Usamos cookies para medir audiência e melhorar sua experiência. Você pode aceitar ou recusar a qualquer momento. Veja sobre o iMasters.
Olá Jgarcia,primeiro quero lhe desejar um bom carnaval!!! E pra variar estou precisando de você mais uma vez!!!
Logfile of HijackThis v1.99.1
Scan saved at 22:30:16, on 15/2/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\htpatch.exe
C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe
C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe
C:\ARQUIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\System32\msnmsg.exe
C:\ARQUIV~1\ARQUIV~1\PCSuite\Services\SERVIC~1.EXE
C:\Arquivos de programas\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Arquivos de programas\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Arquivos de programas\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\BraZip\BraZip.exe
C:\DOCUME~1\PH\CONFIG~1\Temp\SZ2955\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.globo.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
O2 - BHO: (no name) - {008DB894-99ED-445D-8547-0E7C9808898D} - C:\WINDOWS\mslagent\4b_1,0,1,2_mslagent.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: IbestBHO Class - {7E6CDC1C-3B90-47D7-B2A8-24438CA96075} - C:\Arquivos de programas\Discador Digerati\bho.dll (file missing)
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Barra de Ferramentas MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Toolbar1.01.2607.0\pt-br\msntb.dll (file missing)
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [C-Media Speaker Configuration] D:\Sound\C-Media\WinXP\Setup.exe /SPEAKER
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [sygate Personal Firewall] SsyySswiN32.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\ARQUIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [msnmsg] C:\WINDOWS\System32\msnmsg.exe
O4 - HKLM\..\Run: [WinMsg] C:\WINDOWS\winmsgr.exe
O4 - HKLM\..\RunServices: [sygate Personal Firewall] SsyySswiN32.exe
O4 - HKCU\..\Run: [Discador Digerati] "C:\Arquivos de programas\Discador Digerati\autoupdate.exe"
O4 - HKCU\..\Run: [sygate Personal Firewall] SsyySswiN32.exe
O4 - HKCU\..\Run: [instant Access] C:\WINDOWS\System32\prodsrvs.exe /res
O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PrecisionTime.lnk = C:\Arquivos de programas\PrecisionTime\PrecisionTime.exe
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Discador Oi Internet.lnk = C:\Arquivos de programas\Oi Internet\DiscaOi.exe
O4 - Global Startup: msnmsg.exe
O8 - Extra context menu item: Enviar Imagem para Biblioteca de Foto - file://C:\Arquivos de programas\MGI\MGI PhotoSuite III SE\Temp\MGI00000.html
O9 - Extra button: Translate - {87680762-4A83-11B4-885B-0000E8ECA40F} - C:\Arquivos de programas\LingoCom\Translator.lnk (file missing)
O9 - Extra 'Tools' menuitem: LingoWare Translator... - {87680762-4A83-11B4-885B-0000E8ECA40F} - C:\Arquivos de programas\LingoCom\Translator.lnk (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\ARQUIV~1\YAHOO!\MESSEN~1\YPAGER.EXE (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\ARQUIV~1\YAHOO!\MESSEN~1\YPAGER.EXE (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {16BED5D9-AA6B-4A96-A134-C1958893490F} (VacPro.int_ver40v) - http://advnt01.com/dialer/intES_ver40v.CAB
O16 - DPF: {1CD49DC9-FD88-41FA-B892-47E037267D45} - http://akamai.downloadv3.com/binaries/EGDA...ESS_1059_XP.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...tup1.0.0.15.cab
O16 - DPF: {321F38B6-7E5F-470E-B58C-927523B7AF92} - http://es6-scripts.dlv4.com/binaries/egacc..._1069_em_XP.cab
O16 - DPF: {5F4D3335-3194-4167-85AE-E7325F2695EF} - http://scripts.dlv4.com/binaries/egaccess4..._1068_em_XP.cab
O16 - DPF: {87C1805D-C5AE-4455-AB39-E245BB516136} - http://scripts.dlv4.com/binaries/egaccess4...ss4_1059_XP.cab
O16 - DPF: {8D8BAF56-B581-4B90-A549-C4AC6B03F1BB} - http://scripts.downloadv3.com/binaries/EGD...ESS_1074_XP.cab
O16 - DPF: {AA59202C-5E41-48FC-AF7D-324F5FD6A9F1} - http://es6-scripts.dlv4.com/binaries/egacc..._1070_em_XP.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab
O16 - DPF: {EC4AFBF3-4540-4306-AF10-4CAC509EA16B} - http://scripts.downloadv3.com/binaries/EGD...4_ASPIV4_XP.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe
Bankfix:
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CorelCorelDRAW10 Reminder"=""
"NeroCheck"="C:\\WINDOWS\\System32\\\\NeroCheck.exe"
"windows auto update"=""
"C-Media Speaker Configuration"="D:\\Sound\\C-Media\\WinXP\\Setup.exe /SPEAKER"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"HTpatch"="C:\\WINDOWS\\htpatch.exe"
"TkBellExe"="\"C:\\Arquivos de programas\\Arquivos comuns\\Real\\Update_OB\\realsched.exe\" -osboot"
"Sygate Personal Firewall"="SsyySswiN32.exe"
"AVG7_CC"="C:\\ARQUIV~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"AVG7_EMC"="C:\\ARQUIV~1\\Grisoft\\AVGFRE~1\\avgemc.exe"
"PCSuiteTrayApplication"="C:\\ARQUIV~1\\Nokia\\NOKIAP~1\\LAUNCH~1.EXE -onlytray"
"SMSERIAL"="sm56hlpr.exe"
"WinMsg"="C:\\WINDOWS\\winmsgr.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
Grato amigo!!!
Olá JGarcia, desculpe a demora mas fiquei sem velox... mas agora já fiz o que você pediu!! Muito grato Abraços!!
Novo log:
Logfile of HijackThis v1.99.1
Scan saved at 21:29:30, on 17/2/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\mqsvc.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\WINDOWS\htpatch.exe
C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
C:\ARQUIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\WINDOWS\sm56hlpr.exe
C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe
C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\System32\rundll32.exe
C:\ARQUIV~1\ARQUIV~1\PCSuite\Services\SERVIC~1.EXE
C:\Arquivos de programas\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Arquivos de programas\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\BraZip\BraZip.exe
C:\DOCUME~1\PH\CONFIG~1\Temp\SZ2918\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.globo.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
O2 - BHO: (no name) - {008DB894-99ED-445D-8547-0E7C9808898D} - C:\WINDOWS\mslagent\4b_1,0,1,2_mslagent.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: IbestBHO Class - {7E6CDC1C-3B90-47D7-B2A8-24438CA96075} - C:\Arquivos de programas\Discador Digerati\bho.dll (file missing)
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Barra de Ferramentas MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Toolbar1.01.2607.0\pt-br\msntb.dll (file missing)
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [C-Media Speaker Configuration] D:\Sound\C-Media\WinXP\Setup.exe /SPEAKER
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [sygate Personal Firewall] SsyySswiN32.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\ARQUIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [WinMsg] C:\WINDOWS\winmsgr.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [smapp] C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\RunServices: [sygate Personal Firewall] SsyySswiN32.exe
O4 - HKCU\..\Run: [Discador Digerati] "C:\Arquivos de programas\Discador Digerati\autoupdate.exe"
O4 - HKCU\..\Run: [sygate Personal Firewall] SsyySswiN32.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PrecisionTime.lnk = C:\Arquivos de programas\PrecisionTime\PrecisionTime.exe
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Discador Oi Internet.lnk = C:\Arquivos de programas\Oi Internet\DiscaOi.exe
O8 - Extra context menu item: Enviar Imagem para Biblioteca de Foto - file://C:\Arquivos de programas\MGI\MGI PhotoSuite III SE\Temp\MGI00000.html
O9 - Extra button: Translate - {87680762-4A83-11B4-885B-0000E8ECA40F} - C:\Arquivos de programas\LingoCom\Translator.lnk (file missing)
O9 - Extra 'Tools' menuitem: LingoWare Translator... - {87680762-4A83-11B4-885B-0000E8ECA40F} - C:\Arquivos de programas\LingoCom\Translator.lnk (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\ARQUIV~1\YAHOO!\MESSEN~1\YPAGER.EXE (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\ARQUIV~1\YAHOO!\MESSEN~1\YPAGER.EXE (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {16BED5D9-AA6B-4A96-A134-C1958893490F} (VacPro.int_ver40v) - http://advnt01.com/dialer/intES_ver40v.CAB
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...tup1.0.0.15.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C34C1026-3F73-4B3D-9797-9025E0506557}: NameServer = 200.149.55.142 200.165.132.155
