Mugen 0 Denunciar post Postado Abril 8, 2008 Olá, estou faz algum tempo com esse trojan e n consigo tira-lo do meu pc, o norton detecta mas n elimina, passei diversas vezes o vundofix, mas o vundo sempre retorna. :wacko: o q eu devo fazer para tirar o vundo do meu pc? Me ajude pls. Mugen Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Abril 8, 2008 Boa Noite! Mugen >@< Baixe: < HijackThis versão 1.99.1 > ________________________ >@< Depois,vá em: Iniciar >> Meu Computador >> 02 cliques no C. >@< Salve-o no Disco Local-C! >@< Extraia-o do zip,para uma pasta própria! Tipo: C:/HijackThis >@< Execute o HijackThis.exe,à partir do C. >@< Feche todos os programas! ( Deixe,apenas,a área de trabalho! ) >@< Clique em: Do a system scan and save a logfile >@< Abrir-se-á um Bloco de Notas,contendo o relatório ( Log ),que será fixado na sua resposta. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Mugen 0 Denunciar post Postado Abril 9, 2008 Olá! tai o log :grin: vlws Logfile of HijackThis v1.99.1 Scan saved at 13:41:29, on 9/4/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\AppCore\AppSvc32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Arquivos de programas\Lexmark 2200 Series\lxbvbmgr.exe C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe C:\Arquivos de programas\Lexmark 2200 Series\lxbvbmon.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Lexmark 2200 Series\lxbvbmgr.exe C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Arquivos de programas\Lexmark 2200 Series\lxbvbmon.exe C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\RSSoft\RedSwoosh.exe C:\Arquivos de programas\Assistente Tecnico Speedy\bin\mpbtn.exe C:\Arquivos de programas\MSN Messenger\usnsvc.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/ O1 - Hosts: 91.185.193.200 l2authd.lineage2.com O1 - Hosts: 91.185.193.200 l2patcher.lineage2.com O1 - Hosts: 91.185.193.200 nProtect.lineage2.com O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar4.dll O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\coShared\Browser\1.5\UIBHO.dll O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Arquivos de programas\Lexmark 2200 Series\lxbvbmgr.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Arquivos de programas\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [7046258e] rundll32.exe "C:\WINDOWS\system32\jgevqedm.dll",b O4 - HKLM\..\Run: [bM73751612] Rundll32.exe "C:\WINDOWS\system32\wetvxcsl.dll",s O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - Startup: ubisoft register.lnk = C:\Arquivos de programas\Ubi Soft\Register\schedule.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Assistente Tecnico Speedy.lnk = C:\Arquivos de programas\Assistente Tecnico Speedy\bin\matcli.exe O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Abrir em uma nova guia do plano de fundo - res://C:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/229?4dbcf6441ea745f095d59b87932221d7 O8 - Extra context menu item: Abrir em uma nova guia do primeiro plano - res://C:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/230?4dbcf6441ea745f095d59b87932221d7 O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1203952871593 O17 - HKLM\System\CCS\Services\Tcpip\..\{DDB7FE88-2825-47DA-8F61-DB58CCEEFF11}: NameServer = 200.204.0.10 200.204.0.138 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll O23 - Service: Agendador do LiveUpdate automático - Symantec Corporation - C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing) O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\VAScanner\comHost.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Arquivos de programas\Norton Internet Security\isPwdSvc.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LiveUpdate - Symantec Corporation - C:\ARQUIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing) O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\AppCore\AppSvc32.exe Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Abril 9, 2008 Boa Tarde! Mugen >@< Faça o download do VundoFix. >@< Salve-o no Desktop! >@< Execute o VundoFix.exe >@< Quando o VundoFix abrir,novamente, clique em Scan for Vundo. >@< Quando ele terminar, clique em Remove Vundo. >@< Você receberá um prompt perguntando se quer remover os arquivos. Confirme! >@< Sua área de trabalho vai desaparecer! >@< Surgirá um aviso dizendo que seu computador deve ser desligado. >@< Clique em OK e depois,ligue o computador novamente! >@< É possível que o VundoFix encontre um arquivo, mas não consiga removê-lo. Se isso acontecer, a ferramenta rodará ao reiniciar. >@< Quando o VundoFix aparecer, clique no botão Scan for Vundo para repetir o processo. >@< Quando o VundoFix não encontrar mais nenhum arquivo,que não consiga remover,poste o seu relatório ( Log ) que se encontra em C:\Vundofix.txt >@< Poste,também,um nôvo Log do HijackThis. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Mugen 0 Denunciar post Postado Abril 10, 2008 Olá! Estão logo abaixo :thumbsup: t+ VundoFix V7.0.3 Scan started at 11:29:19 10/4/2008 Listing files found while scanning.... C:\windows\system32\ehkmp.ini C:\windows\system32\ehkmp.ini2 C:\WINDOWS\system32\hstyucyp.dll C:\windows\system32\pmkhe.dll C:\windows\system32\ssqpq.dll C:\WINDOWS\system32\ytnvjdgi.dll Beginning removal... Attempting to delete C:\windows\system32\ehkmp.ini C:\windows\system32\ehkmp.ini Has been deleted! Attempting to delete C:\windows\system32\ehkmp.ini2 C:\windows\system32\ehkmp.ini2 Has been deleted! Attempting to delete C:\WINDOWS\system32\hstyucyp.dll C:\WINDOWS\system32\hstyucyp.dll Has been deleted! Attempting to delete C:\windows\system32\pmkhe.dll C:\windows\system32\pmkhe.dll Has been deleted! Attempting to delete C:\windows\system32\ssqpq.dll C:\windows\system32\ssqpq.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\ytnvjdgi.dll C:\WINDOWS\system32\ytnvjdgi.dll Has been deleted! Performing Repairs to the registry. Done! _______________________________________________________ Logfile of HijackThis v1.99.1 Scan saved at 11:53:56, on 10/4/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\AppCore\AppSvc32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Lexmark 2200 Series\lxbvbmgr.exe C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe C:\Arquivos de programas\Lexmark 2200 Series\lxbvbmon.exe C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/ O1 - Hosts: 91.185.193.200 l2authd.lineage2.com O1 - Hosts: 91.185.193.200 l2patcher.lineage2.com O1 - Hosts: 91.185.193.200 nProtect.lineage2.com O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar4.dll O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\coShared\Browser\1.5\UIBHO.dll O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Arquivos de programas\Lexmark 2200 Series\lxbvbmgr.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Arquivos de programas\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [7046258e] rundll32.exe "C:\WINDOWS\system32\hflyihso.dll",b O4 - HKLM\..