Ir ao conteúdo
  • Cadastre-se
Entre para seguir isso  
Distonefis

por favor analisem meu log

Recommended Posts

O sistema nao reconhece meu msconfig diz nao encontrar e os cmd diz nao ser win32 valido, desde já obrigado

Logfile of HijackThis v1.99.1

Scan saved at 13:34:21, on 23/3/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\PSIService.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Tablet.exe

C:\WINDOWS\system32\UAService7.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\WTablet\TabUserW.exe

C:\WINDOWS\system32\Tablet.exe

C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\Arquivos de programas\DAEMON Tools\daemon.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

C:\WINDOWS\system32\VTTimer.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Mail\wlmail.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Slim\Desktop\HijackThis.exe

C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"

O1 - Hosts: "http://www.w3.org/TR/html4/loose.dtd">

O1 - Hosts: <html>

O1 - Hosts: <head>

O1 - Hosts: <script LANGUAGE="JavaScript">

O1 - Hosts: <!--

O1 - Hosts: if (window != top)

O1 - Hosts: top.location.href = location.href;

O1 - Hosts: // -->

O1 - Hosts: </script>

O1 - Hosts: <title>Site Unavailable</title>

O1 - Hosts: <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">

O1 - Hosts: <style type="text/css">

O1 - Hosts: body{text-align:center;}

O1 - Hosts: .geohead {font-family:Verdana, Arial, Helvetica, sans-serif; font-size:10px;width:750px;margin:10px 0 10px 0;height:35px;}

O1 - Hosts: .geohead #geologo {width:270px;display:block; float:left; }

O1 - Hosts: .geohead #rightside {width:480px;display:block; float:right;border-bottom:1px solid #999999; height:27px;}

O1 - Hosts: .geohead #rightside #welcome {width:50%;display:block; float:left; text-align:left;}

O1 - Hosts: .geohead #rightside #wlinks {width:50%;display:block; float:right; text-align:right;}

O1 - Hosts: .ftr { margin:0px; color:#404040; font:x-small Arial,sans-serif; text-align:center; width:750px;}

O1 - Hosts: .bodywrap{display:block;height:470px;}

O1 - Hosts: .bodycnt{width:510px; display:block; float:left; background-color:#EEE9F5; height:auto; text-align:left; font-family:Arial, Helvetica, sans-serif;font-size:13px; color:#000000; padding:20px 20px 35px 20px;}

O1 - Hosts: .title { font-family:Arial, Helvetica, sans-serif; font-weight:bold; font-size:24px; color:#7C56A9}

O1 - Hosts: .adcnt{width:172px; display:block; float:right; text-align:left;cursor:pointer;cursor:hand;}

O1 - Hosts: .adcnt td {text-align:left;}

O1 - Hosts: .adsubt{font-size:10px; font-family:verdana; font-weight:bold; color:#b4b4b4; cursor:default;margin-top:5px;}

O1 - Hosts: .ybadge { font-family: Verdana, Arial, Helvetica, sans-serif; font-size:10px; color: #666666; margin-top:10px;}

O1 - Hosts: .ybadge img {margin-top:6px;}

O1 - Hosts: .adtable {font-family:Verdana, Arial, Helvetica, sans-serif; font-size:10px;border: 1px solid #d6dbe7; background-color:#eff7ff; padding:3px; margin-bottom:10px; width:172px;}

O1 - Hosts: .adttl{font-weight:bold;margin-bottom:3px;}

O1 - Hosts: .addescr{color:#6b6b6b; margin-bottom:3px;}

O1 - Hosts: .adlink a {color:#008200; text-decoration:none;}

O1 - Hosts: </style>

O1 - Hosts: </head>

O1 - Hosts: <body>

O1 - Hosts: <!-- following code added by server. PLEASE REMOVE -->

O1 - Hosts: <!-- preceding code added by server. PLEASE REMOVE -->

O1 - Hosts: <div id="maincnt">

O1 - Hosts: <div class="geohead"><div id="geologo"><a href="http://geocities.yahoo.com"><img height=33 alt="Yahoo! GeoCities" src="http://us.i1.yimg.com/us.yimg.com/i/us/nt/ma/ma_geo_1.gif" width=259 border=0></a></div>

O1 - Hosts: <div id="rightside"><div id="wlinks"><a href="http://geocities.yahoo.com">GeoCities Home</a> - <a href="http://www.yahoo.com">Yahoo!</a> - <a href="http://help.yahoo.com/help/us/geo/">Help</a></div>

O1 - Hosts: </div></div>

O1 - Hosts: <div class="bodywrap">

O1 - Hosts: <div class="bodycnt">

O1 - Hosts: <div class="title">Sorry, this GeoCities site is currently unavailable.</div>

O1 - Hosts: <p>The GeoCities web site you were trying to view has temporarily exceeded its data transfer limit. Please try again later. </p>

O1 - Hosts: <p>Are you the site owner?

