Seikushim 0 Denunciar post Postado Novembro 10, 2007 Depois de executar um programa q supostamente iria tirar o escrito do Desligar/Logoff meu explore sumiu nao consta nos processos CTR + ALT + DEL dai eu tenho que ficar usando o "Nova tarefa" pelo CTR + ALT + DEL (o que é uma chatice) tem como alguem me ajudar? (estarei observando esse topico diariamente até conseguir arrumar. por favor ajudem-me) Desde ja agradeço me mandaram postar um logo...ta ae ó Logfile of HijackThis v1.99.1 Scan saved at 13:48:53, on 10/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS.1\System32\smss.exe C:\WINDOWS.1\system32\csrss.exe C:\WINDOWS.1\system32\winlogon.exe C:\WINDOWS.1\system32\services.exe C:\WINDOWS.1\system32\lsass.exe C:\WINDOWS.1\system32\svchost.exe C:\WINDOWS.1\system32\svchost.exe C:\WINDOWS.1\System32\svchost.exe C:\WINDOWS.1\system32\svchost.exe C:\WINDOWS.1\system32\svchost.exe C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe C:\WINDOWS.1\system32\spoolsv.exe c:\windows\taskmgr.exe c:\windows\ping.exe C:\WINDOWS.1\system32\svchost.exe C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS.1\system32\ctfmon.exe C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe C:\Hijack\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 169.229.50.5:3124 F2 - REG:system.ini: UserInit=C:\WINDOWS.1\system32\userinit.exe,c:\windows\taskmgr.exe,c:\windows\ping.exe, O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL (file missing) O4 - HKLM\..\Run: [startdrv] C:\WINDOWS.1\Temp\startdrv.exe O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [bootSkin Startup Jobs] "C:\Arquivos de programas\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [701c00ef] rundll32.exe "C:\WINDOWS.1\system32\eqqvwlqy.dll",b O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\RunServices: [Microsoft Corporation Latitude Service] loder.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.1\system32\ctfmon.exe O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKCU\..\Run: [WMPNSCFG] C:\Arquivos de programas\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\RunOnce: [WindowBlinds] C:\ARQUIV~1\Stardock\OBJECT~1\WINDOW~1\wbconfig.exe O8 - Extra context menu item: &Baixar com o FlashGet - C:\Arquivos de programas\FlashGet\jc_link.htm O8 - Extra context menu item: &Baixar todos com o FlashGet - C:\Arquivos de programas\FlashGet\jc_all.htm O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download web site with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlpage.htm O8 - Extra context menu item: Download with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll O11 - Options group: [iNTERNATIONAL] International* O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} - https://www.e-games.com.my/com/EGamesPlugin.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} - http://www.acclaim.com/cabs/acclaim_v5.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{1507F4D6-5B26-4650-8509-F63BC7B8CAAE}: NameServer = 200.165.132.147 200.165.132.155 O17 - HKLM\System\CS1\Services\Tcpip\..\{1507F4D6-5B26-4650-8509-F63BC7B8CAAE}: NameServer = 200.165.132.147 200.165.132.155 O17 - HKLM\System\CS3\Services\Tcpip\..\{1507F4D6-5B26-4650-8509-F63BC7B8CAAE}: NameServer = 200.165.132.147 200.165.132.155 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~1\Office12\GR99D3~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file) O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - AppInit_DLLs: c:\windows.1\system32\ldcore.dll,wbsys.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS.1\system32\WPDShServiceObj.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe Compartilhar este post Link para o post Compartilhar em outros sites
jgarcia 1 Denunciar post Postado Novembro 10, 2007 Opa Seikushim, Baixe o ComboFix em: ComboFix 1) Dê um duplo-clique no combofix.exe e tecle "1" para prosseguir. O processo vai durar, em média, 10 minutos; 2) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção); 3) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt; 4) Não clique na janela do ComboFix, nem feche clicando no X, enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco); 5) Para parar ou sair do ComboFix, tecle "N"; 6) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta, juntamente com um novo log do HijackThis. Abraços. Compartilhar este post Link para o post Compartilhar em outros sites
