[Arquivado] Aplicativo ou DLL C:\WINNT\system32\ig

[Claudilene 0]

logo ao iniciar o Windows da monte de problemas desse

 

O aplicativo ou a DLL C:\WINNT\system32\igfxdev.dll não é uma imagem válida para o Windows. Compare com o disco de instalação

Msnmsgr

O Aplicativo ou a DLL C:\WINNT\system32\Msftedit.dll

 

Mas msm dando problemas no Msnmsgr abre...

 

como devo solucionar este problema? :'(

 

 

ComboFix

 

ComboFix 09-06-04.01 - claudilene 04/06/2009 15 : 54 : 46.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.495.204 [GMT -3:00]

Executando de: c:\documents and settings\claudilene\Desktop\ComboFix.exe

AV: ESET NOD32 sistema antivírus 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

*

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))) )

.

c:\winnt\Web\default.htt

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_IAS

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-05-04 to 2009-06-04 ))))))))))))))))))))))))))))

.

2009-06-04 18:34 . 2009-06-04 18:34 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!

2009-05-30 16:33 . 2009-05-30 16:33 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Windows Live Toolbar

2009-05-27 02:29 . 2009-05-27 02:30 -------- d-----w- c:\documents and settings\claudilene\Dados de aplicativos\PhotoFiltre Studio X

2009-05-27 02:29 . 2009-05-27 02:38 -------- d-----w- c:\arquivos de programas\PhotoFiltre Studio X

2009-05-26 17:20 . 2009-05-26 17:20 15256 ----a-w- c:\documents and settings\claudilene\Dados de aplicativos\Microsoft\IdentityCRL\PROD\ppcrlconfig .dll

2009-05-22 01:22 . 2009-05-22 01:22 -------- d-----w- c:\arquivos de programas\Ask Search Assistant

2009-05-16 00:29 . 2008-05-09 10:55 90112 ------w- c:\winnt\system32\dllcache\wshext.dll

2009-05-16 00:29 . 2008-05-09 10:55 430080 ------w- c:\winnt\system32\dllcache\vbscript.dll

2009-05-16 00:29 . 2008-05-09 10:55 512000 ------w- c:\winnt\system32\dllcache\jscript.dll

2009-05-16 00:29 . 2008-05-09 10:55 180224 ------w- c:\winnt\system32\dllcache\scrobj.dll

2009-05-16 00:29 . 2008-05-09 10:55 172032 ------w- c:\winnt\system32\dllcache\scrrun.dll

2009-05-16 00:29 . 2008-05-09 08:45 135168 ------w- c:\winnt\system32\dllcache\cscript.exe

2009-05-16 00:29 . 2008-05-08 11:24 155648 ------w- c:\winnt\system32\dllcache\wscript.exe

2009-05-15 19:13 . 2003-02-02 22:26 12288 ----a-r- c:\winnt\system32\e100bmsg.dll

2009-05-15 19:13 . 2002-12-28 21:00 24064 ----a-r- c:\winnt\system32\IntelNic.dll

2009-05-15 19:13 . 2003-03-03 08:26 118784 ----a-r- c:\winnt\system32\Prounstl.exe

2009-05-15 19:13 . 2003-03-04 04:56 145408 ----a-w- c:\winnt\system32\dllcache\e100b325.sys

2009-05-15 19:13 . 2003-03-04 04:56 145408 ----a-r- c:\winnt\system32\drivers\e100b325.sys

2009-05-12 18:55 . 2009-05-12 18:55 -------- d-----w- c:\winnt\system32\wbem\snmp

2009-05-12 18:55 . 2009-05-12 18:55 -------- d-----w- c:\winnt\system32\xircom

2009-05-12 18:40 . 2009-05-12 18:40 -------- d-----w- c:\winnt\l2schemas

2009-05-12 18:40 . 2009-05-12 18:40 -------- d-----w- c:\winnt\system32\bits

2009-05-12 18:34 . 2009-05-12 18:41 -------- d-----w- c:\winnt\ServicePackFiles

2009-05-09 18:46 . 2009-02-06 10:10 227840 ------w- c:\winnt\system32\dllcache\wmiprvse.exe

2009-05-09 18:46 . 2009-02-09 11:25 2193280 ------w- c:\winnt\system32\dllcache\ntoskrnl.exe

2009-05-09 18:46 . 2009-03-06 14:20 286208 ------w- c:\winnt\system32\dllcache\pdh.dll

2009-05-09 18:46 . 2009-02-09 11:25 111104 ------w- c:\winnt\system32\dllcache\services.exe

2009-05-09 18:46 . 2009-02-09 10:53 401408 ------w- c:\winnt\system32\dllcache\rpcss.dll

2009-05-09 18:46 . 2009-02-09 10:53 473600 ------w- c:\winnt\system32\dllcache\fastprox.dll

2009-05-09 18:46 . 2009-02-06 10:39 35328 ------w- c:\winnt\system32\dllcache\sc.exe

2009-05-09 18:46 . 2009-02-09 10:53 731648 ------w- c:\winnt\system32\dllcache\lsasrv.dll