O1 - Hosts: Avoid service interruptions in the future by increasing your data transfer limit!

O1 - Hosts: <a href="http://help.yahoo.com/help/us/geo/transfer/transfer-05.html" target="_blank">Find out how.</a> </p>

O1 - Hosts: <p><a href="http://help.yahoo.com/help/us/geo/transfer/" target="_blank">Learn more about data transfer.</a></p>

O1 - Hosts: </div>

O1 - Hosts: <div class="adcnt">

O1 - Hosts: <a target="_top" href="http://geocities.yahoo.com"><img src="http://us.i1.yimg.com/us.yimg.com/i/us/smbiz/b/geo_mast_small2.gif" alt="Yahoo! GeoCities" border="0" height="15" hspace="0" vspace="0" width="141"></a>

O1 - Hosts: <div class="adsubt">SPONSORED LINKS</div>

O1 - Hosts: <!--<table width="172" border="0" bgcolor="#FFFFFF" class="adtable"><tr><td align=left>-->

O1 - Hosts: <div class="adtable">

O1 - Hosts: <div class="adttl" title="Reliable plans include domain & 24x7 support."><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=27166/*http://smallbusiness.yahoo.com/webhosting" target="_blank">Yahoo! Web Hosting<br>

O1 - Hosts: $25 Setup Waived</a></div>

O1 - Hosts: <div class="addescr" title="Reliable plans include domain & 24x7 support.">Reliable plans include domain & 24x7 support.</div>

O1 - Hosts: <div class="adlink" title="Reliable plans include domain & 24x7 support."><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=27166/*http://smallbusiness.yahoo.com/webhosting" target="_blank">webhosting.yahoo.com</a></div>

O1 - Hosts: </div>

O1 - Hosts: <div class="adtable">

O1 - Hosts: <div class="adttl" title="Reliable plans include domain & 24x7 support."><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=27176/*http://smallbusiness.yahoo.com/domains/" target="_blank">Domain Names from Yahoo! only $9.95/yr</a></div>

O1 - Hosts: <div class="addescr" title="Includes starter web page, email & domain forwarding, 24x7 support.">Includes starter web page, email & domain forwarding, 24x7 support.</div>

O1 - Hosts: <div class="adlink" title="Includes starter web page, email & domain forwarding, 24x7 support."><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=27176/*http://smallbusiness.yahoo.com/domains/" target="_blank">domains.yahoo.com</a></div>

O1 - Hosts: </div>

O1 - Hosts: <div class="adtable">

O1 - Hosts: <div class="adttl" title="Setup fee waived. Up to 10 emails, SpamGuard, forwarding & virus scanning."><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=27184/*http://smallbusiness.yahoo.com/mail" target="_blank">Yahoo! Business Email<br> Domain Included</a></div>

O1 - Hosts: <div class="addescr" title="Setup fee waived. Up to 10 emails, SpamGuard, forwarding & virus scanning.">Setup fee waived. Up to 10 emails, SpamGuard, forwarding & virus scanning.</div>

O1 - Hosts: <div class="adlink" title="Setup fee waived. Up to 10 emails, SpamGuard, forwarding & virus scanning."><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=27184/*http://smallbusiness.yahoo.com/mail" target="_blank">smallbusiness.yahoo.com</a></div>

O1 - Hosts: </div>

O1 - Hosts: <div class="adtable">

O1 - Hosts: <div class="adttl" title="$50 setup fee waived. A reliable ecommerce plan, 24x7 support."><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=/27190/*http://smallbusiness.yahoo.com/merchant" target="_blank">Ecommerce from Yahoo!<br> 1 Month Free</a></div>

O1 - Hosts: <div class="addescr" title="$50 setup fee waived. A reliable ecommerce plan, 24x7 support.">$50 setup fee waived. A reliable ecommerce plan, 24x7 support.</div>

O1 - Hosts: <div class="adlink" title="$50 setup fee waived. A reliable ecommerce plan, 24x7 support."><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=/27190/*http://smallbusiness.yahoo.com/merchant" target="_blank">smallbusiness.yahoo.com</a></div>

O1 - Hosts: </div>

O1 - Hosts: <div class="ybadge">

O1 - Hosts: Get your own web site at <br><a target="_top" href="http://geocities.yahoo.com">Yahoo! GeoCities</a>

O1 - Hosts: <a href="http://smallbusiness.yahoo.com/webhosting/" target="_top"><img src="http://us.i1.yimg.com/us.yimg.com/i/us/wh/gr/badge_hostedby_purp_2.gif" alt="Hosted by Yahoo! Web Hosting" align="middle" border="0" height="31" width="88"></a>