Seikushim 0 Denunciar post Postado Novembro 11, 2007 Não encontrei nenhum arquivo no c: com o nome de ComboFix.txt Mas aqui está o logo do HijackThis Logfile of HijackThis v1.99.1 Scan saved at 04:44, on 2007-11-11 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS.1\System32\smss.exe C:\WINDOWS.1\system32\csrss.exe C:\WINDOWS.1\system32\winlogon.exe C:\WINDOWS.1\system32\services.exe C:\WINDOWS.1\system32\lsass.exe C:\WINDOWS.1\system32\svchost.exe C:\WINDOWS.1\system32\svchost.exe C:\WINDOWS.1\System32\svchost.exe C:\WINDOWS.1\system32\svchost.exe C:\WINDOWS.1\system32\svchost.exe C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe C:\WINDOWS.1\system32\spoolsv.exe c:\windows\taskmgr.exe c:\windows\ping.exe C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS.1\system32\svchost.exe C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS.1\system32\taskmgr.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\WINDOWS.1\system32\NOTEPAD.EXE C:\WINDOWS.1\system32\NOTEPAD.EXE C:\Hijack\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 169.229.50.5:3124 F2 - REG:system.ini: UserInit=C:\WINDOWS.1\system32\userinit.exe,c:\windows\taskmgr.exe,c:\windows\ping.exe, O2 - BHO: (no name) - {15DF96AD-9DC5-4600-A5DD-C1F45A0CC2A5} - C:\WINDOWS.1\system32\awtsr.dll (file missing) O2 - BHO: (no name) - {18DDB9DD-9807-44A6-AEFF-6C7157155178} - (no file) O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Arquivos de programas\FlashGet\jccatch.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: {e4c9d950-6995-f5b9-cfb4-0d8c3a1207f3} - {3f7021a3-c8d0-4bfc-9b5f-5996059d9c4e} - C:\WINDOWS.1\system32\mnvpmjyl.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL (file missing) O2 - BHO: (no name) - {50CF5F12-A529-4BAE-8774-473D4CCB1076} - (no file) O2 - BHO: (no name) - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~1\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Arquivos de programas\TGTSoft\StyleXP\TGT_BHO.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL (file missing) O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [bootSkin Startup Jobs] "C:\Arquivos de programas\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [701c00ef] rundll32.exe "C:\WINDOWS.1\system32\eqqvwlqy.dll",b O4 - HKLM\..\Run: [combofix] "C:\WINDOWS.1\system32\cmd.exe" /c "cd /d C:\ComboFix\ & Combobatch.bat" O4 - HKLM\..\RunServices: [Microsoft Corporation Latitude Service] loder.exe O4 - HKLM\..\RunOnce: [combofix] C:\WINDOWS.1\system32\cmd.exe /c C:\ComboFix\Combobatch.bat O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.1\system32\ctfmon.exe O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKCU\..\Run: [WMPNSCFG] C:\Arquivos de programas\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\RunOnce: [WindowBlinds] C:\ARQUIV~1\Stardock\OBJECT~1\WINDOW~1\wbconfig.exe O8 - Extra context menu item: &Baixar com o FlashGet - C:\Arquivos de programas\FlashGet\jc_link.htm O8 - Extra context menu item: &Baixar todos com o FlashGet - C:\Arquivos de programas\FlashGet\jc_all.htm O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download web site with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlpage.htm O8 - Extra context menu item: Download with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll O11 - Options group: [iNTERNATIONAL] International* O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} - https://www.e-games.com.my/com/EGamesPlugin.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} - http://www.acclaim.com/cabs/acclaim_v5.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{1507F4D6-5B26-4650-8509-F63BC7B8CAAE}: NameServer = 200.165.132.147 200.165.132.155 O17 - HKLM\System\CS1\Services\Tcpip\..\{1507F4D6-5B26-4650-8509-F63BC7B8CAAE}: NameServer = 200.165.132.147 200.165.132.155 O17 - HKLM\System\CS3\Services\Tcpip\..\{1507F4D6-5B26-4650-8509-F63BC7B8CAAE}: NameServer = 200.165.132.147 200.165.132.155 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~1\Office12\GR99D3~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: awtqrqr - C:\WINDOWS.1\ O20 - Winlogon Notify: ddcca - C:\WINDOWS.1\ O20 - Winlogon Notify: WBSrv - C:\ARQUIV~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS.1\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: wvuuvss - C:\WINDOWS.1\ O20 - Winlogon Notify: yayxuvs - yayxuvs.dll (file missing) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS.1\system32\WPDShServiceObj.dll O23 - Service: Serviço 'Gateway de camada de aplicativo' (ALG) - Unknown owner - cmd.exe (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe Compartilhar este post Link para o post Compartilhar em outros sites
jgarcia 1 Denunciar post Postado Novembro 11, 2007 Opa Seikushim, Vamos lá. * Baixe o VundoFix. * Dê duplo-clique sobre VundoFix.exe para iniciá-lo; * Quando o VundoFix abrir clique em Scan for Vundo. Aguarde o término do scan que pode demorar algum tempo. Seja paciente; * Terminado o scan clique em Remove Vundo; * Você receberá um alerta perguntando se deseja remover os arquivos. Clique em YES. O seu desktop irá apagar (isto é normal); * Para completar o scan será necessário reinicializar a máquina. Clique em OK; * Favor postar o log do VundoFix (C:\vundofix.txt) em sua próxima resposta, juntamente com um novo do HijackThis. Abraços. PS.: Verifique se não há uma pasta ComboFix no C. Se houver, localize o ComboFix.txt nesta pasta e poste o conteúdo em sua próxima resposta. Compartilhar este post Link para o post Compartilhar em outros sites
