Ir ao conteúdo
  • Cadastre-se
Entre para seguir isso  
caiolimaalves

Ajuda com log HijackThis

Recommended Posts

Sera q alguma alma bondosa teria a boa vontade de me ajudar ?? Valeu desde já.

ta aparecendo aquele tal de Winfixer , outra janela do IE com Partypoker , outra comeca a abri o tal de adultfinder e muda pra Mercado Livre. Sempre q inicia o Internet Explorer.

Logfile of HijackThis v1.99.1

Scan saved at 17:29:44, on 10/1/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Trend Micro\PC-cillin 2002\Tmntsrv.exe

C:\Arquivos de programas\Trend Micro\PC-cillin 2002\PCCPFW.exe

C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

C:\Arquivos de programas\Motherboard Monitor 5\MBM5.EXE

C:\Arquivos de programas\Trend Micro\PC-cillin 2002\Pop3trap.exe

C:\Arquivos de programas\Trend Micro\PC-cillin 2002\pccguide.exe

C:\Arquivos de programas\Trend Micro\PC-cillin 2002\PCCClient.exe

C:\Arquivos de programas\Trend Micro\PC-cillin 2002\WebTrap.EXE

C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe

C:\Arquivos de programas\MediaGateway\MediaGateway.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

C:\WINDOWS\BricoPacks\Vista Inspirat\UberIcon\UberIcon Manager.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\ARQUIV~1\Cacheman\Cacheman.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

c:\arquiv~1\intern~1\iexplore.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe

C:\WINDOWS\BricoPacks\Vista Inspirat\YzShadow\YzShadow.exe

C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgalry.exe

C:\Documents and Settings\3mil\Meus documentos\Caio\Minhas Coisas\Meus Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ssfmyajvslvbqqcxrpbe.com/55qc9YXvlA...JBHGI08WKA.html

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\ARQUIV~1\FlashGet\Jccatch.dll

O2 - BHO: G-Buster Browser Defense Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\ARQUIV~1\FlashGet\fgiebar.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe

O4 - HKLM\..\Run: [MBM 5] "C:\Arquivos de programas\Motherboard Monitor 5\MBM5.EXE"

O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Arquivos de programas\Trend Micro\PC-cillin 2002\Pop3trap.exe"

O4 - HKLM\..\Run: [pccguide.exe] "C:\Arquivos de programas\Trend Micro\PC-cillin 2002\pccguide.exe"

O4 - HKLM\..\Run: [PCCClient.exe] "C:\Arquivos de programas\Trend Micro\PC-cillin 2002\PCCClient.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [MediaGateway] C:\Arquivos de programas\MediaGateway\MediaGateway.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [AVG7_EMC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

O4 - HKLM\..\Run: [New creative bind test] C:\Documents and Settings\All Users\Dados de aplicativos\Typebowsnewcreative\Flap eggs.exe

O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] windir32.exe

O4 - HKCU\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe

O4 - HKCU\..\Run: [uberIcon] "C:\WINDOWS\BricoPacks\Vista Inspirat\UberIcon\UberIcon Manager.exe"

O4 - HKCU\..\Run: [Rdr save] C:\DOCUME~1\3mil\DADOSD~1\SECTFA~1\media great rect.exe

O4 - HKCU\..\Run: [Cacheman] C:\ARQUIV~1\Cacheman\Cacheman.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe

O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\UberIcon\UberIcon Manager.exe

O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzShadow\YzShadow.exe

O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe

O4 - Global Startup: Discador Oi Internet.lnk = C:\Arquivos de programas\Oi Internet\discaoi.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Inicialização rápida do HP Image Zone.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: Descarregar tudo com o FlashGet - C:\Arquivos de programas\FlashGet\jc_all.htm

O8 - Extra context menu item: Descarregar utilizando o FlashGet - C:\Arquivos de programas\FlashGet\jc_link.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Arquivos de programas\PartyPoker\PartyPoker.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Arquivos de programas\PartyPoker\PartyPoker.exe (file missing)

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARQUIV~1\FlashGet\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARQUIV~1\FlashGet\flashget.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Zango/ie/bridge-c18.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{0419E3AB-3B88-4CB9-B40D-42BB02B5724D}: NameServer = 200.165.132.154,200.165.132.147

O17 - HKLM\System\CCS\Services\Tcpip\..\{CB092D10-614F-4593-A280-815DF7AE78E2}: NameServer = 200.165.132.154,200.165.132.147

O17 - HKLM\System\CS2\Services\Tcpip\..\{0419E3AB-3B88-4CB9-B40D-42BB02B5724D}: NameServer = 200.165.132.154,200.165.132.147

O17 - HKLM\System\CS3\Services\Tcpip\..\{0419E3AB-3B88-4CB9-B40D-42BB02B5724D}: NameServer = 200.165.132.154,200.165.132.147

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\PC-cillin 2002\PCCPFW.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\PC-cillin 2002\Tmntsrv.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Logfile of HijackThis v1.99.1

Scan saved at 23:18:13, on 11/1/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\WINDOWS\system32\cisvc.exe

C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

C:\Arquivos de programas\Motherboard Monitor 5\MBM5.EXE

C:\Arquivos de programas\Trend Micro\PC-cillin 2002\Pop3trap.exe

C:\Arquivos de programas\Trend Micro\PC-cillin 2002\pccguide.exe

C:\Arquivos de programas\Trend Micro\PC-cillin 2002\PCCClient.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\MediaGateway\MediaGateway.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

