Ir ao conteúdo
  • Cadastre-se
Entre para seguir isso  
powergod

Socorro MWSOEMON.EXE = ADW_WEBSEARCH.AH

Posts recomendados

beleza Pessoal !

Peguei esta praga ADW_WEBSEARCH esta no arquivo MWSOEMON.EXE e não consigo tirar

Desde já agradeco quem pudar ajudar ! :-BEER

Ai vai o log:

Logfile of HijackThis v1.99.1

Scan saved at 18:20:52, on 27/10/2005

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\csrss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\WINNT\System32\svchost.exe

C:\Arquivos de programas\Trend Micro\OfficeScan Client\ntrtscan.exe

C:\Arquivos de programas\Trend Micro\OfficeScan Client\OfcPfwSvc.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\Arquivos de programas\Trend Micro\OfficeScan Client\tmlisten.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\TEMP\RREF2C.EXE

C:\WINNT\Explorer.EXE

C:\WINNT\system32\spool\DRIVERS\W32X86\3\fpdisp5a.exe

C:\ARQUIV~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

C:\Arquivos de programas\TopSearch\TopSearch.exe

C:\Arquivos de programas\Trend Micro\OfficeScan Client\pccntmon.exe

C:\WINNT\NCLAUNCH.EXe

C:\Arquivos de programas\Trend Micro\OfficeScan Client\pccntupd.exe

C:\Arquivos de programas\Winamp\winamp.exe

C:\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.santos.sp.gov.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=proxy.santos.sp.gov.br:3128;gopher=proxy.santos.sp.gov.br:3128;http=proxy.santos.sp.gov.br:3128;https=proxy.santos.sp.gov.br:3128;socks=proxy.santos.sp.gov.br:3128

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = www.webmail.prodesan.com.br;www.cpnet.santos.sp.gov.br;www.intranet.santos.sp.gov.br;www.santos.sp.gov.br;www.tribusnet.santos.sp.gov.br;www.adm.gov.br;www.webmail.prodesan.com.br;<local>

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Arquivos de programas\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Arquivos de programas\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Arquivos de programas\MyWebSearch\bar\1.bin\MWSBAR.DLL (file missing)

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINNT\Downloaded Program Files\gbieh.dll

O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [FinePrint Dispatcher v5] C:\WINNT\system32\spool\DRIVERS\W32X86\3\fpdisp5a.exe

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\ARQUIV~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

O4 - HKLM\..\Run: [TopSearch] C:\Arquivos de programas\TopSearch\TopSearch.exe

O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Arquivos de programas\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow

O4 - HKLM\..\RunServices: [systemSAS] system32.exe

O4 - HKCU\..\Run: [sentence] C:\Documents and Settings\pm164004\Meus documentos\Juliana\senten\Sentences\sentence.exe

O4 - HKCU\..\Run: [schmaili] C:\Arquivos de programas\Schmaili\Schmaili.exe

O4 - HKCU\..\Run: [NCLaunch] C:\WINNT\NCLAUNCH.EXe

O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\ARQUIV~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Arquivos de programas\MyWebSearch\bar\1.bin\MWSOEMON.EXE

O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Arquivos de programas\MyWebSearch\bar\1.bin\MWSOEMON.EXE

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm799YYBR

O12 - Plugin for .pdf: C:\Arquivos de programas\Internet Explorer\PLUGINS\nppdf32.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...up1.0.0.8-2.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1124129206899

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = prodemaster.prodesan

O17 - HKLM\System\CCS\Services\Tcpip\..\{7FC4CA8B-8287-42AC-8C2F-A4711F24A9DE}: NameServer = 192.168.108.3,192.168.105.160,192.168.105.170

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = prodemaster.prodesan

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = santos.sp.gov.br

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = prodemaster.prodesan

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = santos.sp.gov.br

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = santos.sp.gov.br

O23 - Service: Serviço administrativo do gerenciador de disco lógico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

O23 - Service: LaunchProgram - Trend Micro Inc. - C:\Temp\Svcrunap.exe

O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\OfficeScan Client\ntrtscan.exe

O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\OfficeScan Client\OfcPfwSvc.exe

O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\OfficeScan Client\tmlisten.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro powergod,

Vamos lá.

