Ir ao conteúdo
  • Cadastre-se

eng02

Membros Plenos
  • Total de itens

    106
  • Registro em

  • Última visita

  • Qualificações

    0%

Reputação

0

Sobre eng02

  • Data de Nascimento 04/06/1982 (37 anos)

Informações gerais

  • Cidade e Estado
    São Paulo
  1. eng02

    Remover Vundo...log

    AntivirusVersionUpdateResult AhnLab-V32007.5.10.005.11.2007no virus foundAntiVir7.4.0.1505.11.2007no virus foundAuthentium4.93.805.11.2007no virus foundAvast4.7.997.005.11.2007no virus foundAVG7.5.0.46705.11.2007no virus foundBitDefender7.205.12.2007no virus foundCAT-QuickHeal9.0005.11.2007no virus foundClamAVdevel-2007041605.11.2007no virus foundDrWeb4.3305.12.2007no virus foundeSafe7.0.15.005.10.2007no virus foundeTrust-Vet30.7.362805.11.2007no virus foundEwido4.005.11.2007no virus foundFileAdvisor105.12.2007no virus foundFortinet2.85.0.005.11.2007no virus foundF-Prot4.3.2.4805.11.2007no virus foundF-Secure6.70.13030.005.11.2007no virus foundIkarusT3.1.1.705.11.2007no virus foundKaspersky4.0.2.2405.12.2007no virus foundMcAfee502905.11.2007no virus foundMicrosoft1.250305.12.2007no virus foundNOD32v2226205.12.2007no virus foundNorman5.80.0205.11.2007no virus foundPanda9.0.0.405.11.2007no virus foundPrevx1V205.12.2007no virus foundSophos4.17.005.11.2007no virus foundSunbelt2.2.907.005.12.2007no virus foundSymantec1005.12.2007no virus foundTheHacker6.1.6.11205.10.2007no virus foundVBA323.12.005.11.2007no virus foundVirusBuster4.3.7:905.11.2007no virus foundWebwasher-Gateway6.0.105.11.2007no virus found
  2. eng02