O1 - Hosts: </div>

O1 - Hosts: </div>

O1 - Hosts: </div>

O1 - Hosts: <div class=ftr>

O1 - Hosts: <hr size=1 width=100%>

O1 - Hosts: Copyright ©

O1 - Hosts: 2005 Yahoo! Inc. All rights reserved<br>

O1 - Hosts: <a href="http://privacy.yahoo.com/privacy/us/geo/">Privacy Policy</a>

O1 - Hosts: - <a href="http://docs.yahoo.com/info/copyright/copyright.html">Copyright Policy</a>

O1 - Hosts: - <a href="http://docs.yahoo.com/info/guidelines/community.html">Guidelines</a>

O1 - Hosts: - <a href="http://docs.yahoo.com/info/terms/geoterms.html">Terms of Service</a>

O1 - Hosts: - <a href="http://help.yahoo.com/help/us/geo/">Help</a>

O1 - Hosts: </div>

O1 - Hosts: </div>

O1 - Hosts: </body>

O1 - Hosts: </html>

O1 - Hosts: <!-- text below generated by server. PLEASE REMOVE --></object></layer></div></span></style></noscript></table></script></applet>

O1 - Hosts: <IMG SRC="http://geo.yahoo.com/serv?s=19190039&t=1183125268&f=us-w70" ALT=1 WIDTH=1 HEIGHT=1>

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: (no name) - {34E6F97C-34E0-4CE5-B92B-F83634BEDC01} - C:\Arquivos de programas\Video ActiveX Access\iesplg.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {894647A2-65F6-4DB5-80F6-AF1FD81C6941} - C:\WINDOWS\system32\mljgh.dll (file missing)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\qalndkvr.dll (file missing)

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehCef.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Arquivos de programas\GbPlugin\gbiehabn.dll

O3 - Toolbar: Protection Bar - {29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00} - C:\Arquivos de programas\Video ActiveX Access\iesbpl.dll (file missing)

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [LClock] C:\Arquivos de programas\LClock\LClock.exe

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"

O4 - HKLM\..\Run: [system Files Updater] C:\WINDOWS\FlyakiteOSX\System Files Updater.exe /S

O4 - HKLM\..\Run: [Atualizador - Puxa Rápido] C:\Arquivos de programas\Puxa Rápido\Atualiza.exe

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - Startup: ADSL.lnk = ?

O4 - Startup: Windows Live Mail.lnk = C:\Arquivos de programas\Windows Live\Mail\wlmail.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Anti-Banner - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by110fd.bay110.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {52C98B35-3A5A-41C2-B09E-B8617E5A9EF7} (MaxxDownload.CtlDown) - http://www.cartorioonline.com.br/clientev2/winxp/Downloader.CAB

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1165782324765

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399003} (GbPluginObj Class) - https://imagem.caixa.gov.br/cab/GbPluginCef.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginSUD.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{3CADDE17-F92A-4D25-836E-00B30C537D59}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll

O20 - AppInit_DLLs: C:\ARQUIV~1\KASPER~1\KASPER~2.0\adialhk.dll

O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll

O20 - Winlogon Notify: qalndkvr - C:\WINDOWS\

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: __GbPluginAbn - C:\Arquivos de programas\GbPlugin\gbiehabn.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Arquivos de programas\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: autodial - Unknown owner - rasphone.exe (file missing)

O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing)

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Faça o download do MVPS Hosts File:

http://mvps.org/winhelp2002/hosts.zip

  • Extraia o arquivo para qualquer pasta;
  • Duplo clique no arquivo mvps.bat para substituição do arquivo hosts.

- Faça o download do ComboFix

  • Desative, temporariamente, o antivírus;
  • Feche todas as janelas abertas;
  • Dê um duplo-clique no ComboFix.exe, clique em "Executar" e digite "1" + Enter para prosseguir o Fix. Pode demorar algum tempo.
  • O ComboFix poderá reiniciar o PC automaticamente para completar o processo de remoção.
  • Quando terminar, será gerado um log, que estará em C:\ComboFix.txt.
  • Não clique na Janela do ComboFix, nem o feche clicando no X, enquanto estiver rodando, não mova o mouse e não use o teclado, pois senão irá parar e seu desktop ficará em branco.
  • Para parar ou sair do ComboFix, tecle "N".
  • Cole o ComboFix.txt e um novo log do HijackThis na sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Combo

ComboFix 08-03-25.1 - Slim 2008-03-25 22:42:53.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.603 [GMT -3:00]

Executando de: C:\Documents and Settings\Slim\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Arquivos de programas\outlook

C:\Arquivos de programas\outlook\p.zip

C:\svchost.exe

C:\WINDOWS\BMd775ba1d.xml

C:\WINDOWS\cookies.ini

C:\WINDOWS\Fonts\'