\Run: [bM73751612] Rundll32.exe "C:\WINDOWS\system32\noovokcl.dll",s O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - Startup: ubisoft register.lnk = C:\Arquivos de programas\Ubi Soft\Register\schedule.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Assistente Tecnico Speedy.lnk = C:\Arquivos de programas\Assistente Tecnico Speedy\bin\matcli.exe O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Abrir em uma nova guia do plano de fundo - res://C:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/229?4dbcf6441ea745f095d59b87932221d7 O8 - Extra context menu item: Abrir em uma nova guia do primeiro plano - res://C:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/230?4dbcf6441ea745f095d59b87932221d7 O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1203952871593 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll O23 - Service: Agendador do LiveUpdate automático - Symantec Corporation - C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing) O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\VAScanner\comHost.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Arquivos de programas\Norton Internet Security\isPwdSvc.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LiveUpdate - Symantec Corporation - C:\ARQUIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing) O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\AppCore\AppSvc32.exe Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Abril 10, 2008 Boa Tarde! Mugen >@< Faça o download do ComboFix. >@< Baixe-o para o Desktop! >@< Desabilite as proteções residente de: antivírus,antispywares e Firewall. >@< Feche todas as janelas e execute a ferramenta! Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.Salve-a no Desktop,renomeada como: Kombo.exe Ps: Nomeie durante o salvamento,e não após salvá-la! >@< Abrirá a janela Auto Scan. Aguarde! >@< Digite a opção para continuar e < Enter > >@< Aguarde a conclusão! Durante o scan,evite tocar no mouse ou teclado! @@@@@@@@@@@@@@@@@@@@@@@@@ >@< Poste o relatório: C:\ComboFix.txt,na sua resposta + Log do HJT,atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Mugen 0 Denunciar post Postado Abril 10, 2008 Boa Tarde DigRam, ai estão o q você pediu. vlws ComboFix 08-04-09.9 - ADMIN 2008-04-10 16:46:25.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.193 [GMT -3:00] Executando de: C:\Documents and Settings\ADMIN\Desktop\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((( Outras Exclusäes ))))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\BM73751612.xml C:\WINDOWS\pskt.ini C:\WINDOWS\system32\dejrmeil.dll C:\WINDOWS\system32\ghqtgvml.ini C:\WINDOWS\system32\hflyihso.dll C:\WINDOWS\system32\hjjlm.ini C:\WINDOWS\system32\hjjlm.ini2 C:\WINDOWS\system32\ilnmp.ini C:\WINDOWS\system32\ilnmp.ini2 C:\WINDOWS\system32\lhkssgvc.dll C:\WINDOWS\system32\lmvgtqhg.dll C:\WINDOWS\system32\lwapprhy.dll C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\mljjh.dll C:\WINDOWS\system32\noovokcl.dll C:\WINDOWS\system32\oqtss.ini C:\WINDOWS\system32\oqtss.ini2 C:\WINDOWS\system32\oshiylfh.ini C:\WINDOWS\system32\qlentjjy.dll C:\WINDOWS\system32\qpqss.ini C:\WINDOWS\system32\qpqss.ini2 C:\WINDOWS\system32\qrqss.ini C:\WINDOWS\system32\qrqss.ini2 C:\WINDOWS\system32\qrutv.ini C:\WINDOWS\system32\qrutv.ini2 C:\WINDOWS\system32\rqtss.ini C:\WINDOWS\system32\rqtss.ini2 C:\WINDOWS\system32\rrutv.ini C:\WINDOWS\system32\rrutv.ini2 C:\WINDOWS\system32\shbfccga.dll C:\WINDOWS\system32\sstqr.dll C:\WINDOWS\system32\vtuvstt.dll C:\WINDOWS\system32\wvutqqn.dll C:\WINDOWS\system32\yayyxuv.dll C:\WINDOWS\system32\yjjtnelq.ini . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NDNET1 -------\Legacy_RUNTIME ((((((((((((((((((((((( Ficheiros criados de 2008-03-10 to 2008-04-10 )))))))))))))))))))))))))))))))) . 2008-04-10 12:56 . 2008-04-10 12:56 3,648 --a------ C:\WINDOWS\system32\koimdimu.dll 2008-04-10 11:26 . 2008-04-10 11:26 3,648 --a------ C:\WINDOWS\system32\hgwqofnp.dll 2008-04-10 11:04 . 2008-04-10 11:04 646 ---hs---- C:\WINDOWS\system32\pdwufuym.ini 2008-04-10 10:58 . 2008-04-10 10:58 3,648 --a------ C:\WINDOWS\system32\myptvahc.dll 2008-04-10 00:36 . 2008-04-10 10:50 586 ---hs---- C:\WINDOWS\system32\tdbetgsp.ini 2008-04-10 00:31 . 2008-04-10 00:31 3,648 --a------ C:\WINDOWS\system32\dbisbqrp.dll 2008-04-09 13:38 . 2008-04-10 11:53 <DIR> d-------- C:\Hijackthis 2008-04-08 19:18 . 2008-04-08 19:18 3,648 --a------ C:\WINDOWS\system32\nhjihevu.dll 2008-04-08 17:38 . 2008-04-08 17:38 294 ---hs---- C:\WINDOWS\system32\cmoswuly.ini 2008-04-08 17:35 . 2008-04-08 17:35 3,648 --a------ C:\WINDOWS\system32\ynmsobox.dll 2008-04-08 15:29 . 2008-04-08 15:29 3,648 --a------ C:\WINDOWS\system32\bpdxxgqp.dll 2008-04-08 13:59 . 2008-04-08 13:59 3,648 --a------ C:\WINDOWS\system32\bxnqfqvu.dll 2008-04-08 13:58 . 2008-04-08 13:58 3,648 --a------ C:\WINDOWS\system32\fopgechp.dll 2008-04-07 14:00 . 2008-04-08 00:08 414 ---hs---- C:\WINDOWS\system32\qmhtpbyr.ini 2008-04-06 18:59 . 2008-04-07 06:53 2,206 ---hs---- C:\WINDOWS\system32\nnoilaxj.ini 2008-04-06 18:42 . 2008-04-06 18:48 1,966 ---hs---- C:\WINDOWS\system32\batpyycb.ini 2008-04-06 10:16 . 2008-04-06 18:31 1,846 ---hs---- C:\WINDOWS\system32\jvxkfxlp.ini 2008-04-06 07:15 . 2008-04-06 09:01 1,306 ---hs---- C:\WINDOWS\system32\nyjiovdb.ini 2008-04-05 19:28 . 2008-04-06 07:13 1,066 ---hs---- C:\WINDOWS\system32\gphxmrwe.ini 2008-04-05 11:42 . 2008-04-05 15:48 766 ---hs---- C:\WINDOWS\system32\uprlcjup.ini 2008-04-05 10:38 . 2008-04-05 11:40 870 ---hs---- C:\WINDOWS\system32\jmlhqbjr.ini 2008-04-05 07:58 . 2008-04-05 12:51 638 ---hs---- C:\WINDOWS\system32\xohntlho.ini 2008-04-04 12:51 . 2008-04-05 07:52 2,454 ---hs---- C:\WINDOWS\system32\lsdylpyy.ini 2008-04-04 10:41 . 2008-04-04 10:41 2,214 ---hs---- C:\WINDOWS\system32\uxbphdon.ini 2008-04-03 17:00 . 2008-04-04 10:30 2,154 ---hs---- C:\WINDOWS\system32\csdfrcgs.ini 2008-04-03 11:02 . 2008-04-03 11:02 1,854 ---hs---- C:\WINDOWS\system32\idmbmhbm.ini 2008-04-03 10:39 . 2008-04-03 10:39 1,794 ---hs---- C:\WINDOWS\system32\qbqolacq.ini 2008-04-02 17:31 . 2008-04-03 17:00 1,674 ---hs---- C:\WINDOWS\system32\fkjvslwe.ini 2008-04-02 17:03 . 2008-04-02 17:23 1,374 ---hs---- C:\WINDOWS\system32\nyyauiim.ini 2008-04-01 15:33 . 2008-04-01 15:33 <DIR> d-------- C:\Arquivos de programas\Lavalys 2008-04-01 13:34 . 2008-04-02 13:34 1,254 ---hs---- C:\WINDOWS\system32\gmbmtowm.ini 2008-04-01 12:00 . 2008-04-01 13:20 594 ---hs---- C:\WINDOWS\system32\ijkjxolc.ini 2008-04-01 11:13 . 2008-04-01 11:13 414 ---hs---- C:\WINDOWS\system32\mcsvirty.ini 2008-04-01 08:02 . 2008-04-01 10:59 354 ---hs---- C:\WINDOWS\system32\gxcqsrku.ini 2008-03-30 20:48 . 2008-03-30 20:48 654 ---hs---- C:\WINDOWS\system32\qxvibcae.ini 2008-03-30 20:46 . 2008-03-30 20:46 654 ---hs---- C:\WINDOWS\system32\asdilncu.ini 2008-03-30 16:50 . 2008-03-30 20:41 594 ---hs---- C:\WINDOWS\system32\egijmwtk.ini 2008-03-29 14:07 . 