Seikushim 0 Denunciar post Postado Novembro 11, 2007 Aqui... muito obrigado. mas, eu só precisava de um outro arquivo explorer.exe meu amigo me passo e graças ao combofix meu desktop volto ao normal ele gerou um logo ComboFix 07-11-08.1 - Administrador 2007-11-11 4:14:08.1 - NTFSx86 Executando de: C:\Documents and Settings\Administrador.LITE\Desktop\ComboFix.exe . Incapaz de adquirir Privilégios de Sistema ((((((((((((((((((((((((((((((((((((( Outras Exclusäes ))))))))))))))))))))))))))))))))))))))))))))))))))) . C:\check_LSA7.txt C:\Documents and Settings\Érikinha.LITE\Desktop\internet.lnk C:\Documents and Settings\Administrador.LITE\Dados de aplicativos\addon.dat C:\Documents and Settings\All Users.WINDOWS.1\Dados de aplicativos\pdfdoc2.dll C:\Documents and Settings\LocalService.AUTORIDADE NT.000\Configurações locais\Dados de aplicativos\n.ini C:\Temp\fCOe C:\WINDOWS.1\autorun.inf C:\WINDOWS.1\cookies.ini C:\WINDOWS.1\csrss.exe C:\WINDOWS.1\svchost.exe C:\WINDOWS.1\system32\0_exception.nls C:\WINDOWS.1\system32\accdd.bak1 C:\WINDOWS.1\system32\accdd.bak2 C:\WINDOWS.1\system32\accdd.ini C:\WINDOWS.1\system32\accdd.ini2 C:\WINDOWS.1\system32\ahqoektl.exe C:\WINDOWS.1\system32\alqkylei.exe C:\WINDOWS.1\system32\anfdikrk.exe C:\WINDOWS.1\system32\aoanppik.exe C:\WINDOWS.1\system32\apqqadkw.exe C:\WINDOWS.1\system32\aqypcymd.exe C:\WINDOWS.1\system32\atfchuec.exe C:\WINDOWS.1\system32\atjtkbwf.exe C:\WINDOWS.1\system32\avljenbg.ini C:\WINDOWS.1\system32\awtsr.dll C:\WINDOWS.1\system32\ayimkjnr.exe C:\WINDOWS.1\system32\bcyxnwyw.exe C:\WINDOWS.1\system32\beffrbxq.exe C:\WINDOWS.1\system32\bfhkibsb.ini C:\WINDOWS.1\system32\bhgpykds.exe C:\WINDOWS.1\system32\bhhbfsrw.exe C:\WINDOWS.1\system32\bhqdgqcu.dll C:\WINDOWS.1\system32\bhuceitf.exe C:\WINDOWS.1\system32\bjbncrtm.dll C:\WINDOWS.1\system32\bnhuwwwg.dll C:\WINDOWS.1\system32\bnsbkjnp.dll C:\WINDOWS.1\system32\bopswfjs.exe C:\WINDOWS.1\system32\bsbikhfb.dll C:\WINDOWS.1\system32\bxbhojff.exe C:\WINDOWS.1\system32\cbbespdh.dll C:\WINDOWS.1\system32\clvytqof.exe C:\WINDOWS.1\system32\cmjnfymd.exe C:\WINDOWS.1\system32\coanvmxq.exe C:\WINDOWS.1\system32\config\systemprofile\Configurações locais\Dados de aplicativos\n.ini C:\WINDOWS.1\system32\cshdphoy.exe C:\WINDOWS.1\system32\cuskisla.exe C:\WINDOWS.1\system32\cytadphu.exe C:\WINDOWS.1\system32\dabckkbx.exe C:\WINDOWS.1\system32\dclvlxau.exe C:\WINDOWS.1\system32\dfgyntxb.exe C:\WINDOWS.1\system32\dfijfxav.exe C:\WINDOWS.1\system32\dhkeswuf.exe C:\WINDOWS.1\system32\dicxmodu.ini C:\WINDOWS.1\system32\djpwmkai.exe C:\WINDOWS.1\system32\drivers\npf.sys C:\WINDOWS.1\system32\drivers\runtime2.sys C:\WINDOWS.1\system32\drsmkaok.exe C:\WINDOWS.1\system32\dujbsprb.exe C:\WINDOWS.1\system32\dwuotpjv.dll C:\WINDOWS.1\system32\dxbwovnv.exe C:\WINDOWS.1\system32\dynuoklo.exe C:\WINDOWS.1\system32\dyptnywi.exe C:\WINDOWS.1\system32\eafkhqvu.dll C:\WINDOWS.1\system32\ebhubnqy.exe C:\WINDOWS.1\system32\ebkdilms.ini C:\WINDOWS.1\system32\edeuhiwe.exe C:\WINDOWS.1\system32\eexnecqh.exe C:\WINDOWS.1\system32\efnfdwsy.exe C:\WINDOWS.1\system32\eiaihmyf.dll C:\WINDOWS.1\system32\eixxwuft.exe C:\WINDOWS.1\system32\enecoqqi.exe C:\WINDOWS.1\system32\eqqhgosm.exe C:\WINDOWS.1\system32\esylpstg.dll C:\WINDOWS.1\system32\eutnnius.exe C:\WINDOWS.1\system32\evibdfxn.exe C:\WINDOWS.1\system32\eyvabyoq.exe C:\WINDOWS.1\system32\fgmiibls.exe C:\WINDOWS.1\system32\fgowbokm.exe C:\WINDOWS.1\system32\fhqwmelg.exe C:\WINDOWS.1\system32\fhrcssml.ini C:\WINDOWS.1\system32\fodatnpw.exe C:\WINDOWS.1\system32\fpfghsbb.exe C:\WINDOWS.1\system32\fqumfvny.exe C:\WINDOWS.1\system32\frrutjko.exe C:\WINDOWS.1\system32\fwldfgmi.exe C:\WINDOWS.1\system32\gbnejlva.dll C:\WINDOWS.1\system32\gehhfdim.exe C:\WINDOWS.1\system32\gikdkrho.dll C:\WINDOWS.1\system32\gjoevsci.exe C:\WINDOWS.1\system32\gqtpxcqt.exe C:\WINDOWS.1\system32\grhpaumn.exe C:\WINDOWS.1\system32\grouppolicy\machine\scripts\scripts.ini C:\WINDOWS.1\system32\gsqnxoqc.dll C:\WINDOWS.1\system32\gstypemp.exe C:\WINDOWS.1\system32\gtsplyse.ini C:\WINDOWS.1\system32\gvbkokiy.exe C:\WINDOWS.1\system32\gybqimdd.exe C:\WINDOWS.1\system32\harcyuql.exe C:\WINDOWS.1\system32\hcxxevrt.dll C:\WINDOWS.1\system32\hdpsebbc.ini C:\WINDOWS.1\system32\hftiyxdj.exe C:\WINDOWS.1\system32\hfxfnxhj.exe C:\WINDOWS.1\system32\hggejdkr.ini C:\WINDOWS.1\system32\hmghyxym.exe C:\WINDOWS.1\system32\hpwchmis.exe C:\WINDOWS.1\system32\hqvhpqnf.exe C:\WINDOWS.1\system32\ibgtswwg.exe C:\WINDOWS.1\system32\iccwrsyx.ini C:\WINDOWS.1\system32\ihsvnvtu.exe C:\WINDOWS.1\system32\ijobvrqg.exe C:\WINDOWS.1\system32\inockuah.dll C:\WINDOWS.1\system32\ioqfpalg.exe C:\WINDOWS.1\system32\iqapptqa.exe