C:\WINDOWS\Fonts\a.zip

C:\WINDOWS\pskt.ini

C:\WINDOWS\system32\behtfwte.dll

C:\WINDOWS\system32\bszip.dll

C:\WINDOWS\system32\bwrqyaxi.ini

C:\WINDOWS\system32\cmd.com

C:\WINDOWS\system32\cpqqhprh.ini

C:\WINDOWS\system32\cwcehuim.ini

C:\WINDOWS\system32\dpfqcpfm.dll

C:\WINDOWS\system32\dpniudhl.ini

C:\WINDOWS\system32\dpnuyrag.ini

C:\WINDOWS\system32\dsxucrvd.ini

C:\WINDOWS\system32\efcftuii.dll

C:\WINDOWS\system32\erwbsixg.ini

C:\WINDOWS\system32\exswexnh.dll

C:\WINDOWS\system32\gypdrevt.dll

C:\WINDOWS\system32\hgjlm.ini

C:\WINDOWS\system32\hgjlm.ini2

C:\WINDOWS\system32\hwvtfmxx.ini

C:\WINDOWS\system32\ibrctsuw.ini

C:\WINDOWS\system32\iyuqvnyq.dll

C:\WINDOWS\system32\jllhpkga.ini

C:\WINDOWS\system32\jrdojvog.dll

C:\WINDOWS\system32\knuxsgyi.ini

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\mmnjnqxd.ini

C:\WINDOWS\system32\mspnawhr.ini

C:\WINDOWS\system32\netstat.com

C:\WINDOWS\system32\nsyedmxd.dll

C:\WINDOWS\system32\omlguthy.ini

C:\WINDOWS\system32\ping.com

C:\WINDOWS\system32\punkbext.ini

C:\WINDOWS\system32\pvnptlbn.dll

C:\WINDOWS\system32\regedit.com

C:\WINDOWS\system32\rituvxnt.dll

C:\WINDOWS\system32\slxecrhv.ini

C:\WINDOWS\system32\taskkill.com

C:\WINDOWS\system32\tasklist.com

C:\WINDOWS\system32\tracert.com

C:\WINDOWS\system32\uvawvoxw.ini

C:\WINDOWS\system32\uyocqnht.ini

C:\WINDOWS\system32\vdsruryl.ini

C:\WINDOWS\system32\viyxqrtg.ini

C:\WINDOWS\system32\wvkjvvyu.ini

C:\WINDOWS\system32\wxnssyxo.ini

C:\WINDOWS\system32\yajoamxr.ini

C:\WINDOWS\system32\yhonmxjm.dll

C:\WINDOWS\system32\ylsiwsee.dll

C:\WINDOWS\system32\yykjwoom.ini

F:\Autorun.inf

.

((((((((((((((((((((((( Ficheiros criados de 2008-02-26 to 2008-03-26 ))))))))))))))))))))))))))))))))

.

2008-03-23 15:04 . 2008-03-23 15:04 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab

2008-03-23 12:41 . 2008-03-23 13:15 <DIR> d-------- C:\Arquivos de programas\eMule

2008-03-22 11:50 . 2008-03-22 13:29 <DIR> d-------- C:\Documents and Settings\Slim\Dados de aplicativos\Hamachi

2008-03-19 20:45 . 2008-03-19 20:45 <DIR> d-------- C:\Documents and Settings\Slim\Dados de aplicativos\DivX

2008-03-17 20:27 . 2008-03-17 20:33 11,028 --a------ C:\WINDOWS\Run32A60.mch

2008-03-17 20:25 . 2008-03-17 20:25 <DIR> d-------- C:\TopEvo3

2008-03-17 20:23 . 2008-03-17 20:27 <DIR> d-------- C:\WINDOWS\A6W_DATA

2008-03-17 20:23 . 2008-03-17 20:27 35 --a------ C:\WINDOWS\A6W.INI

2008-03-16 14:10 . 2008-03-16 14:10 244 --ah----- C:\sqmnoopt15.sqm

2008-03-16 14:10 . 2008-03-16 14:10 232 --ah----- C:\sqmdata15.sqm

2008-03-10 20:44 . 2008-03-23 12:36 <DIR> d-------- C:\Documents and Settings\Slim\Dados de aplicativos\LimeWire

2008-03-07 20:10 . 2008-03-07 20:10 <DIR> d-------- C:\Documents and Settings\Slim\.receitanet

2008-03-07 20:09 . 2007-12-04 10:11 69,632 -ra------ C:\WINDOWS\system32\MSJCE.dll