2009-05-09 18:46 . 2009-02-09 10:53 683520 ------w- c:\winnt\system32\dllcache\advapi32.dll

2009-05-09 18:45 . 2009-02-09 10:53 730624 ------w- c:\winnt\system32\dllcache\ntdll.dll

2009-05-09 18:45 . 2009-02-09 10:53 453120 ------w- c:\winnt\system32\dllcache\wmiprvsd.dll

2009-05-09 18:45 . 2009-02-09 11:25 2149376 ------w- c:\winnt\system32\dllcache\ntkrnlmp.exe

2009-05-09 18:45 . 2009-02-09 11:25 2028032 ------w- c:\winnt\system32\dllcache\ntkrpamp.exe

2009-05-09 07:02 . 2008-04-21 21:15 216064 ------w- c:\winnt\system32\dllcache\wordpad.exe

2009-05-09 00:43 . 2009-06-04 18:33 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))) ))

.

2009-06-04 18:29 . 2009-02-20 17:54 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\WLInstaller

2009-06-04 18:29 . 2008-05-03 06:03 -------- d-----w- c:\arquivos de programas\Windows Live

2009-06-03 01:56 . 2002-01-26 15:04 -------- d-----w- c:\arquivos de programas\Windows Live Toolbar

2009-05-30 17:20 . 2000-01-24 00:00 74842 ----a-w- c:\winnt\system32\perfc016.dat

2009-05-30 17:20 . 2000-01-24 00:00 439246 ----a-w- c:\winnt\system32\perfh016.dat

2009-05-29 20:00 . 2009-02-15 03:07 -------- d-----w- c:\arquivos de programas\P2P_Torrent

2004-03-11 15:27 . 2008-12-07 22:41 40960 ----a-w- c:\arquivos de programas\Uninstall_CDS.exe

2002-01-25 04:23 . 2002-01-25 04:23 22040 -c-ha-w- c:\arquivos de programas\folder.htt

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bc4be15d-6a34-4356-9e97-79e43da32b1d}]

2009-05-29 20:00 2094616 ----a-w- c:\arquivos de programas\P2P_Torrent\tbP2P0.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]

"CTFMON.EXE"="c:\winnt\system32\ctfmon.exe" [2008-04-14 15360]

"PowerBar"="c:\arquivos de programas\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" [2004-04-21 86016]

"NBJ"="c:\arquivos de programas\Ahead\Nero BackItUp\NBJ.exe" [2004-09-22 1871872]

"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]

"IgfxTray"="c:\winnt\system32\igfxtray.exe" [2003-04-06 155648]

"HotKeysCmds"="c:\winnt\system32\hkcmd.exe" [2003-04-06 114688]

"IMONTRAY"="c:\arquivos de programas\Intel\Intel® Active Monitor\imontray.exe" [2003-11-03 32768]

"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]

"RemoteControl"="c:\arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 32768]

"InCD"="c:\arquivos de programas\Ahead\InCD\InCD.exe" [2004-09-07 1400944]

"NeroFilterCheck"="c:\winnt\system32\NeroCheck.exe " [2001-07-09 155648]

"nod32kui"="c:\arquivos de programas\Eset\nod32kui.exe" [2008-12-08 949376]

"Synchronization Manager"="mobsync.exe" - c:\winnt\system32\mobsync.exe [2008-04-14 143872]

"SoundMan"="SOUNDMAN.EXE" - c:\winnt\SOUNDMAN.EXE [2004-01-08 65536]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]

"internat.exe"="internat.exe" - c:\winnt\system32\internat.exe [2000-01-24 20752]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]

"nltide_2"="shell32" [X]

"^SetupICWDesktop"="c:\arquivos de programas\Internet Explorer\Connection Wizard\icwconn1.exe" [2008-04-14 217600]

"tscuninstall"="c:\winnt\system32\tscupgrd.exe " [2007-07-21 44544]

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32

"wave1"= serwvdrv.dll

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\eMule\\eMule.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

R1 nod32drv;nod32drv;c:\winnt\system32\drivers\nod32d rv.sys [8/12/2008 18 : 51 : 43 Claudilene 15424]

S3 pmxscan;USB 600x1200 V7 Driver;c:\winnt\system32\drivers\usbscan.sys [16/11/2008 19 : 43 : 08 Claudilene 15104]

.

- - - - ORFÃOS REMOVIDOS - - - -

HKCU-Run-ares - c:\arquivos de programas\Ares\Ares.exe

SafeBoot-procexp90.Sys

SafeBoot-sglfb.sys

SafeBoot-tga.sys

 

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.plusnetwork.com

uSearchURL,(Default) = hxxp://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

LSP: c:\winnt\system32\imon.dll

Trusted Zone: google.com.br\www

Trusted Zone: messbaril.com.br\www

Trusted Zone: microsoft.com\www

Trusted Zone: msn.com.br\www

Trusted Zone: orkut.com\www

TCP: {8A649BAD-FBF0-4EA2-AD01-F9DF173DA61A} = 10.11.43.1

DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file:///C:/WINNT/Java/classes/xmldso.cab

