\system32\rjfpijwm.dll

2007-07-20 12:44 66,112 --a------ C:\WINDOWS.3\system32\syepetfc.exe

2007-07-20 12:28 66,112 --a------ C:\WINDOWS.3\system32\wsvmgwhq.exe

2007-07-20 11:17 66,112 --a------ C:\WINDOWS.3\system32\mnwtwqol.exe

2007-07-20 11:15 66,112 --a------ C:\WINDOWS.3\system32\xapyebyi.exe

2007-07-20 11:04 66,112 --a------ C:\WINDOWS.3\system32\ahqikuvk.exe

2007-07-20 10:56 66,112 --a------ C:\WINDOWS.3\system32\auaibypr.exe

2007-07-20 10:52 66,112 --a------ C:\WINDOWS.3\system32\axlfxmve.exe

2007-07-20 10:43 66,112 --a------ C:\WINDOWS.3\system32\ynapvhcm.exe

2007-07-20 10:27 66,112 --a------ C:\WINDOWS.3\system32\fbkpgsyd.exe

2007-07-20 10:12 66,112 --a------ C:\WINDOWS.3\system32\hceybehc.exe

2007-07-20 10:04 66,112 --a------ C:\WINDOWS.3\system32\uhegnabm.exe

2007-07-20 09:49 66,112 --a------ C:\WINDOWS.3\system32\vwrekxaf.exe

2007-07-20 09:39 66,112 --a------ C:\WINDOWS.3\system32\byjkbwnv.exe

2007-07-20 09:29 66,112 --a------ C:\WINDOWS.3\system32\ndrkpjcs.exe

2007-07-20 01:10 <DIR> d----c--- C:\ARQUIVOS DE PROGRAMAS\CCleaner

2007-07-20 00:58 <DIR> d----c--- C:\!KillBox

2007-07-20 00:36 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT

2007-07-20 00:36 <DIR> dr-h----- C:\DOCUME~1\ADMINI~1\Dados de aplicativos

2007-07-20 00:36 <DIR> dr------- C:\DOCUME~1\ADMINI~1\Meus documentos

2007-07-20 00:36 <DIR> dr------- C:\DOCUME~1\ADMINI~1\Menu Iniciar

2007-07-20 00:36 <DIR> dr------- C:\DOCUME~1\ADMINI~1\Favoritos

2007-07-20 00:36 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Modelos

2007-07-20 00:36 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Configura‡äes locais

2007-07-20 00:36 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Ambiente de rede

2007-07-20 00:36 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Ambiente de impressÆo

2007-07-19 23:50 66,112 --a------ C:\WINDOWS.3\system32\iddyxbjk.exe

2007-07-19 23:50 128,576 --a------ C:\WINDOWS.3\system32\nohhtcsf.dll

2007-07-19 23:43 66,112 --a------ C:\WINDOWS.3\system32\unjvcttw.exe

2007-07-19 22:42 66,112 --a------ C:\WINDOWS.3\system32\ipfrcuho.exe

2007-07-19 22:25 66,112 --a------ C:\WINDOWS.3\system32\cbswnkdt.exe

2007-07-19 22:02 66,112 --a------ C:\WINDOWS.3\system32\vjhveeds.exe

2007-07-19 21:47 66,112 --a------ C:\WINDOWS.3\system32\qgpwgphh.exe

2007-07-19 21:37 66,112 --a------ C:\WINDOWS.3\system32\aqpxkdki.exe

2007-07-19 21:31 66,112 --a------ C:\WINDOWS.3\system32\tdiophyy.exe

2007-07-19 19:57 66,112 --a------ C:\WINDOWS.3\system32\ffowwgbh.exe

2007-07-19 19:40 66,112 --a------ C:\WINDOWS.3\system32\putkcvtp.exe

2007-07-19 19:18 66,112 --a------ C:\WINDOWS.3\system32\cejssrvb.exe

2007-07-19 18:25 66,112 --a------ C:\WINDOWS.3\system32\bnnrxdqm.exe

2007-07-19 14:54 66,112 --a------ C:\WINDOWS.3\system32\udlbfora.exe

2007-07-18 22:10 95,872 --a------ C:\WINDOWS.3\system32\AvastSS.scr

2007-07-18 22:10 43,176 --a------ C:\WINDOWS.3\system32\drivers\aswTdi.sys

2007-07-18 22:10 26,888 --a------ C:\WINDOWS.3\system32\drivers\aavmker4.sys

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-07-26 04:27:54 -------- d-----w C:\Arquivos de programas\eMule

2007-07-26 04:26:24 64,628 --sha-w C:\WINDOWS.3\system32\drivers\fidbox2.idx

2007-07-26 04:26:24 298,796 --sha-w C:\WINDOWS.3\system32\drivers\fidbox.idx

2007-07-24 00:21:51 -------- d-----w C:\Arquivos de programas\Picasa2

2007-07-15 04:30:54 -------- d-----w C:\DOCUME~1\Renee\DADOSD~1\Skype

2007-07-04 17:22:40 -------- d-----w C:\Arquivos de programas\Save

2007-07-04 17:04:11 -------- d-----w C:\DOCUME~1\Renee\DADOSD~1\Vso

2007-07-04 16:58:50 -------- d-----w C:\Arquivos de programas\hp deskjet 3820 series

2007-07-04 01:32:13 -------- d-----w C:\Arquivos de programas\Webteh

2007-06-21 15:14:36 2,560 ----a-w C:\WINDOWS.3\_MSRSTRT.EXE

2007-05-28 04:36:47 -------- d-----w C:\Arquivos de programas\DigiPix

2007-05-27 04:19:01 -------- d-----w C:\DOCUME~1\Renee\DADOSD~1\BSplayer Pro

2007-05-26 15:12:39 -------- d-----w C:\DOCUME~1\Renee\DADOSD~1\WebCompiler3

2007-05-16 15:13:54 683,520 ----a-w C:\WINDOWS.3\system32\inetcomm.dll

2007-05-07 21:09:10 3,994 ----a-w C:\WINDOWS.3\system32\msnobj.dll

2007-05-07 21:06:46 9,293 ----a-w C:\WINDOWS.3\system32\msnprint.dll

2007-05-06 18:08:52 21,764 ----a-w C:\WINDOWS.3\system32\CoreAAC-uninstall.exe

2007-04-16 03:15:09 87,608 ----a-w C:\DOCUME~1\Renee\DADOSD~1\ezpinst.exe

2007-04-16 03:15:09 47,360 ----a-w C:\DOCUME~1\Renee\DADOSD~1\pcouffin.sys

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{308D677F-E4D0-42AC-899E-29871F414164}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{670231CF-FF50-4ABA-A440-7E3848596CFD}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7F08009D-BA12-46D2-8F10-2B95747BCA8A}]

C:\WINDOWS.3\system32\ssqpo.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C643CD86-1203-4FC8-89AE-9552FEFFFAA2}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 12:42]

"Picasa Media Detector"="C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe" [2007-06-15 20:15]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS.3\system32\ctfmon.exe" [2004-08-04 09:00]

"msnmsgr"="C:\ARQUIVOS DE PROGRAMAS\MSN Messenger\msnmsgr.exe" [2006-01-24 20:31]

"eMuleAutoStart"="C:\ARQUIVOS DE PROGRAMAS\eMule\emule.exe" [2007-05-13 11:57]

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"swg"=C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

"msnmsgr"="C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= C:\WINDOWS.3\Downloaded Program Files\gbieh.dll [2007-02-22 15:00 228392]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geebc]

C:\WINDOWS.3\system32\geebc.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winbjv32]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GPLv3]

rundll32.exe "C:\WINDOWS.3\system32\cnkdynyw.dll",realset

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\icq.com]

rundll32.exe "C:\WINDOWS.3\system32\xadjtckx.dll",forkonce

 

R0 uagp35;Filtro Microsoft AGPv3.5;C:\WINDOWS.3\system32\DRIVERS\uagp35.sys

R1 Klmc;Klmc;C:\WINDOWS.3\system32\drivers\klmc.sys

R1 sdcplh;sdcplh;C:\WINDOWS.3\system32\drivers\sdcplh.sys

R2 sbbotdi;sbbotdi;\??\C:\ARQUIV~1\SPEEDB~1\sbbotdi.sys

R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver;C:\WINDOWS.3\system32\DRIVERS\fetnd5.sys

R3 pcouffin;VSO Software pcouffin;C:\WINDOWS.3\system32\Drivers\pcouffin.sys

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);C:\WINDOWS.3\system32\DRIVERS\RMSPPPOE.SYS

R3 smserial;smserial;C:\WINDOWS.3\system32\DRIVERS\smserial.sys

R3 viagfx;viagfx;C:\WINDOWS.3\system32\DRIVERS\vtmini.sys

S2 GbpSv;Gbp Service;C:\Arquivos de programas\GbPlugin\GbpSv.exe

S2 InCDsrvR;InCD Helper (read only);C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe -r

S3 876638dd-d956-4299-af26-ba800e4aa7e9;876638dd-d956-4299-af26-ba800e4aa7e9;\??\D:\Player\cds300.dll

S3 ROOTMODEM;Microsoft Legacy Modem Driver;C:\WINDOWS.3\system32\Drivers\RootMdm.sys

S3 usbser;Motorola USB Modem Driver;C:\WINDOWS.3\system32\DRIVERS\usbser.sys

 

 

**************************************************************************

 

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-07-26 01:27:33

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden registry entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

Completion time: 2007-07-26 1:29:10 - machine was rebooted

C:\ComboFix-quarantined-files.txt ... 2007-07-26 01:28

 

--- E O F ---

[jgarcia 1]

Opa Nee,

 

Rapaz, quanta coisa ruim. :devil: Bem, vamos ao ataque.

 

Habilite o Windows para mostrar todos os arquivos (até ocultos).

 

Desinstale:

-> Save

 

Utilize Adicionar / Remover programas.

 

Desinstale e reinicie após tê-lo feito.

 

Obs.: Caso não encontre o programa acima citado na lista, apenas passe para a próxima etapa.

 

1ª Etapa

 

Baixe o Killbox em:

Killbox

 

1. Execute o Killbox, clique em Delete on Reboot.

 

2. Copie a lista abaixo em negrito para a área de transferência. Selecione tudo com o auxílio do mouse --> vá até a aba Editar na barra do navegador --> clique em Copiar.