2008-03-07 20:09 . 2008-03-07 20:09 3,069 --a------ C:\WINDOWS\vpd.properties

2008-03-07 19:52 . 2008-03-07 21:55 <DIR> d-------- C:\WINDOWS\system32\NtmsData

2008-03-06 23:27 . 2008-03-06 23:27 <DIR> d-------- C:\Arquivos de programas\Microsoft CAPICOM 2.1.0.2

2008-03-06 19:16 . 2008-03-06 19:16 <DIR> d-------- C:\Documents and Settings\Slim\Contacts

2008-03-06 12:58 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-03-06 12:58 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll

2008-03-06 12:58 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-03-06 08:58 . 2008-03-06 17:26 <DIR> d-------- C:\Documents and Settings\NetworkService\Dados de aplicativos\WTablet

2008-03-06 08:27 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll

2008-03-06 08:26 . 2008-03-06 08:26 <DIR> d-------- C:\Arquivos de programas\Microsoft SQL Server Compact Edition

2008-03-06 08:24 . 2008-03-06 08:25 <DIR> d-------- C:\Arquivos de programas\Windows Live Toolbar

2008-03-06 08:24 . 2008-03-06 08:24 <DIR> d-------- C:\Arquivos de programas\Windows Live Favorites

2008-03-06 08:12 . 2008-03-06 08:12 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-03-06 08:12 . 2008-03-06 23:27 <DIR> d-------- C:\Arquivos de programas\Windows Live

2008-03-06 08:12 . 2008-03-06 08:20 <DIR> d--hsc--- C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-03-05 22:23 . 2008-03-07 20:09 <DIR> d-------- C:\Arquivos de programas\Programas RFB

2008-03-05 20:59 . 2008-03-05 20:59 <DIR> d-------- C:\Documents and Settings\Slim\Dados de aplicativos\Nero

2008-03-05 20:58 . 2007-03-23 23:38 <DIR> d--h----- C:\Documents and Settings\Slim\Modelos

2008-03-05 20:58 . 2008-03-23 16:25 <DIR> d---s---- C:\Documents and Settings\Slim\Meus documentos

2008-03-05 20:58 . 2006-12-09 10:39 <DIR> dr------- C:\Documents and Settings\Slim\Menu Iniciar

2008-03-05 20:58 . 2008-03-05 20:59 <DIR> d---s---- C:\Documents and Settings\Slim\Favoritos

2008-03-05 20:58 . 2008-03-25 22:51 <DIR> d-------- C:\Documents and Settings\Slim\Dados de aplicativos\WTablet

2008-03-05 20:58 . 2008-03-22 11:50 <DIR> d--h----- C:\Documents and Settings\Slim\Dados de aplicativos

2008-03-05 20:58 . 2008-03-25 22:47 <DIR> d--h----- C:\Documents and Settings\Slim\Configura‡äes locais

2008-03-05 20:58 . 2006-12-09 10:39 <DIR> d--h----- C:\Documents and Settings\Slim\Ambiente de rede

2008-03-05 20:58 . 2006-12-09 10:39 <DIR> d--h----- C:\Documents and Settings\Slim\Ambiente de impressÆo

2008-03-01 11:54 . 2008-03-01 11:54 268 --ah----- C:\sqmdata14.sqm

2008-03-01 11:54 . 2008-03-01 11:54 244 --ah----- C:\sqmnoopt14.sqm

2008-03-01 11:12 . 2008-03-01 11:13 1,317,627 ---hs---- C:\WINDOWS\system32\tyhtiryh.ini

2008-03-01 09:01 . 2008-03-01 09:01 268 --ah----- C:\sqmdata13.sqm

2008-03-01 09:01 . 2008-03-01 09:01 244 --ah----- C:\sqmnoopt13.sqm

2008-02-29 23:27 . 2008-02-29 23:27 268 --ah----- C:\sqmdata12.sqm

2008-02-29 23:27 . 2008-02-29 23:27 244 --ah----- C:\sqmnoopt12.sqm

2008-02-29 08:03 . 2008-02-29 08:03 268 --ah----- C:\sqmdata11.sqm

2008-02-29 08:03 . 2008-02-29 08:03 244 --ah----- C:\sqmnoopt11.sqm

2008-02-28 21:15 . 2008-02-28 21:15 268 --ah----- C:\sqmdata10.sqm

2008-02-28 21:15 . 2008-02-28 21:15 244 --ah----- C:\sqmnoopt10.sqm

2008-02-28 19:25 . 2008-02-28 19:25 268 --ah----- C:\sqmdata09.sqm

2008-02-28 19:25 . 2008-02-28 19:25 244 --ah----- C:\sqmnoopt09.sqm

2008-02-28 19:23 . 2008-02-28 19:23 294 ---hs---- C:\WINDOWS\system32\femjcoud.ini