    Remover Vundo...log

    Logfile of HijackThis v1.99.1 Scan saved at 21:23:46, on 10/5/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Network Associates\VirusScan\SHSTAT.EXE C:\Arquivos de programas\Network Associates\Common Framework\UpdaterUI.exe C:\Arquivos de programas\Arquivos comuns\Network Associates\TalkBack\TBMon.exe C:\Arquivos de programas\Lexmark 3100 Series\lxbrbmgr.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Free Download Manager\fdm.exe C:\Arquivos de programas\Messenger\msmsgs.exe C:\Arquivos de programas\Lexmark 3100 Series\lxbrbmon.exe C:\Arquivos de programas\Lexmark 3100 Series\lxbrcmon.exe C:\Arquivos de programas\IVT Corporation\BlueSoleil\BTNtService.exe C:\Arquivos de programas\Network Associates\Common Framework\FrameworkService.exe C:\Arquivos de programas\Network Associates\VirusScan\Mcshield.exe C:\ARQUIV~1\NETWOR~1\COMMON~1\naPrdMgr.exe C:\Arquivos de programas\Network Associates\VirusScan\VsTskMgr.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Sygate\SPF\smc.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\Arquivos de programas\MSN Messenger\msnmsgr.exe C:\Arquivos de programas\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\marcelo\Desktop\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\WINDOWS\system32\scpsssh2.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdmcks.dll O4 - HKLM\..\Run: [smcService] C:\ARQUIV~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [shStatEXE] "C:\Arquivos de programas\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Arquivos de programas\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Arquivos de programas\Arquivos comuns\Network Associates\TalkBack\TBMon.exe" O4 - HKLM\..\Run: [Lexmark 3100 Series] "C:\Arquivos de programas\Lexmark 3100 Series\lxbrbmgr.exe" O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Free Download Manager] C:\Arquivos de programas\Free Download Manager\fdm.exe -autorun O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [updateMgr] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1 O4 - HKCU\..\Run: [eMuleAutoStart] C:\Arquivos de programas\eMule\emule.exe -AutoStart O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Arquivos de programas\Microsoft Office\OFFICE11\ONENOTEM.EXE O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O17 - HKLM\System\CCS\Services\Tcpip\..\{3F265441-3585-4FBB-B215-169A7292EFE5}: NameServer = 200.204.0.10 200.204.0.138 O17 - HKLM\System\CCS\Services\Tcpip\..\{8FFBE5A4-B071-4FA9-99F9-35D8A3D1DE8C}: NameServer = 192.168.10.1 O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: Adobe LM Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing) O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Arquivos de programas\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Serviço McAfee Framework (McAfeeFramework) - Network Associates, Inc. - C:\Arquivos de programas\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Arquivos de programas\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Arquivos de programas\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: SQL Server FullText Search (MSSQLSERVER) (msftesql) - Unknown owner - C:\Arquivos de programas\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe" -s:MSSQL.2 -f:MSSQLSERVER (file missing) O23 - Service: SQL Server (MSSQLSERVER) (MSSQLSERVER) - Unknown owner - C:\Arquivos de programas\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER (file missing) O23 - Service: SQL Server Analysis Services (MSSQLSERVER) (MSSQLServerOLAPService) - Unknown owner - C:\Arquivos de programas\Microsoft SQL Server\MSSQL.3\OLAP\bin\msmdsrv.exe" -s "C:\Arquivos de programas\Microsoft SQL Server\MSSQL.3\OLAP\Config (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Arquivos de programas\Sygate\SPF\smc.exe O23 - Service: SQL Server Agent (MSSQLSERVER) (SQLSERVERAGENT) - Unknown owner - C:\Arquivos de programas\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\SQLAGENT90.EXE" -i MSSQLSERVER (file missing) O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Arquivos de programas\VMware\VMware Workstation\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Arquivos de programas\Arquivos comuns\VMware\VMware Virtual Image Editing\vmount2.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe O23 - Service: Winconnection V4.2 (Winconnection4) - Unknown owner - C:\Arquivos de programas\Winco\Winconnection4\wconnect.exe "marcelo" - 07-05-10 21:10:40 Service Pack 2 ComboFix 07-04-25.4V - Running from: "C:\Documents and Settings\marcelo\Desktop\" ((((((((((((((((((((((((((((((( Files Created from 2007-04-10 to 2007-05-10 )))))))))))))))))))))))))))))))))) 2007-05-10 20:03 60,416 --a------ C:\WINDOWS\system32\drivers\axxrrscj.sys 2007-05-10 20:03 126,976 --a------ C:\zip.exe 2007-05-10 20:03 1,080 --a------ C:\otohmqao.bat 2007-05-08 21:12 60,416 --a------ C:\WINDOWS\system32\rbap350.dll 2007-05-08 21:12 39,936 --a------ C:\WINDOWS\system32\RBShell350.dll 2007-05-06 19:28 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-04-28 19:07 <DIR> d-------- C:\asp2php 2007-04-28 13:29 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy 2007-04-28 10:37 <DIR> d-------- C:\VundoFix Backups 2007-04-28 01:03 <DIR> d-------- C:\Arquivos de programas\Enigma Software Group 2007-04-28 00:41 <DIR> d-------- C:\avenger 2007-04-21 12:37 197,696 --a------ C:\WINDOWS\system32\Unidrv.dll 