 

C:\WINDOWS.3\system32\fgupevlo.exe

C:\WINDOWS.3\system32\rbkgukvi.dll

C:\WINDOWS.3\system32\ssqpo.dll

C:\WINDOWS.3\system32\rbkgukvi.dll

C:\WINDOWS.3\system32\geebc.dll

C:\WINDOWS.3\system32\winbjv32.dll

C:\WINDOWS.3\system32\dvqbpvyu.exe

C:\WINDOWS.3\system32\kplnfylf.dll

C:\WINDOWS.3\system32\irtghgnl.exe

C:\WINDOWS.3\system32\xtjtmfhh.dll

C:\WINDOWS.3\system32\lxsqxqxb.exe

C:\WINDOWS.3\system32\rmhmjops.exe

C:\WINDOWS.3\system32\wwdjbggb.exe

C:\WINDOWS.3\system32\lbyajipu.exe

C:\WINDOWS.3\system32\cxsrbyro.exe

C:\WINDOWS.3\system32\pxvwpomn.exe

C:\WINDOWS.3\system32\mrycfnnw.exe

C:\WINDOWS.3\system32\iwwwrbsp.exe

C:\WINDOWS.3\system32\okpmocqb.exe

C:\WINDOWS.3\system32\viaueuxl.exe

C:\WINDOWS.3\system32\ipdlqdjj.exe

C:\WINDOWS.3\system32\ruyhsvok.exe

C:\WINDOWS.3\system32\oqnopjob.exe

C:\WINDOWS.3\system32\oybubojp.exe

C:\WINDOWS.3\system32\wntrrgty.exe

C:\WINDOWS.3\system32\yvwkamys.exe

C:\WINDOWS.3\system32\ncvybqbr.exe

C:\WINDOWS.3\system32\kwqxqxuv.exe

C:\WINDOWS.3\system32\emhkptxx.exe

C:\WINDOWS.3\system32\cgijlaow.exe

C:\WINDOWS.3\system32\rjuyrxps.exe

C:\WINDOWS.3\system32\ultdscaq.exe

C:\WINDOWS.3\system32\bgicsgvt.exe

C:\WINDOWS.3\system32\ndtdrsrw.exe

C:\WINDOWS.3\system32\eskmdnnf.exe

C:\WINDOWS.3\system32\girmovir.dll

C:\WINDOWS.3\system32\qkuduyjr.exe

C:\WINDOWS.3\system32\ehjjohkk.exe

C:\WINDOWS.3\system32\udktjhom.exe

C:\WINDOWS.3\system32\kplukokh.exe

C:\WINDOWS.3\system32\otxmynxx.exe

C:\WINDOWS.3\system32\slrahubo.exe

C:\WINDOWS.3\system32\soryrejg.exe

C:\WINDOWS.3\system32\lmmqluag.exe

C:\WINDOWS.3\system32\dposhbkl.exe

C:\WINDOWS.3\system32\osykhfwt.exe

C:\WINDOWS.3\system32\eswukjwx.exe

C:\WINDOWS.3\system32\uplqowpv.exe

C:\WINDOWS.3\system32\gimwnqbv.exe

C:\WINDOWS.3\system32\kuaaviyu.exe

C:\WINDOWS.3\system32\xsrnsbuy.exe

C:\WINDOWS.3\system32\uwybqawm.exe

C:\WINDOWS.3\system32\umyvoydu.dll

C:\WINDOWS.3\system32\qdrbgqxy.exe

C:\WINDOWS.3\system32\vjlvboon.exe

C:\WINDOWS.3\system32\rjfpijwm.dll

C:\WINDOWS.3\system32\syepetfc.exe

C:\WINDOWS.3\system32\wsvmgwhq.exe

C:\WINDOWS.3\system32\mnwtwqol.exe

C:\WINDOWS.3\system32\xapyebyi.exe

C:\WINDOWS.3\system32\ahqikuvk.exe

C:\WINDOWS.3\system32\auaibypr.exe

C:\WINDOWS.3\system32\axlfxmve.exe

C:\WINDOWS.3\system32\ynapvhcm.exe

C:\WINDOWS.3\system32\fbkpgsyd.exe

C:\WINDOWS.3\system32\hceybehc.exe

C:\WINDOWS.3\system32\uhegnabm.exe

C:\WINDOWS.3\system32\vwrekxaf.exe

C:\WINDOWS.3\system32\byjkbwnv.exe

C:\WINDOWS.3\system32\ndrkpjcs.exe

C:\WINDOWS.3\system32\iddyxbjk.exe

C:\WINDOWS.3\system32\nohhtcsf.dll

C:\WINDOWS.3\system32\unjvcttw.exe

C:\WINDOWS.3\system32\ipfrcuho.exe

C:\WINDOWS.3\system32\cbswnkdt.exe

C:\WINDOWS.3\system32\vjhveeds.exe

C:\WINDOWS.3\system32\qgpwgphh.exe

C:\WINDOWS.3\system32\aqpxkdki.exe

C:\WINDOWS.3\system32\tdiophyy.exe

C:\WINDOWS.3\system32\ffowwgbh.exe

C:\WINDOWS.3\system32\putkcvtp.exe

C:\WINDOWS.3\system32\cejssrvb.exe

C:\WINDOWS.3\system32\bnnrxdqm.exe

C:\WINDOWS.3\system32\udlbfora.exe

C:\WINDOWS.3\system32\ajbjdjqh.dll

C:\WINDOWS.3\system32\bxgutugu.dll

C:\WINDOWS.3\system32\cbxuttt.dll

C:\WINDOWS.3\system32\cduwshar.dll

C:\WINDOWS.3\system32\dstkdjgc.dll

C:\WINDOWS.3\system32\ehgormad.dll

C:\WINDOWS.3\system32\eljcvdut.dll

C:\WINDOWS.3\system32\endsbutb.dll

C:\WINDOWS.3\system32\eqpfmevu.dll

C:\WINDOWS.3\system32\eqsqqbce.dll

C:\WINDOWS.3\system32\ewmwjbci.dll

C:\WINDOWS.3\system32\hhrjluef.dll

C:\WINDOWS.3\system32\kbabepex.dll

C:\WINDOWS.3\system32\kcmivput.dll

C:\WINDOWS.3\system32\melfnfqb.dll

C:\WINDOWS.3\system32\okcfejga.dll

C:\WINDOWS.3\system32\vkrcxmkw.dll

C:\WINDOWS.3\system32\wmkbieun.dll

C:\WINDOWS.3\system32\xsrqxbng.dll

C:\WINDOWS.3\system32\adqpxuyy.dll

C:\WINDOWS.3\system32\assxqkfp.dll

C:\WINDOWS.3\system32\axsiaenh.dll

C:\WINDOWS.3\system32\bgqmayrd.dll

C:\WINDOWS.3\system32\bpdavwmf.dll

C:\WINDOWS.3\system32\cfcwmjfh.dll

C:\WINDOWS.3\system32\cgcfphkw.dll

C:\WINDOWS.3\system32\ckenmeoe.dll

C:\WINDOWS.3\system32\dbvfifva.dll

C:\WINDOWS.3\system32\djfpostb.dll

C:\WINDOWS.3\system32\dwfrdlkr.dll

C:\WINDOWS.3\system32\eyjyxsua.dll

C:\WINDOWS.3\system32\fchmjkjk.dll

C:\WINDOWS.3\system32\fownjkis.dll

C:\WINDOWS.3\system32\ggrdeanp.dll

C:\WINDOWS.3\system32\gonxlfac.dll

C:\WINDOWS.3\system32\hjluibqy.dll

C:\WINDOWS.3\system32\icaeskyq.dll

C:\WINDOWS.3\system32\iuctcxav.dll

C:\WINDOWS.3\system32\jgskhhaw.dll

C:\WINDOWS.3\system32\jjnogmxb.dll

C:\WINDOWS.3\system32\jlbaqrne.dll

C:\WINDOWS.3\system32\jprlsfue.dll

C:\WINDOWS.3\system32\jyslmprk.dll

C:\WINDOWS.3\system32\kdhxyswn.dll

C:\WINDOWS.3\system32\kqepjfwo.dll

C:\WINDOWS.3\system32\kuulpagg.dll

C:\WINDOWS.3\system32\kwhkvebh.dll

C:\WINDOWS.3\system32\meocvyqe.dll

C:\WINDOWS.3\system32\mohtjtnw.dll

C:\WINDOWS.3\system32\mxagqqbd.dll

C:\WINDOWS.3\system32\odrguaiu.dll

C:\WINDOWS.3\system32\oerxnepc.dll

C:\WINDOWS.3\system32\oysvykyq.dll

C:\WINDOWS.3\system32\pbisgoej.dll

C:\WINDOWS.3\system32\poafltsx.dll

C:\WINDOWS.3\system32\qvhqcvlr.dll

C:\WINDOWS.3\system32\rmkjfcxx.dll

C:\WINDOWS.3\system32\rttuiofb.dll

C:\WINDOWS.3\system32\rxhgtddc.dll

C:\WINDOWS.3\system32\tvlximqm.dll

C:\WINDOWS.3\system32\vbsnchmc.dll

C:\WINDOWS.3\system32\vjchnjfq.dll

C:\WINDOWS.3\system32\vyldfmga.dll

C:\WINDOWS.3\system32\wroxyxli.dll

C:\WINDOWS.3\system32\xmgvxdta.dll

C:\WINDOWS.3\system32\xrkualtl.dll

C:\WINDOWS.3\system32\ykajeybj.dll

C:\WINDOWS.3\system32\ylahtyoq.dll

C:\WINDOWS.3\system32\ynlsuytt.dll

C:\WINDOWS.3\system32\ysffwlvf.dll

C:\WINDOWS.3\system32\yxmlawoh.dll

C:\WINDOWS.3\system32\cbxuttt.dll

C:\WINDOWS.3\system32\hqjdjbja.ini

C:\WINDOWS.3\system32\ugutugxb.ini

C:\WINDOWS.3\system32\rahswudc.ini

C:\WINDOWS.3\system32\cgjdktsd.ini

C:\WINDOWS.3\system32\damroghe.ini

C:\WINDOWS.3\system32\tudvcjle.ini

C:\WINDOWS.3\system32\btubsdne.ini

C:\WINDOWS.3\system32\uvemfpqe.ini

C:\WINDOWS.3\system32\ecbqqsqe.ini

C:\WINDOWS.3\system32\icbjwmwe.ini

C:\WINDOWS.3\system32\feuljrhh.ini

C:\WINDOWS.3\system32\xepebabk.ini

C:\WINDOWS.3\system32\tupvimck.ini

C:\WINDOWS.3\system32\bqfnflem.ini

C:\WINDOWS.3\system32\agjefcko.ini

C:\WINDOWS.3\system32\wkmxcrkv.ini

C:\WINDOWS.3\system32\nueibkmw.ini

C:\WINDOWS.3\system32\cbeeg.bak1

C:\WINDOWS.3\system32\cbeeg.bak2

C:\WINDOWS.3\system32\cbeeg.ini

C:\WINDOWS.3\system32\cbeeg.ini2

C:\WINDOWS.3\system32\cbeeg.tmp

C:\WINDOWS.3\system32\cbeeg.bak1

C:\WINDOWS.3\system32\cbeeg.bak2

C:\WINDOWS.3\system32\cbeeg.ini

C:\WINDOWS.3\system32\cbeeg.ini2

C:\WINDOWS.3\system32\cbeeg.tmp

 

3. Retorne ao Killbox. Clique em File > Paste from clipboard. Clique em All Files.

 

4. Aperte em "X". Responda "não" à pergunta.

 

É prudente que você faça a impressão deste documento ou salve-o em um lugar de fácil acesso, pois na próxima etapa entraremos em Modo de Seguro e a conexão à internet não será possível.

 

2ª Etapa

 

Reinicie o computador em Modo Seguro (após reiniciar aperte a tecla F8 repetidamente até aparecer uma tela preta em DOS e escolha Modo Seguro).

 

Execute o HijackThis, clique em Do a system scan only e marque:

O2 - BHO: (no name) - {308D677F-E4D0-42AC-899E-29871F414164} - (no file)

O2 - BHO: (no name) - {670231CF-FF50-4ABA-A440-7E3848596CFD} - (no file)

O2 - BHO: (no name) - {7F08009D-BA12-46D2-8F10-2B95747BCA8A} - C:\WINDOWS.3\system32\ssqpo.dll (file missing)

O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)

O2 - BHO: (no name) - {C643CD86-1203-4FC8-89AE-9552FEFFFAA2} - (no file)

O4 - HKLM\..\Run: [MemoryManager] rundll32.exe "C:\WINDOWS.3\system32\rbkgukvi.dll",forkonce

O20 - Winlogon Notify: geebc - C:\WINDOWS.3\system32\geebc.dll (file missing)

O20 - Winlogon Notify: winbjv32 - C:\WINDOWS.3\

Clique em Fix Checked.

 

3ª Etapa

 

Ainda em Modo Seguro localize e delete:

 

C:\Arquivos de programas\Save <- a pasta

 

4ª Etapa

 

Reinicie em Modo Normal.

 

Delete o conteúdo das pastas C:\!Killbox e C:\Qoobox\Quarantine.

 

Poste novos logs do HijackThis e ComboFix.

 

Aguardo retorno.

 

Um abraço.

