[Arquivado] Microsoft Visual C++ Runtime Library

[Maristela Catardo 0]

Eu fui abrir meu photoshop CS3 esses dias e quando estava carregando, parou tudo e me apareceu a seguinte mensagem:

 

"Microsoft Visual C++ Runtime Library

 

Program: D:\Ar...

 

This Application has request the Runtime to terminate it in a usual way.

Please contact the application support team for more information"

 

Pesquisei na internet várias maneiras de acabar com isso, mas nenhuma resolveu meu problema. Aqui está o Log do Hijack:

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jucheck.exe

C:\HijackThis\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [spywareTerminator] "C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - HKLM\..\Run: [\\MARCELO\EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.EXE /P33 "\\MARCELO\EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...etup1.0.1.0.exe

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab

O16 - DPF: {4A116A80-85B6-4299-A018-A717FD7AC66A} - http://video.wbla.com/cab/IDMFlash.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1209532506375

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game13.zylom.com/activex/zylomgamesplayer.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

 

--

End of file - 6090 bytes

 

 

Espero que consigam me ajudar, necessito muito usar esse programa. Muito obrigada mesmo!!

[Silas Martins 0]

Baixe o Malwarebytes Anti-Malware

 

 

* Inicie a instalação clique em "mbam-setup.exe";

* Marque "Atualizar Malwarebytes Anti-Malware" e "Executar Malwarebytes Anti-Malware", e clique em concluir.

* Marque "Verificação Rápida" e depois clique em Verificar.

* Quando o scan terminar, clique em Ok e em "Mostrar Resultados" para ver o log;

* Se algo for detectado, veja se tudo está marcado e clique em "Remover";

* O log é automaticamente gravado e pode ser consultado clicando em "Logs" do menu principal;

* Copie e cole esse log, juntamente com o novo log do hijacktihis .

Aguado o retorno.

[Maristela Catardo 0]

Log do Malwarebytes' Anti-Malware 1.28

Versão do banco de dados: 1240

Windows 5.1.2600 Service Pack 2

 

7/10/2008 16:33:26

mbam-log-2008-10-07 (16-33-21).txt

 

Tipo de Verificação: Rápida

Objetos verificados: 42727

Tempo decorrido: 2 minute(s), 27 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 6

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 2

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

HKEY_CLASSES_ROOT\volcontrol.volumecontrol (Trojan.Agent) -> No action taken.

HKEY_CLASSES_ROOT\TypeLib\{2cae4279-9c6f-44dd-b89e-a7138a6e4b46} (Trojan.Agent) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{30a9bb10-a7d0-4342-9001-dc71e9b0080e} (Trojan.Agent) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{8058bcea-d0d8-4cbb-89db-b92b662bc68e} (Trojan.Agent) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{b219dfcb-09e0-45bb-9efd-33e265cd9da4} (Trojan.Agent) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.

 

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

 

Arquivos infectados:

C:\WINDOWS\system32\VolumeControl.ocx (Trojan.Agent) -> No action taken.

C:\WINDOWS\system32\mxsystem.exe (Trojan.Agent) -> No action taken.

 

Log Hijack

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:13:20, on 7/10/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jucheck.exe

C:\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [spywareTerminator] "C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - HKLM\..\Run: [\\MARCELO\EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.EXE /P33 "\\MARCELO\EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab

O16 - DPF: {4A116A80-85B6-4299-A018-A717FD7AC66A} - http://video.wbla.com/cab/IDMFlash.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1209532506375

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game13.zylom.com/activex/zylomgamesplayer.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

 

--

End of file - 6203 bytes

 

--------------------------------------------------

 

Valeu!! E não sei se vai te ajudar em algo, mas faz +/- um mês, baixei o live messenger 2009, e veio aparentemente com vírus, por que eu não conseguia utiliza-lo e nem desinstalar, dai pesquisei na internet e consegui arrumar com o programa MSN CLEANER, só que daí eu baixei de novo o msn live 2009 de uma fonte segura, mas de novo aconteceu o mesmo problema, o único é que agora nem o MSN CLEANER consegue exclui-lo, e também não consigo utilizar o msn. Talvez seja esse mesmo vírus que esteja causando isso do Photoshop, não?