C:\WINDOWS.1\system32\itkkkebs.exe C:\WINDOWS.1\system32\itljbsjo.ini C:\WINDOWS.1\system32\itmercmh.exe C:\WINDOWS.1\system32\iuhhuggs.exe C:\WINDOWS.1\system32\iwvhquvi.exe C:\WINDOWS.1\system32\ixfydyhg.exe C:\WINDOWS.1\system32\iyekjyov.dll C:\WINDOWS.1\system32\jalgyumf.exe C:\WINDOWS.1\system32\jdycroyd.exe C:\WINDOWS.1\system32\jdyxgfhg.exe C:\WINDOWS.1\system32\jfcryckm.exe C:\WINDOWS.1\system32\jgxwchek.ini C:\WINDOWS.1\system32\jhpetqbu.exe C:\WINDOWS.1\system32\jjjbxyua.exe C:\WINDOWS.1\system32\jkdgkxfb.dll C:\WINDOWS.1\system32\jmyordbv.exe C:\WINDOWS.1\system32\jojjxvbw.exe C:\WINDOWS.1\system32\jpqrmmnu.exe C:\WINDOWS.1\system32\jroutdww.exe C:\WINDOWS.1\system32\jtahaifs.exe C:\WINDOWS.1\system32\jtsqiepu.exe C:\WINDOWS.1\system32\jtvqgaet.exe C:\WINDOWS.1\system32\jwcssxws.dll C:\WINDOWS.1\system32\kcqjledg.dll C:\WINDOWS.1\system32\kehcwxgj.dll C:\WINDOWS.1\system32\kfhmvdyr.exe C:\WINDOWS.1\system32\kgctyehp.exe C:\WINDOWS.1\system32\khpnrevt.dll C:\WINDOWS.1\system32\klolfmew.exe C:\WINDOWS.1\system32\knmkxvgv.exe C:\WINDOWS.1\system32\koibwbut.exe C:\WINDOWS.1\system32\koitybwe.exe C:\WINDOWS.1\system32\koohueww.ini C:\WINDOWS.1\system32\kqrqxyee.dll C:\WINDOWS.1\system32\krxnijcm.dll C:\WINDOWS.1\system32\ksoqbrvt.exe C:\WINDOWS.1\system32\ksqwavlw.exe C:\WINDOWS.1\system32\ktenbrwl.exe C:\WINDOWS.1\system32\kwhrdoij.exe C:\WINDOWS.1\system32\kxolavvl.ini C:\WINDOWS.1\system32\kymyfbms.exe C:\WINDOWS.1\system32\laoiuwyo.exe C:\WINDOWS.1\system32\ldbibpre.exe C:\WINDOWS.1\system32\ldinfo.ldr C:\WINDOWS.1\system32\lefmwjhj.exe C:\WINDOWS.1\system32\legisyht.exe C:\WINDOWS.1\system32\lffatkai.exe C:\WINDOWS.1\system32\lgykfpio.dll C:\WINDOWS.1\system32\lhvhqubd.exe C:\WINDOWS.1\system32\linqbaen.exe C:\WINDOWS.1\system32\ljgakmuh.exe C:\WINDOWS.1\system32\lmsscrhf.dll C:\WINDOWS.1\system32\lqyhbcsy.exe C:\WINDOWS.1\system32\lurargpt.ini C:\WINDOWS.1\system32\lvbmdgkl.exe C:\WINDOWS.1\system32\lvleskif.exe C:\WINDOWS.1\system32\lvvaloxk.dll C:\WINDOWS.1\system32\mellrdev.exe C:\WINDOWS.1\system32\mgyxqlie.exe C:\WINDOWS.1\system32\miepkvds.exe C:\WINDOWS.1\system32\mltmxuej.exe C:\WINDOWS.1\system32\mmyhqdva.exe C:\WINDOWS.1\system32\mpkqtswi.exe C:\WINDOWS.1\system32\mrdjbopr.exe C:\WINDOWS.1\system32\mrnytogd.exe C:\WINDOWS.1\system32\mtenfqjp.exe C:\WINDOWS.1\system32\mtrcnbjb.ini C:\WINDOWS.1\system32\mxughryq.exe C:\WINDOWS.1\system32\n.ini C:\WINDOWS.1\system32\nafjsxie.exe C:\WINDOWS.1\system32\ndamrvpm.exe C:\WINDOWS.1\system32\nehklhre.exe C:\WINDOWS.1\system32\nerouhaq.exe C:\WINDOWS.1\system32\nfdauabk.exe C:\WINDOWS.1\system32\njcgibac.exe C:\WINDOWS.1\system32\nlfvtshy.dll C:\WINDOWS.1\system32\nrhdekoj.exe C:\WINDOWS.1\system32\nrnadxdr.exe C:\WINDOWS.1\system32\ntgfiqfx.dll C:\WINDOWS.1\system32\nwdacfsl.exe C:\WINDOWS.1\system32\oakfrrdv.ini C:\WINDOWS.1\system32\ocbbvnvf.exe C:\WINDOWS.1\system32\odbiosxs.exe C:\WINDOWS.1\system32\ohrkdkig.ini C:\WINDOWS.1\system32\oiatjyuv.exe C:\WINDOWS.1\system32\ointyuox.exe C:\WINDOWS.1\system32\oipfkygl.ini C:\WINDOWS.1\system32\ojdavjbv.ini C:\WINDOWS.1\system32\ojsbjlti.dll C:\WINDOWS.1\system32\ooxeooxq.ini C:\WINDOWS.1\system32\oqacpkkd.exe C:\WINDOWS.1\system32\oqudnvbs.ini C:\WINDOWS.1\system32\ornuudwy.exe C:\WINDOWS.1\system32\orumguod.exe C:\WINDOWS.1\system32\oyydvycv.exe C:\WINDOWS.1\system32\packet.dll C:\WINDOWS.1\system32\pgohsyaw.dll C:\WINDOWS.1\system32\pjcuwqua.exe C:\WINDOWS.1\system32\pkdttqes.dll C:\WINDOWS.1\system32\pokrsjih.dll C:\WINDOWS.1\system32\prmkbqpt.exe C:\WINDOWS.1\system32\psgikgta.exe C:\WINDOWS.1\system32\psilscwe.exe C:\WINDOWS.1\system32\pskill.exe C:\WINDOWS.1\system32\pwssydsk.exe C:\WINDOWS.1\system32\pwwnqtwd.dll C:\WINDOWS.1\system32\qcgpiiuj.exe C:\WINDOWS.1\system32\qgkqiywv.exe C:\WINDOWS.1\system32\qhffthhk.dll C:\WINDOWS.1\system32\qhluanpw.exe C:\WINDOWS.1\system32\qoujjvqn.exe C:\WINDOWS.1\system32\qvxhcbdp.exe C:\WINDOWS.1\system32\qwrupewn.exe C:\WINDOWS.1\system32\qxooexoo.dll C:\WINDOWS.1\system32\rhttjref.dll C:\WINDOWS.1\system32\ridaxsou.exe C:\WINDOWS.1\system32\rkdjeggh.dll C:\WINDOWS.1\system32\rmgdoara.exe C:\WINDOWS.1\system32\rothesll.dll C:\WINDOWS.1\system32\rpawjklv.exe C:\WINDOWS.1\system32\rrgdmfif.dll C:\WINDOWS.1\system32\rrhoujrm.exe C:\WINDOWS.1\system32\rstwa.bak1 C:\WINDOWS.1\system32\rstwa.bak2 C:\WINDOWS.1\system32\rstwa.ini C:\WINDOWS.1\system32\rstwa.ini2 C:\WINDOWS.1\system32\rstwa.tmp C:\WINDOWS.1\system32\rtdppwlj.exe C:\WINDOWS.1\system32\rukiqmky.exe C:\WINDOWS.1\system32\sahoqqsx.dll C:\WINDOWS.1\system32\saixqtxj.exe C:\WINDOWS.1\system32\sbvnduqo.dll C:\WINDOWS.1\system32\sdgurkih.dll C:\WINDOWS.1\system32\sfntmaxt.dll C:\WINDOWS.1\system32\sfokycyk.exe C:\WINDOWS.1\system32\shayjhtx.exe C:\WINDOWS.1\system32\siyefetu.dll C:\WINDOWS.1\system32\sjunrhdp.dll C:\WINDOWS.1\system32\sljobcia.exe C:\WINDOWS.1\system32\smlidkbe.dll