[Nee 0]

e ae! Consegui tirar as coisas ruins?!

he he

Te mais

 

"Nee" - 2007-07-27 0:40:03 [GMT -3:00] - ComboFix 07-07-24 - Service Pack 2 NTFS

 

 

((((((((((((((((((((((((( Files Created from 2007-06-27 to 2007-07-27 )))))))))))))))))))))))))))))))

 

 

2007-07-26 21:19 <DIR> d----c--- C:\backups

2007-07-26 21:10 92,672 --a--c--- C:\KillBox.exe

2007-07-26 01:20 51,200 --a------ C:\WINDOWS.3\nircmd.exe

2007-07-25 00:41 <DIR> d----c--- C:\Nova pasta

2007-07-25 00:32 <DIR> d----c--- C:\VundoFix Backups

2007-07-25 00:30 109,056 --a--c--- C:\VundoFix.exe

2007-07-24 19:37 66,112 --a------ C:\WINDOWS.3\system32\fgupevlo.exe

2007-07-24 19:37 126,016 --a------ C:\WINDOWS.3\system32\rbkgukvi.dll

2007-07-24 01:27 218,112 --a--c--- C:\HijackThis.exe

2007-07-23 21:08 66,112 --a------ C:\WINDOWS.3\system32\dvqbpvyu.exe

2007-07-23 21:08 126,016 --a------ C:\WINDOWS.3\system32\kplnfylf.dll

2007-07-23 19:46 66,112 --a------ C:\WINDOWS.3\system32\irtghgnl.exe

2007-07-23 00:44 128,576 --a------ C:\WINDOWS.3\system32\xtjtmfhh.dll

2007-07-23 00:41 66,112 --a------ C:\WINDOWS.3\system32\lxsqxqxb.exe

2007-07-22 23:34 66,112 --a------ C:\WINDOWS.3\system32\rmhmjops.exe

2007-07-22 23:24 66,112 --a------ C:\WINDOWS.3\system32\wwdjbggb.exe

2007-07-22 23:11 66,112 --a------ C:\WINDOWS.3\system32\lbyajipu.exe

2007-07-22 21:56 66,112 --a------ C:\WINDOWS.3\system32\cxsrbyro.exe

2007-07-22 21:37 66,112 --a------ C:\WINDOWS.3\system32\pxvwpomn.exe

2007-07-22 21:18 66,112 --a------ C:\WINDOWS.3\system32\mrycfnnw.exe

2007-07-22 20:52 66,112 --a------ C:\WINDOWS.3\system32\iwwwrbsp.exe

2007-07-22 20:25 66,112 --a------ C:\WINDOWS.3\system32\okpmocqb.exe

2007-07-22 20:00 66,112 --a------ C:\WINDOWS.3\system32\viaueuxl.exe

2007-07-22 19:49 66,112 --a------ C:\WINDOWS.3\system32\ipdlqdjj.exe

2007-07-22 19:29 66,112 --a------ C:\WINDOWS.3\system32\ruyhsvok.exe

2007-07-22 19:15 66,112 --a------ C:\WINDOWS.3\system32\oqnopjob.exe

2007-07-22 19:04 66,112 --a------ C:\WINDOWS.3\system32\oybubojp.exe

2007-07-22 17:57 66,112 --a------ C:\WINDOWS.3\system32\wntrrgty.exe

2007-07-22 16:29 66,112 --a------ C:\WINDOWS.3\system32\yvwkamys.exe

2007-07-22 15:54 66,112 --a------ C:\WINDOWS.3\system32\ncvybqbr.exe

2007-07-22 14:46 66,112 --a------ C:\WINDOWS.3\system32\hipifhox.exe

2007-07-22 14:26 66,112 --a------ C:\WINDOWS.3\system32\kwqxqxuv.exe

2007-07-22 14:04 66,112 --a------ C:\WINDOWS.3\system32\emhkptxx.exe

2007-07-22 12:49 66,112 --a------ C:\WINDOWS.3\system32\cgijlaow.exe

2007-07-22 02:10 66,112 --a------ C:\WINDOWS.3\system32\rjuyrxps.exe

2007-07-22 02:00 66,112 --a------ C:\WINDOWS.3\system32\ultdscaq.exe

2007-07-22 01:49 66,112 --a------ C:\WINDOWS.3\system32\bgicsgvt.exe

2007-07-22 01:34 66,112 --a------ C:\WINDOWS.3\system32\ndtdrsrw.exe

2007-07-22 00:54 66,112 --a------ C:\WINDOWS.3\system32\eskmdnnf.exe

2007-07-22 00:21 128,576 --a------ C:\WINDOWS.3\system32\girmovir.dll

2007-07-22 00:19 66,112 --a------ C:\WINDOWS.3\system32\qkuduyjr.exe

2007-07-22 00:01 66,112 --a------ C:\WINDOWS.3\system32\ehjjohkk.exe

2007-07-21 23:47 66,112 --a------ C:\WINDOWS.3\system32\udktjhom.exe

2007-07-21 23:39 66,112 --a------ C:\WINDOWS.3\system32\kplukokh.exe

2007-07-21 23:33 66,112 --a------ C:\WINDOWS.3\system32\otxmynxx.exe

2007-07-21 23:01 66,112 --a------ C:\WINDOWS.3\system32\slrahubo.exe

2007-07-21 22:44 66,112 --a------ C:\WINDOWS.3\system32\soryrejg.exe

2007-07-21 21:13 66,112 --a------ C:\WINDOWS.3\system32\lmmqluag.exe

2007-07-21 20:54 66,112 --a------ C:\WINDOWS.3\system32\dposhbkl.exe

2007-07-21 20:39 66,112 --a------ C:\WINDOWS.3\system32\osykhfwt.exe

2007-07-21 20:27 66,112 --a------ C:\WINDOWS.3\system32\eswukjwx.exe

2007-07-21 20:15 66,112 --a------ C:\WINDOWS.3\system32\uplqowpv.exe

2007-07-21 20:00 66,112 --a------ C:\WINDOWS.3\system32\gimwnqbv.exe

2007-07-21 19:40 66,112 --a------ C:\WINDOWS.3\system32\kuaaviyu.exe

2007-07-21 19:15 66,112 --a------ C:\WINDOWS.3\system32\xsrnsbuy.exe

2007-07-21 09:03 66,112 --a------ C:\WINDOWS.3\system32\uwybqawm.exe

2007-07-21 09:03 128,576 --a------ C:\WINDOWS.3\system32\umyvoydu.dll

2007-07-21 08:50 66,112 --a------ C:\WINDOWS.3\system32\qdrbgqxy.exe

2007-07-21 08:44 66,112 --a------ C:\WINDOWS.3\system32\vjlvboon.exe

2007-07-20 12:47 128,576 --a------ C:\WINDOWS.3\system32\rjfpijwm.dll

2007-07-20 12:44 66,112 --a------ C:\WINDOWS.3\system32\syepetfc.exe

2007-07-20 12:28 66,112 --a------ C:\WINDOWS.3\system32\wsvmgwhq.exe

2007-07-20 11:17 66,112 --a------ C:\WINDOWS.3\system32\mnwtwqol.exe

2007-07-20 11:15 66,112 --a------ C:\WINDOWS.3\system32\xapyebyi.exe

2007-07-20 11:04 66,112 --a------ C:\WINDOWS.3\system32\ahqikuvk.exe

2007-07-20 10:56 66,112 --a------ C:\WINDOWS.3\system32\auaibypr.exe

2007-07-20 10:52 66,112 --a------ C:\WINDOWS.3\system32\axlfxmve.exe

2007-07-20 10:43 66,112 --a------ C:\WINDOWS.3\system32\ynapvhcm.exe

2007-07-20 10:27 66,112 --a------ C:\WINDOWS.3\system32\fbkpgsyd.exe

2007-07-20 10:12 66,112 --a------ C:\WINDOWS.3\system32\hceybehc.exe

2007-07-20 10:04 66,112 --a------ C:\WINDOWS.3\system32\uhegnabm.exe

2007-07-20 09:49 66,112 --a------ C:\WINDOWS.3\system32\vwrekxaf.exe

2007-07-20 09:39 66,112 --a------ C:\WINDOWS.3\system32\byjkbwnv.exe

2007-07-20 09:29 66,112 --a------ C:\WINDOWS.3\system32\ndrkpjcs.exe

2007-07-20 01:10 <DIR> d----c--- C:\ARQUIVOS DE PROGRAMAS\CCleaner

2007-07-20 00:58 <DIR> d----c--- C:\!KillBox

2007-07-20 00:36 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT

2007-07-20 00:36 <DIR> dr-h----- C:\DOCUME~1\ADMINI~1\Dados de aplicativos

2007-07-20 00:36 <DIR> dr------- C:\DOCUME~1\ADMINI~1\Meus documentos

2007-07-20 00:36 <DIR> dr------- C:\DOCUME~1\ADMINI~1\Menu Iniciar

2007-07-20 00:36 <DIR> dr------- C:\DOCUME~1\ADMINI~1\Favoritos

2007-07-20 00:36 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Modelos

2007-07-20 00:36 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Configura‡äes locais

2007-07-20 00:36 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Ambiente de rede

2007-07-20 00:36 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Ambiente de impressÆo

2007-07-19 23:50 66,112 --a------ C:\WINDOWS.3\system32\iddyxbjk.exe

2007-07-19 23:50 128,576 --a------ C:\WINDOWS.3\system32\nohhtcsf.dll

2007-07-19 23:43 66,112 --a------ C:\WINDOWS.3\system32\unjvcttw.exe

2007-07-19 22:42 66,112 --a------ C:\WINDOWS.3\system32\ipfrcuho.exe

2007-07-19 22:25 66,112 --a------ C:\WINDOWS.3\system32\cbswnkdt.exe

2007-07-19 22:02 66,112 --a------ C:\WINDOWS.3\system32\vjhveeds.exe

2007-07-19 21:47 66,112 --a------ C:\WINDOWS.3\system32\qgpwgphh.exe

2007-07-19 21:37 66,112 --a------ C:\WINDOWS.3\system32\aqpxkdki.exe

2007-07-19 21:31 66,112 --a------ C:\WINDOWS.3\system32\tdiophyy.exe

2007-07-19 19:57 66,112 --a------ C:\WINDOWS.3\system32\ffowwgbh.exe

2007-07-19 19:40 66,112 --a------ C:\WINDOWS.3\system32\putkcvtp.exe

2007-07-19 19:18 66,112 --a------ C:\WINDOWS.3\system32\cejssrvb.exe

2007-07-19 18:25 66,112 --a------ C:\WINDOWS.3\system32\bnnrxdqm.exe

2007-07-19 14:54 66,112 --a------ C:\WINDOWS.3\system32\udlbfora.exe

2007-07-18 22:10 95,872 --a------ C:\WINDOWS.3\system32\AvastSS.scr

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-07-27 03:36:07 -------- d-----w C:\Arquivos de programas\eMule

2007-07-27 00:15:33 65,324 --sha-w C:\WINDOWS.3\system32\drivers\fidbox2.idx

2007-07-27 00:15:33 303,596 --sha-w C:\WINDOWS.3\system32\drivers\fidbox.idx

2007-07-24 00:21:51 -------- d-----w C:\Arquivos de programas\Picasa2

2007-07-15 04:30:54 -------- d-----w C:\DOCUME~1\Renee\DADOSD~1\Skype

2007-07-04 17:04:11 -------- d-----w C:\DOCUME~1\Renee\DADOSD~1\Vso

2007-07-04 16:58:50 -------- d-----w C:\Arquivos de programas\hp deskjet 3820 series

2007-07-04 01:32:13 -------- d-----w C:\Arquivos de programas\Webteh

2007-06-21 15:14:36 2,560 ----a-w C:\WINDOWS.3\_MSRSTRT.EXE

2007-05-28 04:36:47 -------- d-----w C:\Arquivos de programas\DigiPix

2007-05-27 04:19:01 -------- d-----w C:\DOCUME~1\Renee\DADOSD~1\BSplayer Pro

2007-05-16 15:13:54 683,520 ----a-w C:\WINDOWS.3\system32\inetcomm.dll

2007-05-07 21:09:10 3,994 ----a-w C:\WINDOWS.3\system32\msnobj.dll

2007-05-07 21:06:46 9,293 ----a-w C:\WINDOWS.3\system32\msnprint.dll

2007-05-06 18:08:52 21,764 ----a-w C:\WINDOWS.3\system32\CoreAAC-uninstall.exe

2007-04-16 03:15:09 87,608 ----a-w C:\DOCUME~1\Renee\DADOSD~1\ezpinst.exe

2007-04-16 03:15:09 47,360 ----a-w C:\DOCUME~1\Renee\DADOSD~1\pcouffin.sys

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 12:42]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS.3\system32\ctfmon.exe" [2004-08-04 09:00]