 

Obrigada! Aguardo.

[Silas Martins 0]

POde sim, mas vamos ver se encontramos mais infecções.

Baixe o ComboFix em:

ComboFix

 

1) Desabilite o seu anti-vírus temporariamente;

2) Dê um duplo-clique no combofix.exe e tecle "1" para prosseguir. O processo vai durar, em média, 10 minutos;

3) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção);

4) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt;

5) Não clique na janela do ComboFix, nem feche clicando no X, enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco);

6) Para parar ou sair do ComboFix, tecle "N";

7) Reabilite o seu anti-vírus;

8) Preciso que você cole o conteúdo do ComboFix.txtjuntamente com o novo log do hijackthis em sua próxima resposta.

 

OBS.: Caso apareça uma mensagem avisando que ESTE NÃO É UM APLICATIVO WIN 32 VÁLIDO baixe o ComboFix novamente, mas salve-o em seu Desktop como KomboFix. Em último caso, tente utilizar o ComboFix em MODO SEGURO.

 

 

Atenção:

Não clique em nada enquanto o Combofix estiver rodando, Do contrário seu desktop ficará em branco.

 

Para parar o processo ou sair do ComboFix, tecle "2" e Enter.

 

Aguardo o retorno

[Maristela Catardo 0]

LOG DO COMBOFIX

 

ComboFix 08-10-08.02 - torrescatardo 2008-10-08 19:05:40.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.462 [GMT -3:00]

Executando de: C:\Documents and Settings\torrescatardo\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

 

ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\system32\_000006_.tmp.dll

C:\WINDOWS\system32\_000007_.tmp.dll

C:\WINDOWS\system32\_000008_.tmp.dll

C:\WINDOWS\system32\_000009_.tmp.dll

C:\WINDOWS\system32\_000010_.tmp.dll

C:\WINDOWS\system32\_000011_.tmp.dll

C:\WINDOWS\system32\_000012_.tmp.dll

C:\WINDOWS\system32\_000013_.tmp.dll

C:\WINDOWS\system32\_000014_.tmp.dll

C:\WINDOWS\system32\N3DTypeLib.dll

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-09-08 to 2008-10-08 ))))))))))))))))))))))))))))))))

.

 

2008-10-08 00:45 . 2008-10-08 00:47 <DIR> d-------- C:\Arquivos de programas\Audiosurf

2008-10-07 16:21 . 2008-10-07 16:21 <DIR> d-------- C:\Documents and Settings\torrescatardo\Dados de aplicativos\Malwarebytes

2008-10-07 16:20 . 2008-10-07 16:20 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes

2008-10-07 16:20 . 2008-10-07 16:28 <DIR> d-------- C:\Arquivos de programas\Malwarebytes' Anti-Malware

2008-10-07 16:20 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-10-07 16:20 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-10-07 04:24 . 2008-10-07 04:24 <DIR> d-------- C:\Arquivos de programas\SopCast

2008-10-07 04:23 . 2008-10-07 17:16 <DIR> d-------- C:\Arquivos de programas\Megacubo

2008-10-07 00:29 . 2008-10-07 00:29 <DIR> d-------- C:\Program Files

2008-10-07 00:29 . 2008-10-07 00:29 12,488,704 --a------ C:\PSCS2_Updater.exe

2008-10-07 00:14 . 2008-10-07 17:13 <DIR> d-------- C:\HijackThis

2008-10-06 23:16 . 2008-10-06 23:16 <DIR> d-------- C:\Arquivos de programas\Bonjour

2008-10-06 23:03 . 2008-10-06 23:03 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Macrovision Shared