2008-02-28 19:21 . 2008-02-28 19:21 268 --ah----- C:\sqmdata08.sqm

2008-02-28 19:21 . 2008-02-28 19:21 244 --ah----- C:\sqmnoopt08.sqm

2008-02-28 19:11 . 2008-02-28 19:11 268 --ah----- C:\sqmdata07.sqm

2008-02-28 19:11 . 2008-02-28 19:11 244 --ah----- C:\sqmnoopt07.sqm

2008-02-28 18:52 . 2008-02-28 18:52 268 --ah----- C:\sqmdata06.sqm

2008-02-28 18:52 . 2008-02-28 18:52 244 --ah----- C:\sqmnoopt06.sqm

2008-02-27 22:39 . 2008-02-27 22:39 268 --ah----- C:\sqmdata05.sqm

2008-02-27 22:39 . 2008-02-27 22:39 244 --ah----- C:\sqmnoopt05.sqm

2008-02-27 20:45 . 2008-02-27 20:45 268 --ah----- C:\sqmdata04.sqm

2008-02-27 20:45 . 2008-02-27 20:45 244 --ah----- C:\sqmnoopt04.sqm

2008-02-27 07:50 . 2008-02-27 07:50 268 --ah----- C:\sqmdata03.sqm

2008-02-27 07:50 . 2008-02-27 07:50 244 --ah----- C:\sqmnoopt03.sqm

2008-02-27 07:28 . 2008-02-27 07:28 268 --ah----- C:\sqmdata02.sqm

2008-02-27 07:28 . 2008-02-27 07:28 244 --ah----- C:\sqmnoopt02.sqm

2008-02-26 16:42 . 2008-02-26 16:42 <DIR> d-------- C:\System32

.

((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-26 01:51 27,387,168 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat

2008-03-26 01:51 1,277,984 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat

2008-03-26 01:51 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab

2008-03-26 01:50 --------- d-----w C:\Documents and Settings\LocalService\Dados de aplicativos\WTablet

2008-03-26 01:49 370,904 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx

2008-03-26 01:49 121,856 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx

2008-03-23 23:15 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2008-03-23 14:55 --------- d-----w C:\Documents and Settings\Regis\Dados de aplicativos\WTablet

2008-03-23 14:46 --------- d-----w C:\Documents and Settings\Regis\Dados de aplicativos\LimeWire

2008-03-23 14:46 --------- d-----w C:\Arquivos de programas\Incomplete

2008-03-23 14:45 --------- d-----w C:\Arquivos de programas\LimeWire

2008-03-07 01:36 --------- d-----w C:\Arquivos de programas\The KMPlayer

2008-03-06 11:13 --------- d-----w C:\Arquivos de programas\MSN Messenger

2008-03-06 00:18 --------- d-----w C:\Arquivos de programas\Java

2008-03-01 16:25 --------- d-----w C:\Arquivos de programas\Opera

2008-02-28 01:13 --------- d-----w C:\Arquivos de programas\Toon Boom Animation

2008-02-28 01:10 --------- d-----w C:\Arquivos de programas\WinISO

2008-02-28 01:09 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-02-28 01:09 --------- d-----w C:\Documents and Settings\Regis\Dados de aplicativos\Toon Boom Animation

2008-02-16 10:12 --------- d-----w C:\Arquivos de programas\Tablet

2008-02-15 21:34 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

2008-02-15 21:05 --------- d-----w C:\Documents and Settings\Regis\Dados de aplicativos\Corel

2008-02-15 21:02 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Corel

2008-02-15 21:02 --------- d-----w C:\Arquivos de programas\Corel

2008-02-03 01:48 47,616 ----a-w C:\WINDOWS\system32\drivers\Haspnt.sys

2008-02-03 01:43 --------- d-----w C:\Arquivos de programas\Alias

2008-02-01 14:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR

2008-01-31 21:10 91,700 ----a-w C:\WINDOWS\system32\drivers\klin.dat

2008-01-31 01:46 --------- d-----w C:\Documents and Settings\Regis\Dados de aplicativos\Nero

2008-01-31 01:39 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Nero

2008-01-31 01:37 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Nero

2008-01-31 01:37 --------- d-----w C:\Arquivos de programas\Nero

2008-01-31 01:30 --------- d-----w C:\Arquivos de programas\Ahead

2008-01-27 23:17 --------- d-----w C:\Documents and Settings\Regis\Dados de aplicativos\Hamachi

2008-01-26 22:59 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-01-26 22:53 260 ----a-w C:\2782.bat

2007-04-01 15:03 284 ------w C:\Documents and Settings\Regis\Dados de aplicativos\ViewerApp.dat

2006-12-09 18:35 284 -c----w C:\Documents and Settings\Administrador\Dados de aplicativos\ViewerApp.dat