Habilite o Windows para mostrar todos os arquivos (até ocultos).

Desinstale:

--> MyWebSearch

--> TopSearch

Utilize Adicionar / Remover programas.

Desinstale, um a um, e reinicie após tê-los desinstalado.

Importante: A desinstalação dos softs acima é essencial à desinfecção de sua máquina.

1ª Etapa

Baixe o Killbox em:

Killbox

Baixe, mas não execute ainda.

Baixe o Ewido em:

Ewido

Baixe e atualize, mas não execute ainda.

2ª Etapa

Execute o KillBox:

1) Selecione Delete on reboot;

2) Full path of file to delete;

3) Coloque:

C:\WINNT\TEMP\RREF2C.EXE - Aperte X. Responda "sim" à primeira pergunta e "não" à segunda.

Repita a operação para:

C:\ARQUIV~1\MYWEBS~1

C:\Arquivos de programas\TopSearch

C:\WINNT\System32\system32.exe

C:\Arquivos de programas\MyWebSearch

C:\Documents and Settings\pm164004\Meus documentos\Juliana\senten\Sentences\sentence.exe

Caso o Killbox "'acuse" a não existência de algum arquivo, apenas passe para o próximo.

É prudente que você faça a impressão deste documento ou o salve em um local de fácil acesso(Desktop), pois na próxima etapa entraremos em Modo Seguro e a conexão à internet não será possível.

3ª Etapa

Reinicie em Modo Seguro (aperte a tecla F8 até aparecer uma tela preta em DOS e ecolha Modo Seguro).

Execute o HijackThis, clique em Do a system scan only e marque:

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Arquivos de programas\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Arquivos de programas\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Arquivos de programas\MyWebSearch\bar\1.bin\MWSBAR.DLL (file missing)

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\ARQUIV~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

O4 - HKLM\..\Run: [TopSearch] C:\Arquivos de programas\TopSearch\TopSearch.exe

O4 - HKLM\..\RunServices: [systemSAS] system32.exe

O4 - HKCU\..\Run: [sentence] C:\Documents and Settings\pm164004\Meus documentos\Juliana\senten\Sentences\sentence.exe

O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\ARQUIV~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Arquivos de programas\MyWebSearch\bar\1.bin\MWSOEMON.EXE

O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Arquivos de programas\MyWebSearch\bar\1.bin\MWSOEMON.EXE

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm799YYBR

Clique em Fix Checked.

4ª Etapa

Ainda em Modo Seguro execute uma verificação completa com o Ewido.

5ª Etapa

Reinicie em modo normal.

Poste o novo log.

Abraços.

Compartilhar este post


Link para o post
Compartilhar em outros sites

beleza jgarcia465 !

Obrigado por me ajudar !

Esqueci de dizer que o micro ta em rede e não deixa atualizar programas, tive que passar o adware sem atualização e não pegou nada

Um abraço, Marcelo

Ai vai o Novo log:

Logfile of HijackThis v1.99.1

Scan saved at 10:42:29, on 28/10/2005

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\WINNT\System32\svchost.exe

C:\Arquivos de programas\Trend Micro\OfficeScan Client\ntrtscan.exe

C:\Arquivos de programas\Trend Micro\OfficeScan Client\OfcPfwSvc.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\Arquivos de programas\Trend Micro\OfficeScan Client\tmlisten.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\TEMP\NK7903.EXE

C:\WINNT\Explorer.EXE

C:\WINNT\system32\spool\DRIVERS\W32X86\3\fpdisp5a.exe

C:\Arquivos de programas\Trend Micro\OfficeScan Client\pccntmon.exe

C:\WINNT\NCLAUNCH.EXe

C:\Arquivos de programas\Trend Micro\OfficeScan Client\pccntupd.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.santos.sp.gov.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=proxy.santos.sp.gov.br:3128;gopher=proxy.santos.sp.gov.br:3128;http=proxy.santos.sp.gov.br:3128;https=proxy.santos.sp.gov.br:3128;socks=proxy.santos.sp.gov.br:3128