2008-10-06 21:19 . 2008-10-06 21:19 <DIR> d-------- C:\MSNCleaner

2008-10-06 01:24 . 2008-10-06 02:49 <DIR> d-------- C:\Documents and Settings\torrescatardo\Dados de aplicativos\Download Manager

2008-09-27 04:09 . 2008-09-27 04:09 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Windows Live

2008-09-27 03:11 . 2008-09-27 03:11 <DIR> d-------- C:\Arquivos de programas\Windows Live

2008-09-26 03:20 . 2008-10-06 21:01 <DIR> d-------- C:\Arquivos de programas\Now3D

2008-09-26 03:20 . 2003-09-27 21:41 356,352 --a------ C:\WINDOWS\system32\N3DCommon.dll

2008-09-26 03:20 . 2006-03-07 22:23 266,240 --a------ C:\WINDOWS\system32\N3DControls.ocx

2008-09-26 03:20 . 1999-06-01 01:15 174,080 --a------ C:\WINDOWS\system32\vbalTbar.ocx

2008-09-26 03:20 . 1999-02-09 10:46 137,728 --a------ C:\WINDOWS\system32\ijl10.dll

2008-09-26 03:20 . 1999-05-31 17:03 137,216 --a------ C:\WINDOWS\system32\cNewMenu.dll

2008-09-26 03:20 . 2006-03-28 08:23 49,152 --a------ C:\WINDOWS\N3DScreenSaver.scr

2008-09-26 03:20 . 2004-05-17 20:59 36,864 --a------ C:\WINDOWS\system32\VectorizeForm.dll

2008-09-26 03:20 . 1998-10-14 19:41 27,648 --a------ C:\WINDOWS\system32\SSubTmr.dll

2008-09-26 03:20 . 2000-06-26 00:16 24,576 --a------ C:\WINDOWS\system32\SysInfoServer.dll

2008-09-26 03:20 . 2000-06-26 00:14 24,576 --a------ C:\WINDOWS\system32\RegServer.dll

2008-09-25 00:01 . 2008-09-25 04:55 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak

2008-09-24 23:40 . 2008-10-06 21:03 <DIR> d-------- C:\Arquivos de programas\Foxit Software

2008-09-24 23:37 . 2007-04-02 02:58 546,304 -----c--- C:\WINDOWS\system32\dllcache\hhctrl.ocx

2008-09-24 23:35 . 2008-05-01 11:32 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll

2008-09-24 23:34 . 2008-04-11 15:51 683,520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll

2008-09-24 23:23 . 2008-06-14 14:59 272,384 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

2008-09-24 23:23 . 2008-05-08 09:28 202,752 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys

2008-09-24 23:18 . 2008-09-24 23:18 <DIR> d-------- C:\Documents and Settings\NetworkService.AUTORIDADE NT\Dados de aplicativos

2008-09-24 23:18 . 2008-10-08 19:06 <DIR> d--h----- C:\Documents and Settings\NetworkService.AUTORIDADE NT\Configurações locais

2008-09-24 23:18 . 2008-09-24 23:18 <DIR> d--hs---- C:\Documents and Settings\NetworkService.AUTORIDADE NT

2008-09-24 23:18 . 2008-09-24 23:18 <DIR> d-------- C:\Documents and Settings\LocalService.AUTORIDADE NT\Dados de aplicativos

2008-09-24 23:18 . 2008-10-08 19:06 <DIR> d--h----- C:\Documents and Settings\LocalService.AUTORIDADE NT\Configurações locais

2008-09-24 23:18 . 2008-09-24 23:18 <DIR> d--hs---- C:\Documents and Settings\LocalService.AUTORIDADE NT

2008-09-24 23:16 . 2004-08-04 00:45 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

2008-09-24 23:15 . 2008-09-24 23:15 749 -rah----- C:\WINDOWS\WindowsShell.Manifest

2008-09-24 23:15 . 2008-09-24 23:15 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest

2008-09-24 23:15 . 2008-09-24 23:15 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest

2008-09-24 23:15 . 2008-09-24 23:15 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest

2008-09-24 23:15 . 2008-09-24 23:15 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest

2008-09-24 23:15 . 2008-09-24 23:15 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest

2008-09-24 23:13 . 2008-09-24 23:13 37 --a------ C:\WINDOWS\vbaddin.ini

2008-09-24 23:05 . 2006-06-07 08:50 35,840 --a------ C:\WINDOWS\system32\NVCOI.DLL

2008-09-24 23:04 . 2008-09-24 23:18 <DIR> d-------- C:\WINDOWS\NV5641840.TMP

2008-09-24 19:50 . 2008-09-24 19:50 <DIR> d-------- C:\WINDOWS\system32\wins

2008-09-24 19:37 . 2008-09-24 19:38 55,368 --a------ C:\WINDOWS\setupapi.old

2008-09-24 17:27 . 2008-10-06 21:12 <DIR> d-------- C:\found.000

2008-09-22 03:15 . 2008-09-22 03:15 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-09-22 02:58 . 2008-09-22 02:58 <DIR> d-------- C:\Arquivos de programas\Microsoft

2008-09-19 23:53 . 2008-09-20 03:04 <DIR> d-------- C:\Documents and Settings\torrescatardo\Dados de aplicativos\uTorrent

2008-09-17 04:29 . 2008-09-17 04:48 <DIR> d-------- C:\Arquivos de programas\FreeUndelete

2008-09-15 22:26 . 2008-09-22 02:54 <DIR> d-------- C:\Arquivos de programas\Garena

2008-09-12 04:11 . 2008-09-12 04:13 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Apple Computer

2008-09-12 04:09 . 2008-09-12 04:09 <DIR> d-------- C:\Arquivos de programas\Apple Software Update

2008-09-12 04:08 . 2008-10-06 21:08 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Apple

2008-09-11 21:28 . 2008-09-11 21:28 53,248 --a------ C:\Documents and Settings\torrescatardo\lametritonus_en.dll

2008-09-11 21:27 . 2008-09-11 21:28 162,304 --a------ C:\Documents and Settings\torrescatardo\lame_enc_en.dll

2008-09-10 23:25 . 2008-09-17 04:50 <DIR> d-------- C:\Arquivos de programas\IDoser v4

2008-09-09 00:03 . 2008-09-09 00:03 51,712 --a------ C:\WINDOWS\system32\sirenacm.dll

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-10-08 22:00 --------- d-----w C:\Documents and Settings\torrescatardo\Dados de aplicativos\Spyware Terminator

2008-10-08 04:13 --------- d-----w C:\Arquivos de programas\WinClamAVShield

2008-10-07 19:18 --------- d-----w C:\Documents and Settings\torrescatardo\Dados de aplicativos\skypePM

2008-10-07 19:18 --------- d-----w C:\Documents and Settings\torrescatardo\Dados de aplicativos\Skype

2008-10-07 02:16 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

2008-10-07 00:48 --------- d-----w C:\Arquivos de programas\Java

2008-10-07 00:23 --------- d-----w C:\Arquivos de programas\Typle2.0v

2008-10-07 00:02 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-10-06 23:31 --------- d-----w C:\Documents and Settings\torrescatardo\Dados de aplicativos\Audacity

2008-10-05 02:19 --------- d-----w C:\Arquivos de programas\Spyware Terminator

2008-10-03 04:16 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\FLEXnet

2008-09-27 05:57 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Spyware Terminator

2008-09-22 05:53 --------- d-----w C:\Arquivos de programas\eMule

2008-09-20 04:42 --------- d-----w C:\Arquivos de programas\DreMule

2008-09-17 07:49 --------- d-----w C:\Arquivos de programas\Dicionário de Sinônimos -completo-

2008-09-17 03:15 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-09-17 03:15 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe

2008-09-12 07:14 --------- d-----w C:\Documents and Settings\torrescatardo\Dados de aplicativos\Apple Computer