C:\WINDOWS.1\system32\sofbbtys.ini C:\WINDOWS.1\system32\sqasytgi.exe C:\WINDOWS.1\system32\sqluduur.exe C:\WINDOWS.1\system32\sqmsynau.exe C:\WINDOWS.1\system32\sqoxxdwq.dll C:\WINDOWS.1\system32\sreciwgk.exe C:\WINDOWS.1\system32\srjseuba.dll C:\WINDOWS.1\system32\srpelbtj.exe C:\WINDOWS.1\system32\svmyqwuf.exe C:\WINDOWS.1\system32\swxsscwj.ini C:\WINDOWS.1\system32\sytbbfos.dll C:\WINDOWS.1\system32\tdyjposk.exe C:\WINDOWS.1\system32\temp1.exe C:\WINDOWS.1\system32\temp2.exe C:\WINDOWS.1\system32\titsvfes.exe C:\WINDOWS.1\system32\tmaekqrj.exe C:\WINDOWS.1\system32\tmmjcava.exe C:\WINDOWS.1\system32\tngafafx.exe C:\WINDOWS.1\system32\tohhkrfw.exe C:\WINDOWS.1\system32\tpgrarul.dll C:\WINDOWS.1\system32\tsrnvyyd.exe C:\WINDOWS.1\system32\tssangil.exe C:\WINDOWS.1\system32\tuliasmw.ini C:\WINDOWS.1\system32\twboargr.exe C:\WINDOWS.1\system32\ucjypagb.exe C:\WINDOWS.1\system32\ucqgdqhb.ini C:\WINDOWS.1\system32\udomxcid.dll C:\WINDOWS.1\system32\ufdsmqyt.exe C:\WINDOWS.1\system32\ugcbxnex.exe C:\WINDOWS.1\system32\ugkpxutt.exe C:\WINDOWS.1\system32\ugranxpr.exe C:\WINDOWS.1\system32\uixfotbv.exe C:\WINDOWS.1\system32\ukyqdhdd.exe C:\WINDOWS.1\system32\ulhtdjcm.dll C:\WINDOWS.1\system32\uqswwgct.exe C:\WINDOWS.1\system32\utefeyis.ini C:\WINDOWS.1\system32\uvqhkfae.ini C:\WINDOWS.1\system32\vaymccot.exe C:\WINDOWS.1\system32\vbjvadjo.dll C:\WINDOWS.1\system32\vbrjnskq.exe C:\WINDOWS.1\system32\vbwjtwax.exe C:\WINDOWS.1\system32\vdrrfkao.dll C:\WINDOWS.1\system32\vdwvtmnf.exe C:\WINDOWS.1\system32\vgiadfmn.exe C:\WINDOWS.1\system32\vnmxardb.exe C:\WINDOWS.1\system32\vsrallhw.ini C:\WINDOWS.1\system32\vsycdtva.exe C:\WINDOWS.1\system32\vunadrem.dll C:\WINDOWS.1\system32\vvtdamgv.exe C:\WINDOWS.1\system32\wajsspgk.exe C:\WINDOWS.1\system32\wgyugfdi.exe C:\WINDOWS.1\system32\whllarsv.dll C:\WINDOWS.1\system32\wjhfvxux.dll C:\WINDOWS.1\system32\wjkkkwmf.dll C:\WINDOWS.1\system32\wkeiyyiy.dll C:\WINDOWS.1\system32\wmsailut.dll C:\WINDOWS.1\system32\wnjkeppk.dll C:\WINDOWS.1\system32\wpcap.dll C:\WINDOWS.1\system32\wtsqvdxf.exe C:\WINDOWS.1\system32\wtssmtwj.exe C:\WINDOWS.1\system32\wuuasvsb.exe C:\WINDOWS.1\system32\wvknrxyd.exe C:\WINDOWS.1\system32\wweuhook.dll C:\WINDOWS.1\system32\wxltmtdc.dll C:\WINDOWS.1\system32\wyfpshxy.dll C:\WINDOWS.1\system32\xahauoox.dll C:\WINDOWS.1\system32\xhrrucsa.exe C:\WINDOWS.1\system32\xkanvkex.exe C:\WINDOWS.1\system32\xkksxraw.exe C:\WINDOWS.1\system32\xknolmsu.dll C:\WINDOWS.1\system32\xmoldtpx.dll C:\WINDOWS.1\system32\xptdlomx.ini C:\WINDOWS.1\system32\xwnkcitq.exe C:\WINDOWS.1\system32\xysrwcci.dll C:\WINDOWS.1\system32\yayaxww.dll C:\WINDOWS.1\system32\yfrskume.dll C:\WINDOWS.1\system32\yhstvfln.ini C:\WINDOWS.1\system32\yiusmwst.exe C:\WINDOWS.1\system32\ylyvdfxl.exe C:\WINDOWS.1\system32\yxhspfyw.ini C:\WINDOWS.1\xcopy.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_DOMAINSERVICE -------\LEGACY_NPF -------\LEGACY_RUNTIME -------\LEGACY_RUNTIME2 -------\DomainService -------\NPF -------\runtime ((((((((((((((((((((((( Ficheiros criados de 2007-10-12 to 2007-11-12 )))))))))))))))))))))))))))))))) . 2007-11-11 22:17 977,408 --a------ C:\WINDOWS.1\explorer.exe 2007-11-11 14:14 <DIR> d-------- C:\VundoFix Backups 2007-11-11 04:11 51,200 --a------ C:\WINDOWS.1\NirCmd.exe 2007-11-10 13:43 <DIR> d-------- C:\Hijack 2007-11-09 20:01 349,272 --a------ C:\Silent Runners.vbs 2007-11-09 18:16 77,888 --a------ C:\WINDOWS.1\system32\mnvpmjyl.dll 2007-11-09 18:13 88,128 --a------ C:\WINDOWS.1\system32\eqqvwlqy.dll 2007-11-09 18:07 71,232 --a------ C:\WINDOWS.1\system32\ajencohg.exe 2007-11-09 17:39 3,066,368 --a------ C:\WINDOWS.1\system32\longhornui.exe 2007-11-09 17:39 1,485,312 --a------ C:\WINDOWS.1\system32\LonghornM5.scr 2007-11-09 17:39 903,680 --a------ C:\WINDOWS.1\system32\Longhorn.scr 2007-11-09 17:39 74,752 --a------ C:\WINDOWS.1\system32\LonghornPDC.scr 2007-11-09 17:37 <DIR> d-------- C:\WINDOWS.1\system32\LHTrans 2007-11-09 17:37 <DIR> d-------- C:\WINDOWS.1\SideBar 2007-11-09 17:36 <DIR> d-------- C:\LTPFiles 2007-11-09 16:33 42,672 --------- C:\WINDOWS.1\system32\wbsys.dll 2007-11-09 16:29 <DIR> d-------- C:\WINDOWS.1\system32\psconv 2007-11-09 16:24 <DIR> d-------- C:\Arquivos de programas\PDF-Convert 2007-11-09 16:24 116,224 --a------ C:\WINDOWS.1\system32\pdfmonnt.dll 2007-11-09 13:24 114,688 --a------ C:\WINDOWS.1\system32\rkinstaller.exe 2007-11-09 08:44 77,888 --a------ C:\WINDOWS.1\system32\kottluod.dll 2007-11-09 08:35 71,232 --a------ C:\WINDOWS.1\system32\hsxvgbhe.exe 2007-11-09 07:23 77,888 --a------ C:\WINDOWS.1\system32\piacmwyy.dll 2007-11-09 07:20 71,232 --a------ C:\WINDOWS.1\system32\gedqdouw.exe 2007-11-08 20:25 80,448 --a------ C:\WINDOWS.1\system32\lovfxpox.dll 2007-11-08 20:17 71,232 --a------ C:\WINDOWS.1\system32\uvfiiyxc.exe 2007-11-08 13:09 86,080 --a------ C:\WINDOWS.1\system32\hunacxuj.dll 2007-11-08 13:03 80,448 --a------ C:\WINDOWS.1\system32\krqnirxs.dll 2007-11-08 13:00 71,232 --a------ C:\WINDOWS.1\system32\lnpxywvq.exe 2007-11-08 02:58 79,936 --a------ C:\WINDOWS.1\system32\gqeovjfn.dll 2007-11-08 02:48 71,232 --a------ C:\WINDOWS.1\system32\ekthxqws.exe 2007-11-08 02:42 79,936 --a------ C:\WINDOWS.1\system32\dcierait.dll 2007-11-08 02:42 71,232 --a------ C:\WINDOWS.1\system32\pniwbbyp.exe 2007-11-07 23:35 79,936 --a------ C:\WINDOWS.1\system32\iqswmerc.dll 2007-11-07 23:32 71,232 --a------ C:\WINDOWS.1\system32\oanjmupy.exe 2007-11-07 22:01 86,080 --a------ C:\WINDOWS.1\system32\rvpnohwv.dll 2007-11-07 21:58 79,936 --a------ C:\WINDOWS.1\system32\wswaoyad.dll 2007-11-07 21:55 71,232 --a------ C:\WINDOWS.1\system32\mbkgmknd.exe 2007-11-07 21:51 71,232 --a------ C:\WINDOWS.1\system32\segvakub.exe 2007-11-07 19:58 79,936 --a------ C:\WINDOWS.1\system32\onrpdkwl.dll 2007-11-07 19:55 86,080 --a------ C:\WINDOWS.1\system32\wiqvxwcb.dll 2007-11-07 19:49 71,232 --a------ C:\WINDOWS.1\system32\eddavegx.exe 2007-11-07 19:16 79,936 --a------ C:\WINDOWS.1\system32\lnndimif.dll 2007-11-07 19:14 86,080 --a------ C:\WINDOWS.1\system32\wghkesrr.dll 2007-11-07 19:10 71,232 --a------ C:\WINDOWS.1\system32\ovbctfov.exe 2007-11-07 15:55 79,936 --a------ C:\WINDOWS.1\system32\rvskctnm.dll 2007-11-07 15:50 71,232 --a------ C:\WINDOWS.1\system32\wcxbgwtc.exe 2007-11-07 12:04 1,231,097 --a------ C:\WINDOWS.1\system\kernel32.exe 2007-11-07 11:28 86,080 --a------ C:\WINDOWS.1\system32\vmtrcbkl.dll 2007-11-07 11:28 79,936 --a------ C:\WINDOWS.1\system32\hqqnhuhv.dll 2007-11-07 11:22 71,232 --a------ C:\WINDOWS.1\system32\qgjoqpko.exe 2007-11-07 03:31 <DIR> d-------- C:\WINDOWS.1\Sun 2007-11-07 02:00 81,472 --a------ C:\WINDOWS.1\system32\glrjlcaw.dll 2007-11-07 01:57 87,104 --a------ C:\WINDOWS.1\system32\kymsvpao.dll 2007-11-07 01:51 71,232 --a------ C:\WINDOWS.1\system32\wdrhipri.exe 2007-11-07 01:25 <DIR> d--hsc--- C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller 2007-11-06 20:47 81,472 --a------ C:\WINDOWS.1\system32\vtdisrlb.dll 2007-11-06 20:44 87,104 --a------ C:\WINDOWS.1\system32\txqqsulu.dll 2007-11-06 20:38 71,232 --a------ C:\WINDOWS.1\system32\skuouami.exe 2007-11-06 19:13 81,472 --a------ C:\WINDOWS.1\system32\xnkpsxvc.dll 2007-11-06 19:04 71,232 --a------ C:\WINDOWS.1\system32\jubbctur.exe 2007-11-06 15:06 81,472 --a------ C:\WINDOWS.1\system32\biakatsy.dll 2007-11-06 15:03 71,232 --a------ C:\WINDOWS.1\system32\bhsnkhtt.exe 2007-11-06 14:09 87,104 --a------ C:\WINDOWS.1\system32\rmbxjmpd.dll 2007-11-06 14:06 81,472 --a------ C:\WINDOWS.1\system32\asmirklj.dll 2007-11-06 14:00 71,232 --a------ C:\WINDOWS.1\system32\xxgvdvka.exe 2007-11-06 12:52 87,104 --a------ C:\WINDOWS.1\system32\lufcnpns.dll 2007-11-05 13:54 83,008 --a------ C:\WINDOWS.1\system32\cverrcpb.dll 2007-11-05 13:51 85,568 --a------ C:\WINDOWS.1\system32\ksnitbtc.dll 2007-11-04 21:37 <DIR> d-------- C:\Arquivos de programas\Microsoft Games 2007-11-04 21:31 78,912 --a------ C:\WINDOWS.1\system32\aqarmrji.dll 2007-11-04 00:55 87,616 --a------ C:\WINDOWS.1\system32\ddyetkoe.dll 2007-11-04 00:52 81,472 --a------ C:\WINDOWS.1\system32\hljpqhma.dll 2007-11-03 17:45 81,472 --a------ C:\WINDOWS.1\system32\gavfysah.dll 2007-11-03 17:38 16,384 --a------ C:\WINDOWS.1\system32\loder.exe 2007-11-03 10:34 87,616 --a------ C:\WINDOWS.1\system32\ckvjiwlg.dll 2007-11-03 10:31 81,472 --a------ C:\WINDOWS.1\system32\qneefndg.dll 2007-11-03 06:55 87,616 --a------ C:\WINDOWS.1\system32\xsswpjff.dll 2007-11-03 06:52 81,472 --a------ C:\WINDOWS.1\system32\vhafhfjr.dll 2007-11-03 05:37 81,472 --a------ C:\WINDOWS.1\system32\sdgcgkdm.dll 2007-11-03 04:34 64,632 --a------ C:\WINDOWS.1\img1972.zip 2007-11-03 04:34 64,512 -r-hs---- C:\WINDOWS.1\file.exe 2007-11-03 03:47 95,608 --a------ C:\WINDOWS.1\system32\AvastSS.scr 2007-11-03 03:47 94,416 --a------ C:\WINDOWS.1\system32\drivers\aswmon2.sys 2007-11-03 03:47 93,264 --a------ C:\WINDOWS.1\system32\drivers\aswmon.sys 2007-11-03 03:47 42,912 --a------ C:\WINDOWS.1\system32\drivers\aswTdi.sys 2007-11-03 03:47 26,624 --a------ C:\WINDOWS.1\system32\drivers\aavmker4.sys 2007-11-03 03:47 23,152 --a------ C:\WINDOWS.1\system32\drivers\aswRdr.sys 2007-11-03 03:46 <DIR> d-------- C:\Arquivos de programas\Alwil Software 2007-11-03 03:46 815,480 --a------ C:\WINDOWS.1\system32\aswBoot.exe 2007-11-02 02:52 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Stardock 2007-11-02 02:52 163,712 --a------ C:\WINDOWS.1\system32\drivers\vidstub.sys 2007-11-02 02:31 <DIR> d-------- C:\Arquivos de programas\Stardock 2007-10-31 23:15 <DIR> d-------- C:\Arquivos de programas\NeroInstall.bak 2007-10-31 21:04 <DIR> d-------- C:\Arquivos de programas\lg_fwupdate 2007-10-31 21:04 16,384 --a------ C:\WINDOWS.1\system32\lgfwunis.exe 2007-10-30 21:09 