2007-04-21 12:37 118,128 --a------ C:\WINDOWS\system32\Iconlib.dll 2007-04-21 12:36 <DIR> d-------- C:\DOCUME~1\marcelo\DADOSD~1\Snappy Fax 2000 2007-04-21 12:36 <DIR> d-------- C:\Arquivos de programas\Snappy Fax 2000 Version 3 (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-05-06 18:51 -------- d-------- C:\Arquivos de programas\microsoft.net 2007-05-06 18:51 -------- d-------- C:\Arquivos de programas\microsoft visual studio .net 2003 2007-05-06 18:40 499140 --a------ C:\WINDOWS\system32\perfh016.dat 2007-05-06 18:40 108424 --a------ C:\WINDOWS\system32\perfc016.dat 2007-04-22 13:07 -------- d--h----- C:\Arquivos de programas\scpad 2007-04-01 14:05 -------- d-------- C:\DOCUME~1\marcelo\DADOSD~1\mysql 2007-04-01 14:01 -------- d-------- C:\Arquivos de programas\mysql 2007-03-25 22:16 1744 --a------ C:\WINDOWS\system32\d3d9caps.dat 2007-03-25 22:14 1632 --a------ C:\WINDOWS\system32\d3d8caps.dat 2007-03-25 16:19 -------- d-------- C:\Arquivos de programas\rapidharvest 2007-03-18 11:04 -------- d-------- C:\Arquivos de programas\foxit software 2007-03-15 12:23 497496 --a------ C:\WINDOWS\system32\xceedzip.dll 2007-03-15 12:19 526184 --a------ C:\WINDOWS\system32\xceedcry.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll {2E3C3651-B19C-4DD9-A979-901EC3E930AF} C:\WINDOWS\system32\scpsssh2.dll {53707962-6F74-2D53-2644-206D7942484F} C:\ARQUIV~1\SPYBOT~1\SDHelper.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll {CC59E0F9-7E43-44FA-9FAA-8377850BF205} C:\Arquivos de programas\Free Download Manager\iefdmcks.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "SmcService"="C:\\ARQUIV~1\\Sygate\\SPF\\smc.exe -startgui" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "nwiz"="nwiz.exe /install" "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit" "ShStatEXE"="\"C:\\Arquivos de programas\\Network Associates\\VirusScan\\SHSTAT.EXE\" /STANDALONE" "McAfeeUpdaterUI"="\"C:\\Arquivos de programas\\Network Associates\\Common Framework\\UpdaterUI.exe\" /StartedFromRunKey" "Network Associates Error Reporting Service"="\"C:\\Arquivos de programas\\Arquivos comuns\\Network Associates\\TalkBack\\TBMon.exe\"" "Lexmark 3100 Series"="\"C:\\Arquivos de programas\\Lexmark 3100 Series\\lxbrbmgr.exe\"" "NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "FinePrint Dispatcher v5"="\"C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\fpdisp5a.exe\" /source=HKLM" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "Free Download Manager"="C:\\Arquivos de programas\\Free Download Manager\\fdm.exe -autorun" "MSMSGS"="\"C:\\Arquivos de programas\\Messenger\\msmsgs.exe\" /background" "updateMgr"="\"C:\\Arquivos de programas\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_7 -reboot 1" "P2kAutostart"="" "eMuleAutoStart"="C:\\Arquivos de programas\\eMule\\emule.exe -AutoStart" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "bestreak"="{874443fe-aa33-4ebf-a6ac-73208787e62d}" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ad8e39a0-7255-11db-91e2-0002e30fcc27}] Shell\AutoRun\command G:\LaunchU3.exe -a ******************************************************************** catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-10 21:18:42 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... HKCU\Software\Microsoft\Windows\CurrentVersion\Run P2kAutostart = ??? scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 07-05-10 21:20:30 C:\ComboFix-quarantined-files.txt ... 07-05-10 21:20 C:\ComboFix2.txt ... 07-05-06 19:28 Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\srdgymor ******************* Script file located at: \??\C:\Documents and Settings\wrxrgafq.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\WINDOWS\system32\sxypsnvj.dll deleted successfully. File C:\WINDOWS\system32\cbaxw.dll deleted successfully. File C:\WINDOWS\system32\cbaaw.dll deleted successfully. File C:\WINDOWS\tasks\ABD5686691AF1E3A.job not found! Deletion of file C:\WINDOWS\tasks\ABD5686691AF1E3A.job failed! Could not process line: C:\WINDOWS\tasks\ABD5686691AF1E3A.job Status: 0xc0000034 Folder C:\DOCUME~1\marcelo\DADOSD~1\DvdHole not found! Deletion of folder C:\DOCUME~1\marcelo\DADOSD~1\DvdHole failed! Could not process line: C:\DOCUME~1\marcelo\DADOSD~1\DvdHole Status: 0xc0000034 Completed script processing. ******************* Finished! Terminate. VundoFix V6.3.20 Checking Java version... Sun Java not detected Scan started at 10:37:53 28/4/2007 Listing files found while scanning.... C:\WINDOWS\system32\iifecda.dll C:\WINDOWS\system32\tuvuu.dll C:\WINDOWS\system32\uuvut.bak1 C:\WINDOWS\system32\uuvut.ini Beginning removal... Attempting to delete C:\WINDOWS\system32\iifecda.dll C:\WINDOWS\system32\iifecda.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\tuvuu.dll C:\WINDOWS\system32\tuvuu.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\uuvut.bak1 C:\WINDOWS\system32\uuvut.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\uuvut.ini C:\WINDOWS\system32\uuvut.ini Has been deleted! Performing Repairs to the registry. Done! VundoFix V6.3.20 Checking Java version... Sun Java not detected Scan started at 11:34:16 28/4/2007 Listing files found while scanning.... No infected files were found. VundoFix V6.3.21 Checking Java version... Sun Java not detected Scan started at 20:59:25 10/5/2007 Listing files found while scanning.... No infected files were found.
  3. eng02