"msnmsgr"="C:\ARQUIVOS DE PROGRAMAS\MSN Messenger\msnmsgr.exe" [2006-01-24 20:31]

"eMuleAutoStart"="C:\ARQUIVOS DE PROGRAMAS\eMule\emule.exe" [2007-05-13 11:57]

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"swg"=C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

"msnmsgr"="C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= C:\WINDOWS.3\Downloaded Program Files\gbieh.dll [2007-02-22 15:00 228392]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GPLv3]

rundll32.exe "C:\WINDOWS.3\system32\cnkdynyw.dll",realset

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\icq.com]

rundll32.exe "C:\WINDOWS.3\system32\xadjtckx.dll",forkonce

 

R0 uagp35;Filtro Microsoft AGPv3.5;C:\WINDOWS.3\system32\DRIVERS\uagp35.sys

R1 Klmc;Klmc;C:\WINDOWS.3\system32\drivers\klmc.sys

R1 sdcplh;sdcplh;C:\WINDOWS.3\system32\drivers\sdcplh.sys

R2 sbbotdi;sbbotdi;\??\C:\ARQUIV~1\SPEEDB~1\sbbotdi.sys

R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver;C:\WINDOWS.3\system32\DRIVERS\fetnd5.sys

R3 pcouffin;VSO Software pcouffin;C:\WINDOWS.3\system32\Drivers\pcouffin.sys

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);C:\WINDOWS.3\system32\DRIVERS\RMSPPPOE.SYS

R3 smserial;smserial;C:\WINDOWS.3\system32\DRIVERS\smserial.sys

R3 viagfx;viagfx;C:\WINDOWS.3\system32\DRIVERS\vtmini.sys

S2 GbpSv;Gbp Service;C:\Arquivos de programas\GbPlugin\GbpSv.exe

S2 InCDsrvR;InCD Helper (read only);C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe -r

S3 876638dd-d956-4299-af26-ba800e4aa7e9;876638dd-d956-4299-af26-ba800e4aa7e9;\??\D:\Player\cds300.dll

S3 ROOTMODEM;Microsoft Legacy Modem Driver;C:\WINDOWS.3\system32\Drivers\RootMdm.sys

S3 usbser;Motorola USB Modem Driver;C:\WINDOWS.3\system32\DRIVERS\usbser.sys

 

 

**************************************************************************

 

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-07-27 00:41:45

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden registry entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

Completion time: 2007-07-27 0:42:53

C:\ComboFix-quarantined-files.txt ... 2007-07-27 00:42

C:\ComboFix2.txt ... 2007-07-26 01:29

 

--- E O F ---

 

 

Logfile of HijackThis v1.99.1

Scan saved at 00:38:22, on 27/7/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

 

Running processes:

C:\WINDOWS.3\System32\smss.exe

C:\WINDOWS.3\system32\winlogon.exe

C:\WINDOWS.3\system32\services.exe

C:\WINDOWS.3\system32\lsass.exe

C:\WINDOWS.3\system32\svchost.exe

C:\WINDOWS.3\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS.3\system32\spoolsv.exe

C:\WINDOWS.3\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS.3\system32\wuauclt.exe

C:\WINDOWS.3\Explorer.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS.3\system32\ctfmon.exe

C:\ARQUIVOS DE PROGRAMAS\MSN Messenger\msnmsgr.exe

C:\ARQUIVOS DE PROGRAMAS\eMule\emule.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\HijackThis.exe

 

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\ARQUIVOS DE PROGRAMAS\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\ARQUIV~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Arquivos de programas\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS.3\Downloaded Program Files\gbieh.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.3\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\ARQUIVOS DE PROGRAMAS\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [eMuleAutoStart] C:\ARQUIVOS DE PROGRAMAS\eMule\emule.exe -AutoStart

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by112fd.bay112.hotmail.msn.com/resources/MsnPUpld.cab

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS.3\

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia LTDA - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\ARQUIVOS DE PROGRAMAS\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

[jgarcia 1]

Opa Nee,

 

Ainda há o que fazer.

 

1ª Etapa

 

1. Execute o Killbox, clique em Delete on Reboot.

 

2. Copie a lista abaixo em negrito para a área de transferência. Selecione tudo com o auxílio do mouse --> vá até a aba Editar na barra do navegador --> clique em Copiar.

 

C:\WINDOWS.3\system32\cnkdynyw.dll

C:\WINDOWS.3\system32\xadjtckx.dll

C:\WINDOWS.3\system32\fgupevlo.exe

C:\WINDOWS.3\system32\rbkgukvi.dll

C:\WINDOWS.3\system32\dvqbpvyu.exe

C:\WINDOWS.3\system32\kplnfylf.dll

C:\WINDOWS.3\system32\irtghgnl.exe

C:\WINDOWS.3\system32\xtjtmfhh.dll

C:\WINDOWS.3\system32\lxsqxqxb.exe

C:\WINDOWS.3\system32\rmhmjops.exe

C:\WINDOWS.3\system32\wwdjbggb.exe

C:\WINDOWS.3\system32\lbyajipu.exe

C:\WINDOWS.3\system32\cxsrbyro.exe

C:\WINDOWS.3\system32\pxvwpomn.exe

C:\WINDOWS.3\system32\mrycfnnw.exe

C:\WINDOWS.3\system32\iwwwrbsp.exe

C:\WINDOWS.3\system32\okpmocqb.exe

C:\WINDOWS.3\system32\viaueuxl.exe

C:\WINDOWS.3\system32\ipdlqdjj.exe

C:\WINDOWS.3\system32\ruyhsvok.exe

C:\WINDOWS.3\system32\oqnopjob.exe

C:\WINDOWS.3\system32\oybubojp.exe

C:\WINDOWS.3\system32\wntrrgty.exe

C:\WINDOWS.3\system32\yvwkamys.exe

C:\WINDOWS.3\system32\ncvybqbr.exe

C:\WINDOWS.3\system32\hipifhox.exe

C:\WINDOWS.3\system32\kwqxqxuv.exe

C:\WINDOWS.3\system32\emhkptxx.exe

C:\WINDOWS.3\system32\cgijlaow.exe

C:\WINDOWS.3\system32\rjuyrxps.exe

C:\WINDOWS.3\system32\ultdscaq.exe

C:\WINDOWS.3\system32\bgicsgvt.exe

C:\WINDOWS.3\system32\ndtdrsrw.exe

C:\WINDOWS.3\system32\eskmdnnf.exe

C:\WINDOWS.3\system32\girmovir.dll

C:\WINDOWS.3\system32\qkuduyjr.exe

C:\WINDOWS.3\system32\ehjjohkk.exe

C:\WINDOWS.3\system32\udktjhom.exe

C:\WINDOWS.3\system32\kplukokh.exe

C:\WINDOWS.3\system32\otxmynxx.exe

C:\WINDOWS.3\system32\slrahubo.exe

C:\WINDOWS.3\system32\soryrejg.exe

C:\WINDOWS.3\system32\lmmqluag.exe

C:\WINDOWS.3\system32\dposhbkl.exe

C:\WINDOWS.3\system32\osykhfwt.exe

C:\WINDOWS.3\system32\eswukjwx.exe

C:\WINDOWS.3\system32\uplqowpv.exe

C:\WINDOWS.3\system32\gimwnqbv.exe

C:\WINDOWS.3\system32\kuaaviyu.exe

C:\WINDOWS.3\system32\xsrnsbuy.exe

C:\WINDOWS.3\system32\uwybqawm.exe

C:\WINDOWS.3\system32\umyvoydu.dll

C:\WINDOWS.3\system32\qdrbgqxy.exe

C:\WINDOWS.3\system32\vjlvboon.exe

C:\WINDOWS.3\system32\rjfpijwm.dll

C:\WINDOWS.3\system32\syepetfc.exe

C:\WINDOWS.3\system32\wsvmgwhq.exe

C:\WINDOWS.3\system32\mnwtwqol.exe

C:\WINDOWS.3\system32\xapyebyi.exe

C:\WINDOWS.3\system32\ahqikuvk.exe

C:\WINDOWS.3\system32\auaibypr.exe

C:\WINDOWS.3\system32\axlfxmve.exe

C:\WINDOWS.3\system32\ynapvhcm.exe

C:\WINDOWS.3\system32\fbkpgsyd.exe

C:\WINDOWS.3\system32\hceybehc.exe

C:\WINDOWS.3\system32\uhegnabm.exe

C:\WINDOWS.3\system32\vwrekxaf.exe

C:\WINDOWS.3\system32\byjkbwnv.exe

C:\WINDOWS.3\system32\ndrkpjcs.exe

C:\WINDOWS.3\system32\iddyxbjk.exe

C:\WINDOWS.3\system32\nohhtcsf.dll

C:\WINDOWS.3\system32\unjvcttw.exe

C:\WINDOWS.3\system32\ipfrcuho.exe

C:\WINDOWS.3\system32\cbswnkdt.exe

C:\WINDOWS.3\system32\vjhveeds.exe

C:\WINDOWS.3\system32\qgpwgphh.exe

C:\WINDOWS.3\system32\aqpxkdki.exe

C:\WINDOWS.3\system32\tdiophyy.exe

C:\WINDOWS.3\system32\ffowwgbh.exe

C:\WINDOWS.3\system32\putkcvtp.exe

C:\WINDOWS.3\system32\cejssrvb.exe

C:\WINDOWS.3\system32\bnnrxdqm.exe

 

3. Retorne ao Killbox. Clique em File > Paste from clipboard. Clique em All Files.

 

4. Aperte em "X". Responda "não" à pergunta.

 

É prudente que você faça a impressão deste documento ou salve-o em um lugar de fácil acesso, pois na próxima etapa entraremos em Modo de Seguro e a conexão à internet não será possível.

 

2ª Etapa

 

Reinicie o computador em Modo Seguro.

 

Vá em Iniciar -> Executar -> digite regedit -> dê Ok.

 

Navegue até a seguinte subchave:

 

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg

 

Localize e delete as seguintes pastas:

 

GPLv3

icq.com

 

3ª Etapa

 

Reinicie em Modo Normal.

 

Delete o conteúdo da pasta C:\!Killbox.

 

Poste novos logs do HijackThis e ComboFix.

 

Aguardo retorno.

 

Um abraço.

[Nee 0]

Ola!

Ta ae o que pediu!

