1. Este site usa cookies. Ao continuar a usar este site está a concordar com o nosso uso de cookies. Saber Mais.

namorada + computador jotenko + fotos de albuns = spyware + jotenko furioso

Discussão em 'Dúvidas e Suporte Técnico PC' iniciada por jotenko, 1 de Junho de 2007. (Respostas: 13; Visualizações: 1081)

Estado do Tópico:
Fechado a novas mensagens.
  1. jotenko

    jotenko Banido

    boas!

    pessoal problema dos graves. a miuda meteu se a mexer nisto e agora tá um cabo dos trabalhos com spyware, a enviar emails em background, a aparecerem anuncios de toda a especie e popups mesmo com o IE7 fechado!

    por favor ajudem me! nao consigo iniciar em modo segurança porke o winlogon.exe fica a 100% e nao me deixa fazer nada.

    aki vai o log do hijackthis!

    Logfile of HijackThis v1.99.1
    Scan saved at 1:42:03, on 01-06-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16441)
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programas\Alwil Software\Avast4\aswUpdSv.exe
    C:\Programas\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programas\Software Belkin\Bluetooth\bin\btwdins.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\system32\lkcitdl.exe
    C:\WINDOWS\system32\lkads.exe
    C:\WINDOWS\system32\lktsrv.exe
    C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Programas\National Instruments\MAX\nimxs.exe
    C:\Programas\National Instruments\Shared\Security\nidmsrv.exe
    C:\WINDOWS\system32\nisvcloc.exe
    C:\Programas\National Instruments\Shared\Tagger\tagsrv.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\Programas\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Programas\Alwil Software\Avast4\ashMaiSv.exe
    C:\Programas\Alwil Software\Avast4\ashWebSv.exe
    C:\Programas\Analog Devices\SoundMAX\Smtray.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Programas\Java\jre1.6.0_01\bin\jusched.exe
    C:\WINDOWS\PixArt\PAC207\Monitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programas\MSN Messenger\MsnMsgr.Exe
    C:\Programas\Adobe\Reader 8.0\Reader\reader_sl.exe
    C:\Programas\Software Belkin\Bluetooth\BTTray.exe
    C:\PROGRA~1\SOFTWA~1\BLUETO~1\BTSTAC~1.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\Programas\MSN Messenger\usnsvc.exe
    C:\Programas\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\wuauclt.exe
    D:\Tralha\Software\HijackThis\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sapo.pt/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Smapp] C:\Programas\Analog Devices\SoundMAX\Smtray.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
    O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\djochbit.dll",realset
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: Iniciar serviços Bluetooth.lnk = ?
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programas\Software Belkin\Bluetooth\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programas\Software Belkin\Bluetooth\btsendto_ie.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1158508889718
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1163635206343
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7622FA1C-48AD-4F90-ABE1-B8F6C01D2A11}: NameServer = 192.168.1.254
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programas\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Programas\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programas\Software Belkin\Bluetooth\bin\btwdins.exe
    O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
    O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
    O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
    O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Programas\National Instruments\MAX\nimxs.exe
    O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Programas\National Instruments\Shared\Security\nidmsrv.exe
    O23 - Service: NILM License Manager (NILM License manager) - Macrovision Corporation - C:\Programas\National Instruments\Shared\License Manager\Bin\lmgrd.exe
    O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
    O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments, Inc. - C:\Programas\National Instruments\Shared\Tagger\tagsrv.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programas\Analog Devices\SoundMAX\SMAgent.exe

    --
    Bem. Eu sei ke akeles executaveis ou dll's ke começam com "lk" sao de suspeitar, mas felizmente sao apenas suplementos do LabVIEW, ja as ke começam por "ni" sao de National Instruments.

    agora akele a vermelho é k m tá a assustar mas nao me consigo ver livre dele!

    como ja disse, isto tá sempre a abrir anuncios mesmo com o IE fechado, e sempre a enviar mails "porn" em background.

    ja limpei com o adaware, spyware doctor, enfim! ja tentei usar a ferramenta do smitfraud mas nao consigo entrar em modo segurança porke o winlogon blokeia!

    alguem me ajuda????
    tou a dar em doido e nao me apetece formatar isto :(
     
    Última edição: 1 de Junho de 2007
  2. The_Technician

    The_Technician Power Member

    hum..., é dos dificeis esse :lol:

    vais fazer assim
    dá trabalho mas pronto
    vais correr o panda active scan
    www.pandasoftware.com
    vais fazer 1 scan completo
    guardas o relatorio no fim
    no relatorio ele n apaga o spyware mas mostra onde ele está etc...
    apagas o spyware á pata, reinicias o pc e tentas reinciar em modo de segurança dessa vez.

    usa tb o AVGAntispyware k pareçe funcionar bastante bem.
     
  3. Daniel Maia

    Daniel Maia Colaborador
    Staff Member

    Spybot Search and destroy nisso...

    cumps
     
  4. Miked

    Miked Power Member

    sim, e tb n batas na tua namorada...xD
     
  5. Tiberium Wolf

    Tiberium Wolf Power Member

    Não é melhor fazer format and instalar o OS de novo?
     
  6. zx-9r

    zx-9r Power Member

    .
     
  7. g0thic.sid3

    g0thic.sid3 Banido

    SIMMMM:x2:, dá muito trabalho arranjar isso...

    ou entao arranja um dakeles cds da norton k tem umas ferramentas porreiras pa limpar os pcs...
     