    Remover Vundo...log

    Segue os logs : Logfile of HijackThis v1.99.1 Scan saved at 19:39:59, on 6/5/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Arquivos de programas\IVT Corporation\BlueSoleil\BTNtService.exe C:\Arquivos de programas\Network Associates\Common Framework\FrameworkService.exe C:\Arquivos de programas\Network Associates\VirusScan\Mcshield.exe C:\ARQUIV~1\NETWOR~1\COMMON~1\naPrdMgr.exe C:\Arquivos de programas\Network Associates\VirusScan\VsTskMgr.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Network Associates\VirusScan\SHSTAT.EXE C:\Arquivos de programas\Network Associates\Common Framework\UpdaterUI.exe C:\Arquivos de programas\Arquivos comuns\Network Associates\TalkBack\TBMon.exe C:\Arquivos de programas\Lexmark 3100 Series\lxbrbmgr.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe C:\Arquivos de programas\Lexmark 3100 Series\lxbrbmon.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Lexmark 3100 Series\lxbrcmon.exe C:\Arquivos de programas\Free Download Manager\fdm.exe C:\Arquivos de programas\Messenger\msmsgs.exe c:\arquiv~1\intern~1\iexplore.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\Documents and Settings\marcelo\Desktop\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\WINDOWS\system32\scpsssh2.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdmcks.dll O4 - HKLM\..\Run: [smcService] C:\ARQUIV~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [shStatEXE] "C:\Arquivos de programas\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Arquivos de programas\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Arquivos de programas\Arquivos comuns\Network Associates\TalkBack\TBMon.exe" O4 - HKLM\..\Run: [Lexmark 3100 Series] "C:\Arquivos de programas\Lexmark 3100 Series\lxbrbmgr.exe" O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM O4 - HKLM\..\Run: [infoData] rundll32.exe "C:\WINDOWS\system32\sxypsnvj.dll",realset O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Free Download Manager] C:\Arquivos de programas\Free Download Manager\fdm.exe -autorun O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [updateMgr] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1 O4 - HKCU\..\Run: [META BONE] C:\DOCUME~1\marcelo\DADOSD~1\DvdHole\Tons Gpl Tray.exe O4 - HKCU\..\Run: [eMuleAutoStart] C:\Arquivos de programas\eMule\emule.exe -AutoStart O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Arquivos de programas\Microsoft Office\OFFICE11\ONENOTEM.EXE O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O17 - HKLM\System\CCS\Services\Tcpip\..\{8FFBE5A4-B071-4FA9-99F9-35D8A3D1DE8C}: NameServer = 192.168.10.1 O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing) O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - (no file) O23 - Service: Adobe LM Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing) O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Arquivos de programas\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Serviço McAfee Framework (McAfeeFramework) - Network Associates, Inc. - C:\Arquivos de programas\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Arquivos de programas\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Arquivos de programas\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: SQL Server FullText Search (MSSQLSERVER) (msftesql) - Unknown owner - C:\Arquivos de programas\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe" -s:MSSQL.2 -f:MSSQLSERVER (file missing) O23 - Service: SQL Server (MSSQLSERVER) (MSSQLSERVER) - Unknown owner - C:\Arquivos de programas\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER (file missing) O23 - Service: SQL Server Analysis Services (MSSQLSERVER) (MSSQLServerOLAPService) - Unknown owner - C:\Arquivos de programas\Microsoft SQL Server\MSSQL.3\OLAP\bin\msmdsrv.exe" -s "C:\Arquivos de programas\Microsoft SQL Server\MSSQL.3\OLAP\Config (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Arquivos de programas\Sygate\SPF\smc.exe O23 - Service: SQL Server Agent (MSSQLSERVER) (SQLSERVERAGENT) - Unknown owner - C:\Arquivos de programas\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\SQLAGENT90.EXE" -i MSSQLSERVER (file missing) O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Arquivos de programas\VMware\VMware Workstation\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Arquivos de programas\Arquivos comuns\VMware\VMware Virtual Image Editing\vmount2.