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = www.webmail.prodesan.com.br;www.cpnet.santos.sp.gov.br;www.intranet.santos.sp.gov.br;www.santos.sp.gov.br;www.tribusnet.santos.sp.gov.br;www.adm.gov.br;www.webmail.prodesan.com.br;<local>

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINNT\Downloaded Program Files\gbieh.dll

O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [FinePrint Dispatcher v5] C:\WINNT\system32\spool\DRIVERS\W32X86\3\fpdisp5a.exe

O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Arquivos de programas\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow

O4 - HKCU\..\Run: [schmaili] C:\Arquivos de programas\Schmaili\Schmaili.exe

O4 - HKCU\..\Run: [NCLaunch] C:\WINNT\NCLAUNCH.EXe

O12 - Plugin for .pdf: C:\Arquivos de programas\Internet Explorer\PLUGINS\nppdf32.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...up1.0.0.8-2.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1124129206899

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = prodemaster.prodesan

O17 - HKLM\System\CCS\Services\Tcpip\..\{7FC4CA8B-8287-42AC-8C2F-A4711F24A9DE}: NameServer = 192.168.108.3,192.168.105.160,192.168.105.170

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = prodemaster.prodesan

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = santos.sp.gov.br

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = prodemaster.prodesan

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = santos.sp.gov.br

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = santos.sp.gov.br

O23 - Service: Serviço administrativo do gerenciador de disco lógico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

O23 - Service: LaunchProgram - Trend Micro Inc. - C:\Temp\Svcrunap.exe

O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\OfficeScan Client\ntrtscan.exe

O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\OfficeScan Client\OfcPfwSvc.exe

O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\OfficeScan Client\tmlisten.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro powergod,

Estamos quase lá.

1ª Etapa

Baixe o CCleaner em:

CCleaner

Baixe, mas não execute ainda.

2ª Etapa

Execute o KillBox:

1) Selecione Delete on reboot;

2) Full path of file to delete;

3) Coloque:

C:\WINNT\TEMP\NK7903.EXE - Aperte X. Responda "sim" à primeira pergunta e "não" à segunda.

3ª Etapa

Execute o CCleaner e clique em Executar Cleaner.

4ª Etapa

Reinicie o PC em Modo Normal e poste o novo log.

Abraços.

Compartilhar este post


Link para o post
Compartilhar em outros sites

beleza Ai vai !

Logfile of HijackThis v1.99.1

Scan saved at 12:54:29, on 28/10/2005

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\WINNT\System32\svchost.exe

C:\Arquivos de programas\Trend Micro\OfficeScan Client\ntrtscan.exe

C:\Arquivos de programas\Trend Micro\OfficeScan Client\OfcPfwSvc.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\Arquivos de programas\Trend Micro\OfficeScan Client\tmlisten.exe

C:\WINNT\Explorer.EXE

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\TEMP\SKE49C.EXE

C:\WINNT\system32\spool\DRIVERS\W32X86\3\fpdisp5a.exe

C:\Arquivos de programas\Trend Micro\OfficeScan Client\pccntmon.exe

C:\WINNT\NCLAUNCH.EXe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.santos.sp.gov.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=proxy.santos.sp.gov.br:3128;gopher=proxy.santos.sp.gov.br:3128;http=proxy.santos.sp.gov.br:3128;https=proxy.santos.sp.gov.br:3128;socks=proxy.santos.sp.gov.br:3128

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = www.webmail.prodesan.com.br;www.cpnet.santos.sp.gov.br;www.intranet.santos.sp.gov.br;www.santos.sp.gov.br;www.tribusnet.santos.sp.gov.br;www.adm.gov.br;www.webmail.prodesan.com.br;<local>

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINNT\Downloaded Program Files\gbieh.dll

O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [FinePrint Dispatcher v5] C:\WINNT\system32\spool\DRIVERS\W32X86\3\fpdisp5a.exe