 

 

 

"Nee" - 2007-07-27 13:08:13 [GMT -3:00] - ComboFix 07-07-24 - Service Pack 2 NTFS

 

 

((((((((((((((((((((((((( Files Created from 2007-06-27 to 2007-07-27 )))))))))))))))))))))))))))))))

 

 

2007-07-26 21:19 <DIR> d----c--- C:\backups

2007-07-26 21:10 92,672 --a--c--- C:\KillBox.exe

2007-07-26 01:20 51,200 --a------ C:\WINDOWS.3\nircmd.exe

2007-07-25 00:41 <DIR> d----c--- C:\Nova pasta

2007-07-25 00:32 <DIR> d----c--- C:\VundoFix Backups

2007-07-25 00:30 109,056 --a--c--- C:\VundoFix.exe

2007-07-24 19:37 66,112 --a------ C:\WINDOWS.3\system32\fgupevlo.exe

2007-07-24 19:37 126,016 --a------ C:\WINDOWS.3\system32\rbkgukvi.dll

2007-07-24 01:27 218,112 --a--c--- C:\HijackThis.exe

2007-07-23 21:08 66,112 --a------ C:\WINDOWS.3\system32\dvqbpvyu.exe

2007-07-23 21:08 126,016 --a------ C:\WINDOWS.3\system32\kplnfylf.dll

2007-07-23 19:46 66,112 --a------ C:\WINDOWS.3\system32\irtghgnl.exe

2007-07-23 00:44 128,576 --a------ C:\WINDOWS.3\system32\xtjtmfhh.dll

2007-07-23 00:41 66,112 --a------ C:\WINDOWS.3\system32\lxsqxqxb.exe

2007-07-22 23:34 66,112 --a------ C:\WINDOWS.3\system32\rmhmjops.exe

2007-07-22 23:24 66,112 --a------ C:\WINDOWS.3\system32\wwdjbggb.exe

2007-07-22 23:11 66,112 --a------ C:\WINDOWS.3\system32\lbyajipu.exe

2007-07-22 21:56 66,112 --a------ C:\WINDOWS.3\system32\cxsrbyro.exe

2007-07-22 21:37 66,112 --a------ C:\WINDOWS.3\system32\pxvwpomn.exe

2007-07-22 21:18 66,112 --a------ C:\WINDOWS.3\system32\mrycfnnw.exe

2007-07-22 20:52 66,112 --a------ C:\WINDOWS.3\system32\iwwwrbsp.exe

2007-07-22 20:25 66,112 --a------ C:\WINDOWS.3\system32\okpmocqb.exe

2007-07-22 20:00 66,112 --a------ C:\WINDOWS.3\system32\viaueuxl.exe

2007-07-22 19:49 66,112 --a------ C:\WINDOWS.3\system32\ipdlqdjj.exe

2007-07-22 19:29 66,112 --a------ C:\WINDOWS.3\system32\ruyhsvok.exe

2007-07-22 19:15 66,112 --a------ C:\WINDOWS.3\system32\oqnopjob.exe

2007-07-22 19:04 66,112 --a------ C:\WINDOWS.3\system32\oybubojp.exe

2007-07-22 17:57 66,112 --a------ C:\WINDOWS.3\system32\wntrrgty.exe

2007-07-22 16:29 66,112 --a------ C:\WINDOWS.3\system32\yvwkamys.exe

2007-07-22 15:54 66,112 --a------ C:\WINDOWS.3\system32\ncvybqbr.exe

2007-07-22 14:46 66,112 --a------ C:\WINDOWS.3\system32\hipifhox.exe

2007-07-22 14:26 66,112 --a------ C:\WINDOWS.3\system32\kwqxqxuv.exe

2007-07-22 14:04 66,112 --a------ C:\WINDOWS.3\system32\emhkptxx.exe

2007-07-22 12:49 66,112 --a------ C:\WINDOWS.3\system32\cgijlaow.exe

2007-07-22 02:10 66,112 --a------ C:\WINDOWS.3\system32\rjuyrxps.exe

2007-07-22 02:00 66,112 --a------ C:\WINDOWS.3\system32\ultdscaq.exe

2007-07-22 01:49 66,112 --a------ C:\WINDOWS.3\system32\bgicsgvt.exe

2007-07-22 01:34 66,112 --a------ C:\WINDOWS.3\system32\ndtdrsrw.exe

2007-07-22 00:54 66,112 --a------ C:\WINDOWS.3\system32\eskmdnnf.exe

2007-07-22 00:21 128,576 --a------ C:\WINDOWS.3\system32\girmovir.dll

2007-07-22 00:19 66,112 --a------ C:\WINDOWS.3\system32\qkuduyjr.exe

2007-07-22 00:01 66,112 --a------ C:\WINDOWS.3\system32\ehjjohkk.exe

2007-07-21 23:47 66,112 --a------ C:\WINDOWS.3\system32\udktjhom.exe

2007-07-21 23:39 66,112 --a------ C:\WINDOWS.3\system32\kplukokh.exe

2007-07-21 23:33 66,112 --a------ C:\WINDOWS.3\system32\otxmynxx.exe

2007-07-21 23:01 66,112 --a------ C:\WINDOWS.3\system32\slrahubo.exe

2007-07-21 22:44 66,112 --a------ C:\WINDOWS.3\system32\soryrejg.exe

2007-07-21 21:13 66,112 --a------ C:\WINDOWS.3\system32\lmmqluag.exe

2007-07-21 20:54 66,112 --a------ C:\WINDOWS.3\system32\dposhbkl.exe

2007-07-21 20:39 66,112 --a------ C:\WINDOWS.3\system32\osykhfwt.exe

2007-07-21 20:27 66,112 --a------ C:\WINDOWS.3\system32\eswukjwx.exe

2007-07-21 20:15 66,112 --a------ C:\WINDOWS.3\system32\uplqowpv.exe

2007-07-21 20:00 66,112 --a------ C:\WINDOWS.3\system32\gimwnqbv.exe

2007-07-21 19:40 66,112 --a------ C:\WINDOWS.3\system32\kuaaviyu.exe

2007-07-21 19:15 66,112 --a------ C:\WINDOWS.3\system32\xsrnsbuy.exe

2007-07-21 09:03 66,112 --a------ C:\WINDOWS.3\system32\uwybqawm.exe

2007-07-21 09:03 128,576 --a------ C:\WINDOWS.3\system32\umyvoydu.dll

2007-07-21 08:50 66,112 --a------ C:\WINDOWS.3\system32\qdrbgqxy.exe

2007-07-21 08:44 66,112 --a------ C:\WINDOWS.3\system32\vjlvboon.exe

2007-07-20 12:47 128,576 --a------ C:\WINDOWS.3\system32\rjfpijwm.dll

2007-07-20 12:44 66,112 --a------ C:\WINDOWS.3\system32\syepetfc.exe

2007-07-20 12:28 66,112 --a------ C:\WINDOWS.3\system32\wsvmgwhq.exe

2007-07-20 11:17 66,112 --a------ C:\WINDOWS.3\system32\mnwtwqol.exe

2007-07-20 11:15 66,112 --a------ C:\WINDOWS.3\system32\xapyebyi.exe

2007-07-20 11:04 66,112 --a------ C:\WINDOWS.3\system32\ahqikuvk.exe

2007-07-20 10:56 66,112 --a------ C:\WINDOWS.3\system32\auaibypr.exe

2007-07-20 10:52 66,112 --a------ C:\WINDOWS.3\system32\axlfxmve.exe

2007-07-20 10:43 66,112 --a------ C:\WINDOWS.3\system32\ynapvhcm.exe

2007-07-20 10:27 66,112 --a------ C:\WINDOWS.3\system32\fbkpgsyd.exe

2007-07-20 10:12 66,112 --a------ C:\WINDOWS.3\system32\hceybehc.exe

2007-07-20 10:04 66,112 --a------ C:\WINDOWS.3\system32\uhegnabm.exe

2007-07-20 09:49 66,112 --a------ C:\WINDOWS.3\system32\vwrekxaf.exe

2007-07-20 09:39 66,112 --a------ C:\WINDOWS.3\system32\byjkbwnv.exe

2007-07-20 09:29 66,112 --a------ C:\WINDOWS.3\system32\ndrkpjcs.exe

2007-07-20 01:10 <DIR> d----c--- C:\ARQUIVOS DE PROGRAMAS\CCleaner

2007-07-20 00:58 <DIR> d----c--- C:\!KillBox

2007-07-20 00:36 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT

2007-07-20 00:36 <DIR> dr-h----- C:\DOCUME~1\ADMINI~1\Dados de aplicativos

2007-07-20 00:36 <DIR> dr------- C:\DOCUME~1\ADMINI~1\Meus documentos

2007-07-20 00:36 <DIR> dr------- C:\DOCUME~1\ADMINI~1\Menu Iniciar

2007-07-20 00:36 <DIR> dr------- C:\DOCUME~1\ADMINI~1\Favoritos

2007-07-20 00:36 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Modelos

2007-07-20 00:36 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Configura‡äes locais

2007-07-20 00:36 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Ambiente de rede

2007-07-20 00:36 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Ambiente de impressÆo

2007-07-19 23:50 66,112 --a------ C:\WINDOWS.3\system32\iddyxbjk.exe

2007-07-19 23:50 128,576 --a------ C:\WINDOWS.3\system32\nohhtcsf.dll

2007-07-19 23:43 66,112 --a------ C:\WINDOWS.3\system32\unjvcttw.exe

2007-07-19 22:42 66,112 --a------ C:\WINDOWS.3\system32\ipfrcuho.exe

2007-07-19 22:25 66,112 --a------ C:\WINDOWS.3\system32\cbswnkdt.exe

2007-07-19 22:02 66,112 --a------ C:\WINDOWS.3\system32\vjhveeds.exe

2007-07-19 21:47 66,112 --a------ C:\WINDOWS.3\system32\qgpwgphh.exe

2007-07-19 21:37 66,112 --a------ C:\WINDOWS.3\system32\aqpxkdki.exe

2007-07-19 21:31 66,112 --a------ C:\WINDOWS.3\system32\tdiophyy.exe

2007-07-19 19:57 66,112 --a------ C:\WINDOWS.3\system32\ffowwgbh.exe

2007-07-19 19:40 66,112 --a------ C:\WINDOWS.3\system32\putkcvtp.exe

2007-07-19 19:18 66,112 --a------ C:\WINDOWS.3\system32\cejssrvb.exe

2007-07-19 18:25 66,112 --a------ C:\WINDOWS.3\system32\bnnrxdqm.exe

2007-07-19 14:54 66,112 --a------ C:\WINDOWS.3\system32\udlbfora.exe

2007-07-18 22:10 95,872 --a------ C:\WINDOWS.3\system32\AvastSS.scr

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-07-27 16:06:55 -------- d-----w C:\Arquivos de programas\eMule

2007-07-27 15:59:04 65,972 --sha-w C:\WINDOWS.3\system32\drivers\fidbox2.idx

2007-07-27 15:59:03 307,220 --sha-w C:\WINDOWS.3\system32\drivers\fidbox.idx

2007-07-24 00:21:51 -------- d-----w C:\Arquivos de programas\Picasa2

2007-07-15 04:30:54 -------- d-----w C:\DOCUME~1\Renee\DADOSD~1\Skype

2007-07-04 17:04:11 -------- d-----w C:\DOCUME~1\Renee\DADOSD~1\Vso

2007-07-04 16:58:50 -------- d-----w C:\Arquivos de programas\hp deskjet 3820 series

2007-07-04 01:32:13 -------- d-----w C:\Arquivos de programas\Webteh

2007-06-21 15:14:36 2,560 ----a-w C:\WINDOWS.3\_MSRSTRT.EXE

2007-05-28 04:36:47 -------- d-----w C:\Arquivos de programas\DigiPix

2007-05-27 04:19:01 -------- d-----w C:\DOCUME~1\Renee\DADOSD~1\BSplayer Pro

2007-05-16 15:13:54 683,520 ----a-w C:\WINDOWS.3\system32\inetcomm.dll

2007-05-07 21:09:10 3,994 ----a-w C:\WINDOWS.3\system32\msnobj.dll

2007-05-07 21:06:46 9,293 ----a-w C:\WINDOWS.3\system32\msnprint.dll

2007-05-06 18:08:52 21,764 ----a-w C:\WINDOWS.3\system32\CoreAAC-uninstall.exe

2007-04-16 03:15:09 87,608 ----a-w C:\DOCUME~1\Renee\DADOSD~1\ezpinst.exe

2007-04-16 03:15:09 47,360 ----a-w C:\DOCUME~1\Renee\DADOSD~1\pcouffin.sys

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 12:42]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS.3\system32\ctfmon.exe" [2004-08-04 09:00]

"msnmsgr"="C:\ARQUIVOS DE PROGRAMAS\MSN Messenger\msnmsgr.exe" [2006-01-24 20:31]

"eMuleAutoStart"="C:\ARQUIVOS DE PROGRAMAS\eMule\emule.exe" [2007-05-13 11:57]

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"swg"=C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

"msnmsgr"="C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= C:\WINDOWS.3\Downloaded Program Files\gbieh.dll [2007-02-22 15:00 228392]

 