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
Opa altasena,
1. Baixe o BankerFix.
2. Desative o seu anti-vírus temporariamente.
3. Dê um duplo-clique sobre o bankerfix.exe, aperte Enter e aguarde o término do scan.
4. Terminado o scan, leia a mensagem na tela e aperte Enter novamente.
5. Habilite o seu anti-vírus.
6. Retorne com um novo log do HijackThis, juntamente com o relatorio.txt do BankerFix (ele estará em C:\LinhaDefensiva\).
7. Depois de postar a sua resposta você poderá deletar a pasta LinhaDefensiva contida no C.
Abraços.
Fiz o que você pediu, estou postando novo log , desde já agradeço!!! Quando entro na internet entra um monte de pág pedindo para instalar isso e aquilo.Esse pc é do meu irmão e estou tentando ajudá- lo, claro com a sua ajuda!! Um abraço!!
Logfile of HijackThis v1.99.1
Scan saved at 17:56:26, on 19/2/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\htpatch.exe
C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
C:\ARQUIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe
C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe
C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\vsnpstd.exe
C:\ARQUIV~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
C:\WINDOWS\System32\rundll32.exe
C:\ARQUIV~1\ARQUIV~1\PCSuite\Services\SERVIC~1.EXE
C:\Arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\mqsvc.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Arquivos de programas\BraZip\BraZip.exe
C:\DOCUME~1\PH\CONFIG~1\Temp\SZ5611\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.globo.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
O2 - BHO: (no name) - {008DB894-99ED-445D-8547-0E7C9808898D} - C:\WINDOWS\mslagent\4b_1,0,1,2_mslagent.dll (file missing)
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IbestBHO Class - {7E6CDC1C-3B90-47D7-B2A8-24438CA96075} - C:\Arquivos de programas\Discador Digerati\bho.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Barra de Ferramentas MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Toolbar1.01.2607.0\pt-br\msntb.dll (file missing)
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [C-Media Speaker Configuration] D:\Sound\C-Media\WinXP\Setup.exe /SPEAKER
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [sygate Personal Firewall] SsyySswiN32.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\ARQUIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [WinMsg] C:\WINDOWS\winmsgr.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [smapp] C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\RunServices: [sygate Personal Firewall] SsyySswiN32.exe
O4 - HKCU\..\Run: [Discador Digerati] "C:\Arquivos de programas\Discador Digerati\autoupdate.exe"
O4 - HKCU\..\Run: [sygate Personal Firewall] SsyySswiN32.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\ARQUIV~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PrecisionTime.lnk = C:\Arquivos de programas\PrecisionTime\PrecisionTime.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Discador Oi Internet.lnk = C:\Arquivos de programas\Oi Internet\DiscaOi.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: Enviar Imagem para Biblioteca de Foto - file://C:\Arquivos de programas\MGI\MGI PhotoSuite III SE\Temp\MGI00000.html
O9 - Extra button: Translate - {87680762-4A83-11B4-885B-0000E8ECA40F} - C:\Arquivos de programas\LingoCom\Translator.lnk (file missing)
O9 - Extra 'Tools' menuitem: LingoWare Translator... - {87680762-4A83-11B4-885B-0000E8ECA40F} - C:\Arquivos de programas\LingoCom\Translator.lnk (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\ARQUIV~1\YAHOO!\MESSEN~1\YPAGER.EXE (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\ARQUIV~1\YAHOO!\MESSEN~1\YPAGER.EXE (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {16BED5D9-AA6B-4A96-A134-C1958893490F} (VacPro.int_ver40v) - http://advnt01.com/dialer/intES_ver40v.CAB
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...tup1.0.0.15.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
INICIANDO BANKER FIX
=======================================================
INICIANDO FOX FIX
=======================================================
Iniciando Log do PV
-----------------------------------
Killing '*'
Arquivos a remover
-----------------------------------
Arquivos ruins restantes
-----------------------------------
Reg Importado
-----------------------------------
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Um abraço!!!