2004-10-01 17:00 40,960 ----a-w C:\Arquivos de programas\Uninstall_CDS.exe

2007-09-07 13:11 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\index.dat

2007-09-07 13:11 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5\index.dat

2007-09-07 13:11 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{34E6F97C-34E0-4CE5-B92B-F83634BEDC01}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{894647A2-65F6-4DB5-80F6-AF1FD81C6941}]

C:\WINDOWS\system32\mljgh.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

"msnmsgr"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe Photo Downloader"="C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-07-14 14:09 57344]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"LClock"="C:\Arquivos de programas\LClock\LClock.exe" [ ]

"DAEMON Tools"="C:\Arquivos de programas\DAEMON Tools\daemon.exe" [2006-11-12 07:48 157592]

"iTunesHelper"="C:\Arquivos de programas\iTunes\iTunesHelper.exe" [2007-08-15 20:15 271672]

"AVP"="C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51 218376]

"System Files Updater"="C:\WINDOWS\FlyakiteOSX\System Files Updater.exe" [ ]

"Atualizador - Puxa Rápido"="C:\Arquivos de programas\Puxa Rápido\Atualiza.exe" [ ]

"VTTimer"="VTTimer.exe" [2005-03-08 02:33 53248 C:\WINDOWS\system32\VTTimer.exe]

"QuickTime Task"="C:\Arquivos de programas\K-Lite Codec Pack\QuickTime\qttask.exe" [2008-01-03 19:58 286720]

"TkBellExe"="C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2008-01-04 16:28 185896]

"NeroFilterCheck"="C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]

"NBKeyScan"="C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 08:51 1836328]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]

"{A3717295-941D-416F-9384-ED1736729F1C}"= C:\Arquivos de programas\Scpad\scpLIB.dll [2007-03-27 01:29 128512]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399007}"= C:\Arquivos de programas\GbPlugin\gbiehabn.dll [2007-10-30 15:43 339888]

"{E37CB5F0-51F5-4395-A808-5FA49E399003}"= C:\Arquivos de programas\GbPlugin\gbiehCef.dll [2007-08-09 14:39 207944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"CompIBBrd"= {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll [2007-03-27 01:29 128512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qalndkvr]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__GbPluginAbn]

C:\Arquivos de programas\GbPlugin\gbiehabn.dll 2007-10-30 15:43 339888 C:\Arquivos de programas\GbPlugin\gbiehabn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=C:\ARQUIV~1\KASPER~1\KASPER~2.0\adialhk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"wuauserv"=2 (0x2)

"wscsvc"=2 (0x2)

"RemoteRegistry"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"C:\\Arquivos de programas\\zbattle.net\\zbattle.net.exe"=

"C:\\Arquivos de programas\\eMule\\emule.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de programas\\Ares\\Ares.exe"=

"C:\\Arquivos de programas\\Warcraft III\\War3.exe"=

"C:\\Arquivos de programas\\iTunes\\iTunes.exe"=

"C:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"6346:TCP"= 6346:TCP:Shareaza

"6346:UDP"= 6346:UDP:Shareaza

"14390:TCP"= 14390:TCP:BitComet 14390 TCP

"14390:UDP"= 14390:UDP:BitComet 14390 UDP

"4661:TCP"= 4661:TCP:porta 4661

"4665:UDP"= 4665:UDP:porta 4665

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Logging]

"LogSuccessfulConnections"= 0 (0x0)

"LogDroppedPackets"= 0 (0x0)

"LogFileSize"= 0 (0x0)

"LogFilePath"=

R1 kbfilter;Keyboard Filter Driver;C:\WINDOWS\system32\drivers\kbfilter.sys [2001-11-27 15:07]

R3 alcan5ln;SpeedTouch USB ADSL RFC1483 Networking Driver (NDIS);C:\WINDOWS\system32\DRIVERS\alcan5ln.sys [2003-12-08 10:53]

R3 jfltr;jfltr;C:\WINDOWS\system32\DRIVERS\jfltr.sys [2003-06-30 16:40]

R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 16:12]

R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 15:30]

S3 lgatbus;LG USB Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\lgatbus.sys [2002-10-15 15:03]

S3 lgatmdm;LG CDMA USB Modem Drivers;C:\WINDOWS\system32\DRIVERS\lgatmdm.sys [2002-10-15 15:05]

S3 lgatserd;LG CDMA USB Modem Diagnostic Serial Port Drivers (WDM);C:\WINDOWS\system32\DRIVERS\lgatserd.sys [2002-10-15 15:07]

S3 SE31bus;Sony Ericsson Device 049 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE31bus.sys [2006-05-01 08:56]

S3 SE31mdfl;Sony Ericsson Device 049 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE31mdfl.sys [2006-05-01 08:57]

S3 SE31mdm;Sony Ericsson Device 049 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE31mdm.sys [2006-05-01 08:57]