R0 uagp35;Filtro Microsoft AGPv3.5;C:\WINDOWS.3\system32\DRIVERS\uagp35.sys

R1 Klmc;Klmc;C:\WINDOWS.3\system32\drivers\klmc.sys

R1 sdcplh;sdcplh;C:\WINDOWS.3\system32\drivers\sdcplh.sys

R2 sbbotdi;sbbotdi;\??\C:\ARQUIV~1\SPEEDB~1\sbbotdi.sys

R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver;C:\WINDOWS.3\system32\DRIVERS\fetnd5.sys

R3 pcouffin;VSO Software pcouffin;C:\WINDOWS.3\system32\Drivers\pcouffin.sys

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);C:\WINDOWS.3\system32\DRIVERS\RMSPPPOE.SYS

R3 smserial;smserial;C:\WINDOWS.3\system32\DRIVERS\smserial.sys

R3 viagfx;viagfx;C:\WINDOWS.3\system32\DRIVERS\vtmini.sys

S2 GbpSv;Gbp Service;C:\Arquivos de programas\GbPlugin\GbpSv.exe

S2 InCDsrvR;InCD Helper (read only);C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe -r

S3 876638dd-d956-4299-af26-ba800e4aa7e9;876638dd-d956-4299-af26-ba800e4aa7e9;\??\D:\Player\cds300.dll

S3 ROOTMODEM;Microsoft Legacy Modem Driver;C:\WINDOWS.3\system32\Drivers\RootMdm.sys

S3 usbser;Motorola USB Modem Driver;C:\WINDOWS.3\system32\DRIVERS\usbser.sys

 

 

**************************************************************************

 

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-07-27 13:09:54

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden registry entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

Completion time: 2007-07-27 13:11:04

C:\ComboFix-quarantined-files.txt ... 2007-07-27 13:10

C:\ComboFix2.txt ... 2007-07-27 00:42

C:\ComboFix3.txt ... 2007-07-26 01:29

 

--- E O F ---

 

 

Logfile of HijackThis v1.99.1

Scan saved at 13:07:40, on 27/7/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

 

Running processes:

C:\WINDOWS.3\System32\smss.exe

C:\WINDOWS.3\system32\winlogon.exe

C:\WINDOWS.3\system32\services.exe

C:\WINDOWS.3\system32\lsass.exe

C:\WINDOWS.3\system32\svchost.exe

C:\WINDOWS.3\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS.3\system32\spoolsv.exe

C:\WINDOWS.3\Explorer.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS.3\system32\ctfmon.exe

C:\ARQUIVOS DE PROGRAMAS\MSN Messenger\msnmsgr.exe

C:\ARQUIVOS DE PROGRAMAS\eMule\emule.exe

C:\WINDOWS.3\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\HijackThis.exe

 

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\ARQUIVOS DE PROGRAMAS\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\ARQUIV~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Arquivos de programas\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS.3\Downloaded Program Files\gbieh.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.3\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\ARQUIVOS DE PROGRAMAS\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [eMuleAutoStart] C:\ARQUIVOS DE PROGRAMAS\eMule\emule.exe -AutoStart

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by112fd.bay112.hotmail.msn.com/resources/MsnPUpld.cab

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS.3\

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia LTDA - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\ARQUIVOS DE PROGRAMAS\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

[jgarcia 1]

Opa Nee,

 

1. Baixe o Removal Tool Vundo.

 

2. Salve a ferramenta em um local de fácil acesso, preferencialmente em seu Desktop.

 

3. Feche todos os programas e desconecte a internet.

 

4. Desabilite o Sistema de Restauração Automática do XP.

 

5. Dê duplo-clique sobre o FixVundo.exe, clique em Start e aguarde o término do scan.

 

6. Reinicie o PC.

 

7. Execute a ferramenta mais uma vez.

 

8. Retorne com o resultado e um novo log do ComboFix.

 

Abraços.

[Nee 0]

Ola!!

Somente relatando: Qdo entro no msn ele trava um pouco ae depois que entra!

Nesse pc usam duas pessoas com logins diferentes, tem algum prb?!

Fiz o que mandou:

 

Symantec Trojan.Vundo Removal Tool 1.5.0

 

C:\1d9c27802bda7e76cce3657f9dcb\update: (not scanned)

C:\Documents and Settings\Convidado\Meus documentos\Renee: (not scanned)

C:\Documents and Settings\João Neto: (not scanned)

C:\Documents and Settings\João Neto.JOÃONETO: (not scanned)

C:\Documents and Settings\João Neto.Neto: (not scanned)

C:\RECYCLER\S-1-5-21-417496965-2970203109-520849232-1005\Dc1: (not scanned)

C:\RECYCLER\S-1-5-21-417496965-2970203109-520849232-1005\Dc14: (not scanned)

C:\RECYCLER\S-1-5-21-417496965-2970203109-520849232-1005\Dc17: (not scanned)

C:\RECYCLER\S-1-5-21-417496965-2970203109-520849232-1005\Dc6: (not scanned)

C:\RECYCLER\S-1-5-21-716811538-1831105074-2110274559-1005\Dc2497: (not scanned)

C:\RECYCLER\S-1-5-21-716811538-1831105074-2110274559-1005\Dc2498: (not scanned)

C:\RECYCLER\S-1-5-21-716811538-1831105074-2110274559-1005\Dc2558: (not scanned)

C:\RECYCLER\S-1-5-21-716811538-1831105074-2110274559-1005\Dc2559: (not scanned)

C:\RECYCLER\S-1-5-21-716811538-1831105074-2110274559-1005\Dc2759: (not scanned)

C:\RECYCLER\S-1-5-21-716811538-1831105074-2110274559-1005\Dc2824: (not scanned)

C:\RECYCLER\S-1-5-21-716811538-1831105074-2110274559-1005\Dc2825: (not scanned)

C:\RECYCLER\S-1-5-21-716811538-1831105074-2110274559-1005\Dc2826: (not scanned)

C:\RECYCLER\S-1-5-21-716811538-1831105074-2110274559-1005\Dc2827: (not scanned)

C:\RECYCLER\S-1-5-21-716811538-1831105074-2110274559-1005\Dc2830: (not scanned)

C:\RECYCLER\S-1-5-21-716811538-1831105074-2110274559-1005\Dc2831: (not scanned)

C:\RECYCLER\S-1-5-21-716811538-1831105074-2110274559-1005\Dc2832: (not scanned)

C:\RECYCLER\S-1-5-21-716811538-1831105074-2110274559-1005\Dc2839: (not scanned)

C:\RECYCLER\S-1-5-21-716811538-1831105074-2110274559-1005\Dc2840: (not scanned)

C:\RECYCLER\S-1-5-21-716811538-1831105074-2110274559-1005\Dc2841: (not scanned)

C:\RECYCLER\S-1-5-21-716811538-1831105074-2110274559-1005\Dc2842: (not scanned)

C:\System Volume Information: (not scanned)

Trojan.Vundo has not been found on your computer.

 

 

"Renee" - 2007-07-27 23:54:33 [GMT -3:00] - ComboFix 07-07-24 - Service Pack 2 NTFS

 

 

((((((((((((((((((((((((( Files Created from 2007-06-28 to 2007-07-28 )))))))))))))))))))))))))))))))

 

 