O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Arquivos de programas\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow

O4 - HKCU\..\Run: [schmaili] C:\Arquivos de programas\Schmaili\Schmaili.exe

O4 - HKCU\..\Run: [NCLaunch] C:\WINNT\NCLAUNCH.EXe

O12 - Plugin for .pdf: C:\Arquivos de programas\Internet Explorer\PLUGINS\nppdf32.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...up1.0.0.8-2.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1124129206899

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = prodemaster.prodesan

O17 - HKLM\System\CCS\Services\Tcpip\..\{7FC4CA8B-8287-42AC-8C2F-A4711F24A9DE}: NameServer = 192.168.108.3,192.168.105.160,192.168.105.170

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = prodemaster.prodesan

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = santos.sp.gov.br

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = prodemaster.prodesan

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = santos.sp.gov.br

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = santos.sp.gov.br

O23 - Service: Serviço administrativo do gerenciador de disco lógico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

O23 - Service: LaunchProgram - Trend Micro Inc. - C:\Temp\Svcrunap.exe

O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\OfficeScan Client\ntrtscan.exe

O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\OfficeScan Client\OfcPfwSvc.exe

O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\OfficeScan Client\tmlisten.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro powergod,

Você executou o CCleaner? Se não executou, o faça agora.

Depois poste o novo log.

Abraços.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Sim ,

o programa abre na opção limpador,

aparece uma mensagem que vai excluir temporariamente arquivos de sistema

eu aperto o botão executar cleaner e o que eu faço depois

Compartilhar este post


Link para o post
Compartilhar em outros sites

beleza !

O Ccleaner estava na aba Windows eu coloquei na aba programas e executei novamente, reiniciei e aqui esta o novo log

Logfile of HijackThis v1.99.1

Scan saved at 15:28:57, on 28/10/2005

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\WINNT\System32\svchost.exe

C:\Arquivos de programas\Trend Micro\OfficeScan Client\ntrtscan.exe

C:\Arquivos de programas\Trend Micro\OfficeScan Client\OfcPfwSvc.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\Arquivos de programas\Trend Micro\OfficeScan Client\tmlisten.exe

C:\WINNT\Explorer.EXE

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\system32\spool\DRIVERS\W32X86\3\fpdisp5a.exe

C:\WINNT\TEMP\NQ8001.EXE

C:\Arquivos de programas\Trend Micro\OfficeScan Client\pccntmon.exe

C:\WINNT\NCLAUNCH.EXe

C:\Arquivos de programas\Trend Micro\OfficeScan Client\TSC.EXE

C:\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.santos.sp.gov.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=proxy.santos.sp.gov.br:3128;gopher=proxy.santos.sp.gov.br:3128;http=proxy.santos.sp.gov.br:3128;https=proxy.santos.sp.gov.br:3128;socks=proxy.santos.sp.gov.br:3128

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = www.webmail.prodesan.com.br;www.cpnet.santos.sp.gov.br;www.intranet.santos.sp.gov.br;www.santos.sp.gov.br;www.tribusnet.santos.sp.gov.br;www.adm.gov.br;www.webmail.prodesan.com.br;<local>

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINNT\Downloaded Program Files\gbieh.dll

O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [FinePrint Dispatcher v5] C:\WINNT\system32\spool\DRIVERS\W32X86\3\fpdisp5a.exe

O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Arquivos de programas\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow

O4 - HKCU\..\Run: [schmaili] C:\Arquivos de programas\Schmaili\Schmaili.exe

O4 - HKCU\..\Run: [NCLaunch] C:\WINNT\NCLAUNCH.EXe

O12 - Plugin for .pdf: C:\Arquivos de programas\Internet Explorer\PLUGINS\nppdf32.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...up1.0.0.8-2.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1124129206899

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = prodemaster.prodesan

O17 - HKLM\System\CCS\Services\Tcpip\..\{7FC4CA8B-8287-42AC-8C2F-A4711F24A9DE}: NameServer = 192.168.108.3,192.168.105.160,192.168.105.170

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = prodemaster.prodesan

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = santos.sp.gov.br

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = prodemaster.prodesan

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = santos.sp.gov.br

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = santos.sp.gov.br

O23 - Service: Serviço administrativo do gerenciador de disco lógico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

O23 - Service: LaunchProgram - Trend Micro Inc. - C:\Temp\Svcrunap.exe

O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\OfficeScan Client\ntrtscan.exe

O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\OfficeScan Client\OfcPfwSvc.exe

O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\OfficeScan Client\tmlisten.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro powergod,

Baixe o SilentRunners.

