Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Entre para seguir isso  
WanSan

Virtumonde-Nao consigo remover!

Recommended Posts

Ola,

Gostaria que verificassem o meu problema.

Passei o Spybot no meu computador e ele detectou um tal de Virtumonde(dll e prx), deletei-o varias vezes e sempre volta.

Fiz um logfile do hijackthis e gostaria que dessem uma olhada.

Agradeco desde ja.

Logfile of HijackThis v1.99.1

Scan saved at 7:19:55 PM, on 10/4/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\ATK0100\HControl.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Wireless Console 2\wcourier.exe

C:\Program Files\ASUS\Splendid\ACMON.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe

C:\WINDOWS\ASScrPro.exe

C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe

C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

C:\Program Files\Softwin\BitDefender8\bdmcon.exe

C:\Program Files\Softwin\BitDefender8\bdnagent.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\ACEngSvr.exe

C:\Program Files\D-Tools\daemon.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\WINDOWS\ATK0100\ATKOSD.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\acovcnt.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\rundll32.exe

C:\Documents and Settings\W5F\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twext.exe,

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [HControl] "C:\WINDOWS\ATK0100\HControl.exe"

O4 - HKLM\..\Run: [igfxtray] "C:\WINDOWS\system32\igfxtray.exe"

O4 - HKLM\..\Run: [igfxhkcmd] "C:\WINDOWS\system32\hkcmd.exe"

O4 - HKLM\..\Run: [igfxpers] "C:\WINDOWS\system32\igfxpers.exe"

O4 - HKLM\..\Run: [RTHDCPL] "C:\WINDOWS\RTHDCPL.EXE"

O4 - HKLM\..\Run: [Alcmtr] "C:\WINDOWS\ALCMTR.EXE"

O4 - HKLM\..\Run: [Wireless Console 2] "C:\Program Files\Wireless Console 2\wcourier.exe"

O4 - HKLM\..\Run: [ACMON] "C:\Program Files\ASUS\Splendid\ACMON.exe"

O4 - HKLM\..\Run: [synTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"

O4 - HKLM\..\Run: [ABLKSR] "C:\windows\ABLKSR\ABLKSR.exe"

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"

O4 - HKLM\..\Run: [Power_Gear] "C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" 1

O4 - HKLM\..\Run: [ASUS Screen Saver Protector] "C:\WINDOWS\ASScrPro.exe"

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] "C:\WINDOWS\system32\NeroCheck.exe"

O4 - HKLM\..\Run: [bDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"

O4 - HKLM\..\Run: [bDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [bMcf935917] Rundll32.exe "C:\WINDOWS\system32\sknbijlr.dll",s

O4 - HKLM\..\Run: [cca06a8b] rundll32.exe "C:\WINDOWS\system32\mopabgni.dll",b

O4 - HKLM\..\RunOnce: [spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck

O4 - HKLM\..\RunOnce: [spybotDeletingA3123] command /c del "C:\WINDOWS\system32\ilpnkwca.dll_old"

O4 - HKLM\..\RunOnce: [spybotDeletingC6021] cmd /c del "C:\WINDOWS\system32\ilpnkwca.dll_old"

O4 - HKCU\..\Run: [foxy] "C:\Program Files\Foxy\Foxy.exe" -tray

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

O4 - HKCU\..\Run: [updateMgr] "c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\RunOnce: [spybotDeletingB4917] command /c del "C:\WINDOWS\system32\ilpnkwca.dll_old"

O4 - HKCU\..\RunOnce: [spybotDeletingD8361] cmd /c del "C:\WINDOWS\system32\ilpnkwca.dll_old"

O4 - Global Startup: Bluetooth Manager.lnk = ?