2007-07-27 23:21 0 --a------ C:\ntuser.dat

2007-07-26 21:19 <DIR> d----c--- C:\backups

2007-07-26 21:10 92,672 --a--c--- C:\KillBox.exe

2007-07-26 01:20 51,200 --a------ C:\WINDOWS.3\nircmd.exe

2007-07-25 00:41 <DIR> d----c--- C:\Nova pasta

2007-07-25 00:32 <DIR> d----c--- C:\VundoFix Backups

2007-07-25 00:30 109,056 --a--c--- C:\VundoFix.exe

2007-07-24 19:37 66,112 --a------ C:\WINDOWS.3\system32\fgupevlo.exe

2007-07-24 19:37 126,016 --a------ C:\WINDOWS.3\system32\rbkgukvi.dll

2007-07-24 01:27 218,112 --a--c--- C:\HijackThis.exe

2007-07-23 21:08 66,112 --a------ C:\WINDOWS.3\system32\dvqbpvyu.exe

2007-07-23 21:08 126,016 --a------ C:\WINDOWS.3\system32\kplnfylf.dll

2007-07-23 19:46 66,112 --a------ C:\WINDOWS.3\system32\irtghgnl.exe

2007-07-23 00:44 128,576 --a------ C:\WINDOWS.3\system32\xtjtmfhh.dll

2007-07-23 00:41 66,112 --a------ C:\WINDOWS.3\system32\lxsqxqxb.exe

2007-07-22 23:34 66,112 --a------ C:\WINDOWS.3\system32\rmhmjops.exe

2007-07-22 23:24 66,112 --a------ C:\WINDOWS.3\system32\wwdjbggb.exe

2007-07-22 23:11 66,112 --a------ C:\WINDOWS.3\system32\lbyajipu.exe

2007-07-22 21:56 66,112 --a------ C:\WINDOWS.3\system32\cxsrbyro.exe

2007-07-22 21:37 66,112 --a------ C:\WINDOWS.3\system32\pxvwpomn.exe

2007-07-22 21:18 66,112 --a------ C:\WINDOWS.3\system32\mrycfnnw.exe

2007-07-22 20:52 66,112 --a------ C:\WINDOWS.3\system32\iwwwrbsp.exe

2007-07-22 20:25 66,112 --a------ C:\WINDOWS.3\system32\okpmocqb.exe

2007-07-22 20:00 66,112 --a------ C:\WINDOWS.3\system32\viaueuxl.exe

2007-07-22 19:49 66,112 --a------ C:\WINDOWS.3\system32\ipdlqdjj.exe

2007-07-22 19:29 66,112 --a------ C:\WINDOWS.3\system32\ruyhsvok.exe

2007-07-22 19:15 66,112 --a------ C:\WINDOWS.3\system32\oqnopjob.exe

2007-07-22 19:04 66,112 --a------ C:\WINDOWS.3\system32\oybubojp.exe

2007-07-22 17:57 66,112 --a------ C:\WINDOWS.3\system32\wntrrgty.exe

2007-07-22 16:29 66,112 --a------ C:\WINDOWS.3\system32\yvwkamys.exe

2007-07-22 15:54 66,112 --a------ C:\WINDOWS.3\system32\ncvybqbr.exe

2007-07-22 14:46 66,112 --a------ C:\WINDOWS.3\system32\hipifhox.exe

2007-07-22 14:26 66,112 --a------ C:\WINDOWS.3\system32\kwqxqxuv.exe

2007-07-22 14:04 66,112 --a------ C:\WINDOWS.3\system32\emhkptxx.exe

2007-07-22 12:49 66,112 --a------ C:\WINDOWS.3\system32\cgijlaow.exe

2007-07-22 02:10 66,112 --a------ C:\WINDOWS.3\system32\rjuyrxps.exe

2007-07-22 02:00 66,112 --a------ C:\WINDOWS.3\system32\ultdscaq.exe

2007-07-22 01:49 66,112 --a------ C:\WINDOWS.3\system32\bgicsgvt.exe

2007-07-22 01:34 66,112 --a------ C:\WINDOWS.3\system32\ndtdrsrw.exe

2007-07-22 00:54 66,112 --a------ C:\WINDOWS.3\system32\eskmdnnf.exe

2007-07-22 00:21 128,576 --a------ C:\WINDOWS.3\system32\girmovir.dll

2007-07-22 00:19 66,112 --a------ C:\WINDOWS.3\system32\qkuduyjr.exe

2007-07-22 00:01 66,112 --a------ C:\WINDOWS.3\system32\ehjjohkk.exe

2007-07-21 23:47 66,112 --a------ C:\WINDOWS.3\system32\udktjhom.exe

2007-07-21 23:39 66,112 --a------ C:\WINDOWS.3\system32\kplukokh.exe

2007-07-21 23:33 66,112 --a------ C:\WINDOWS.3\system32\otxmynxx.exe

2007-07-21 23:01 66,112 --a------ C:\WINDOWS.3\system32\slrahubo.exe

2007-07-21 22:44 66,112 --a------ C:\WINDOWS.3\system32\soryrejg.exe

2007-07-21 21:13 66,112 --a------ C:\WINDOWS.3\system32\lmmqluag.exe

2007-07-21 20:54 66,112 --a------ C:\WINDOWS.3\system32\dposhbkl.exe

2007-07-21 20:39 66,112 --a------ C:\WINDOWS.3\system32\osykhfwt.exe

2007-07-21 20:27 66,112 --a------ C:\WINDOWS.3\system32\eswukjwx.exe

2007-07-21 20:15 66,112 --a------ C:\WINDOWS.3\system32\uplqowpv.exe

2007-07-21 20:00 66,112 --a------ C:\WINDOWS.3\system32\gimwnqbv.exe

2007-07-21 19:40 66,112 --a------ C:\WINDOWS.3\system32\kuaaviyu.exe

2007-07-21 19:15 66,112 --a------ C:\WINDOWS.3\system32\xsrnsbuy.exe

2007-07-21 09:03 66,112 --a------ C:\WINDOWS.3\system32\uwybqawm.exe

2007-07-21 09:03 128,576 --a------ C:\WINDOWS.3\system32\umyvoydu.dll

2007-07-21 08:50 66,112 --a------ C:\WINDOWS.3\system32\qdrbgqxy.exe

2007-07-21 08:44 66,112 --a------ C:\WINDOWS.3\system32\vjlvboon.exe

2007-07-20 12:47 128,576 --a------ C:\WINDOWS.3\system32\rjfpijwm.dll

2007-07-20 12:44 66,112 --a------ C:\WINDOWS.3\system32\syepetfc.exe

2007-07-20 12:28 66,112 --a------ C:\WINDOWS.3\system32\wsvmgwhq.exe

2007-07-20 11:17 66,112 --a------ C:\WINDOWS.3\system32\mnwtwqol.exe

2007-07-20 11:15 66,112 --a------ C:\WINDOWS.3\system32\xapyebyi.exe

2007-07-20 11:04 66,112 --a------ C:\WINDOWS.3\system32\ahqikuvk.exe

2007-07-20 10:56 66,112 --a------ C:\WINDOWS.3\system32\auaibypr.exe

2007-07-20 10:52 66,112 --a------ C:\WINDOWS.3\system32\axlfxmve.exe

2007-07-20 10:43 66,112 --a------ C:\WINDOWS.3\system32\ynapvhcm.exe

2007-07-20 10:27 66,112 --a------ C:\WINDOWS.3\system32\fbkpgsyd.exe

2007-07-20 10:12 66,112 --a------ C:\WINDOWS.3\system32\hceybehc.exe

2007-07-20 10:04 66,112 --a------ C:\WINDOWS.3\system32\uhegnabm.exe

2007-07-20 09:49 66,112 --a------ C:\WINDOWS.3\system32\vwrekxaf.exe

2007-07-20 09:39 66,112 --a------ C:\WINDOWS.3\system32\byjkbwnv.exe

2007-07-20 09:29 66,112 --a------ C:\WINDOWS.3\system32\ndrkpjcs.exe

2007-07-20 01:10 <DIR> d----c--- C:\ARQUIVOS DE PROGRAMAS\CCleaner

2007-07-20 00:58 <DIR> d----c--- C:\!KillBox

2007-07-20 00:36 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT

2007-07-20 00:36 <DIR> dr-h----- C:\DOCUME~1\ADMINI~1\Dados de aplicativos

2007-07-20 00:36 <DIR> dr------- C:\DOCUME~1\ADMINI~1\Meus documentos

2007-07-20 00:36 <DIR> dr------- C:\DOCUME~1\ADMINI~1\Menu Iniciar

2007-07-20 00:36 <DIR> dr------- C:\DOCUME~1\ADMINI~1\Favoritos

2007-07-20 00:36 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Modelos

2007-07-20 00:36 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Configura‡äes locais

2007-07-20 00:36 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Ambiente de rede

2007-07-20 00:36 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Ambiente de impressÆo

2007-07-19 23:50 66,112 --a------ C:\WINDOWS.3\system32\iddyxbjk.exe

2007-07-19 23:50 128,576 --a------ C:\WINDOWS.3\system32\nohhtcsf.dll

2007-07-19 23:43 66,112 --a------ C:\WINDOWS.3\system32\unjvcttw.exe

2007-07-19 22:42 66,112 --a------ C:\WINDOWS.3\system32\ipfrcuho.exe

2007-07-19 22:25 66,112 --a------ C:\WINDOWS.3\system32\cbswnkdt.exe

2007-07-19 22:02 66,112 --a------ C:\WINDOWS.3\system32\vjhveeds.exe

2007-07-19 21:47 66,112 --a------ C:\WINDOWS.3\system32\qgpwgphh.exe

2007-07-19 21:37 66,112 --a------ C:\WINDOWS.3\system32\aqpxkdki.exe

2007-07-19 21:31 66,112 --a------ C:\WINDOWS.3\system32\tdiophyy.exe

2007-07-19 19:57 66,112 --a------ C:\WINDOWS.3\system32\ffowwgbh.exe

2007-07-19 19:40 66,112 --a------ C:\WINDOWS.3\system32\putkcvtp.exe

2007-07-19 19:18 66,112 --a------ C:\WINDOWS.3\system32\cejssrvb.exe

2007-07-19 18:25 66,112 --a------ C:\WINDOWS.3\system32\bnnrxdqm.exe

2007-07-19 14:54 66,112 --a------ C:\WINDOWS.3\system32\udlbfora.exe

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-07-28 02:42:49 -------- d-----w C:\Arquivos de programas\eMule

2007-07-28 02:37:12 66,428 --sha-w C:\WINDOWS.3\system32\drivers\fidbox2.idx

2007-07-28 02:37:11 318,284 --sha-w C:\WINDOWS.3\system32\drivers\fidbox.idx

2007-07-24 00:21:51 -------- d-----w C:\Arquivos de programas\Picasa2

2007-07-15 04:30:54 -------- d-----w C:\DOCUME~1\Renee\DADOSD~1\Skype

2007-07-04 17:04:11 -------- d-----w C:\DOCUME~1\Renee\DADOSD~1\Vso

2007-07-04 16:58:50 -------- d-----w C:\Arquivos de programas\hp deskjet 3820 series

2007-07-04 01:32:13 -------- d-----w C:\Arquivos de programas\Webteh

2007-06-21 15:14:36 2,560 ----a-w C:\WINDOWS.3\_MSRSTRT.EXE

2007-05-28 04:36:47 -------- d-----w C:\Arquivos de programas\DigiPix

2007-05-16 15:13:54 683,520 ----a-w C:\WINDOWS.3\system32\inetcomm.dll

2007-05-07 21:09:10 3,994 ----a-w C:\WINDOWS.3\system32\msnobj.dll

2007-05-07 21:06:46 9,293 ----a-w C:\WINDOWS.3\system32\msnprint.dll

2007-05-06 18:08:52 21,764 ----a-w C:\WINDOWS.3\system32\CoreAAC-uninstall.exe

2007-04-16 03:15:09 87,608 ----a-w C:\DOCUME~1\Renee\DADOSD~1\ezpinst.exe

2007-04-16 03:15:09 47,360 ----a-w C:\DOCUME~1\Renee\DADOSD~1\pcouffin.sys

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 12:42]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS.3\system32\ctfmon.exe" [2004-08-04 09:00]

"msnmsgr"="C:\ARQUIVOS DE PROGRAMAS\MSN Messenger\msnmsgr.exe" [2006-01-24 20:31]

"eMuleAutoStart"="C:\ARQUIVOS DE PROGRAMAS\eMule\emule.exe" [2007-05-13 11:57]

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"swg"=C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

"msnmsgr"="C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= C:\WINDOWS.3\Downloaded Program Files\gbieh.dll [2007-02-22 15:00 228392]

 

R0 uagp35;Filtro Microsoft AGPv3.5;C:\WINDOWS.3\system32\DRIVERS\uagp35.sys

R1 Klmc;Klmc;C:\WINDOWS.3\system32\drivers\klmc.sys

R1 sdcplh;sdcplh;C:\WINDOWS.3\system32\drivers\sdcplh.sys

R2 sbbotdi;sbbotdi;\??\C:\ARQUIV~1\SPEEDB~1\sbbotdi.sys

R3 pcouffin;VSO Software pcouffin;C:\WINDOWS.3\system32\Drivers\pcouffin.sys

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);C:\WINDOWS.3\system32\DRIVERS\RMSPPPOE.SYS

R3 smserial;smserial;C:\WINDOWS.3\system32\DRIVERS\smserial.sys

R3 viagfx;viagfx;C:\WINDOWS.3\system32\DRIVERS\vtmini.sys

S2 GbpSv;Gbp Service;C:\Arquivos de programas\GbPlugin\GbpSv.exe

S2 InCDsrvR;InCD Helper (read only);C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe -r

S3 876638dd-d956-4299-af26-ba800e4aa7e9;876638dd-d956-4299-af26-ba800e4aa7e9;\??\D:\Player\cds300.dll

S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver;C:\WINDOWS.3\system32\DRIVERS\fetnd5.sys

S3 ROOTMODEM;Microsoft Legacy Modem Driver;C:\WINDOWS.3\system32\Drivers\RootMdm.sys

S3 usbser;Motorola USB Modem Driver;C:\WINDOWS.3\system32\DRIVERS\usbser.sys

 

 

**************************************************************************

 

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-07-27 23:55:54

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden registry entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

Completion time: 2007-07-27 23:56:51

C:\ComboFix-quarantined-files.txt ... 2007-07-27 23:56

C:\ComboFix2.txt ... 2007-07-27 13:11

C:\ComboFix3.txt ... 2007-07-27 00:42

 

--- E O F ---

[jgarcia 1]

Opa Nee,

 

Execute o VundoFix novamente e retorne com o resultado.

 

Abraços.

[Nee 0]

Eu fiz o que pediu, mais naum acho nd!Ae esta o log!Continua pesado qdo inicio o msn!Te maisVundoFix V6.5.6Checking Java version...Sun Java not detectedScan started at 22:02:23 31/7/2007Listing files found while scanning....No infected files were found.Beginning removal...

[jgarcia 1]

Opa Nee,

 

Execute o Scan Online da Kaspersky e retorne com o resultado.

 

Abraços.