Opa altasena,
Vamos lá.
Habilite o Windows para mostrar todos os arquivos (até ocultos).
Desinstale:
-> PrecisionTime
Utilize Adicionar / Remover programas.
Desinstale e reinicie após tê-lo feito.
Obs.: Caso não encontre o programa acima citado na lista, apenas passe para próxima etapa.
1ª Etapa
Baixe o Killbox em:
1. Execute o Killbox, clique em Delete on Reboot.
2. Copie a lista abaixo em negrito para a área de transferência. Selecione tudo com o auxílio do mouse --> vá até a aba Editar na barra do navegador --> clique em Copiar.
C:\WINDOWS\mslagent\4b_1,0,1,2_mslagent.dll
C:\WINDOWS\winmsgr.exe
3. Retorne ao Killbox. Clique em File > Paste from clipboard. Clique em All Files.
4. Aperte em "X". Responda "não" à pergunta.
É prudente que você faça a impressão deste documento ou salve-o em um lugar de fácil acesso, pois na próxima etapa entraremos em Modo de Seguro e a conexão à internet não será possível.
2ª Etapa
Reinicie o computador em Modo Seguro (ao reiniciar aperte a tecla F8 repetidamente até que apareça uma tela preta em DOS e escolha a opção Modo Seguro).
Execute o HijackThis, clique em Do a system scan only e marque:
>
O2 - BHO: (no name) - {008DB894-99ED-445D-8547-0E7C9808898D} - C:\WINDOWS\mslagent\4b_1,0,1,2_mslagent.dll (file missing)O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [sygate Personal Firewall] SsyySswiN32.exe
O4 - HKLM\..\Run: [WinMsg] C:\WINDOWS\winmsgr.exe
O4 - HKLM\..\RunServices: [sygate Personal Firewall] SsyySswiN32.exe
O4 - HKCU\..\Run: [sygate Personal Firewall] SsyySswiN32.exe
O4 - Global Startup: PrecisionTime.lnk = C:\Arquivos de programas\PrecisionTime\PrecisionTime.exe
O16 - DPF: {16BED5D9-AA6B-4A96-A134-C1958893490F} (VacPro.int_ver40v) - http://advnt01.com/dialer/intES_ver40v.CAB
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...tup1.0.0.15.cab
Clique em Fix Checked.
3ª Etapa
Ainda em Modo Seguro localize e delete:
C:\Arquivos de programas\PrecisionTime <- a pasta
4ª Etapa
Reinicie em Modo Normal.
Poste um novo log do HijackThis.
Aguardo retorno.
Um abraço.
Boa tarde, novo log!! Um abraço!