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe O23 - Service: Winconnection V4.2 (Winconnection4) - Unknown owner - C:\Arquivos de programas\Winco\Winconnection4\wconnect.exe "marcelo" - 07-05-06 19:01:01 Service Pack 2 ComboFix 07-04-25.4V - Running from: "C:\Documents and Settings\marcelo\Desktop\" (((((((((((((((((((((((((((((((((((((((((((((((((( V Log ))))))))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\isbpxnmk.dll * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\NDNuninstall7_48.exe C:\Arquivos de programas\newdotnet\newdotnet7_48.dll C:\Arquivos de programas\newdotnet ((((((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\nm -------\LEGACY_NM ((((((((((((((((((((((((((((((( Files Created from 2007-04-06 to 2007-05-06 )))))))))))))))))))))))))))))))))) 2007-04-28 19:07 <DIR> d-------- C:\asp2php 2007-04-28 13:29 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy 2007-04-28 10:37 <DIR> d-------- C:\VundoFix Backups 2007-04-28 01:03 <DIR> d-------- C:\Arquivos de programas\Enigma Software Group 2007-04-28 00:47 132,660 --a------ C:\WINDOWS\system32\sxypsnvj.dll 2007-04-28 00:41 <DIR> d-------- C:\avenger 2007-04-22 16:15 271,227 --a------ C:\WINDOWS\system32\cbaxw.dll 2007-04-22 15:15 268,323 --a------ C:\WINDOWS\system32\cbaaw.dll 2007-04-21 12:37 197,696 --a------ C:\WINDOWS\system32\Unidrv.dll 2007-04-21 12:37 118,128 --a------ C:\WINDOWS\system32\Iconlib.dll 2007-04-21 12:36 <DIR> d-------- C:\DOCUME~1\marcelo\DADOSD~1\Snappy Fax 2000 2007-04-21 12:36 <DIR> d-------- C:\Arquivos de programas\Snappy Fax 2000 Version 3 2007-04-07 14:18 278,528 --------- C:\WINDOWS\system32\fpmon5.dll 2007-04-07 14:18 163,840 --------- C:\WINDOWS\system32\fpres532.dll (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-05-06 19:24 -------- d-------- C:\Arquivos de programas\emule 2007-05-06 18:59 -------- d-------- C:\DOCUME~1\marcelo\DADOSD~1\free download manager 2007-05-06 18:51 -------- d-------- C:\Arquivos de programas\microsoft.net 2007-05-06 18:51 -------- d-------- C:\Arquivos de programas\microsoft visual studio .net 2003 2007-05-06 18:40 499140 --a------ C:\WINDOWS\system32\perfh016.dat 2007-05-06 18:40 108424 --a------ C:\WINDOWS\system32\perfc016.dat 2007-04-22 13:07 -------- d--h----- C:\Arquivos de programas\scpad 2007-04-01 14:05 -------- d-------- C:\DOCUME~1\marcelo\DADOSD~1\mysql 2007-04-01 14:01 -------- d-------- C:\Arquivos de programas\mysql 2007-03-25 22:16 1744 --a------ C:\WINDOWS\system32\d3d9caps.dat 2007-03-25 22:14 1632 --a------ C:\WINDOWS\system32\d3d8caps.dat 2007-03-25 16:19 -------- d-------- C:\Arquivos de programas\rapidharvest 2007-03-18 11:04 -------- d-------- C:\Arquivos de programas\foxit software 2007-03-15 12:23 497496 --a------ C:\WINDOWS\system32\xceedzip.dll 2007-03-15 12:19 526184 --a------ C:\WINDOWS\system32\xceedcry.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll {2E3C3651-B19C-4DD9-A979-901EC3E930AF} C:\WINDOWS\system32\scpsssh2.dll {53707962-6F74-2D53-2644-206D7942484F} C:\ARQUIV~1\SPYBOT~1\SDHelper.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll {CC59E0F9-7E43-44FA-9FAA-8377850BF205} C:\Arquivos de programas\Free Download Manager\iefdmcks.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "SmcService"="C:\\ARQUIV~1\\Sygate\\SPF\\smc.exe -startgui" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "nwiz"="nwiz.exe /install" "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit" "ShStatEXE"="\"C:\\Arquivos de programas\\Network Associates\\VirusScan\\SHSTAT.EXE\" /STANDALONE" "McAfeeUpdaterUI"="\"C:\\Arquivos de programas\\Network Associates\\Common Framework\\UpdaterUI.exe\" /StartedFromRunKey" "Network Associates Error Reporting Service"="\"C:\\Arquivos de programas\\Arquivos comuns\\Network Associates\\TalkBack\\TBMon.exe\"" "Lexmark 3100 Series"="\"C:\\Arquivos de programas\\Lexmark 3100 Series\\lxbrbmgr.exe\"" "NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "FinePrint Dispatcher v5"="\"C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\fpdisp5a.exe\" /source=HKLM" "InfoData"="rundll32.exe \"C:\\WINDOWS\\system32\\sxypsnvj.dll\",realset" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "Free Download Manager"="C:\\Arquivos de programas\\Free Download Manager\\fdm.exe -autorun" "MSMSGS"="\"C:\\Arquivos de programas\\Messenger\\msmsgs.exe\" /background" "updateMgr"="\"C:\\Arquivos de programas\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_7 -reboot 1" "P2kAutostart"="" "META BONE"="C:\\DOCUME~1\\marcelo\\DADOSD~1\\DvdHole\\Tons Gpl Tray.exe" "eMuleAutoStart"="C:\\Arquivos de programas\\eMule\\emule.exe -AutoStart" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "bestreak"="{874443fe-aa33-4ebf-a6ac-73208787e62d}" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "bestreak"="{874443fe-aa33-4ebf-a6ac-73208787e62d}" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ad8e39a0-7255-11db-91e2-0002e30fcc27}] Shell\AutoRun\command G:\LaunchU3.exe -a Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\ABD5686691AF1E3A.job ******************************************************************** catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-06 19:25:23 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... HKCU\Software\Microsoft\Windows\CurrentVersion\Run P2kAutostart = ??? scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 07-05-06 19:28:27 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 07-05-06 19:28