[Nee 0]

Ola!Fiz o que pediu, mais naum acho nd o scan!E continua a demorar a entrar no msn!ate mais

[Nee 0]

Esqueci de postar o log, mais acho que naum achou nd!Friday, August 03, 2007 10:31:44 PMOperating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)Kaspersky Online Scanner version: 5.0.83.0Kaspersky Anti-Virus database last update: 4/08/2007Kaspersky Anti-Virus database records: 349696 Scan Settings Scan using the following antivirus database standard Scan Archives true Scan Mail Bases true Scan Target Critical Areas C:\WINDOWS.3C:\DOCUME~1\Renee\CONFIG~1\Temp\ Scan Statistics Total number of scanned objects 14373 Number of viruses found 0 Number of infected objects 0 / 0 Number of suspicious objects 0 Duration of the scan process 00:12:26 Infected Object Name Virus Name Last Action C:\WINDOWS.3\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS.3\Downloaded Program Files\gbieh.dll Object is locked skipped C:\WINDOWS.3\SchedLgU.Txt Object is locked skipped C:\WINDOWS.3\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS.3\Sti_Trace.log Object is locked skipped C:\WINDOWS.3\system32\adciwvxo.dll Object is locked skipped C:\WINDOWS.3\system32\ahqikuvk.exe Object is locked skipped C:\WINDOWS.3\system32\ahqtotte.dll Object is locked skipped C:\WINDOWS.3\system32\apuuedxv.dll Object is locked skipped C:\WINDOWS.3\system32\aqpxkdki.exe Object is locked skipped C:\WINDOWS.3\system32\auaibypr.exe Object is locked skipped C:\WINDOWS.3\system32\axlfxmve.exe Object is locked skipped C:\WINDOWS.3\system32\bgicsgvt.exe Object is locked skipped C:\WINDOWS.3\system32\bnnrxdqm.exe Object is locked skipped C:\WINDOWS.3\system32\bvelpiig.exe Object is locked skipped C:\WINDOWS.3\system32\byjkbwnv.exe Object is locked skipped C:\WINDOWS.3\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS.3\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS.3\system32\cbswnkdt.exe Object is locked skipped C:\WINDOWS.3\system32\cejssrvb.exe Object is locked skipped C:\WINDOWS.3\system32\cgijlaow.exe Object is locked skipped C:\WINDOWS.3\system32\cgwnslbj.dll Object is locked skipped C:\WINDOWS.3\system32\clmiuxna.dll Object is locked skipped C:\WINDOWS.3\system32\config\Antivirus.Evt Object is locked skipped C:\WINDOWS.3\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS.3\system32\config\default Object is locked skipped C:\WINDOWS.3\system32\config\default.LOG Object is locked skipped C:\WINDOWS.3\system32\config\Internet.evt Object is locked skipped C:\WINDOWS.3\system32\config\SAM Object is locked skipped C:\WINDOWS.3\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS.3\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS.3\system32\config\SECURITY Object is locked skipped C:\WINDOWS.3\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS.3\system32\config\software Object is locked skipped C:\WINDOWS.3\system32\config\software.LOG Object is locked skipped C:\WINDOWS.3\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS.3\system32\config\system Object is locked skipped C:\WINDOWS.3\system32\config\system.LOG Object is locked skipped C:\WINDOWS.3\system32\cxsrbyro.exe Object is locked skipped C:\WINDOWS.3\system32\dposhbkl.exe Object is locked skipped C:\WINDOWS.3\system32\drivers\fidbox.dat Object is locked skipped C:\WINDOWS.3\system32\drivers\fidbox.idx Object is locked skipped C:\WINDOWS.3\system32\drivers\fidbox2.dat Object is locked skipped C:\WINDOWS.3\system32\drivers\fidbox2.idx Object is locked skipped C:\WINDOWS.3\system32\dvqbpvyu.exe Object is locked skipped C:\WINDOWS.3\system32\ehjjohkk.exe Object is locked skipped C:\WINDOWS.3\system32\emhkptxx.exe Object is locked skipped C:\WINDOWS.3\system32\eskmdnnf.exe Object is locked skipped C:\WINDOWS.3\system32\eswukjwx.exe Object is locked skipped C:\WINDOWS.3\system32\fbkpgsyd.exe Object is locked skipped C:\WINDOWS.3\system32\ffowwgbh.exe Object is locked skipped C:\WINDOWS.3\system32\fgupevlo.exe Object is locked skipped C:\WINDOWS.3\system32\fhiscuuv.dll Object is locked skipped C:\WINDOWS.3\system32\flpndqko.dll Object is locked skipped C:\WINDOWS.3\system32\fovlhkox.dll Object is locked skipped C:\WINDOWS.3\system32\fuecmvve.dll Object is locked skipped C:\WINDOWS.3\system32\gimwnqbv.exe Object is locked skipped C:\WINDOWS.3\system32\girmovir.dll Object is locked skipped C:\WINDOWS.3\system32\gumqeffs.exe Object is locked skipped C:\WINDOWS.3\system32\h323log.txt Object is locked skipped C:\WINDOWS.3\system32\hceybehc.exe Object is locked skipped C:\WINDOWS.3\system32\hipifhox.exe Object is locked skipped C:\WINDOWS.3\system32\hlrnitis.dll Object is locked skipped C:\WINDOWS.3\system32\hqlxqubw.dll Object is locked skipped C:\WINDOWS.3\system32\iddyxbjk.exe Object is locked skipped C:\WINDOWS.3\system32\ipdlqdjj.exe Object is locked skipped C:\WINDOWS.3\system32\ipfrcuho.exe Object is locked skipped C:\WINDOWS.3\system32\irtghgnl.exe Object is locked skipped C:\WINDOWS.3\system32\iwwwrbsp.exe Object is locked skipped C:\WINDOWS.3\system32\jaxtrulg.dll Object is locked skipped C:\WINDOWS.3\system32\jqdconfp.exe Object is locked skipped C:\WINDOWS.3\system32\kplukokh.exe Object is locked skipped C:\WINDOWS.3\system32\kuaaviyu.exe Object is locked skipped C:\WINDOWS.3\system32\kwqxqxuv.exe Object is locked skipped C:\WINDOWS.3\system32\lbyajipu.exe Object is locked skipped C:\WINDOWS.3\system32\lhooisxl.exe Object is locked skipped C:\WINDOWS.3\system32\lmmqluag.exe Object is locked skipped C:\WINDOWS.3\system32\lxsqxqxb.exe Object is locked skipped C:\WINDOWS.3\system32\mnwtwqol.exe Object is locked skipped C:\WINDOWS.3\system32\mrycfnnw.exe Object is locked skipped C:\WINDOWS.3\system32\ncvybqbr.exe Object is locked skipped C:\WINDOWS.3\system32\ndrkpjcs.exe Object is locked skipped C:\WINDOWS.3\system32\ndtdrsrw.exe Object is locked skipped C:\WINDOWS.3\system32\njjdvayf.dll Object is locked skipped C:\WINDOWS.3\system32\nohhtcsf.dll Object is locked skipped C:\WINDOWS.3\system32\nwsmoqeb.dll Object is locked skipped C:\WINDOWS.3\system32\nynvjskk.dll Object is locked skipped C:\WINDOWS.3\system32\okpmocqb.exe Object is locked skipped C:\WINDOWS.3\system32\oqnopjob.exe Object is locked skipped C:\WINDOWS.3\system32\osykhfwt.exe Object is locked skipped C:\WINDOWS.3\system32\otxmynxx.exe Object is locked skipped C:\WINDOWS.3\system32\owedrych.dll Object is locked skipped C:\WINDOWS.3\system32\oybubojp.exe Object is locked skipped C:\WINDOWS.3\system32\pddsdysq.dll Object is locked skipped C:\WINDOWS.3\system32\putkcvtp.exe Object is locked skipped C:\WINDOWS.3\system32\pvuvqxbm.exe Object is locked skipped C:\WINDOWS.3\system32\pxvwpomn.exe Object is locked skipped C:\WINDOWS.3\system32\qdrbgqxy.exe Object is locked skipped C:\WINDOWS.3\system32\qglnnlyy.dll Object is locked skipped C:\WINDOWS.3\system32\qgpwgphh.exe Object is locked skipped C:\WINDOWS.3\system32\qkaelsnn.dll Object is locked skipped C:\WINDOWS.3\system32\qkuduyjr.exe Object is locked skipped C:\WINDOWS.3\system32\qswsvrep.dll Object is locked skipped C:\WINDOWS.3\system32\rbkgukvi.dll Object is locked skipped C:\WINDOWS.3\system32\rjfpijwm.dll Object is locked skipped C:\WINDOWS.3\system32\rjuyrxps.exe Object is locked skipped C:\WINDOWS.3\system32\rmhmjops.exe Object is locked skipped C:\WINDOWS.3\system32\ruyhsvok.exe Object is locked skipped C:\WINDOWS.3\system32\rxylbrtw.exe Object is locked skipped C:\WINDOWS.3\system32\sbpovttk.dll Object is locked skipped C:\WINDOWS.3\system32\slrahubo.exe Object is locked skipped C:\WINDOWS.3\system32\soryrejg.exe Object is locked skipped C:\WINDOWS.3\system32\syepetfc.exe Object is locked skipped C:\WINDOWS.3\system32\tdiophyy.exe Object is locked skipped C:\WINDOWS.3\system32\tkgwwvsn.exe Object is locked skipped C:\WINDOWS.3\system32\ucmokmyx.dll Object is locked skipped C:\WINDOWS.3\system32\ucthvdfd.dll Object is locked skipped C:\WINDOWS.3\system32\udktjhom.exe Object is locked skipped C:\WINDOWS.3\system32\udlbfora.exe Object is locked skipped C:\WINDOWS.3\system32\uhegnabm.exe Object is locked skipped C:\WINDOWS.3\system32\uhypnjev.dll Object is locked skipped C:\WINDOWS.3\system32\ultdscaq.exe Object is locked skipped C:\WINDOWS.3\system32\umyvoydu.dll Object is locked skipped C:\WINDOWS.3\system32\unjvcttw.exe Object is locked skipped C:\WINDOWS.3\system32\uplqowpv.exe Object is locked skipped C:\WINDOWS.3\system32\uwybqawm.exe Object is locked skipped C:\WINDOWS.3\system32\viaueuxl.exe Object is locked skipped C:\WINDOWS.3\system32\vjhveeds.exe Object is locked skipped C:\WINDOWS.3\system32\vjlvboon.exe Object is locked skipped C:\WINDOWS.3\system32\vnvrwluf.dll Object is locked skipped C:\WINDOWS.3\system32\vwrekxaf.exe Object is locked skipped C:\WINDOWS.3\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS.3\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS.3\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS.3\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS.3\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS.3\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS.3\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS.3\system32\wnefwvao.exe Object is locked skipped C:\WINDOWS.3\system32\wntrrgty.exe Object is locked skipped C:\WINDOWS.3\system32\wsvmgwhq.exe Object is locked skipped C:\WINDOWS.3\system32\wwdjbggb.exe Object is locked skipped C:\WINDOWS.3\system32\xadjtckx.dll Object is locked skipped C:\WINDOWS.3\system32\xapyebyi.exe Object is locked skipped C:\WINDOWS.3\system32\xsrnsbuy.exe Object is locked skipped C:\WINDOWS.3\system32\xtjtmfhh.dll Object is locked skipped C:\WINDOWS.3\system32\ymkncfkk.exe Object is locked skipped C:\WINDOWS.3\system32\ynapvhcm.exe Object is locked skipped C:\WINDOWS.3\system32\ynscqbuk.exe Object is locked skipped C:\WINDOWS.3\system32\ysgovhlg.exe Object is locked skipped C:\WINDOWS.3\system32\yvwkamys.exe Object is locked skipped C:\WINDOWS.3\system32\yybnrhab.dll Object is locked skipped C:\WINDOWS.3\Temp\Perflib_Perfdata_5d8.dat Object is locked skipped C:\WINDOWS.3\Temp\_avast4_\Webshlock.txt Object is locked skipped C:\WINDOWS.3\wiadebug.log Object is locked skipped C:\WINDOWS.3\wiaservc.log Object is locked skipped C:\WINDOWS.3\WindowsUpdate.log Object is locked skipped C:\DOCUME~1\Renee\CONFIG~1\Temp\Free Download Manager\tic1.tmp Object is locked skipped C:\DOCUME~1\Renee\CONFIG~1\Temp\Free Download Manager\tic12.tmp Object is locked skipped C:\DOCUME~1\Renee\CONFIG~1\Temp\Free Download Manager\tic2.tmp Object is locked skipped C:\DOCUME~1\Renee\CONFIG~1\Temp\Free Download Manager\tic32C.tmp Object is locked skipped C:\DOCUME~1\Renee\CONFIG~1\Temp\Free Download Manager\tic4.tmp Object is locked skipped C:\DOCUME~1\Renee\CONFIG~1\Temp\Free Download Manager\tic5.tmp Object is locked skipped C:\DOCUME~1\Renee\CONFIG~1\Temp\~DFC4C4.tmp Object is locked skipped C:\DOCUME~1\Renee\CONFIG~1\Temp\~DFC4ED.tmp Object is locked skipped

[jgarcia 1]

Opa Nee,

 

Execute o Active Scan da Panda e retorne com o resultado.

 

Abraços.

[Shine 0]

Tópico Arquivado

 

Como o autor não respondeu ao tópico por mais de 20 dias, o mesmo foi arquivado.

 

Caso você seja o autor do tópico e quer que o mesmo seja reaberto, envie uma mensagem privada para um moderador com um link para este tópico e explique o motivo da reabertura.