Extraia o executável Silent Runners.vbs para o C:\. Dê duplo-clique sobre o executável e aguarde até o surgimento de um documento denominado Startup Programs (usuário) data. Copie o conteúdo do documento acima citado e cole em seu próximo post.

Obs.: Talvez o seu AV tente impedir a execução do Silent Runners.vbs entendendo ser um arquivo malicioso. Autorize a execução.

Abraços.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ai vai

"Silent Runners.vbs", revision 41, http://www.silentrunners.org/

Operating System: Windows 2000

Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:

---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"Schmaili" = "C:\Arquivos de programas\Schmaili\Schmaili.exe" [file not found]

"NCLaunch" = "C:\WINNT\NCLAUNCH.EXe" ["Northcode Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"Synchronization Manager" = "mobsync.exe /logon" [MS]

"QuickTime Task" = ""C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]

"FinePrint Dispatcher v5" = "C:\WINNT\system32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" ["FinePrint Software, LLC"]

"OfficeScanNT Monitor" = ""C:\Arquivos de programas\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow" ["Trend Micro Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]

-> {CLSID}\InProcServer32\(Default) = "C:\Arquivos de programas\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

{C41A1C0E-EA6C-11D4-B1B8-444553540000}\(Default) = "G-Buster Browser Defense"

-> {CLSID}\InProcServer32\(Default) = "C:\WINNT\Downloaded Program Files\gbieh.dll" ["Banco do Brasil"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extensão do 'Painel de controle' para panorâmica de vídeo"

-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extensão de ícone do HyperTerminal"

-> {CLSID}\InProcServer32\(Default) = "C:\WINNT\System32\hticons.dll" ["Hilgraeve, Inc."]

"{BB7DF450-F119-11CD-8465-00AA00425D90}" = "Microsoft Access Custom Icon Handler"

-> {CLSID}\InProcServer32\(Default) = "C:\Arquivos de programas\Microsoft Office\Office\soa800.dll" [MS]

"{59850401-6664-101B-B21C-00AA004BA90B}" = "Microsoft Office Binder Explode"

-> {CLSID}\InProcServer32\(Default) = "C:\Arquivos de programas\Microsoft Office\Office\UNBIND.DLL" [MS]

"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"

-> {CLSID}\InProcServer32\(Default) = "C:\ARQUIV~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"

-> {CLSID}\InProcServer32\(Default) = "C:\ARQUIV~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"

-> {CLSID}\InProcServer32\(Default) = "C:\ARQUIV~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"

-> {CLSID}\InProcServer32\(Default) = "C:\ARQUIV~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}" = "GbPlugin ShlObj"

-> {CLSID}\InProcServer32\(Default) = "C:\WINNT\Downloaded Program Files\gbieh.dll" ["Banco do Brasil"]

"{AF4F7471-FCFB-11d0-80B6-0080C838D5F9}" = "OfficeScan NT"

-> {CLSID}\InProcServer32\(Default) = "C:\Arquivos de programas\Trend Micro\OfficeScan Client\tmdshell.dll" ["Trend Micro Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

INFECTION WARNING! "{E37CB5F0-51F5-4395-A808-5FA49E399F83}" = "GbPlugin ShlObj"

-> {CLSID}\InProcServer32\(Default) = "C:\WINNT\Downloaded Program Files\gbieh.dll" ["Banco do Brasil"]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

OfficeScan NT\(Default) = "{AF4F7471-FCFB-11d0-80B6-0080C838D5F9}"

-> {CLSID}\InProcServer32\(Default) = "C:\Arquivos de programas\Trend Micro\OfficeScan Client\tmdshell.dll" ["Trend Micro Inc."]

WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"

-> {CLSID}\InProcServer32\(Default) = "C:\ARQUIV~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

OfficeScan NT\(Default) = "{AF4F7471-FCFB-11d0-80B6-0080C838D5F9}"

-> {CLSID}\InProcServer32\(Default) = "C:\Arquivos de programas\Trend Micro\OfficeScan Client\tmdshell.dll" ["Trend Micro Inc."]

WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"

-> {CLSID}\InProcServer32\(Default) = "C:\ARQUIV~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"

-> {CLSID}\InProcServer32\(Default) = "C:\ARQUIV~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

Active Desktop and Wallpaper:

-----------------------------

Active Desktop is enabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Winsock2 Service Provider DLLs:

-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\rnr20.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\msafd.dll [MS], 01 - 03, 06 - 25

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Miscellaneous IE Hijack Points

------------------------------

C:\WINNT\INF\IERESET.INF (used to "Reset Web Settings")

Added lines (compared with English-language version):

[strings]: SEARCH_PAGE_URL="&http://home.microsoft.com/intl/br/access/allinone.asp"

[strings]: SAFESITE_VALUE="search.msn.com.br"

Missing lines (compared with English-language version):

[strings]: 2 lines

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ai vai !

Incident Status Location

Adware:adware/twain-tech No disinfected C:\WINNT\smdat32a.sys

Adware:adware/localnrd No disinfected C:\WINNT\INF\addremln.inf

Spyware:spyware/altnet No disinfected

C:\PROGRAMFILES\Altnet

Adware:adware/p2pnetworking No disinfected

C:\WINNT\SYSTEM32\P2P Networking

Adware:adware/keenvalue No disinfected

WindowsRegistry

Dialer:dialer generic No disinfected HKEY_CLASSES_ROOT\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}

Adware:Adware/LocalNRD No disinfected C:\WINNT\inf\addremln.inf

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro powergod,

Vamos lá.

1ª Etapa

Desinstale (talvez não encontre todos):

--> Altnet

--> P2P Networking

--> KeenValue

Utilize Adicionar / Remover programas.

Desinstale, um a um, e reinicie após tê-los desinstalado.

1ª Etapa

Execute o KillBox:

1) Selecione Delete on reboot;

2) Full path of file to delete;

3) Coloque:

C:\WINNT\smdat32a.sys - Aperte X. Responda "sim" à primeira pergunta e "não" à segunda.

Repita a operação para:

C:\WINNT\INF\addremln.inf

Caso o Killbox "acuse" a não existência do arquivo apenas passe para o próximo.

2ª Etapa

Reinicie em Modo Seguro.

Vé em Iniciar --> Executar --> digite regedit --> dê Ok.

Navegue até a seguinte chave:

HKEY_CLASSES_ROOT\CLSID

Localize e delete o seguinte valor:

{9FF05104-B030-46FC-94B8-81276E4E27DF}

Saia do Editor do Registro.

3ª Etapa

Vá em C:\WINNT\TEMP e delete arquivos aleatórios.exe, tipo:

NQ8001.EXE

4ª Etapa

Reinicie em Modo Normal.

Poste um novo log do HijackThis.

Abraços.

Compartilhar este post


Link para o post
Compartilhar em outros sites

beleza Jose

Só vou voltar atrabalhar na quinta (o micro tá no trampo), vou seguir os passos e te respondo depois

Um abraço, Marcelo :-BEER

Compartilhar este post


Link para o post
Compartilhar em outros sites

beleza !