2004-08-04 00:45 33,280 --a------ C:\WINDOWS\system32\rundll32.exe 2008-03-29 14:07 . 2004-08-04 00:45 33,280 --a--c--- C:\WINDOWS\system32\dllcache\rundll32.exe 2008-03-29 12:36 . 2008-03-29 12:36 1,014 ---hs---- C:\WINDOWS\system32\jiggypnc.ini 2008-03-28 12:41 . 2008-03-29 13:09 954 ---hs---- C:\WINDOWS\system32\qbvqxcav.ini 2008-03-27 13:38 . 2008-03-28 11:54 834 ---hs---- C:\WINDOWS\system32\xkwwipga.ini 2008-03-27 12:00 . 2008-03-27 13:30 414 ---hs---- C:\WINDOWS\system32\punassvm.ini 2008-03-27 10:49 . 2008-03-27 12:00 294 ---hs---- C:\WINDOWS\system32\gqvnnkpv.ini 2008-03-26 18:08 . 2008-03-26 18:08 594 ---hs---- C:\WINDOWS\system32\bjbjbsic.ini 2008-03-26 16:25 . 2008-03-26 18:08 534 ---hs---- C:\WINDOWS\system32\lbgheikn.ini 2008-03-26 14:16 . 2008-03-26 16:12 414 ---hs---- C:\WINDOWS\system32\frerbqvk.ini 2008-03-26 13:00 . 2008-03-26 13:00 5,034 ---hs---- C:\WINDOWS\system32\mkeidmqw.ini 2008-03-25 23:41 . 2008-03-26 13:00 4,974 ---hs---- C:\WINDOWS\system32\lgyqcvfy.ini 2008-03-25 17:25 . 2008-03-25 21:37 4,734 ---hs---- C:\WINDOWS\system32\ifowycvc.ini 2008-03-25 13:00 . 2008-03-25 16:27 4,494 ---hs---- C:\WINDOWS\system32\raimkemw.ini 2008-03-25 12:48 . 2008-03-25 12:48 4,374 ---hs---- C:\WINDOWS\system32\qeefykhn.ini 2008-03-25 12:21 . 2008-03-25 12:21 4,374 ---hs---- C:\WINDOWS\system32\uafbqxcp.ini 2008-03-24 14:14 . 2008-03-25 12:07 4,314 ---hs---- C:\WINDOWS\system32\xorujkgk.ini 2008-03-24 12:42 . 2008-03-24 12:42 4,134 ---hs---- C:\WINDOWS\system32\xbhxebdm.ini 2008-03-23 17:45 . 2008-03-23 17:45 <DIR> d-------- C:\Documents and Settings\Lilian\Dados de aplicativos\DivX 2008-03-23 17:45 . 2008-02-20 23:05 129,784 --------- C:\WINDOWS\system32\pxafs.dll 2008-03-23 17:45 . 2008-02-20 23:05 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys 2008-03-23 17:45 . 2008-02-20 23:05 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys 2008-03-23 16:30 . 2008-03-30 20:45 <DIR> d-------- C:\Documents and Settings\Lilian\Dados de aplicativos\DNA 2008-03-23 16:30 . 2008-03-23 16:30 <DIR> d-------- C:\Arquivos de programas\DNA 2008-03-23 16:30 . 2008-03-23 16:30 <DIR> d-------- C:\Arquivos de programas\BitTorrent 2008-03-23 15:59 . 2008-03-23 15:59 <DIR> d-------- C:\Documents and Settings\Lilian\Torrents 2008-03-23 15:55 . 2008-04-10 11:00 <DIR> d-------- C:\Arquivos de programas\RSSoft 2008-03-23 15:34 . 2008-03-23 15:34 <DIR> d-------- C:\Arquivos de programas\CCleaner 2008-03-23 14:21 . 2008-03-24 12:26 4,074 ---hs---- C:\WINDOWS\system32\fpugmuvl.ini 2008-03-23 13:50 . 2008-04-09 12:35 <DIR> d-------- C:\VundoFix Backups 2008-03-22 16:01 . 2008-03-23 14:21 3,234 ---hs---- C:\WINDOWS\system32\wopesptu.ini 2008-03-22 11:55 . 2008-03-22 15:57 2,754 ---hs---- C:\WINDOWS\system32\ysvdmico.ini 2008-03-21 11:52 . 2008-03-22 07:32 2,394 ---hs---- C:\WINDOWS\system32\jqyqvtgk.ini 2008-03-20 13:15 . 2008-03-21 11:39 1,734 ---hs---- C:\WINDOWS\system32\eftnddeq.ini 2008-03-20 12:20 . 2008-03-20 12:23 1,434 ---hs---- C:\WINDOWS\system32\iswvhiwq.ini 2008-03-19 13:35 . 2008-04-10 13:51 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-03-19 13:35 . 2008-03-19 13:35 1,409 --a------ C:\WINDOWS\QTFont.for 2008-03-19 12:57 . 2008-03-20 12:06 1,314 ---hs---- C:\WINDOWS\system32\rpoivtrg.ini 2008-03-18 12:54 . 2008-03-19 12:54 774 ---hs---- C:\WINDOWS\system32\ukjrakim.ini 2008-03-15 07:55 . 2008-03-15 07:55 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\TERMINAL Studio 2008-03-15 07:35 . 2008-03-15 07:35 63 --a------ C:\WINDOWS\system32\70463700 2008-03-10 07:55 . 2008-03-10 07:55 <DIR> d-------- C:\Documents and Settings\Lilian\.receitanet . ((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-10 19:52 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Symantec Shared 2008-04-10 16:02 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Symantec 2008-04-10 03:11 --------- d-----w C:\Arquivos de programas\Lineage II 2008-03-30 20:08 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy 2008-03-28 02:03 --------- d-----w C:\Documents and Settings\ADMIN\Dados de aplicativos\U3 2008-03-23 20:54 --------- d-----w C:\Documents and Settings\Lilian\Dados de aplicativos\BitTorrent 2008-03-23 20:46 --------- d-----w C:\Arquivos de programas\DivX 2008-03-23 18:54 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information 2008-03-23 17:39 --------- d-----w C:\Arquivos de programas\Spybot - Search & Destroy 2008-03-18 14:24 --------- d-----w C:\Arquivos de programas\Atrativa Games 2008-03-03 20:24 --------- d-----w C:\Arquivos de programas\Programas RFB 2008-02-26 14:09 --------- d-----w C:\Arquivos de programas\MSN Messenger 2008-02-26 14:09 --------- d-----w C:\Arquivos de programas\Messenger Plus! Live 2008-02-21 02:05 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2008-02-21 02:05 43,528 -c----w C:\WINDOWS\system32\drivers\PxHelp20.sys 2008-02-21 02:05 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2008-02-21 02:05 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2008-02-21 02:05 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe 2008-02-21 02:05 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe 2008-02-21 02:05 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2008-02-21 02:04 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2008-02-21 02:04 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2008-02-21 02:04 682,496 ----a-w C:\WINDOWS\system32\DivX.dll 2008-02-21 02:04 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2008-02-21 02:04 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2008-02-21 02:04 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2008-02-21 02:04 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2008-02-21 02:04 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2008-02-21 02:03 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2008-02-21 02:03 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2008-02-19 00:02 --------- d-----w C:\Documents and Settings\Lilian\Dados de aplicativos\U3 . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas. [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{03A47023-6A26-4BD0-9655-3B6B4494D98A}] C:\WINDOWS\system32\pmkhe.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2A98E5C9-1A68-4A7F-839B-31BE09C76FEC}] C:\WINDOWS\system32\vtsqr.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{38E38FF8-89BC-4C1C-93F1-99BD0E900D2E}] C:\WINDOWS\system32\gebcy.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5D592948-1C16-4EF6-B142-335D0356F76E}] C:\WINDOWS\system32\ddaya.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{746F3C11-9FB9-48AE-831E-907A4582FFD7}] C:\WINDOWS\system32\ssqrq.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7F459D20-5C34-4A7B-A3AD-478991E294C7}] C:\WINDOWS\system32\ssqro.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a6c119a5-0dc2-46f5-bc1d-b9503f1174a4}] C:\WINDOWS\system32\esycwfcu.