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Foxy ?? - res://C:\Program Files\Foxy\Foxy.exe/download.htm

O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/229?b1775b8a470944efb904b81d0df48b46

O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/230?b1775b8a470944efb904b81d0df48b46

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - AppInit_DLLs: ovslar.dll sugwsj.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: ICF - Unknown owner - C:\WINDOWS\system32\icf.exe.exe:ext.exe (file missing)

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • Logfile of HijackThis v1.99.1

    Scan saved at 2:20:02 PM, on 10/10/2008

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\WINDOWS\system32\csrss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\Explorer.EXE

    C:\Program Files\GbPlugin\GbpSv.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    C:\Program Files\Bonjour\mDNSResponder.exe

    C:\Program Files\Common Files\LightScribe\LSSrvc.exe

    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

    C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe

    C:\WINDOWS\System32\alg.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\ATK0100\HControl.exe

    C:\WINDOWS\system32\igfxtray.exe

    C:\WINDOWS\system32\hkcmd.exe

    C:\WINDOWS\system32\igfxpers.exe

    C:\WINDOWS\RTHDCPL.EXE

    C:\Program Files\Wireless Console 2\wcourier.exe

    C:\Program Files\ASUS\Splendid\ACMON.exe

    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

    C:\WINDOWS\system32\ACEngSvr.exe

    C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe

    C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe

    C:\WINDOWS\ASScrPro.exe

    C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe

    C:\Program Files\Softwin\BitDefender8\bdmcon.exe

    C:\Program Files\Softwin\BitDefender8\bdnagent.exe

    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

    C:\WINDOWS\system32\wbem\wmiprvse.exe

    C:\Program Files\D-Tools\daemon.exe

    C:\Program Files\iTunes\iTunesHelper.exe

    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    C:\WINDOWS\ATK0100\ATKOSD.exe

    C:\Program Files\iPod\bin\iPodService.exe

    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

    C:\WINDOWS\system32\acovcnt.exe

    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe

    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe

    C:\Documents and Settings\W5F\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twext.exe,

    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

    O4 - HKLM\..\Run: [HControl] "C:\WINDOWS\ATK0100\HControl.exe"

    O4 - HKLM\..\Run: [igfxtray] "C:\WINDOWS\system32\igfxtray.exe"

    O4 - HKLM\..\Run: [igfxhkcmd] "C:\WINDOWS\system32\hkcmd.exe"

    O4 - HKLM\..\Run: [igfxpers] "C:\WINDOWS\system32\igfxpers.exe"

    O4 - HKLM\..\Run: [RTHDCPL] "C:\WINDOWS\RTHDCPL.EXE"

    O4 - HKLM\..\Run: [Alcmtr] "C:\WINDOWS\ALCMTR.EXE"

    O4 - HKLM\..\Run: [Wireless Console 2] "C:\Program Files\Wireless Console 2\wcourier.exe"

    O4 - HKLM\..\Run: [ACMON] "C:\Program Files\ASUS\Splendid\ACMON.exe"

    O4 - HKLM\..\Run: [synTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"

    O4 - HKLM\..\Run: [ABLKSR] "C:\windows\ABLKSR\ABLKSR.exe"

    O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

    O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

    O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"

    O4 - HKLM\..\Run: [Power_Gear] "C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" 1

    O4 - HKLM\..\Run: [ASUS Screen Saver Protector] "C:\WINDOWS\ASScrPro.exe"

    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"

    O4 - HKLM\..\Run: [NeroFilterCheck] "C:\WINDOWS\system32\NeroCheck.exe"

    O4 - HKLM\..\Run: [bDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"

    O4 - HKLM\..\Run: [bDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"

    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033

    O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe"

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

    O4 - HKLM\..\Run: [bMcf935917] Rundll32.exe "C:\WINDOWS\system32\sknbijlr.dll",s

    O4 - HKCU\..\Run: [foxy] "C:\Program Files\Foxy\Foxy.exe" -tray

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [bitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

    O4 - HKCU\..\Run: [updateMgr] "c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0

    O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    O4 - HKCU\..\RunOnce: [spybotDeletingB4917] command /c del "C:\WINDOWS\system32\ilpnkwca.dll_old"

    O4 - Global Startup: Bluetooth Manager.lnk = ?