Logfile of HijackThis v1.99.1
Scan saved at 14:42:34, on 20/2/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\mqsvc.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\htpatch.exe
C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
C:\ARQUIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\WINDOWS\sm56hlpr.exe
C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe
C:\ARQUIV~1\ARQUIV~1\PCSuite\Services\SERVIC~1.EXE
C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe
C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\vsnpstd.exe
C:\ARQUIV~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
C:\WINDOWS\System32\rundll32.exe
C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE
C:\Arquivos de programas\BraZip\BraZip.exe
C:\DOCUME~1\PH\CONFIG~1\Temp\SZ4200\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.globo.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IbestBHO Class - {7E6CDC1C-3B90-47D7-B2A8-24438CA96075} - C:\Arquivos de programas\Discador Digerati\bho.dll (file missing)
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Barra de Ferramentas MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Toolbar1.01.2607.0\pt-br\msntb.dll (file missing)
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [C-Media Speaker Configuration] D:\Sound\C-Media\WinXP\Setup.exe /SPEAKER
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\ARQUIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [smapp] C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKCU\..\Run: [Discador Digerati] "C:\Arquivos de programas\Discador Digerati\autoupdate.exe"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\ARQUIV~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Discador Oi Internet.lnk = C:\Arquivos de programas\Oi Internet\DiscaOi.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: Enviar Imagem para Biblioteca de Foto - file://C:\Arquivos de programas\MGI\MGI PhotoSuite III SE\Temp\MGI00000.html
O9 - Extra button: Translate - {87680762-4A83-11B4-885B-0000E8ECA40F} - C:\Arquivos de programas\LingoCom\Translator.lnk (file missing)
O9 - Extra 'Tools' menuitem: LingoWare Translator... - {87680762-4A83-11B4-885B-0000E8ECA40F} - C:\Arquivos de programas\LingoCom\Translator.lnk (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\ARQUIV~1\YAHOO!\MESSEN~1\YPAGER.EXE (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\ARQUIV~1\YAHOO!\MESSEN~1\YPAGER.EXE (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C34C1026-3F73-4B3D-9797-9025E0506557}: NameServer = 200.149.55.142 200.165.132.155
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
Opa altasena,
O seu log está LIMPO. :thumbsup:
Para finalizar:
1. Desabilite e Reabilite a função de Restauração Automática do XP. Clique aqui para ver como;
2. Atualize o seu Sistema Operacional urgentemente.
Para que tenha uma idéia, já foram lançados 02 (dois) grandes pacotes de atualização (SP1 e SP2) e você não possui sequer o primeiro deles instalado. Utilize o Windows UpDate contido no menu Iniciar ou solicite o CD SP2 a um amigo (melhor opção).
Abraços.
:thumbsup: JGarcia mais uma vez muito obrigada, como lhe disse esse pc é do meu irmão e já estou fazendo estas atualizações... valeu pelas dicas!! Um grande abraço!!
PROBLEMA RESOLVIDO!
Caso o autor necessite que o tópico seja reaberto é necessário enviar uma Mensagem Privada para um Moderador com um link para o tópico.
Opa altasena,
1. Baixe o BFU.
2. Salve ou imprima estas instruções:
2.1 Desabilite o seu anti-vírus e os seus antispywares temporariamente (com proteção em tempo real).
Obs.: É necessário estar conectado para baixar o script que será usado no BFU.
2.2 Dê um duplo clique sobre o ícone do BFU.
2.3 Na parte superior (Scriptfile to execute:) clique sobre o botão /applications/core/interface/imageproxy/imageproxy.php?img=http://linhadefensiva.uol.com.br/imagens/forum/help/bfu.jpg&key=f1c3c8015d5ec95402e4df7806ae902ea34a46081f9b56c3c88f25ad64d4bff0" alt="bfu.jpg" />
2.4 Na caixa Download BFU script... coloque:
http://metallica.geekstogo.com/EGDACCESS.bfu
2.5 Clique em OK e depois no botão Execute.
2.6 Quando o processo acabar aparecerá o aviso: Completed script execution. Clique em OK e depois em Exit.
2.7 Reabilite o seu anti-vírus e seus antispywares.
3. Poste um novo log do HijackThis.
Abraços.