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B9A0F22C-F17B-43C0-8D26-8F6D12E99ABE}] C:\WINDOWS\system32\vtstu.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C1418676-A36F-4453-B692-545F5A95A385}] C:\WINDOWS\system32\pmnli.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C1A7944D-BEC5-4542-9349-AF292A620ED0}] C:\WINDOWS\system32\awvvs.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E7F0CFF8-982F-4895-8575-954C1ADB5BA6}] C:\WINDOWS\system32\vturr.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEDAFC15-EE4E-4DF2-8E13-611B4A8C3958}] C:\WINDOWS\system32\sstqo.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FA7C0E79-D95B-4A27-B06F-463F2D5E6E71}] C:\WINDOWS\system32\ddaby.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FDEC25DE-9ABE-4D9E-A49D-8B05D5E5D59E}] C:\WINDOWS\system32\pmkhi.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-02 16:06 68856] "AdobeUpdater"="C:\Arquivos de programas\Arquivos comuns\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 09:37 2321600] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Lexmark 2200 Series"="C:\Arquivos de programas\Lexmark 2200 Series\lxbvbmgr.exe" [2004-02-13 10:36 57344] "SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "ccApp"="C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe" [2007-01-09 18:59 115816] "osCheck"="C:\Arquivos de programas\Norton Internet Security\osCheck.exe" [2007-01-13 20:11 771704] "Symantec PIF AlertEng"="C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22 517768] "Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 21:16 39792] "Adobe Photo Downloader"="C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 22:46 57344] C:\Documents and Settings\ADMIN\Menu Iniciar\Programas\Inicializar\ ubisoft register.lnk - C:\Arquivos de programas\Ubi Soft\Register\schedule.exe [2007-12-22 13:44:01 32768] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{A3717295-941D-416F-9384-ED1736729F1C}"= C:\Arquivos de programas\Scpad\scpLIB.dll [2007-04-24 21:22 128512] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{0015B936-D7A2-456A-AE04-EB9ABF822FE4}"= C:\DOCUME~1\ADMIN\CONFIG~1\Temp\~Temp2845ow.dll [2008-01-04 21:35 31968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "CompIBBrd"= {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll [2007-04-24 21:22 128512] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayyxuv] yayyxuv.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"= [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM73751612] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"= "C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"= "C:\\Arquivos de programas\\BitTorrent\\bittorrent.exe"= "C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"= "C:\\Arquivos de programas\\DNA\\btdna.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3150:TCP"= "9420:TCP"= 9420:TCP:Red Swoosh "5000:UDP"= 5000:UDP:Red Swoosh R2 Agendador do LiveUpdate automático;Agendador do LiveUpdate automático;"C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2007-01-18 09:32] S3 XDva006;XDva006;C:\WINDOWS\system32\XDva006.sys [] S3 XDva007;XDva007;C:\WINDOWS\system32\XDva007.sys [] S3 XDva019;XDva019;C:\WINDOWS\system32\XDva019.sys [] S3 XDva032;XDva032;C:\WINDOWS\system32\XDva032.sys [] S3 XDva033;XDva033;C:\WINDOWS\system32\XDva033.sys [] S3 XDva038;XDva038;C:\WINDOWS\system32\XDva038.sys [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bcbdb6aa-4336-11db-8a5b-806d6172696f}] \Shell\AutoRun\command - D:\MSWorks\autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de0549e8-9289-11db-8b32-001143d0f6f3}] \Shell\AutoRun\command - E:\LaunchU3.exe *Newly Created Service* - COMHOST . Conte£do da pasta 'Tarefas Agendadas' "2008-01-28 19:56:20 C:\WINDOWS\Tasks\Norton Internet Security - Verificação completa no sistema - ADMIN.job" ________________________________________________________________________ Logfile of HijackThis v1.99.1 Scan saved at 17:03, on 2008-04-10 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\AppCore\AppSvc32.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Lexmark 2200 Series\lxbvbmgr.exe C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Arquivos de programas\Lexmark 2200 Series\lxbvbmon.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Hijackthis\HijackThis.exe C:\WINDOWS\system32\rundll32.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/ O2 - BHO: (no name) - {03A47023-6A26-4BD0-9655-3B6B4494D98A} - C:\WINDOWS\system32\pmkhe.dll (file missing) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: (no name) - {2A98E5C9-1A68-4A7F-839B-31BE09C76FEC} - C:\WINDOWS\system32\vtsqr.dll (file missing) O2 - BHO: ssh2 Class - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll O2 - BHO: (no name) - {38E38FF8-89BC-4C1C-93F1-99BD0E900D2E} - C:\WINDOWS\system32\gebcy.dll (file missing) O2 - BHO: (no name) - {5D592948-1C16-4EF6-B142-335D0356F76E} - C:\WINDOWS\system32\ddaya.dll (file missing) O2 - BHO: (no name) - {746F3C11-9FB9-48AE-831E-907A4582FFD7} - C:\WINDOWS\system32\ssqrq.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7F459D20-5C34-4A7B-A3AD-478991E294C7} - C:\WINDOWS\system32\ssqro.dll (file missing) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: {4a4711f3-059b-d1cb-5f64-2cd05a911c6a} - {a6c119a5-0dc2-46f5-bc1d-b9503f1174a4} - C:\WINDOWS\system32\esycwfcu.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar4.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: (no name) - {B9A0F22C-F17B-43C0-8D26-8F6D12E99ABE} - C:\WINDOWS\system32\vtstu.dll (file missing) O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll O2 - BHO: (no name) - {C1418676-A36F-4453-B692-545F5A95A385} - C:\WINDOWS\system32\pmnli.dll (file missing) O2 - BHO: (no name) - {C1A7944D-BEC5-4542-9349-AF292A620ED0} - C:\WINDOWS\system32\awvvs.dll (file missing) O2 - BHO: (no name) - {E7F0CFF8-982F-4895-8575-954C1ADB5BA6} - C:\WINDOWS\system32\vturr.dll (file missing) O2 - BHO: (no name) - {EEDAFC15-EE4E-4DF2-8E13-611B4A8C3958} - C:\WINDOWS\system32\sstqo.dll (file missing) O2 - BHO: (no name) - {FA7C0E79-D95B-4A27-B06F-463F2D5E6E71} - C:\WINDOWS\system32\ddaby.dll (file missing) O2 - BHO: (no name) - {FDEC25DE-9ABE-4D9E-A49D-8B05D5E5D59E} - C:\WINDOWS\system32\pmkhi.dll (file missing) O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar4.dll O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Arquivos de programas\Lexmark 2200 Series\lxbvbmgr.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Arquivos de programas\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [AdobeUpdater] C:\Arquivos de programas\Arquivos comuns\Adobe\Updater5\AdobeUpdater.exe O4 - Startup: ubisoft register.lnk = C:\Arquivos de programas\Ubi Soft\Register\schedule.