  4. Fala Galera , Não estou conseguindo remover o vundo. Já passei o FixVundo da norton ..ele encontra termina o processo iexplore porém quando reinicio o pc ocorre o mesmo problema. Já rodei o VundoFix ele removeu e depois de reiniciar passei ele novamente e não encontrou mais nada. Segue abaixo os logs do Hijack e do show-vundo.vbs Alguém ?? Logfile of HijackThis v1.99.1 Scan saved at 12:49:47, on 28/4/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Sygate\SPF\smc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Arquivos de programas\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\system32\cisvc.exe C:\Arquivos de programas\Network Associates\Common Framework\FrameworkService.exe C:\Arquivos de programas\Network Associates\VirusScan\Mcshield.exe C:\Arquivos de programas\Network Associates\VirusScan\VsTskMgr.exe C:\ARQUIV~1\NETWOR~1\COMMON~1\naPrdMgr.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Network Associates\VirusScan\SHSTAT.EXE C:\Arquivos de programas\Network Associates\Common Framework\UpdaterUI.exe C:\Arquivos de programas\Arquivos comuns\Network Associates\TalkBack\TBMon.exe C:\Arquivos de programas\Lexmark 3100 Series\lxbrbmgr.exe C:\Arquivos de programas\Java\jre1.5.0_11\bin\jusched.exe C:\Arquivos de programas\Lexmark 3100 Series\lxbrbmon.exe C:\Arquivos de programas\Lexmark 3100 Series\lxbrcmon.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Free Download Manager\fdm.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Messenger\msmsgs.exe c:\arquiv~1\intern~1\iexplore.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\Arquivos de programas\MSN Messenger\msnmsgr.exe C:\Documents and Settings\marcelo\Desktop\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\WINDOWS\system32\scpsssh2.dll O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Arquivos de programas\NewDotNet\newdotnet7_48.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdmcks.dll O4 - HKLM\..\Run: [smcService] C:\ARQUIV~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [shStatEXE] "C:\Arquivos de programas\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Arquivos de programas\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Arquivos de programas\Arquivos comuns\Network Associates\TalkBack\TBMon.exe" O4 - HKLM\..\Run: [Lexmark 3100 Series] "C:\Arquivos de programas\Lexmark 3100 Series\lxbrbmgr.exe" O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\ARQUIV~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s O4 - HKLM\..\Run: [infoData] rundll32.exe "C:\WINDOWS\system32\sxypsnvj.dll",realset O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Free Download Manager] C:\Arquivos de programas\Free Download Manager\fdm.exe -autorun O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [updateMgr] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1 O4 - HKCU\..\Run: [META BONE] C:\DOCUME~1\marcelo\DADOSD~1\DvdHole\Tons Gpl Tray.exe O4 - HKCU\..\Run: [eMuleAutoStart] C:\Arquivos de programas\eMule\emule.exe -AutoStart O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Arquivos de programas\Microsoft Office\OFFICE11\ONENOTEM.EXE O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O17 - HKLM\System\CCS\Services\Tcpip\..\{8FFBE5A4-B071-4FA9-99F9-35D8A3D1DE8C}: NameServer = 192.168.10.1 O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing) O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - (no file) O23 - Service: Adobe LM Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Arquivos de programas\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Serviço McAfee Framework (McAfeeFramework) - Network Associates, Inc. - C:\Arquivos de programas\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Arquivos de programas\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Arquivos de programas\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: SQL Server FullText Search (MSSQLSERVER) (msftesql) - Unknown owner - C:\Arquivos de programas\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe" -s:MSSQL.2 -f:MSSQLSERVER (file missing) O23 - Service: SQL Server (MSSQLSERVER) (MSSQLSERVER) - Unknown owner - C:\Arquivos de programas\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER (file missing) O23 - Service: SQL Server Analysis Services (MSSQLSERVER) (MSSQLServerOLAPService) - Unknown owner - C:\Arquivos de programas\Microsoft SQL Server\MSSQL.3\OLAP\bin\msmdsrv.exe" -s "C:\Arquivos de programas\Microsoft SQL Server\MSSQL.3\OLAP\Config (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Arquivos de programas\Sygate\SPF\smc.exe O23 - Service: SQL Server Agent (MSSQLSERVER) (SQLSERVERAGENT) - Unknown owner - C:\Arquivos de programas\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\SQLAGENT90.EXE" -i MSSQLSERVER (file missing) O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Arquivos de programas\VMware\VMware Workstation\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Arquivos de programas\Arquivos comuns\VMware\VMware Virtual Image Editing\vmount2.