2,193,664 --a------ C:\ntoskrnl.exe 2007-10-29 18:06 <DIR> d-------- C:\WINDOWS.1\system32\VIRepair 2007-10-29 17:49 <DIR> d-------- C:\Arquivos de programas\Paint.NET 2007-10-29 05:53 <DIR> d-------- C:\Arquivos de programas\TGTSoft . ((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-12 00:18 --------- d-----w C:\Documents and Settings\Administrador.LITE\Dados de aplicativos\uTorrent 2007-11-09 18:53 --------- d-----w C:\Arquivos de programas\FlashGet 2007-11-09 16:51 --------- d-----w C:\Arquivos de programas\Warcraft III 2007-11-08 23:32 --------- d-----w C:\Arquivos de programas\Shareaza 2007-11-08 08:29 --------- d-----w C:\Arquivos de programas\eMule 2007-11-08 04:53 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS.1\Dados de aplicativos\TEMP 2007-11-08 01:35 --------- d-----w C:\Arquivos de programas\MediaCoder 2007-11-07 21:37 --------- d-----w C:\Documents and Settings\All Users.WINDOWS.1\Dados de aplicativos\WLInstaller 2007-11-07 06:28 --------- d-----w C:\Arquivos de programas\Google 2007-11-03 04:57 --------- d-----w C:\Documents and Settings\All Users.WINDOWS.1\Dados de aplicativos\Kaspersky Lab 2007-10-26 22:10 --------- d-----w C:\Arquivos de programas\Velox 2007-10-26 22:02 --------- d-----w C:\Arquivos de programas\Windows Live 2007-10-24 21:14 --------- d-----w C:\Arquivos de programas\ABBYY FineReader 5.0 Sprint 2007-10-24 01:51 --------- d-----w C:\Arquivos de programas\4t Tray Minimizer 2007-10-23 15:37 --------- d-----w C:\Documents and Settings\All Users.WINDOWS.1\Dados de aplicativos\Microsoft Help 2007-10-23 03:37 --------- d-----w C:\Arquivos de programas\Real 2007-10-21 07:51 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Real 2007-10-21 05:24 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços 2007-10-21 04:47 --------- d-----w C:\Arquivos de programas\Valve 2007-10-21 02:11 --------- d-----w C:\Arquivos de programas\FaxTools 2007-10-05 00:33 --------- d-----w C:\Arquivos de programas\XP Codec Pack 2007-09-27 02:47 --------- d-----w C:\Documents and Settings\All Users.WINDOWS.1\Dados de aplicativos\Kaspersky Lab Setup Files 2007-09-26 03:50 --------- d-----w C:\Arquivos de programas\Microsoft SQL Server Compact Edition 2007-09-24 10:16 --------- d-----w C:\Arquivos de programas\Lineage II 2007-09-24 03:32 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information 2007-09-23 00:59 --------- d-----w C:\Arquivos de programas\MessengerDiscovery 2007-09-22 06:26 --------- d-----w C:\Arquivos de programas\1964 2007-09-20 12:36 40,488 ----a-w C:\WINDOWS.1\system32\drivers\InCDRm.sys 2007-09-20 12:36 38,952 ----a-w C:\WINDOWS.1\system32\drivers\InCDPass.sys 2007-09-20 12:36 238,888 ----a-w C:\WINDOWS.1\NuNInst.exe 2007-09-20 12:36 17,448 ----a-w C:\WINDOWS.1\system32\drivers\InCDrec.sys 2007-09-20 12:36 125,864 ----a-w C:\WINDOWS.1\system32\drivers\InCDfs.sys 2007-09-20 11:59 972,072 ----a-w C:\WINDOWS.1\UNRecode.exe 2007-09-20 11:55 972,072 ----a-w C:\WINDOWS.1\UNNeroMediaHome.exe 2007-09-18 02:21 --------- d-----w C:\Documents and Settings\Administrador.LITE\Dados de aplicativos\MegauploadToolbar 2007-09-14 07:22 --------- d-----w C:\Arquivos de programas\MSBuild 2007-09-14 07:12 --------- d-----w C:\Arquivos de programas\Reference Assemblies 2007-06-10 12:10 994,816 ----a-w C:\WINDOWS.1\inf\syssbck.dll 2004-10-01 18:00 40,960 ----a-w C:\Arquivos de programas\Uninstall_CDS.exe . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas. [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18DDB9DD-9807-44A6-AEFF-6C7157155178}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3f7021a3-c8d0-4bfc-9b5f-5996059d9c4e}] 2007-11-09 18:16 77888 --a------ C:\WINDOWS.1\system32\mnvpmjyl.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{50CF5F12-A529-4BAE-8774-473D4CCB1076}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59879FA4-4790-461c-A1CC-4EC4DE4CA483}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-10-25 13:20] "BootSkin Startup Jobs"="C:\Arquivos de programas\Stardock\WinCustomize\BootSkin\BootSkin.exe" [2004-04-26 16:21] "TkBellExe"="C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2007-10-21 05:51] "701c00ef"="C:\WINDOWS.1\system32\eqqvwlqy.dll" [2007-11-09 18:13] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS.1\system32\ctfmon.exe" [2004-08-03 22:45] "AlcoholAutomount"="C:\Arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 08:29] "WMPNSCFG"="C:\Arquivos de programas\Windows Media Player\WMPNSCFG.exe" [2006-11-02 23:32] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices] "Microsoft Corporation Latitude Service"=loder.exe [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Free Download Manager"=C:\Arquivos de programas\Free Download Manager\fdm.exe -autorun [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableCAD"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoDesktopCleanupWizard"=1 (0x1) "ForceClassicControlPanel"=1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"=1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"=1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"=hex(2):6c,6f,6e,67,68,6f,72,6e,75,69,2e,65,78,65,00 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtqrqr] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcca] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv] C:\ARQUIV~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 2007-03-05 17:36 140976 C:\ARQUIV~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvuuvss] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayxuvs] yayxuvs.