2008-09-12 07:12 --------- d-----w C:\Arquivos de programas\QuickTime

2008-09-07 19:25 --------- d-----w C:\Arquivos de programas\IMVU

2008-07-19 01:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll

2008-07-19 01:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe

2008-07-19 01:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll

2008-07-19 01:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll

2008-07-19 01:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll

2008-07-19 01:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll

2008-07-19 01:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll

2008-07-19 01:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll

2008-05-25 02:10 22,328 ----a-w C:\Documents and Settings\torrescatardo\Dados de aplicativos\PnkBstrK.sys

2008-03-25 00:29 32 ----a-w C:\Documents and Settings\All Users\Dados de aplicativos\ezsid.dat

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]

"msnmsgr"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2008-09-09 3513344]

"MSMSGS"="C:\Arquivos de programas\Messenger\msmsgs.exe" [2004-10-13 1694208]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-16 7630848]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]

"SpywareTerminator"="C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe" [2008-03-04 2957824]

"\\MARCELO\EPSON Stylus C45 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.EXE" [2004-01-14 99840]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2008-09-06 413696]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-16 86016]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"nwiz"="nwiz.exe" [2006-08-16 C:\WINDOWS\system32\nwiz.exe]

"RTHDCPL"="RTHDCPL.EXE" [2006-06-13 C:\WINDOWS\RTHDCPL.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"C:\\Arquivos de programas\\Megacubo\\megacubo.exe"=

 

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]

R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-03-04 138752]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]

 

*Newly Created Service* - PROCEXP90

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2008-09-20 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

- C:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

.

- - - - ORFAOS REMOVIDOS - - - -

 

Notify-WgaLogon - (no file)

 

 

.

------- Ccan Suplementar -------

.

R0 -: HKCU-Main,Start Page = about:blank

R1 -: HKCU-Internet Settings,ProxyOverride = *.local

 

O16 -: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab

C:\WINDOWS\Downloaded Program Files\DownloadManagerV2.inf

C:\WINDOWS\Downloaded Program Files\Manager.exe

C:\WINDOWS\Downloaded Program Files\DownloadManagerV2.ocx

 

O16 -: {4A116A80-85B6-4299-A018-A717FD7AC66A} - hxxp://video.wbla.com/cab/IDMFlash.cab

C:\WINDOWS\Downloaded Program Files\IDMFlash.inf

C:\WINDOWS\Downloaded Program Files\IDMFlash.dll

 

O16 -: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game13.zylom.com/activex/zylomgamesplayer.cab

C:\WINDOWS\Downloaded Program Files\ZylomGamesPlayer.inf

C:\WINDOWS\Downloaded Program Files\zylomgamesplayer.dll

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-08 19:06:55

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-10-08 19:07:43

ComboFix-quarantined-files.txt 2008-10-08 22:07:38

 

Pré-execução: 9 pasta(s) 12.214.878.208 bytes disponíveis

Pós execução: 12 pasta(s) 12,932,947,968 bytes disponíveis

 

190 --- E O F --- 2008-09-25 03:02:58

 

 

LOG DO HIJACKTHIS

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:13:15, on 8/10/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jucheck.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [spywareTerminator] "C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - HKLM\..\Run: [\\MARCELO\EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.EXE /P33 "\\MARCELO\EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab

O16 - DPF: {4A116A80-85B6-4299-A018-A717FD7AC66A} - http://video.wbla.com/cab/IDMFlash.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1209532506375

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game13.zylom.com/activex/zylomgamesplayer.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

 

--

End of file - 6304 bytes

[Silas Martins 0]

Execute o HijackThis, clique em Do a system scan only e selecione as linhas:

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab

O16 - DPF: {4A116A80-85B6-4299-A018-A717FD7AC66A} - http://video.wbla.com/cab/IDMFlash.cab

Clique em Fix Checked

Feito isso Reinicie em modo normal e gere um novo log do Hijackthis.

 

Aguardo retorno.

