Ski.exe

Question

Boa noite !  Prezados(as)

M&aacute;quina formatada 4 vezes e  reinstalei o seven home basic 3 vezes :

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-10-14 16:25:07.735
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-10-14 16:25:07.639
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-10-14 16:25:07.436
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-10-14 16:25:07.343
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system.

Agora OS  lento, restaura&ccedil;&atilde;o do sistema demora horas para completar e na bandeja de notifica&ccedil;&otilde;es fica constando um ski.exe .      Windows seven/suas atualiza&ccedil;&otilde;es j&aacute; est&atilde;o vindo / vem contaminados . N&atilde;o  &eacute; poss&iacute;vel !  Estou  imp&aacute;vido com isto .

2014-10-14 16:41 - 2014-10-14 16:41 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-10-14 16:41 - 2014-10-14 16:41 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-10-14 16:41 - 2014-10-14 16:41 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-10-14 16:41 - 2014-10-14 16:41 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-10-14 16:41 - 2014-10-14 16:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-10-14 16:41 - 2014-10-14 16:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-10-14 16:41 - 2014-10-14 16:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-10-14 16:41 - 2014-10-14 16:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-10-14 16:41 - 2014-10-14 16:41 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll

http://www.cjoint.com/data3/3JExn4T9QBE.htm

http://www.cjoint.com/data3/3JExryvrUUx.htm

http://www.forumpcbrasil.com/t3130-problema-com-um-so-software

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:04:30, on 30/10/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17344)
Boot mode: Normal

Running processes:
C:\Windows\system32	askhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\explorer.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\EDSON\Downloads\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files\GbPlugin\gbieh.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVI&Ccedil;O LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVI&Ccedil;O LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVI&Ccedil;O DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVI&Ccedil;O DE REDE')
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: www.bb.com.br
O15 - Trusted Zone: http://www.bb.com.br
O20 - Winlogon Notify:  GbPluginBb - C:\Program Files\GbPlugin\gbieh.dll
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~1\GbPlugin\GbpSv.exe

--
End of file - 2509 bytes

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:27:27, on 30/10/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17344)
Boot mode: Normal

Running processes:
C:\Windows\system32	askhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\explorer.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\EDSON\Downloads\HijackThis.exe
C:\Users\EDSON\Downloads\FRST.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files\GbPlugin\gbieh.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVI&Ccedil;O LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVI&Ccedil;O LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVI&Ccedil;O DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVI&Ccedil;O DE REDE')
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: www.bb.com.br
O15 - Trusted Zone: http://www.bb.com.br
O20 - Winlogon Notify:  GbPluginBb - C:\Program Files\GbPlugin\gbieh.dll
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~1\GbPlugin\GbpSv.exe

--
End of file - 2359 bytes

Abra&ccedil;os

Answer

M&atilde;os a obra..

Baixe: &lt;AdwCleaner&gt;
Salve-o na sua &aacute;rea de trabalho.

Usu&aacute;rios do Windows Vista ou Windows 7,clique com o direito do mouse sobre o arquivo AdwCleaner.exe,depois clique em:

Clique em Examinar, para iniciar o escaneamento!

Aguarde o fiinal do scaneamento
Copie o log ou clique Relat&oacute;rio.
Poste:

Answer

Bom dia !

Eis o log :

# AdwCleaner v3.311 - Relat&oacute;rio criado 31/10/2014 &agrave;s 09:27:21
# Atualizado 30/09/2014 por Xplode
# Sistema Operacional : Windows 7 Home Basic Service Pack 1 (32 bits)
# Usu&aacute;rio : EDSON - EDSON-PC
# Executando de : C:\Users\EDSON\Downloads\AdwCleaner.exe
# Op&ccedil;&atilde;o : Limpar

***** [ Servi&ccedil;os ] *****

***** [ Arquivos / Pastas ] *****

***** [ Tarefas ] *****

***** [ Atalhos ] *****

***** [ Registro ] *****

***** [ Navegadores ] *****

-\ Internet Explorer v11.0.9600.17344

-\ Google Chrome v38.0.2125.111

[ Arquivo : C:\Users\EDSON\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R1].txt - [814 octets] - [30/10/2014 22:01:16]
AdwCleaner[R2].txt - [867 octets] - [31/10/2014 09:25:08]
AdwCleaner[S0].txt - [786 octets] - [31/10/2014 09:27:21]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [845 octets] ##########