S3 SE31mgmt;Sony Ericsson Device 049 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE31mgmt.sys [2006-05-01 08:58]

S3 se31nd5;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (NDIS);C:\WINDOWS\system32\DRIVERS\se31nd5.sys [2006-05-01 08:56]

S3 SE31obex;Sony Ericsson Device 049 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE31obex.sys [2006-05-01 08:59]

S3 se31unic;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (WDM);C:\WINDOWS\system32\DRIVERS\se31unic.sys [2006-05-01 08:56]

S3 st3mp28;st3mp28;C:\WINDOWS\system32\DRIVERS\st3mp28.sys []

S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\w300bus.sys [2006-03-13 15:49]

S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w300mdfl.sys [2006-03-13 15:50]

S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w300mdm.sys [2006-03-13 15:50]

S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w300mgmt.sys [2006-03-13 15:50]

S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w300obex.sys [2006-03-13 15:50]

.

Conte£do da pasta 'Tarefas Agendadas'

"2008-03-26 01:34:01 C:\WINDOWS\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job"

Hijack

Logfile of HijackThis v1.99.1

Scan saved at 23:02, on 2008-03-25

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\PSIService.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Tablet.exe

C:\WINDOWS\system32\UAService7.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\WTablet\TabUserW.exe

C:\WINDOWS\system32\Tablet.exe

C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\Arquivos de programas\DAEMON Tools\daemon.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

C:\WINDOWS\system32\VTTimer.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Windows Live\Mail\wlmail.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Documents and Settings\Slim\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: (no name) - {34E6F97C-34E0-4CE5-B92B-F83634BEDC01} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {894647A2-65F6-4DB5-80F6-AF1FD81C6941} - C:\WINDOWS\system32\mljgh.dll (file missing)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehCef.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Arquivos de programas\GbPlugin\gbiehabn.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [LClock] C:\Arquivos de programas\LClock\LClock.exe

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"

O4 - HKLM\..\Run: [system Files Updater] C:\WINDOWS\FlyakiteOSX\System Files Updater.exe /S

O4 - HKLM\..\Run: [Atualizador - Puxa Rápido] C:\Arquivos de programas\Puxa Rápido\Atualiza.exe

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - Startup: ADSL.lnk = ?

O4 - Startup: Windows Live Mail.lnk = C:\Arquivos de programas\Windows Live\Mail\wlmail.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Anti-Banner - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by110fd.bay110.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {52C98B35-3A5A-41C2-B09E-B8617E5A9EF7} (MaxxDownload.CtlDown) - http://www.cartorioonline.com.br/clientev2/winxp/Downloader.CAB

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1165782324765

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399003} (GbPluginObj Class) - https://imagem.caixa.gov.br/cab/GbPluginCef.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginSUD.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{3CADDE17-F92A-4D25-836E-00B30C537D59}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll

O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll

O20 - Winlogon Notify: qalndkvr - C:\WINDOWS\

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: __GbPluginAbn - C:\Arquivos de programas\GbPlugin\gbiehabn.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Arquivos de programas\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: autodial - Unknown owner - rasphone.exe (file missing)

O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing)

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites
o que quer dizer esta mensagem?

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

Que a máquina não tem o console de recuperação instalado. O Console de recuperação pode ser executado pelo CD de instalação do XP ou instalar a ferramenta. É opção do usuário. O console é usado quando há problemas com a MBR, boot, etc.

- Selecione o texto abaixo e copie para o bloco de notas. Salve-o como CFScript.txt;

Folder::
C:\System32
File::
C:\WINDOWS\system32\tyhtiryh.ini
C:\WINDOWS\system32\femjcoud.ini
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qalndkvr]

- Arraste o CFScript.txt para o ComboFix conforme a imagem abaixo:

CF_Script.gif

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

Não use o mouse nem o teclado quando o ComboFix estiver rodando.

Quando terminar, será gerado um log, que estará em C:\ComboFix.txt.

Obs: Se o Combofix não reiniciar seu computador automaticamente, faça-o manualmente.

Na sua próxima resposta, cole o ComboFix.txt e um novo log do HijackThis.

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Ok, o log está limpo :)

- Digite no Executar combofix /u e clique em Ok. Na próxima janela clique em "Executar" e aguarde a remoção do programa;

- Recomendo uma manutenção no computador para exclusão dos arquivos temporários, desnecessários e entradas inválidas no registro. Faça o download do CCleaner:

  • Abra o programa e clique em Executar Limpeza;
  • Após isto, clique em Registro > Procurar erros > Corrigir erros selecionados

- Desative e ative novamente a Restauração do Sistema

- Leia o artigo Proteja seu PC para mais informações sobre como evitar infecções.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Entre para seguir isso  





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×