  8. Fredv82

    Fredv82 Power Member

    tambem acho ser a melhor soluçao visto que isso está um pouco complicado, até mesmo com "antibiótico" vai ser complicado..lol assim com um format a maquina fica toda limpinha e cheia de saúde, pronta para outra...:x2:

    cumps
     
  9. luikki

    luikki Power Member

  10. jotenko

    jotenko Banido

    Pessoal antes demais muito obrigado pelas mensagens de resposta!

    Bem, eu sei que formatando isto ficaria bom, mas tenho tanta coisa instalada, e o que me chateia mais é ter de reinstalar o LabVIEW todo outra vez...

    Tou a correr o "VundoFix" agora e já detectou 298498 ficheiros LOL Depois posto aqui os resultados!

    Muito e muito obrigado! :) Grandes abraços e viva o SLB
     
  11. Daniel Maia

    Daniel Maia Colaborador
    Staff Member

    Viva o SLB? só por isso já não respondo! /jk


    Num te esqueças de desactivar o restauro do sistema...e corre todos os programas q possas enquanto poderes...ha muito spyware q simplesmente bloqueia o acesso a alguns programas...
     
  12. jotenko

    jotenko Banido

    Daniel ja ta desactivado! Obrigado..

    Continuando... Corri o VundoFix, corrigiu me uma data de ficheiros...
    Mesmo assim tentei ir ao modo de segurança e o winlogon.exe continua a 100%

    however, agora tou a utilizar o pc e parece tudo ter voltado a normalidade... no entanto estão algumas cenas estranhas no HijackThis! serão "residuos no registo" do problema?

    aqui vai:

    Logfile of HijackThis v1.99.1
    Scan saved at 12:18:37, on 01-06-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16441)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programas\Alwil Software\Avast4\aswUpdSv.exe
    C:\Programas\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programas\Analog Devices\SoundMAX\Smtray.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Programas\Java\jre1.6.0_01\bin\jusched.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\PixArt\PAC207\Monitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programas\MSN Messenger\MsnMsgr.Exe
    C:\Programas\Adobe\Reader 8.0\Reader\reader_sl.exe
    C:\Programas\Software Belkin\Bluetooth\BTTray.exe
    C:\Programas\Software Belkin\Bluetooth\bin\btwdins.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\system32\lkcitdl.exe
    C:\WINDOWS\system32\lkads.exe
    C:\WINDOWS\system32\lktsrv.exe
    C:\PROGRA~1\SOFTWA~1\BLUETO~1\BTSTAC~1.EXE
    C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Programas\National Instruments\MAX\nimxs.exe
    C:\Programas\National Instruments\Shared\Security\nidmsrv.exe
    C:\WINDOWS\system32\nisvcloc.exe
    C:\Programas\National Instruments\Shared\Tagger\tagsrv.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\Programas\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Programas\Alwil Software\Avast4\ashMaiSv.exe
    C:\Programas\Alwil Software\Avast4\ashWebSv.exe
    C:\Programas\MSN Messenger\usnsvc.exe
    C:\Documents and Settings\Proprietário\Ambiente de trabalho\VundoFix.exe
    C:\Programas\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\wuauclt.exe
    D:\Tralha\Software\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sapo.pt/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
    O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {0AD7A4C4-D76E-44D3-9ABE-D16A280C340F} - C:\WINDOWS\system32\ddcyx.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {8071E65A-3F56-4426-8372-8667CD213057} - C:\WINDOWS\system32\pmnllkk.dll (file missing)
    O2 - BHO: (no name) - {CD3447D4-CA39-4377-8084-30E86331D74C} - C:\WINDOWS\system32\wijdewur.dll

    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Smapp] C:\Programas\Analog Devices\SoundMAX\Smtray.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: Iniciar serviços Bluetooth.lnk = ?
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programas\Software Belkin\Bluetooth\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programas\Software Belkin\Bluetooth\btsendto_ie.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
    http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1158508889718
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1163635206343
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7622FA1C-48AD-4F90-ABE1-B8F6C01D2A11}: NameServer = 192.168.1.254
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: instcat - C:\WINDOWS\SYSTEM32\instcat.dll
    O20 - Winlogon Notify: Pø - Pø (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: àˆ€ - àˆ€ (file missing)
    O20 - Winlogon Notify: ˆ08€ - ˆ08€ (file missing)

    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programas\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Programas\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programas\Software Belkin\Bluetooth\bin\btwdins.exe
    O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
    O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
    O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
    O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Programas\National Instruments\MAX\nimxs.exe
    O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Programas\National Instruments\Shared\Security\nidmsrv.exe
    O23 - Service: NILM License Manager (NILM License manager) - Macrovision Corporation - C:\Programas\National Instruments\Shared\License Manager\Bin\lmgrd.exe
    O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
    O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments, Inc. - C:\Programas\National Instruments\Shared\Tagger\tagsrv.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programas\Analog Devices\SoundMAX\SMAgent.exe


    --
    Any help?

    Alem disso o "instcat.dll" tambem nao me parece mt saudavel ... mas isso o vundo ja nao detectou.
     
  13. g0thic.sid3

    g0thic.sid3 Banido

    corres o ccleaner e depois volta a correr o HijackThis e o vundo e novamente o ccleaner...
     
  14. jotenko

    jotenko Banido

    Parece que me consegui ver livre disto! Obrigado a todos!
     
Estado do Tópico:
Fechado a novas mensagens.

Partilhar esta Página