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe O23 - Service: Winconnection V4.2 (Winconnection4) - Unknown owner - C:\Arquivos de programas\Winco\Winconnection4\wconnect.exe ================================================= Relatório | BHOs, Winlogon Notify e AppInit_DLLs ================================================= AppInit_DLLs ------------------------------------------------- [Vazia] ------------------------------------------------- Browser Helper Objects ------------------------------------------------- [HKLM\SOFTWARE\Classes\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\] Adobe PDF Reader Link Helper | [indefinido] C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [HKLM\SOFTWARE\Classes\CLSID\{2E3C3651-B19C-4DD9-A979-901EC3E930AF}\] ssh2 Class | CompSegIB C:\WINDOWS\system32\scpsssh2.dll [HKLM\SOFTWARE\Classes\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}\] URLLink | [indefinido] C:\Arquivos de programas\NewDotNet\newdotnet7_48.dll [HKLM\SOFTWARE\Classes\CLSID\{53707962-6F74-2D53-2644-206D7942484F}\] [indefinido] | [indefinido] C:\ARQUIV~1\SPYBOT~1\SDHelper.dll [HKLM\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\] SSVHelper Class | [indefinido] C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll [HKLM\SOFTWARE\Classes\CLSID\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}\] FDMIECookiesBHO Class | [indefinido] C:\Arquivos de programas\Free Download Manager\iefdmcks.dll ------------------------------------------------- Winlogon Notify ------------------------------------------------- [Padrão] crypt32chain : crypt32.dll [Padrão] cryptnet : cryptnet.dll [Padrão] cscdll : cscdll.dll [Padrão] ScCertProp : wlnotify.dll [Padrão] Schedule : wlnotify.dll [Padrão] sclgntfy : sclgntfy.dll [Padrão] SensLogn : WlNotify.dll [Padrão] termsrv : wlnotify.dll [Padrão] wlballoon : wlnotify.dll Esta NÃO É uma lista de arquivos maliciosos!
  5. Fala Galera..beleza? Seguinte..preciso de um ótimo anti-virus free ( sei que não é o melhor dos casos, mas o cliente não quer pagar por uma solução dessas) para rodar em servidores Windows 2000 server. Tem alguma ideia ? O Novo AVG 7.5 não roda em servers.. valeu!! MCM
  6. Fala Galera..., Seguinte...uma pasta com vários arquivos .pst do outlook foi excluida da rede via shift+del dentro de um servidor windows 2000 server. Já passei o easyrecovery e ele não achou os arquivos....existe algo mais a fazer? Obrigado
  7. Fala Galera, beleza? Seguinte...estou com os seguintes problemas: Em nossa empresa possuimos na rede um servidor de domínio windows 2000 e clientes com windows XP professional e Windows 2000 professional. Problema 1: 2 máquina com windows XP estão no domínio configuradas com ipfixo mas sem dns/wins devido a bloquear a utilização de alguns sites( configuramos manualmente o arquivo hosts local) Acontece que essas máquinas depois de algum tempo estão perdendo a conexão com o servidor e ao tentar abrir uma pasta é solicitado o usuário e senha, colocamos o domínio + o usuário e senha e aparece a seguinte mensagem : "Falha no logon : O nome de usuário digitado é o mesmo usado para fazer logon. Esse nome de usuário já foi experimentado. Não é possível encontrar em controlador de domínio para verificar esse nome de usuário." Já recoloquei a máquina no domínio, excluí o nome de computador no AD, porém o problema sempre acontece depois de algum tempo... Será realmente que falta DNS/Wins ?? em máquinas windows 2000 pro isso não ocorre mesmo sem dns/wins.. Problema 2: Nessas mesmas máquina windows xp, ao logar aparece a mensagem : " Carregando as configurações pessoais " e demora muito para abrir ....Logando localmente ou em máquinas com win 2000 isso não ocorre. Já tentei excluir os profiles porém os problemas continuam , será realmente problema de dns também ??? Alguém já passou por isso ??? Obrigado. MCM
  8. Respondendo a 2 pergunta : Você pode rotear o modem e ligar num hub ou comprar um roteador e ligar o modem + pcs nele.
  9. Bom .vamos lá!! Não tenho o m230 mas acho que dá pra usar como pendrive ...apenas é necessário colocar na pasta certa(pastas contidas quando você liga o mp3 no pc) Você consegue escolher por album artistas e até criar uma playlist. falou!
  10. eng02