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Assistente Tecnico Speedy.lnk = C:\Arquivos de programas\Assistente Tecnico Speedy\bin\matcli.exe O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Abrir em uma nova guia do plano de fundo - res://C:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/229?4dbcf6441ea745f095d59b87932221d7 O8 - Extra context menu item: Abrir em uma nova guia do primeiro plano - res://C:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/230?4dbcf6441ea745f095d59b87932221d7 O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1203952871593 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: yayyxuv - yayyxuv.dll (file missing) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll O23 - Service: Agendador do LiveUpdate automático - Symantec Corporation - C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing) O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\VAScanner\comHost.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Arquivos de programas\Norton Internet Security\isPwdSvc.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LiveUpdate - Symantec Corporation - C:\ARQUIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing) O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\AppCore\AppSvc32.exe Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Abril 11, 2008 Bom Dia! Mugen >@< Abra o HijackThis e,com todos os programas fechados,dê Fix nestas entradas: O2 - BHO: (no name) - {03A47023-6A26-4BD0-9655-3B6B4494D98A} - C:\WINDOWS\system32\pmkhe.dll (file missing)O2 - BHO: (no name) - {2A98E5C9-1A68-4A7F-839B-31BE09C76FEC} - C:\WINDOWS\system32\vtsqr.dll (file missing) O2 - BHO: (no name) - {38E38FF8-89BC-4C1C-93F1-99BD0E900D2E} - C:\WINDOWS\system32\gebcy.dll (file missing) O2 - BHO: (no name) - {5D592948-1C16-4EF6-B142-335D0356F76E} - C:\WINDOWS\system32\ddaya.dll (file missing) O2 - BHO: (no name) - {746F3C11-9FB9-48AE-831E-907A4582FFD7} - C:\WINDOWS\system32\ssqrq.dll (file missing) O2 - BHO: (no name) - {7F459D20-5C34-4A7B-A3AD-478991E294C7} - C:\WINDOWS\system32\ssqro.dll (file missing) O2 - BHO: {4a4711f3-059b-d1cb-5f64-2cd05a911c6a} - {a6c119a5-0dc2-46f5-bc1d-b9503f1174a4} - C:\WINDOWS\system32\esycwfcu.dll(file missing) O2 - BHO: (no name) - {B9A0F22C-F17B-43C0-8D26-8F6D12E99ABE} - C:\WINDOWS\system32\vtstu.dll (file missing) O2 - BHO: (no name) - {C1418676-A36F-4453-B692-545F5A95A385} - C:\WINDOWS\system32\pmnli.dll (file missing) O2 - BHO: (no name) - {C1A7944D-BEC5-4542-9349-AF292A620ED0} - C:\WINDOWS\system32\awvvs.dll (file missing) O2 - BHO: (no name) - {E7F0CFF8-982F-4895-8575-954C1ADB5BA6} - C:\WINDOWS\system32\vturr.dll (file missing) O2 - BHO: (no name) - {EEDAFC15-EE4E-4DF2-8E13-611B4A8C3958} - C:\WINDOWS\system32\sstqo.dll (file missing) O2 - BHO: (no name) - {FA7C0E79-D95B-4A27-B06F-463F2D5E6E71} - C:\WINDOWS\system32\ddaby.dll (file missing) O2 - BHO: (no name) - {FDEC25DE-9ABE-4D9E-A49D-8B05D5E5D59E} - C:\WINDOWS\system32\pmkhi.dll (file missing) O20 - Winlogon Notify: yayyxuv - yayyxuv.dll (file missing) @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ Delete: C:\QooBox C:\ComboFix.txt << Log anterior do ComboFix. ____________________________ >@< Selecione e copie,todo o conteúdo que está na área do código,para o Bloco de Notas. >@< Salve-o,no Desktop,com o nome: CFScript.txt File::E:\LaunchU3.exe C:\WINDOWS\system32\koimdimu.dll C:\WINDOWS\system32\hgwqofnp.dll C:\WINDOWS\system32\pdwufuym.ini C:\WINDOWS\system32\myptvahc.dll C:\WINDOWS\system32\tdbetgsp.ini C:\WINDOWS\system32\dbisbqrp.dll C:\WINDOWS\system32\nhjihevu.dll C:\WINDOWS\system32\cmoswuly.ini C:\WINDOWS\system32\ynmsobox.dll C:\WINDOWS\system32\bpdxxgqp.dll C:\WINDOWS\system32\bxnqfqvu.dll C:\WINDOWS\system32\fopgechp.dll C:\WINDOWS\system32\qmhtpbyr.ini C:\WINDOWS\system32\nnoilaxj.ini C:\WINDOWS\system32\batpyycb.ini C:\WINDOWS\system32\jvxkfxlp.ini C:\WINDOWS\system32\nyjiovdb.ini C:\WINDOWS\system32\gphxmrwe.ini C:\WINDOWS\system32\uprlcjup.ini C:\WINDOWS\system32\jmlhqbjr.ini C:\WINDOWS\system32\xohntlho.ini C:\WINDOWS\system32\lsdylpyy.ini C:\WINDOWS\system32\uxbphdon.ini C:\WINDOWS\system32\csdfrcgs.ini C:\WINDOWS\system32\idmbmhbm.ini C:\WINDOWS\system32\qbqolacq.ini C:\WINDOWS\system32\fkjvslwe.ini C:\WINDOWS\system32\nyyauiim.ini C:\Arquivos de programas\Lavalys C:\WINDOWS\system32\gmbmtowm.ini C:\WINDOWS\system32\ijkjxolc.ini C:\WINDOWS\system32\mcsvirty.ini C:\WINDOWS\system32\gxcqsrku.ini C:\WINDOWS\system32\qxvibcae.ini C:\WINDOWS\system32\asdilncu.ini C:\WINDOWS\system32\egijmwtk.ini C:\WINDOWS\system32\jiggypnc.ini C:\WINDOWS\system32\qbvqxcav.ini C:\WINDOWS\system32\xkwwipga.ini C:\WINDOWS\system32\punassvm.ini C:\WINDOWS\system32\gqvnnkpv.ini C:\WINDOWS\system32\bjbjbsic.ini C:\WINDOWS\system32\lbgheikn.ini C:\WINDOWS\system32\frerbqvk.ini C:\WINDOWS\system32\mkeidmqw.ini C:\WINDOWS\system32\lgyqcvfy.ini C:\WINDOWS\system32\ifowycvc.ini C:\WINDOWS\system32\raimkemw.ini C:\WINDOWS\system32\qeefykhn.ini C:\WINDOWS\system32\uafbqxcp.ini C:\WINDOWS\system32\xorujkgk.ini C:\WINDOWS\system32\xbhxebdm.ini C:\WINDOWS\system32\fpugmuvl.ini C:\WINDOWS\system32\wopesptu.ini C:\WINDOWS\system32\ysvdmico.ini C:\WINDOWS\system32\jqyqvtgk.ini C:\WINDOWS\system32\eftnddeq.ini C:\WINDOWS\system32\iswvhiwq.ini C:\WINDOWS\system32\rpoivtrg.ini C:\WINDOWS\system32\ukjrakim.ini Registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de0549e8-9289-11db-8b32-001143d0f6f3}] Folder:: C:\VundoFix Backups >@< Arraste,com o Mouse,o CFScript.txt para o ícone do ComboFix. >@< Veja a demonstração! >@< Com esse procedimento,o ComboFix irá executar e,reiniciará o computador,automaticamente! >@< Caso não reinicie,faça-o manualmente! >@< Durante a execução,não utilize o teclado ou Mouse! >@< Terminando,poste o relatório C:\ComboFix.txt + HJT,atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Mugen 0 Denunciar post Postado Abril 11, 2008 Bom dia DigRam! tai ;) ComboFix 08-04-09.9 - ADMIN 2008-04-11 11:29:27.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.191 [GMT -3:00] Executando de: C:\Documents and Settings\ADMIN\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\ADMIN\Desktop\CFScript.txt.txt * Criado um novo ponto de restauro WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\Arquivos de programas\Lavalys C:\WINDOWS\system32\asdilncu.ini C:\WINDOWS\system32\batpyycb.ini C:\WINDOWS\system32\bjbjbsic.ini C:\WINDOWS\system32\bpdxxgqp.dll C:\WINDOWS\system32\bxnqfqvu.dll C:\WINDOWS\system32\cmoswuly.ini C:\WINDOWS\system32\csdfrcgs.ini C:\WINDOWS\system32\dbisbqrp.dll C:\WINDOWS\system32\eftnddeq.ini C:\WINDOWS\system32\egijmwtk.ini C:\WINDOWS\system32\fkjvslwe.ini C:\WINDOWS\system32\fopgechp.dll C:\WINDOWS\system32\fpugmuvl.ini C:\WINDOWS\system32\frerbqvk.ini C:\WINDOWS\system32\gmbmtowm.ini C:\WINDOWS\system32\gphxmrwe.ini C:\WINDOWS\system32\gqvnnkpv.ini C:\WINDOWS\system32\gxcqsrku.ini C:\WINDOWS\system32\hgwqofnp.dll C:\WINDOWS\system32\idmbmhbm.ini C:\WINDOWS\system32\ifowycvc.ini C:\WINDOWS\system32\ijkjxolc.ini C:\WINDOWS\system32\iswvhiwq.ini C:\WINDOWS\system32\jiggypnc.ini C:\WINDOWS\system32\jmlhqbjr.ini