# AdwCleaner v3.311 - Relat&oacute;rio criado 31/10/2014 &agrave;s 09:30:00
# Atualizado 30/09/2014 por Xplode
# Sistema Operacional : Windows 7 Home Basic Service Pack 1 (32 bits)
# Usu&aacute;rio : EDSON - EDSON-PC
# Executando de : C:\Users\EDSON\Downloads\AdwCleaner (1).exe
# Op&ccedil;&atilde;o : Examinar

***** [ Servi&ccedil;os ] *****

***** [ Arquivos / Pastas ] *****

***** [ Tarefas ] *****

***** [ Atalhos ] *****

***** [ Registro ] *****

***** [ Navegadores ] *****

-\ Internet Explorer v11.0.9600.17344

-\ Google Chrome v38.0.2125.111

[ Arquivo : C:\Users\EDSON\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R1].txt - [814 octets] - [30/10/2014 22:01:16]
AdwCleaner[R2].txt - [867 octets] - [31/10/2014 09:25:08]
AdwCleaner[R3].txt - [792 octets] - [31/10/2014 09:30:00]
AdwCleaner[S0].txt - [924 octets] - [31/10/2014 09:27:21]

########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [910 octets] ##########

Abra&ccedil;os

Answer

&ordm; Vamos procurar mais uma vez, nada foi encontrado at&eacute; o momento
&ordm; Execute novamente o AdwCleaner e clique em desinstalar

&ordm; Fa&ccedil;a o download do MalwareBytes 
&ordm; Clique com o direito e executar como admininstrador
&ordm; Apos a instala&ccedil;&atilde;o reinicie sua maquina, quando ela estiver iniciando novamente segure
F8 ira abrir as op&ccedil;&otilde;es clique em Modo de seguran&ccedil;a
&ordm; Apos va em Menu Iniciarem seguida Malwarebytes e execute o programa
&ordm; Apos abrir o programa e clique em Verificar agora
&ordm; Aguarde a execu&ccedil;&atilde;o ao final ira pedir para reiniciar volte ao modo normal
&ordm; Sera criado um log copie e cole aqui no t&oacute;pico.

Answer

Boa  tarde !

# AdwCleaner v3.311 - Relat&oacute;rio criado 31/10/2014 &agrave;s 14:08:55
# Atualizado 30/09/2014 por Xplode
# Sistema Operacional : Windows 7 Home Basic Service Pack 1 (32 bits)
# Usu&aacute;rio : EDSON - EDSON-PC
# Executando de : C:\Users\EDSON\Downloads\AdwCleaner.exe
# Op&ccedil;&atilde;o : Examinar

***** [ Servi&ccedil;os ] *****

***** [ Arquivos / Pastas ] *****

***** [ Tarefas ] *****

***** [ Atalhos ] *****

***** [ Registro ] *****

***** [ Navegadores ] *****

-\ Internet Explorer v11.0.9600.17344

-\ Google Chrome v38.0.2125.111

[ Arquivo : C:\Users\EDSON\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R4].txt - [808 octets] - [31/10/2014 14:08:03]
AdwCleaner[R5].txt - [729 octets] - [31/10/2014 14:08:55]

########## EOF - C:\AdwCleaner\AdwCleaner[R5].txt - [788 octets] ##########

N&atilde;o  consigo instalar o malwarebytes  .  Usando  o mbam chameleon; consegui instalar .  Um momento editarei aqui com o log .

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 31/10/2014
Scan Time: 14:38:04
Logfile: LOG.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.10.31.08
Rootkit Database: v2014.10.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: EDSON

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 276168
Time Elapsed: 6 min, 4 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

Abra&ccedil;os

Answer

Bom virus a gente j&aacute; percebeu que n&atilde;o &eacute;.

Vou dar uma pesquisada pelo google pra ver se acho uma solu&ccedil;&atilde;o..

J&aacute; tentou desfragmentar com o desfragmentardor do windows e fazer uma limpeza com o Cclenaer??

Answer

Boa  tarde !