    Sansa M240

    Fala galera beleza, :palmas: Seguinte ..comprei um mp3 player da sandisk sansa m240 e estou com algumas dúvidas: - Ao espetar ele no micro (windows XP SP2) ele aparece como dispositivos de mídia e ao lado do relógio não aparece o ícone para remover hardware com segurança ( contrário de quando eu coloco um pendrive)..portanto estou retirando direto da USB ...está correto meu procedimento ?? - Estou colocando a pasta de um artista com as músicas dentra da pasta mídia dele ...porém no mp3 aparece como artista, playlist desconhecido, tem algum macete para alterar isto ?? Alguém tem alguma dica ou algo a dizer importante sobre ele ?? :palmas: Obrigado. Marcelo.
  11. eng02

    Dúvidas - Dual Channel

    Amigo, Minha placa mãe é uma intel só procurei e tem suporte a dual-channel No 1º item você quis dizer que se eu comprar uma memória 256 pc 3200 vai funcionar em dual channel??? E no último ítem ..."porque você dobra o acesso de 64bits pra 128bits" ocorre essa duplicação somente quando você tem memórias em dual channel ou caso tenha 2 pentes de memórias instalados???
  12. Fala Galera beleza, Então ..andei olhando vários artigos sobre memórias Dual Channel e surgiram algumas dúvidas..se alguém puder esclarecer eu agradeço. O micro é do trabalho não uso para jogos apenas internet,vmware,aplicativos,... - tenho um pentium 4 com fsb 533Mhz e 1 pente de 256MB PC266, vale mais a pena comprar + 256MB PC 266 para trabalhar em dual channel ou é melhor comprar + 512MB ??? - Minha placa mãe trabalha no máximo a pc2100, se colocar 2 pentes identicos de maior frequência como por ex PC3200 ela irá trabalhar em dual channel ?? e se colocar uma pc 2700 e outra pc 3200 ainda trabalhará em dual ??? -Quando coloco em dual channel a quantidade de bits pula de 64 para 128...mas somente em dual channel ??? se colocar 2 memórias de tamanhos ou frequências diferentes ele não trabalhará em 128 bits ?? Bom enquanto é isso , Obrigado Marcelo
  13. Tenta resetar a bios da placa mãe e reconfigurar.. Aproveita e dá uma olhada nas temperaturas se estão ok.. Abraçoss
  14. Reconfigura os roteadores : wireless ou modem adsl para usarem como DHCP a mesma range de ips, dns e gateway, assim você pode configurar a sua placa de rede com um endereço de ip fixo e funcionar nas 2 redes sem alteração.... Abraçosss
  15. Fala galera...consegui fazer funcionar a bagaça...rsrs porém só consegui quando entrei no firewall dentro do yast e habilitei o mascareamento (não sei se é assim que se escreve ). quando dou esses comandos abaixo, eles ficam gravados em algum arquivo ?? Qual? iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE echo 1 > /proc/sys/net/ipv4/ip_forward iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128

Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×
×
  • Criar novo...

GRÁTIS: minicurso “Como ganhar dinheiro montando computadores”

Gabriel TorresGabriel Torres, fundador e editor executivo do Clube do Hardware, acaba de lançar um minicurso totalmente gratuito: "Como ganhar dinheiro montando computadores".

Você aprenderá sobre o quanto pode ganhar, como cobrar, como lidar com a concorrência, como se tornar um profissional altamente qualificado e muito mais!

Inscreva-se agora!