[Maristela Catardo 0]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:16:51, on 9/10/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [spywareTerminator] "C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - HKLM\..\Run: [\\MARCELO\EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.EXE /P33 "\\MARCELO\EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1209532506375

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game13.zylom.com/activex/zylomgamesplayer.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

 

--

End of file - 5889 bytes

...............................................................................

 

Tentei abrir o photoshop, mas continua com a mesma mensagem.

Eu não entendo nada disso. Mas da outra vez do msn, o arquivo que o MSN CLEANER, detectou e pediu pra mim excluir (que no caso, depois eu pude usar o msn) era esse "msnmsgr.exe". Vaaaaleeeuu.. :)

[Silas Martins 0]

Sigas as instruções abaixo:

 

Baixe o link; [url="http://www.baixa.la/download.php?a=371908&valida=71ae4cce650b9ac6876aba94f1af0091"]BankerFix[/url.

desative o seu antivírus temporariamente, para não haver conflitos e para uma melhor detecção.

Clique duas vezes sobre bankerfix.exe, dê o Enter e espere ele terminar. Ao terminar, leia a mensagem na tela e aperte Enter novamente.

 

Habilite o seu antivírus. e gere um novo log do hijackthis, e poste juntamente com o relatório .txt do Bankerfix.

 

Aguardo o Retorno

[Silas Martins 0]

Como a edição não está respondendo link atualizado: aqui

[Maristela Catardo 0]

BankerFix

 

-------------------------------------------------------

BankerFix 3.0 VALKYRIE - Removedor de Bankers

Linha Defensiva | http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

-------------------------------------------------------

Data: 2008-10-10 - 19:24

-------------------------------------------------------

Lista de Definição: 2008-10-08-1 | CORE: 2008-09-30-2

=======================================================

 

Arquivo infectado detectado: C:\WINDOWS\system32\mx.exe

Arquivo infectado removido com sucesso!

 

Arquivo infectado detectado: C:\WINDOWS\system32\rmsx.exe

Arquivo infectado removido com sucesso!

 

Arquivo infectado detectado: C:\WINDOWS\system32\Tasm.msx

Arquivo infectado removido com sucesso!

 

 

 

----- Fim -------------------------

 

 

HijackThis

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:28:18, on 10/10/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jucheck.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [spywareTerminator] "C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - HKLM\..\Run: [\\MARCELO\EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.EXE /P33 "\\MARCELO\EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1209532506375

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game13.zylom.com/activex/zylomgamesplayer.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

 

--

End of file - 5639 bytes

............................................

Obrigada! Aguardo.

[Silas Martins 0]

Log limpo

problem persiste?

[Maristela Catardo 0]

Sim... O que faço??

[Silas Martins 0]

Desinstale e reinstale o MSN, motivo para isso é a quantidade de erros gerados pelo novo msn.

Aguardo retorno

[Maristela Catardo 0]

Mas o problema é que não consigo desinstalar, não aparecere no "adicionar/remover programas"

[Silas Martins 0]

Vá na pasta do Windows Live e na pasta messenger clique no instalador lá ele te indagra se você quer adicionar ferramentas ou desinstalar o programa escolha desisntalar

[Maristela Catardo 0]

Desculpa a demora.

 

Bom, fiz como você disse mas mesmo assim não tive sucesso, o instalador se quer abriu. Encontrei um arquivo estranho XML na pasta. Aqui está o que diz no arquivo:

 

- <ConfigurationRoot xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" updateWebServiceURL="https://scan.safety.live.com/utility/shared/catalogs_MSVS.aspx" version="1.0.0.1" installCatalog="Windows Live OneCare safety scanner" installMsiOSversion="6.0.0" installMsiProductID="{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" updatePeriod="4" sqmUploadParam="0" sqmUploadTimeout="2000" sqmUploadType="1" sqmUploadURL="http://www.sqm.microsoft.com/sqm/windowsliveclient/sqmserver.dll" DWBitsURL="http://scan.safety.live.com/resource/download/scanner/wlscDW.msi">