.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-06-04 15:58

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

************************************************** ************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Installer\UserData\LocalSystem\Componen ts\*–€|ÿÿÿÿ;•€|é•6~*]

"6140110900063D11C8EF10054038389C"="C?\\WINNT\\sys tem32\\FM20ENU.DLL"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'lsass.exe'(532)

c:\winnt\system32\imon.dll

c:\arquivos de programas\Eset\pr_imon.dll

- - - - - - - > 'explorer.exe'(3848)

c:\arquiv~1\WINDOW~2\wmpband.dll

c:\winnt\system32\wpdshserviceobj.dll

c:\winnt\system32\portabledevicetypes.dll

c:\winnt\system32\portabledeviceapi.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Ahead\InCD\InCDsrv.exe

c:\arquivos de programas\ESET\nod32krn.exe

c:\winnt\system32\HPZipm12.exe

c:\winnt\system32\mspmspsv.exe

.

************************************************** ************************

.

Tempo para conclusão: 2009-06-04 16 : 01 : 53 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-06-04 19:01

Pré-execução: 6.697.316.352 bytes disponíveis

Pós execução: 7.417.163.776 bytes disponíveis

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINNT

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINNT="Microso ft Windows XP Professional" /noexecute=optin /fastdetect

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Professional" /noexecute=optin /fastdetect

175 --- E O F --- 2009-06-04 04:34

 

SCAN HijackThis

 

Logfile of HijackThis v1.99.1

Scan saved at 16 : 31 Claudilene, on 4/6/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.21020)

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINNT\Explorer.EXE

C:\WINNT\system32\spoolsv.exe

C:\WINNT\SOUNDMAN.EXE

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\Arquivos de programas\Eset\nod32kui.exe

C:\WINNT\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\Eset\nod32krn.exe

C:\WINNT\system32\HPZipm12.exe

C:\WINNT\system32\slserv.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\notepad.exe

C:\WINNT\System32\mspmspsv.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.plusnetwork.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R3 - URLSearchHook: P2P Torrent Toolbar - {bc4be15d-6a34-4356-9e97-79e43da32b1d} - C:\Arquivos de programas\P2P_Torrent\tbP2P0.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: P2P Torrent Toolbar - {bc4be15d-6a34-4356-9e97-79e43da32b1d} - C:\Arquivos de programas\P2P_Torrent\tbP2P0.dll

O3 - Toolbar: P2P Torrent Toolbar - {bc4be15d-6a34-4356-9e97-79e43da32b1d} - C:\Arquivos de programas\P2P_Torrent\tbP2P0.dll

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [igfxTray] C:\WINNT\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe

O4 - HKLM\..\Run: [iMONTRAY] C:\Arquivos de programas\Intel\Intel® Active Monitor\imontray.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe

O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe

O4 - HKCU\..\Run: [PowerBar] "C:\Arquivos de programas\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime

O4 - HKCU\..\Run: [NBJ] "C:\Arquivos de programas\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - Startup: reminder-Registro do produto ScanSoft.lnk = C:\Arquivos de programas\TextBridge Pro 8.0\Ereg\REMIND32.EXE

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O11 - Options group: [TABS] Tabbed Browsing

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...nt/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{8A649BAD-FBF0-4EA2-AD01-F9DF173DA61A}: NameServer = 10.11.43.1

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINNT\system32\wpdshserviceobj.dll

O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Arquivos de programas\Intel\Intel® Active Monitor\imonnt.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe

O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINNT\SYSTEM32\slserv.exe

[jgarcia 1]

Opa Claudilene,

 

O Malwarebytes AntiMalware é um produto relativamente novo, porém com grande eficácia na remoção de infecções comuns. O programa é pequeno, gratuito e em português.

 

A sua instalação é o primeiro passo para a limpeza de um sistema operacional infectado.

 

Neste tutorial você aprenderá a instalá-lo e executá-lo.

 

1) Primeiramente faça o download do programa:

http://www.malwarebytes.org/mbam/program/mbam-setup.exe

 

2) Agora proceda a instalação do programa, conforme segue:

 

Execute o programa de instalação:

 

Logo após a execução do arquivo de instalação, será exibida a seguinte tela:

 

Agora, clique em Instalar para concluir:

 

Ao término da instalação deixe marcadas as opções de Atualização e Execução:

 

Será exibida então a tela de atualização do programa:

 

3) Essa é a tela inicial do programa. Marque a opção Verificação Completa e clique no botão Verificar.

 

Aguarde até o final da verificação:

 

Ao concluir a verificação, será exibida essa mensagem:

 

O resultado da verificação será exibido, com o nome dos arquivos e malwares encontrados.

Para efetivar a limpeza, clique em Remover selecionados:

 

Para concluir a limpeza haverá a necessidade da reinicialização do computador:

 

O programa guarda os logs das verificações feitas na pasta C:\Documents and Settings\Seu nome de Usuario\Dados de aplicativos\Malwarebytes\Malwarebytes' Anti-Malware\Logs, que também pode ser acessados na aba Logs, dentro do programa.

 

Retorne com o resultado da varredura.

 

Créditos: Fabio Assolini.

 

Link para a postagem original: aqui.

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.