    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

    O8 - Extra context menu item: Foxy ?? - res://C:\Program Files\Foxy\Foxy.exe/download.htm

    O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/229?b1775b8a470944efb904b81d0df48b46

    O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/230?b1775b8a470944efb904b81d0df48b46

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

    O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

    O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll

    O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com

    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

    O20 - AppInit_DLLs: ovslar.dll sugwsj.dll cdqzdp.dll

    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)

    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

    O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

    O23 - Service: ICF - Unknown owner - C:\WINDOWS\system32\icf.exe.exe:ext.exe (file missing)

    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

    O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

    O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

    O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caro WanSan

    Bem vindo à Remoção de Malware

    Recomendo que salve este tópico em seus Favoritos para facilitar na hora de encontrá-la novamente.

    Atente para o seguinte, por favor:

    1) Estarei acompanhado os procedimentos de análise de seu log, retornarei tão logo que seja possível!;

    2) Não tome nenhum procedimento até começarmos;

    3) O que será passado aqui somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;

    4) Caso tenha outro computador abra um novo tópico com seu respectivo log;

    5) Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;

    6) Sempre coloque suas respostas neste tópico... Não abra outro!

    Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar sob risco de desconfigurar seu computador!

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caro WanSan

    Siga as instruções contidas no link abaixo e instale e execute o Combofix:

    http://www.bleepingcomputer.com/combofix/pt/como-usar-o-combofix

    • É importante que instale a console de recuperação também.
    • Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt).
    • Cole o conteúdo desse arquivo e faça também um novo log do HijackThis para colocar na sua resposta.

    Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver rodando, isso pode fazer com que o pc pare.

    Nota: Por favor, NÃO utilize o ComboFix sozinho. É uma ferramenta poderosa criada pra lidar com infeções sofisticadas e caso não a utilize correctamente poderá danificar o seu computador. A ferramenta apenas deve ser utilizada sob supervisão de Assistentes de remoção de malware.

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Ola,

    Eu rodei o combofix, mas de alguma forma não apareceu o log...

    Eu estou mandando o log do hijackthis de novo.

    Aparentemente parece estar ok.

    Muito obrigada!:lol:

    Logfile of HijackThis v1.99.1

    Scan saved at 17:47, on 2008-10-13

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

    C:\Program Files\GbPlugin\GbpSv.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    C:\Program Files\Bonjour\mDNSResponder.exe

    C:\Program Files\Common Files\LightScribe\LSSrvc.exe

    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\ATK0100\HControl.exe

    C:\WINDOWS\system32\igfxtray.exe

    C:\WINDOWS\system32\hkcmd.exe

    C:\WINDOWS\system32\igfxpers.exe

    C:\WINDOWS\RTHDCPL.EXE

    C:\Program Files\Wireless Console 2\wcourier.exe

    C:\Program Files\ASUS\Splendid\ACMON.exe

    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

    C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe

    C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe

    C:\WINDOWS\ASScrPro.exe

    C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe

    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

    C:\WINDOWS\system32\ACEngSvr.exe

    C:\Program Files\D-Tools\daemon.exe

    C:\WINDOWS\ATK0100\ATKOSD.exe

    C:\Program Files\iTunes\iTunesHelper.exe

    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\WINDOWS\system32\acovcnt.exe

    C:\Program Files\iPod\bin\iPodService.exe

    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe

    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

    C:\WINDOWS\explorer.exe

    C:\Documents and Settings\W5F\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twext.exe,

    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

    O4 - HKLM\..\Run: [HControl] "C:\WINDOWS\ATK0100\HControl.exe"

    O4 - HKLM\..\Run: [igfxtray] "C:\WINDOWS\system32\igfxtray.exe"

    O4 - HKLM\..\Run: [igfxhkcmd] "C:\WINDOWS\system32\hkcmd.exe"