- <ScannerSet>

- <Section name="Computer safety">

<Scanner name="Virus Scan" progID="Microsoft.wlsc.Scanner.AVAS" />

</Section>

</ScannerSet>

- <ScanModes>

- <ScanMode mode="custom">

- <UseScanner usage="always" progID="Microsoft.wlsc.Scanner.AVAS">

<Parameter name="scanType" val="full" />

<Parameter name="virusDetailURL" val="http://go.microsoft.com/fwlink/?linkid=55681〈=[*LANG*]&name=[*VIRUSNAME*]" />

<Parameter name="virusDetailLearnMoreURL" val="http://go.microsoft.com/fwlink/?linkid=55681&name=[*VIRUSNAME*]" />

<Parameter name="scanPermit.FixedDrive" val="false" />

<Parameter name="scanPermit.RamDiskDrive" val="false" />

<Parameter name="scanPermit.CDROMDrive" val="false" />

<Parameter name="scanPermit.RemoteDrive" val="false" />

<Parameter name="scanPermit.RemovableDrive" val="false" />

<Parameter name="config.scanpackedexe" val="1" />

<Parameter name="config.scanarchives" val="1" />

<Parameter name="config.scanallfiles" val="0" />

<Parameter name="config.heuristics" val="1" />

<Parameter name="config.scanmail" val="0" />

<Parameter name="config.smartscan" val="1" />

<Parameter name="config.norecursive" val="0" />

<Parameter name="config.scanreparsepoints" val="1" />

<Parameter name="config.nodatabases" val="0" />

<Parameter name="config.createundetlog" val="0" />

<Parameter name="config.smartkrpt" val="0" />

<Parameter name="config.greyscan" val="0" />

<Parameter name="config.paranoid" val="0" />

<Parameter name="config.replaceafterreboot" val="1" />

<Parameter name="config.enablethreatmgr" val="0" />

<Parameter name="config.detectspyware" val="0" />

<Parameter name="config.av_" val="1" />

<Parameter name="config.reportfriendlyfiles" val="0" />

<Parameter name="config.reportunknownfiles" val="0" />

<Parameter name="config.reportallowedfiles" val="0" />

<Parameter name="config.reportblockedfiles" val="0" />

<Parameter name="config.advancedexceptions" val="0" />

<Parameter name="config.scanbootsectors" val="0" />

<Parameter name="config.extensions" val="" />

<Parameter name="config.renameextension" val="" />

<Parameter name="config.renamepathproperties" val="" />

<Parameter name="config.max_archive_size" val="0" />

<Parameter name="config.max_unpacked_file_in_archive" val="0" />

<Parameter name="config.mindepth" val="0" />

<Parameter name="config.maxdepth" val="0" />

<Parameter name="config.emindepth" val="0" />

<Parameter name="config.emaxdepth" val="0" />

</UseScanner>

</ScanMode>

</ScanModes>

</ConfigurationRoot>

 

Sei lá, não sei se foi algum daqueles programas que a gente usou, ou do MSN cleaner.

[Silas Martins 0]

Instale o Revo Uninstaller

Apos feito isso execute a desintalação do Messenger

Aguardo retorno.

[Maristela Catardo 0]

Pois é, parece que o msn foi desinstalado. Mas daí, eu baixo o msn live 8.5 e vou instalar me dá esse aviso:

 

"Instalador do Windows Live

 

Houve um problema com está instalação. Windows live suite não foi instalado.

 

Detalhes do erro do sistema

Código: 0x8000ffff

Descrição: Falha catastrófica"

 

E se eu baixo uma versão mais antiga, também dá o mesmo problema.. Eai, o que faço?

Grata.

[Silas Martins 0]

Biaxe e instale o Service pack # do Xp, disponível aqui neste LINK

Apos isso instale seu Msn.

Se mesmo assim você não conseguir retorne e me avise.

[Maristela Catardo 0]

Não consegui! Meeeu Deeeus!