J&aacute; .   Executo direto ambos .   Aqui mudou muito o diagn&oacute;stico do sistema; de um  dia  para o outro; como  eu disse  via  MP ao  caedurodrigues .

Resolvi  rodar  combofix .  Foi  removido algo; que tem haver com meu  trabalho . Nem imaginava estes arquivos contaminados .

http://www.cjoint.com/data3/3JFtkELlgti.htm

Ainda n&atilde;o consigo instalar o malwarebytes  .

Abra&ccedil;os

Answer

Ol&aacute; Edson

Li seus logs iniciais e n&atilde;o encontrei nenhum Ski.exe

Sobre ele==O Ski.exe &eacute; um tipo de arquivo EXE  associado ao Visual C++, desenvolvido pela Microsoft para o Sistema operacional do Windows. A vers&atilde;o mais recente conhecida do Ski.exe &eacute; a 1.0.0.0, que foi produzida para o Windows. Este arquivo EXE carrega uma avalia&ccedil;&atilde;o popular de 1 estrelas e uma avalia&ccedil;&atilde;o de seguran&ccedil;a Desconhecido.

Answer

Boa  tarde !  edutango

Ele &agrave;s  vezes  consta na bandeja de notifica&ccedil;&otilde;es dos  programas  que foram desinstalados !

J&aacute;  tinha goolgado o nome tbm e  verifiquei esta rela&ccedil;&atilde;o acima . Interessante .    A&iacute; que est&aacute; ; ap&oacute;s 4 formata&ccedil;&otilde;es e reinstala&ccedil;&otilde;es do windows ; nada do Visual C++ aqui em meu sistema .
Isto  geralmente vem  com as atualiza&ccedil;&otilde;es .

http://s1062.photobucket.com/user/Edson_Melo/media/ScreenShot10-31-14at0604PM.png.html?sort=3&amp;o=0

Abra&ccedil;os

Answer

Vamos testar est&aacute; ferramenta

(1) Baixe e instale o Fix Ferramenta de erro .
(2) Clique em Start Scan Now para executar uma varredura completa do seu computador.
(3) Clique em Reparar All bot&atilde;o e reparar todos os erros detectados.
(4) Depois de corrigir todos os erros coloque para reiniciar o computador para esta altera&ccedil;&otilde;es no registro tenham efeito.

Answer

Boa tarde !  Gustavo Mendes

Programa  pago para reparar :

http://s1062.photobucket.com/user/Edson_Melo/media/ScreenShot10-31-14at0612PM.png.html?sort=3&amp;o=0

http://s1062.photobucket.com/user/Edson_Melo/media/ScreenShot10-31-14at0612PM001.png.html?sort=3&amp;o=0

Pode ser  rogue .  Mas  valeu a inten&ccedil;&atilde;o .

Abra&ccedil;os

Answer

Foi mal cara, achei que n&atilde;o iria precisar ter a licen&ccedil;a do programa para fazer o uso do mesmo..

Answer

Bom fim de tarde !

O &uacute;nico problema aqui &eacute; do malwarebyte n&atilde;o  querer  instalar ; agora .

A ferramenta abaixo abre r&aacute;pido :

# AdwCleaner v3.311 - Relat&oacute;rio criado 31/10/2014 &agrave;s 18:29:08
# Atualizado 30/09/2014 por Xplode
# Sistema Operacional : Windows 7 Home Basic Service Pack 1 (32 bits)
# Usu&aacute;rio : EDSON - EDSON-PC
# Executando de : C:\Users\EDSON\Downloads\AdwCleaner.exe
# Op&ccedil;&atilde;o : Examinar

***** [ Servi&ccedil;os ] *****

***** [ Arquivos / Pastas ] *****

***** [ Tarefas ] *****

***** [ Atalhos ] *****

***** [ Registro ] *****

***** [ Navegadores ] *****

-\ Internet Explorer v11.0.9600.17344

-\ Google Chrome v38.0.2125.111

[ Arquivo : C:\Users\EDSON\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [670 octets] - [31/10/2014 18:29:08]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [729 octets] ##########

Abra&ccedil;os

Answer

O que acontece??

Answer

O malwarebytes  baixa  ; por&eacute;m n&atilde;o instala .

Abra&ccedil;os

Ferramentas

Mover Tópico