    O4 - HKLM\..\Run: [igfxpers] "C:\WINDOWS\system32\igfxpers.exe"

    O4 - HKLM\..\Run: [RTHDCPL] "C:\WINDOWS\RTHDCPL.EXE"

    O4 - HKLM\..\Run: [Alcmtr] "C:\WINDOWS\ALCMTR.EXE"

    O4 - HKLM\..\Run: [Wireless Console 2] "C:\Program Files\Wireless Console 2\wcourier.exe"

    O4 - HKLM\..\Run: [ACMON] "C:\Program Files\ASUS\Splendid\ACMON.exe"

    O4 - HKLM\..\Run: [synTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"

    O4 - HKLM\..\Run: [ABLKSR] "C:\windows\ABLKSR\ABLKSR.exe"

    O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

    O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

    O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"

    O4 - HKLM\..\Run: [Power_Gear] "C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" 1

    O4 - HKLM\..\Run: [ASUS Screen Saver Protector] "C:\WINDOWS\ASScrPro.exe"

    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"

    O4 - HKLM\..\Run: [NeroFilterCheck] "C:\WINDOWS\system32\NeroCheck.exe"

    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033

    O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe"

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

    O4 - HKLM\..\Run: [bMcf935917] Rundll32.exe "C:\WINDOWS\system32\sknbijlr.dll",s

    O4 - HKCU\..\Run: [foxy] "C:\Program Files\Foxy\Foxy.exe" -tray

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [bitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

    O4 - HKCU\..\Run: [updateMgr] "c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0

    O4 - Global Startup: Bluetooth Manager.lnk = ?

    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

    O8 - Extra context menu item: Foxy ?? - res://C:\Program Files\Foxy\Foxy.exe/download.htm

    O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/229?b1775b8a470944efb904b81d0df48b46

    O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/230?b1775b8a470944efb904b81d0df48b46

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

    O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

    O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll

    O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com

    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

    O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

    O23 - Service: ICF - Unknown owner - C:\WINDOWS\system32\icf.exe.exe:ext.exe (file missing)

    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

    O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

    O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Cara WanSan

    >>> Você tem certeza que o ComboFix completou o seu scan?

    >>> Por favor, siga as instruções abaixo e veja se encontre o log...

    Vá em,

    iniciar > meu computador > clique duas vezes na unidade C:\ e veja se o log ComboFix.txt está aí! Copie (ctrl + c) todo conteúdo e cole (ctrl + v) aqui!

    Fico aguardando!

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Olá ,

    Parecia estar tudo ok, mas infelizmente quando eu liguei novamente o meu computador outro dia ele simplesmente não entra no windows...

    Aparece a seguinte frase na tela:

    Windows could not start because the following file is missing or corrupt:

    <windows root>\system32\hal.dll.

    please re-install a copy of the above file.

    Espero sua resposta,

    Tchau

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Cara WanSan

    >>> Por favor, preciso saber se você conseguiu instalar o Console de Recuperação quando da execução do ComboFix!

    >>> Você tem o CD do Windows?

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Eu baixei conforme mostrava no link, de acordo com o tipo do meu windows....

    E fiz como mostrava lá, arrastei o incone do console de recuperação no incone do combofix...

    Cd do windows eu não tenho, mas eu tenho um cd de recuperação do meu computador (da ASUS).

    Tchau.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Cara WanSan

    Veja se tem acesso em Modo Seguro: ligue o computador e fique apertando a tecla F8, intermitentemente, veja se aparece um menu com essa opção!

    Aproveite e veja também se, ao reiniciar, aparece a opção Console de Recuperação!

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Olá,

    Eu usei o cd e ele tinha lá o console de recuperação, mas também ele deletou tudo que tinha no meu computador e restaurou o Windows... mas resolveu né?:)

    Obrigada pela ajuda!

    Tchau!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Cara WanSan

    Por favor, poderia explicar com mais detalhes o que você fez? Qual a situação do seu computador?

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Entre para seguir isso  





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×