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Shutdown\0\0] "Script"=apaga_pf.vbs [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrador.LITE^Menu Iniciar^Programas^Inicializar^OneNote 2007 Screen Clipper and Launcher.lnk] path=C:\Documents and Settings\Administrador.LITE\Menu Iniciar\Programas\Inicializar\OneNote 2007 Screen Clipper and Launcher.lnk backup=C:\WINDOWS.1\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\701c00ef] rundll32.exe "C:\WINDOWS.1\system32\ddyetkoe.dll",b [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount] "C:\Arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" /automount [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Blaero Start Orb] C:\Arquivos de programas\Blaero Start Orb\Blaero Start Orb.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BootSkin Startup Jobs] "C:\Arquivos de programas\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] C:\WINDOWS.1\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HTV Agent] C:\Documents and Settings\Administrador.LITE\Desktop\HTV\HTV.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] C:\Arquivos de programas\Nero\Nero8\InCD\InCD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] %systemroot%\system32\dumprep 0 -k [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LClock] C:\Arquivos de programas\LClock\LClock.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series] "C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU] "C:\Arquivos de programas\lg_fwupdate\fwupdate.exe" blrun [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load] C:\WINDOWS.1\svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Corporation Latitude Service] loder.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Updates] svehost.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSN] file.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] "C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc] C:\Arquivos de programas\Nero\Nero8\InCD\NBHGui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Styler] C:\Arquivos de programas\Styler\Styler.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP] C:\Arquivos de programas\TGTSoft\StyleXP\StyleXP.exe -Hide [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpeedUpMyPC] C:\Arquivos de programas\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vista Sidebar] C:\Arquivos de programas\Vista Sidebar\sidebar.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VisualTooltip] C:\Arquivos de programas\VisualTooltip\VisualToolTip.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winpos] C:\WINDOWS.1\winpos.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMDJ Agent] C:\WINDOWS.1\system32\Sys32\WMDJ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] C:\Arquivos de programas\Windows Media Player\WMPNSCFG.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "StyleXPService"=2 (0x2) "Nero BackItUp Scheduler 3"=2 (0x2) "InCDsrv"=2 (0x2) "idsvc"=3 (0x3) "DomainService"=2 (0x2) "Bonjour Service"=2 (0x2) . Conte£do da pasta 'Tarefas Agendadas' "2007-11-10 18:14:57 C:\WINDOWS.1\Tasks\Uniblue SpeedUpMyPC Nag.job" "2007-08-12 19:14:57 C:\WINDOWS.1\Tasks\Uniblue SpeedUpMyPC.job" - C:\Arquivos de programas\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe . ************************************************************************** catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-11 22:19:25 Windows 5.1.2600 Service Pack 2 NTFS Procurando processos ocultos ... Procurando entradas auto inicializ veis ocultas ... Procurando ficheiros ocultos ... Varredura completada com sucesso Ficheiros ocultos: 0 ************************************************************************** . Tempo para conclusÆo: 2007-11-11 22:24:10 - machine was rebooted . --- E O F --- Muito obrigado por tudo ja arrumei aqui vlw Compartilhar este post Link para o post Compartilhar em outros sites
jgarcia 1 Denunciar post Postado Novembro 24, 2007 PROBLEMA RESOLVIDO! Caso o autor necessite que o tópico seja reaberto é necessário enviar uma Mensagem Privada para um Moderador com um link para o tópico. Compartilhar este post Link para o post Compartilhar em outros sites