C:\WINDOWS\system32\jqyqvtgk.ini C:\WINDOWS\system32\jvxkfxlp.ini C:\WINDOWS\system32\koimdimu.dll C:\WINDOWS\system32\lbgheikn.ini C:\WINDOWS\system32\lgyqcvfy.ini C:\WINDOWS\system32\lsdylpyy.ini C:\WINDOWS\system32\mcsvirty.ini C:\WINDOWS\system32\mkeidmqw.ini C:\WINDOWS\system32\myptvahc.dll C:\WINDOWS\system32\nhjihevu.dll C:\WINDOWS\system32\nnoilaxj.ini C:\WINDOWS\system32\nyjiovdb.ini C:\WINDOWS\system32\nyyauiim.ini C:\WINDOWS\system32\pdwufuym.ini C:\WINDOWS\system32\punassvm.ini C:\WINDOWS\system32\qbqolacq.ini C:\WINDOWS\system32\qbvqxcav.ini C:\WINDOWS\system32\qeefykhn.ini C:\WINDOWS\system32\qmhtpbyr.ini C:\WINDOWS\system32\qxvibcae.ini C:\WINDOWS\system32\raimkemw.ini C:\WINDOWS\system32\rpoivtrg.ini C:\WINDOWS\system32\tdbetgsp.ini C:\WINDOWS\system32\uafbqxcp.ini C:\WINDOWS\system32\ukjrakim.ini C:\WINDOWS\system32\uprlcjup.ini C:\WINDOWS\system32\uxbphdon.ini C:\WINDOWS\system32\wopesptu.ini C:\WINDOWS\system32\xbhxebdm.ini C:\WINDOWS\system32\xkwwipga.ini C:\WINDOWS\system32\xohntlho.ini C:\WINDOWS\system32\xorujkgk.ini C:\WINDOWS\system32\ynmsobox.dll C:\WINDOWS\system32\ysvdmico.ini E:\LaunchU3.exe . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . C:\VundoFix Backups C:\VundoFix Backups\addmorefiles.txt C:\VundoFix Backups\awtqo.dll.bad C:\VundoFix Backups\awtqr.dll.bad C:\VundoFix Backups\awtst.dll.bad C:\VundoFix Backups\ayadd.ini.bad C:\VundoFix Backups\ayadd.ini2.bad C:\VundoFix Backups\btjvfgco.ini.bad C:\VundoFix Backups\ddaby.dll.bad C:\VundoFix Backups\ddaya.dll.bad C:\VundoFix Backups\ddccd.dll.bad C:\VundoFix Backups\ehkmp.ini.bad C:\VundoFix Backups\ehkmp.ini2.bad C:\VundoFix Backups\fgajjxwx.dll.bad C:\VundoFix Backups\fhhkj.ini.bad C:\VundoFix Backups\fhhkj.ini2.bad C:\VundoFix Backups\gebcy.dll.bad C:\VundoFix Backups\huoewhtf.ini.bad C:\VundoFix Backups\ihhkj.ini.bad C:\VundoFix Backups\ihhkj.ini2.bad C:\VundoFix Backups\ihkmp.ini.bad C:\VundoFix Backups\ihkmp.ini2.bad C:\VundoFix Backups\ijkmp.ini.bad C:\VundoFix Backups\ijkmp.ini2.bad C:\VundoFix Backups\jkhhf.dll.bad C:\VundoFix Backups\jkhhi.dll.bad C:\VundoFix Backups\kjjlm.ini.bad C:\VundoFix Backups\kjjlm.ini2.bad C:\VundoFix Backups\mdeqvegj.ini.bad C:\VundoFix Backups\mljjk.dll.bad C:\VundoFix Backups\oirkrtcd.ini.bad C:\VundoFix Backups\oqtwa.ini.bad C:\VundoFix Backups\oqtwa.ini2.bad C:\VundoFix Backups\orqss.ini.bad C:\VundoFix Backups\orqss.ini2.bad C:\VundoFix Backups\piewijte.dll.bad C:\VundoFix Backups\pmkhe.dll.bad C:\VundoFix Backups\pmkhi.dll.bad C:\VundoFix Backups\pmkji.dll.bad C:\VundoFix Backups\pmnli.dll.bad C:\VundoFix Backups\qmiciuyk.dll.bad C:\VundoFix Backups\rqstv.ini.bad C:\VundoFix Backups\rqstv.ini2.bad C:\VundoFix Backups\rtipmcgg.ini.bad C:\VundoFix Backups\ssqpq.dll.bad C:\VundoFix Backups\ssqro.dll.bad C:\VundoFix Backups\ssqrq.dll.bad C:\VundoFix Backups\sstqo.dll.bad C:\VundoFix Backups\ssttu.dll.bad C:\VundoFix Backups\svvwa.ini.bad C:\VundoFix Backups\svvwa.ini2.bad C:\VundoFix Backups\tstwa.ini.bad C:\VundoFix Backups\tstwa.ini2.bad C:\VundoFix Backups\utmlhobj.ini.bad C:\VundoFix Backups\utstv.ini.bad C:\VundoFix Backups\utstv.ini2.bad C:\VundoFix Backups\uttss.ini.bad C:\VundoFix Backups\uttss.ini2.bad C:\VundoFix Backups\vtsqr.dll.bad C:\VundoFix Backups\vtstu.dll.bad C:\VundoFix Backups\vturq.dll.bad C:\VundoFix Backups\vturr.dll.bad C:\VundoFix Backups\xvctprpi.ini.bad C:\VundoFix Backups\ybadd.ini.bad C:\VundoFix Backups\ybadd.ini2.bad C:\VundoFix Backups\ycbeg.ini.bad C:\VundoFix Backups\ycbeg.ini2.bad C:\VundoFix Backups\ytnvjdgi.dll.bad C:\WINDOWS\system32\asdilncu.ini C:\WINDOWS\system32\batpyycb.ini C:\WINDOWS\system32\bjbjbsic.ini C:\WINDOWS\system32\cmoswuly.ini C:\WINDOWS\system32\csdfrcgs.ini C:\WINDOWS\system32\eftnddeq.ini C:\WINDOWS\system32\egijmwtk.ini C:\WINDOWS\system32\fkjvslwe.ini C:\WINDOWS\system32\fpugmuvl.ini C:\WINDOWS\system32\frerbqvk.ini C:\WINDOWS\system32\gmbmtowm.ini C:\WINDOWS\system32\gphxmrwe.ini C:\WINDOWS\system32\gqvnnkpv.ini C:\WINDOWS\system32\gxcqsrku.ini C:\WINDOWS\system32\idmbmhbm.ini C:\WINDOWS\system32\ifowycvc.ini C:\WINDOWS\system32\ijkjxolc.ini C:\WINDOWS\system32\iswvhiwq.ini C:\WINDOWS\system32\jiggypnc.ini C:\WINDOWS\system32\jmlhqbjr.ini C:\WINDOWS\system32\jqyqvtgk.ini C:\WINDOWS\system32\jvxkfxlp.ini C:\WINDOWS\system32\lbgheikn.ini C:\WINDOWS\system32\lgyqcvfy.ini C:\WINDOWS\system32\lsdylpyy.ini C:\WINDOWS\system32\mcsvirty.ini C:\WINDOWS\system32\mkeidmqw.ini C:\WINDOWS\system32\nnoilaxj.ini C:\WINDOWS\system32\nyjiovdb.ini C:\WINDOWS\system32\nyyauiim.ini C:\WINDOWS\system32\pdwufuym.ini C:\WINDOWS\system32\punassvm.ini C:\WINDOWS\system32\qbqolacq.ini C:\WINDOWS\system32\qbvqxcav.ini C:\WINDOWS\system32\qeefykhn.ini C:\WINDOWS\system32\qmhtpbyr.ini C:\WINDOWS\system32\qxvibcae.ini C:\WINDOWS\system32\raimkemw.ini C:\WINDOWS\system32\rpoivtrg.ini C:\WINDOWS\system32\tdbetgsp.ini C:\WINDOWS\system32\uafbqxcp.ini C:\WINDOWS\system32\ukjrakim.ini C:\WINDOWS\system32\uprlcjup.ini C:\WINDOWS\system32\uxbphdon.ini C:\WINDOWS\system32\wopesptu.ini C:\WINDOWS\system32\xbhxebdm.ini C:\WINDOWS\system32\xkwwipga.ini C:\WINDOWS\system32\xohntlho.ini C:\WINDOWS\system32\xorujkgk.ini C:\WINDOWS\system32\ysvdmico.ini . ((((((((((((((((((((((( Ficheiros criados de 2008-03-11 to 2008-04-11 )))))))))))))))))))))))))))))))) . 2008-04-09 13:38 . 2008-04-11 11:20 <DIR> d-------- C:\Hijackthis 2008-04-01 15:33 . 2008-04-01 15:33 <DIR> d-------- C:\Arquivos de programas\Lavalys 2008-03-29 14:07 . 2004-08-04 00:45 33,280 --a------ C:\WINDOWS\system32\rundll32.exe 2008-03-29 14:07 . 2004-08-04 00:45 33,280 --a--c--- C:\WINDOWS\system32\dllcache\rundll32.exe 2008-03-23 17:45 . 2008-03-23 17:45 <DIR> d-------- C:\Documents and Settings\Lilian\Dados de aplicativos\DivX 2008-03-23 17:45 . 2008-02-20 23:05 129,784 --------- C:\WINDOWS\system32\pxafs.dll 2008-03-23 17:45 . 2008-02-20 23:05 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys 2008-03-23 17:45 . 2008-02-20 23:05 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys 2008-03-23 16:30 . 2008-03-30 20:45 <DIR> d-------- C:\Documents and Settings\Lilian\Dados de aplicativos\DNA 2008-03-23 16:30 . 2008-03-23 16:30 <DIR> d-------- C:\Arquivos de programas\DNA 2008-03-23 16:30 . 2008-03-23 16:30 <DIR> d-------- C:\Arquivos de programas\BitTorrent 2008-03-23 15:59 . 2008-03-23 15:59 <DIR> d-------- C:\Documents and Settings\Lilian\Torrents 2008-03-23 15:55 . 2008-04-10 11:00 <DIR> d-------- C:\Arquivos de programas\RSSoft 2008-03-23 15:34 . 2008-03-23 15:34 <DIR> d-------- C:\Arquivos de programas\CCleaner 2008-03-19 13:35 . 2008-04-10 13:51 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-03-19 13:35 . 2008-03-19 13:35 1,409 --a------ C:\WINDOWS\QTFont.for 2008-03-15 07:55 . 2008-03-15 07:55 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\TERMINAL Studio 2008-03-15 07:35 . 2008-03-15 07:35 63 --a------ C:\WINDOWS\system32\70463700 . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-11 14:28 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Symantec Shared 2008-04-11 02:24 --------- d-----w C:\Arquivos de programas\Lineage II 2008-04-10 21:30 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Symantec 2008-03-30 20:08 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy 2008-03-28 02:03 --------- d-----w C:\Documents and Settings\ADMIN\Dados de aplicativos\U3 2008-03-23 20:54 --------- d-----w C:\Documents and Settings\Lilian\Dados de aplicativos\BitTorrent 2008-03-23 20:46 --------- d-----w C:\Arquivos de programas\DivX 2008-03-23 18:54 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information 2008-03-23 17:39 --------- d-----w C:\Arquivos de programas\Spybot - Search & Destroy 2008-03-18 14:24 --------- d-----w C:\Arquivos de programas\Atrativa Games 2008-03-03 20:24 --------- d-----w C:\Arquivos de programas\Programas RFB 2008-02-26 14:09 --------- d-----w C:\Arquivos de programas\MSN Messenger 2008-02-26 14:09 --------- d-----w C:\Arquivos de programas\Messenger Plus! Live 2008-02-21 02:05 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2008-02-21 02:05 43,528 -c----w C:\WINDOWS\system32\drivers\PxHelp20.sys 2008-02-21 02:05 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2008-02-21 02:05 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2008-02-21 02:05 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe 2008-02-21 02:05 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe 2008-02-21 02:05 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2008-02-21 02:04 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2008-02-21 02:04 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2008-02-21 02:04 682,496 ----a-w C:\WINDOWS\system32\DivX.dll 2008-02-21 02:04 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2008-02-21 02:04 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2008-02-21 02:04 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2008-02-21 02:04 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2008-02-21 02:04 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2008-02-21 02:03 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2008-02-21 02:03 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2008-02-19 00:02 --------- d-----w C:\Documents and Settings\Lilian\Dados de aplicativos\U3 . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* entradas vazias & legítimas por defeito não são mostradas. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-02 16:06 68856] "AdobeUpdater"="C:\Arquivos de programas\Arquivos comuns\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 09:37 2321600] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Lexmark 2200 Series"="C:\Arquivos de programas\Lexmark 2200 Series\lxbvbmgr.exe" [2004-02-13 10:36 57344] "SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "ccApp"="C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe" [2007-01-09 18:59 115816] "osCheck"="C:\Arquivos de programas\Norton Internet Security\osCheck.exe" [2007-01-13 20:11 771704] "Symantec PIF AlertEng"="C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22 517768] "Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 21:16 39792] "Adobe Photo Downloader"="C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 22:46 57344] C:\Documents and Settings\ADMIN\Menu Iniciar\Programas\Inicializar\ ubisoft register.lnk - C:\Arquivos de programas\Ubi Soft\Register\schedule.exe [2007-12-22 13:44:01 32768] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{A3717295-941D-416F-9384-ED1736729F1C}"= C:\Arquivos de programas\Scpad\scpLIB.dll [2007-04-24 21:22 128512] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{0015B936-D7A2-456A-AE04-EB9ABF822FE4}"= C:\DOCUME~1\ADMIN\CONFIG~1\Temp\~Temp2845ow.dll [2008-01-04 21:35 31968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "CompIBBrd"= {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll [2007-04-24 21:22 128512] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"= [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM73751612] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"= "C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"= "C:\\Arquivos de programas\\BitTorrent\\bittorrent.exe"= "C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"= "C:\\Arquivos de programas\\DNA\\btdna.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3150:TCP"= "9420:TCP"= 9420:TCP:Red Swoosh "5000:UDP"= 5000:UDP:Red Swoosh R2 Agendador do LiveUpdate automático;Agendador do LiveUpdate automático;"C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2007-01-18 09:32] S3 XDva006;XDva006;C:\WINDOWS\system32\XDva006.sys [] S3 XDva007;XDva007;C:\WINDOWS\system32\XDva007.sys [] S3 XDva019;XDva019;C:\WINDOWS\system32\XDva019.sys [] S3 XDva032;XDva032;C:\WINDOWS\system32\XDva032.sys [] S3 XDva033;XDva033;C:\WINDOWS\system32\XDva033.sys [] S3 XDva038;XDva038;C:\WINDOWS\system32\XDva038.sys [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bcbdb6aa-4336-11db-8a5b-806d6172696f}] \Shell\AutoRun\command - D:\MSWorks\autorun.exe *Newly Created Service* - COMHOST . Conteúdo da pasta 'Tarefas Agendadas' "2008-01-28 19:56:20 C:\WINDOWS\Tasks\Norton Internet Security - Verificação completa no sistema - ADMIN.job" - C:\Arquivos de programas\Norton Internet Security\Norton AntiVirus\Navw32.exel/TASK: "2008-04-07 23:00:00 C:\WINDOWS\Tasks\Norton Internet Security - Verificação completa no sistema - Lilian.job" - C:\Arquivos de programas\Norton Internet Security\Norton AntiVirus\Navw32.exel/TASK: . ************************************************************************** catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-11 11:31:10 Windows 5.1.2600 Service Pack 2 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros ocultos ... Varredura completada com sucesso Ficheiros ocultos: 0 ************************************************************************** . Tempo para conclusão: 2008-04-11 11:32:08 ComboFix-quarantined-files.txt 2008-04-11 14:32:04 Pre-Run: 33,633,972,224 bytes disponíveis Post-Run: 33,623,584,768 bytes disponíveis ______________________________________________________________________________ Logfile of HijackThis v1.99.1 Scan saved at 11:38, on 2008-04-11 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\AppCore\AppSvc32.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Lexmark 2200 Series\lxbvbmgr.exe C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe C:\Arquivos de programas\Lexmark 2200 Series\lxbvbmon.exe C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/ O1 - Hosts: 91.185.193.200 l2authd.lineage2.com O1 - Hosts: 91.185.193.200 l2patcher.lineage2.com O1 - Hosts: 91.185.193.200 nProtect.lineage2.com O2 - BHO: (no name) - {03A47023-6A26-4BD0-9655-3B6B4494D98A} - C:\WINDOWS\system32\pmkhe.dll (file missing) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: (no name) - {2A98E5C9-1A68-4A7F-839B-31BE09C76FEC} - C:\WINDOWS\system32\vtsqr.dll (file missing) O2 - BHO: ssh2 Class - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll O2 - BHO: (no name) - {38E38FF8-89BC-4C1C-93F1-99BD0E900D2E} - C:\WINDOWS\system32\gebcy.dll (file missing) O2 - BHO: (no name) - {5D592948-1C16-4EF6-B142-335D0356F76E} - C:\WINDOWS\system32\ddaya.dll (file missing) O2 - BHO: (no name) - {746F3C11-9FB9-48AE-831E-907A4582FFD7} - C:\WINDOWS\system32\ssqrq.