Não achei os 3 arquivos para desinstalar

Altnet

P2P Networking

KeenValue

Não achei o valor {9FF05104-B030-46FC-94B8-81276E4E27DF}

Em C:\WINNT\TEMP e delete arquivos aleatórios.exe, tipo

achei 3 arquivos com icones de cachorro:

NO2BC0.EXE

WE729E.EXE

YKFD3C.EXE

Deletei os 3

----------------------------

Novo log

Logfile of HijackThis v1.99.1

Scan saved at 10:53:22, on 03/11/2005

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\WINNT\System32\svchost.exe

C:\Arquivos de programas\Trend Micro\OfficeScan Client\ntrtscan.exe

C:\Arquivos de programas\Trend Micro\OfficeScan Client\OfcPfwSvc.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\Arquivos de programas\Trend Micro\OfficeScan Client\tmlisten.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\Explorer.EXE

C:\WINNT\system32\svchost.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\TEMP\KY153B.EXE

C:\WINNT\system32\spool\DRIVERS\W32X86\3\fpdisp5a.exe

C:\Arquivos de programas\Trend Micro\OfficeScan Client\pccntmon.exe

C:\WINNT\NCLAUNCH.EXe

C:\Arquivos de programas\Trend Micro\OfficeScan Client\pccntupd.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.santos.sp.gov.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=proxy.santos.sp.gov.br:3128;gopher=proxy.santos.sp.gov.br:3128;http=proxy.santos.sp.gov.br:3128;https=proxy.santos.sp.gov.br:3128;socks=proxy.santos.sp.gov.br:3128

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = www.webmail.prodesan.com.br;www.cpnet.santos.sp.gov.br;www.intranet.santos.sp.gov.br;www.santos.sp.gov.br;www.tribusnet.santos.sp.gov.br;www.adm.gov.br;www.webmail.prodesan.com.br;<local>

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINNT\Downloaded Program Files\gbieh.dll

O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [FinePrint Dispatcher v5] C:\WINNT\system32\spool\DRIVERS\W32X86\3\fpdisp5a.exe

O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Arquivos de programas\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow

O4 - HKCU\..\Run: [schmaili] C:\Arquivos de programas\Schmaili\Schmaili.exe

O4 - HKCU\..\Run: [NCLaunch] C:\WINNT\NCLAUNCH.EXe

O12 - Plugin for .pdf: C:\Arquivos de programas\Internet Explorer\PLUGINS\nppdf32.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1124129206899

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = prodemaster.prodesan

O17 - HKLM\System\CCS\Services\Tcpip\..\{7FC4CA8B-8287-42AC-8C2F-A4711F24A9DE}: NameServer = 192.168.108.3,192.168.105.160,192.168.105.170

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = prodemaster.prodesan

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = santos.sp.gov.br

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = prodemaster.prodesan

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = santos.sp.gov.br

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = santos.sp.gov.br

O23 - Service: Serviço administrativo do gerenciador de disco lógico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

O23 - Service: LaunchProgram - Trend Micro Inc. - C:\Temp\Svcrunap.exe

O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\OfficeScan Client\ntrtscan.exe

O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\OfficeScan Client\OfcPfwSvc.exe

O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\OfficeScan Client\tmlisten.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro powergod,

Não fosse este arquivo aleatório que teima em aparecer na pasta TEMP diria que seu log está limpo.

C:\WINNT\TEMP\KY153B.EXE

Só há isso mesmo. No mais o log apresenta uma boa conjuntura. :D

Abraços.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Valeu Garcia, pela ajuda !

Realmente este arquivo não apaga de nenhuma forma

Umgrande abraço, Marcelo

:-BEER

Compartilhar este post


Link para o post
Compartilhar em outros sites

Opa powergod,

Foi um prazer ajudá-lo. :D

Qualquer coisa estou por aqui.

Abraços.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.
Entre para seguir isso  





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×
×
  • Criar novo...

GRÁTIS: minicurso “Como ganhar dinheiro montando computadores”

Gabriel TorresGabriel Torres, fundador e editor executivo do Clube do Hardware, acaba de lançar um minicurso totalmente gratuito: "Como ganhar dinheiro montando computadores".

Você aprenderá sobre o quanto pode ganhar, como cobrar, como lidar com a concorrência, como se tornar um profissional altamente qualificado e muito mais!

Inscreva-se agora!