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7F459D20-5C34-4A7B-A3AD-478991E294C7} - C:\WINDOWS\system32\ssqro.dll (file missing) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: {4a4711f3-059b-d1cb-5f64-2cd05a911c6a} - {a6c119a5-0dc2-46f5-bc1d-b9503f1174a4} - C:\WINDOWS\system32\esycwfcu.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar4.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: (no name) - {B9A0F22C-F17B-43C0-8D26-8F6D12E99ABE} - C:\WINDOWS\system32\vtstu.dll (file missing) O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll O2 - BHO: (no name) - {C1418676-A36F-4453-B692-545F5A95A385} - C:\WINDOWS\system32\pmnli.dll (file missing) O2 - BHO: (no name) - {C1A7944D-BEC5-4542-9349-AF292A620ED0} - C:\WINDOWS\system32\awvvs.dll (file missing) O2 - BHO: (no name) - {E7F0CFF8-982F-4895-8575-954C1ADB5BA6} - C:\WINDOWS\system32\vturr.dll (file missing) O2 - BHO: (no name) - {EEDAFC15-EE4E-4DF2-8E13-611B4A8C3958} - C:\WINDOWS\system32\sstqo.dll (file missing) O2 - BHO: (no name) - {FA7C0E79-D95B-4A27-B06F-463F2D5E6E71} - C:\WINDOWS\system32\ddaby.dll (file missing) O2 - BHO: (no name) - {FDEC25DE-9ABE-4D9E-A49D-8B05D5E5D59E} - C:\WINDOWS\system32\pmkhi.dll (file missing) O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar4.dll O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\coShared\Browser\1.5\UIBHO.dll O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Arquivos de programas\Lexmark 2200 Series\lxbvbmgr.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Arquivos de programas\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [AdobeUpdater] C:\Arquivos de programas\Arquivos comuns\Adobe\Updater5\AdobeUpdater.exe O4 - Startup: ubisoft register.lnk = C:\Arquivos de programas\Ubi Soft\Register\schedule.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Assistente Tecnico Speedy.lnk = C:\Arquivos de programas\Assistente Tecnico Speedy\bin\matcli.exe O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Abrir em uma nova guia do plano de fundo - res://C:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/229?4dbcf6441ea745f095d59b87932221d7 O8 - Extra context menu item: Abrir em uma nova guia do primeiro plano - res://C:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/230?4dbcf6441ea745f095d59b87932221d7 O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1203952871593 O17 - HKLM\System\CCS\Services\Tcpip\..\{DDB7FE88-2825-47DA-8F61-DB58CCEEFF11}: NameServer = 200.204.0.10 200.204.0.138 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: yayyxuv - yayyxuv.dll (file missing) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll O23 - Service: Agendador do LiveUpdate automático - Symantec Corporation - C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing) O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\VAScanner\comHost.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Arquivos de programas\Norton Internet Security\isPwdSvc.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LiveUpdate - Symantec Corporation - C:\ARQUIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing) O23 - Service: PsExec (PSEXESVC) - Unknown owner - C:\WINDOWS\PSEXESVC.EXE (file missing) O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\AppCore\AppSvc32.exe Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Abril 11, 2008 Boa Tarde! Mugen >@< Abra o HijackThis,e clique em Do a system scan only. >@< Marque as entradas,logo abaixo. ( ...são as caixinhas! ) O1 - Hosts: 91.185.193.200 l2authd.lineage2.comO1 - Hosts: 91.185.193.200 l2patcher.lineage2.com O1 - Hosts: 91.185.193.200 nProtect.lineage2.com O2 - BHO: (no name) - {03A47023-6A26-4BD0-9655-3B6B4494D98A} - C:\WINDOWS\system32\pmkhe.dll (file missing) O2 - BHO: (no name) - {2A98E5C9-1A68-4A7F-839B-31BE09C76FEC} - C:\WINDOWS\system32\vtsqr.dll (file missing) O2 - BHO: (no name) - {38E38FF8-89BC-4C1C-93F1-99BD0E900D2E} - C:\WINDOWS\system32\gebcy.dll (file missing) O2 - BHO: (no name) - {5D592948-1C16-4EF6-B142-335D0356F76E} - C:\WINDOWS\system32\ddaya.dll (file missing) O2 - BHO: (no name) - {746F3C11-9FB9-48AE-831E-907A4582FFD7} - C:\WINDOWS\system32\ssqrq.dll (file missing) O2 - BHO: (no name) - {7F459D20-5C34-4A7B-A3AD-478991E294C7} - C:\WINDOWS\system32\ssqro.dll (file missing) O2 - BHO: {4a4711f3-059b-d1cb-5f64-2cd05a911c6a} - {a6c119a5-0dc2-46f5-bc1d-b9503f1174a4} - C:\WINDOWS\system32\esycwfcu.dll (file missing) O2 - BHO: (no name) - {B9A0F22C-F17B-43C0-8D26-8F6D12E99ABE} - C:\WINDOWS\system32\vtstu.dll (file missing) O2 - BHO: (no name) - {C1418676-A36F-4453-B692-545F5A95A385} - C:\WINDOWS\system32\pmnli.dll (file missing) O2 - BHO: (no name) - {C1A7944D-BEC5-4542-9349-AF292A620ED0} - C:\WINDOWS\system32\awvvs.dll (file missing) O2 - BHO: (no name) - {E7F0CFF8-982F-4895-8575-954C1ADB5BA6} - C:\WINDOWS\system32\vturr.dll (file missing) O2 - BHO: (no name) - {EEDAFC15-EE4E-4DF2-8E13-611B4A8C3958} - C:\WINDOWS\system32\sstqo.dll (file missing) O2 - BHO: (no name) - {FA7C0E79-D95B-4A27-B06F-463F2D5E6E71} - C:\WINDOWS\system32\ddaby.dll (file missing) O2 - BHO: (no name) - {FDEC25DE-9ABE-4D9E-A49D-8B05D5E5D59E} - C:\WINDOWS\system32\pmkhi.dll (file missing) O20 - Winlogon Notify: yayyxuv - yayyxuv.dll (file missing >@< Com estas entradas marcadas,clique à seguir,em Fix checked. >@< Terminando,feche o programa. @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ >@< Faça o download da EliStarA. >@< Na página,clique no botão: Descargar EliStarA v xx.xx,que fica situado ao pé da página. >@< Salve a ferramenta no Disco Local-C,em uma pasta própria. >@< Faça o download do ELINOTIF.DLL. >@< Salve-o,no interior da pasta criada para EliStarA! << Importante! >@< Desabilite as proteções residentes de AntiVírus e AntiSpyware. >@< Reinicie o computador em Modo de Segurança. >@< Vá ao ícone de EliStarA e execute-a! >@< Aguarde,com paciência,o término do scan. >@< Terminando,será gerado um relatório ( infoSat.txt ),no Disco Local-C. >@< A ferramenta deletará,a sua página inicial,posteriormente voçê à configurará novamente. >@< Reinicie,normalmente,o computador! >@< Faça e poste,na sua resposta: infoSat.txt + HJT,atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Mário Monteiro 179 Denunciar post Postado Junho 13, 2008 Tópico Arquivado Como o autor não respondeu por mais de 20 dias, o tópico foi arquivado. Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura. Compartilhar este post Link para o post Compartilhar em outros sites