C:\WINDOWS\BricoPacks\Vista Inspirat\UberIcon\UberIcon Manager.exe

C:\ARQUIV~1\Cacheman\Cacheman.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Trend Micro\PC-cillin 2002\Tmntsrv.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe

C:\WINDOWS\BricoPacks\Vista Inspirat\YzShadow\YzShadow.exe

C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe

C:\Arquivos de programas\Trend Micro\PC-cillin 2002\PCCPFW.exe

C:\Arquivos de programas\Trend Micro\PC-cillin 2002\WebTrap.EXE

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgalry.exe

C:\Arquivos de programas\Windows Media Player\wmplayer.exe

C:\WINDOWS\system32\ntvdm.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Documents and Settings\3mil\Meus documentos\Caio\Minhas Coisas\Meus Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\ARQUIV~1\FlashGet\Jccatch.dll

O2 - BHO: G-Buster Browser Defense Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\ARQUIV~1\FlashGet\fgiebar.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe

O4 - HKLM\..\Run: [MBM 5] "C:\Arquivos de programas\Motherboard Monitor 5\MBM5.EXE"

O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Arquivos de programas\Trend Micro\PC-cillin 2002\Pop3trap.exe"

O4 - HKLM\..\Run: [pccguide.exe] "C:\Arquivos de programas\Trend Micro\PC-cillin 2002\pccguide.exe"

O4 - HKLM\..\Run: [PCCClient.exe] "C:\Arquivos de programas\Trend Micro\PC-cillin 2002\PCCClient.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [MediaGateway] C:\Arquivos de programas\MediaGateway\MediaGateway.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [AVG7_EMC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe

O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] windir32.exe

O4 - HKLM\..\RunOnce: [MessengerPlusUninstall] C:\WINDOWS\system32\cmd.exe /C "C:\DOCUME~1\3mil\CONFIG~1\Temp\MsgPlusUninst.bat"

O4 - HKCU\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe

O4 - HKCU\..\Run: [uberIcon] "C:\WINDOWS\BricoPacks\Vista Inspirat\UberIcon\UberIcon Manager.exe"

O4 - HKCU\..\Run: [Cacheman] C:\ARQUIV~1\Cacheman\Cacheman.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\RunOnce: [remititit2327] C:\WINDOWS\system32\command.com /c del C:\DOCUME~1\3mil\DADOSD~1\SECTFA~1\9268.del

O4 - HKCU\..\RunOnce: [remititit8507] C:\WINDOWS\system32\command.com /c del C:\DOCUME~1\3mil\DADOSD~1\SECTFA~1\9268.del

O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe

O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\UberIcon\UberIcon Manager.exe

O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzShadow\YzShadow.exe

O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Inicialização rápida do HP Image Zone.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: Descarregar tudo com o FlashGet - C:\Arquivos de programas\FlashGet\jc_all.htm

O8 - Extra context menu item: Descarregar utilizando o FlashGet - C:\Arquivos de programas\FlashGet\jc_link.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Arquivos de programas\PartyPoker\PartyPoker.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Arquivos de programas\PartyPoker\PartyPoker.exe (file

missing)

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARQUIV~1\FlashGet\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARQUIV~1\FlashGet\flashget.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Zango/ie/bridge-c18.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -

http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{0419E3AB-3B88-4CB9-B40D-42BB02B5724D}: NameServer = 200.165.132.154,200.165.132.147

O17 - HKLM\System\CCS\Services\Tcpip\..\{CB092D10-614F-4593-A280-815DF7AE78E2}: NameServer = 200.165.132.154,200.165.132.147

O17 - HKLM\System\CS2\Services\Tcpip\..\{0419E3AB-3B88-4CB9-B40D-42BB02B5724D}: NameServer = 200.165.132.154,200.165.132.147

O17 - HKLM\System\CS3\Services\Tcpip\..\{0419E3AB-3B88-4CB9-B40D-42BB02B5724D}: NameServer = 200.165.132.154,200.165.132.147

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos

comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\PC-cillin 2002\PCCPFW.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\PC-cillin 2002\Tmntsrv.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Baixe:

KillBox

Ewido > instale, atualize, mas não use ainda.

CCleaner > instale, mas também não use.

Configure o Windows para mostrar todos os arquivos

Salve ou imprima estas instruções, pois vai segui-las desconectado e sem acesso a esta página:

1 - No Painel de Controle > Adicionar/remover Programas > desinstale programas com estes nomes (pode encontrar ou não):

MediaGateway

180Solutions

180Search

Zango

2 - Caso não tenha encontrado o MediaGateway no Adicionar/Remover programas, rode o KillBox, marque Delete on Reboot e coloque em Full Path of File to Delete:

C:\Arquivos de programas\MediaGateway\MediaGateway.exe

Clique no botão com o X. Responda Não à pergunta.

Independente de ter colocado o MediaGateway ou não, coloque este:

C:\WINDOWS\System32\windir32.exe

Clique no botão com o X. Responda Sim à pergunta.

Ao reiniciar o PC, aperte F8 intermitentemente. No menu que vai aparecer, escolha: modo seguro.

3 - Faça um full scan com o Ewido. Salve o resultado.

4 - Faça um scan com o HijackThis, marque as entradas abaixo, que ainda encontrar e clique em Fix checked:

O4 - HKLM\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe

O4 - HKLM\..\Run: [MediaGateway] C:\Arquivos de programas\MediaGateway\MediaGateway.exe

O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] windir32.exe

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Arquivos de programas\PartyPoker\PartyPoker.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Arquivos de programas\PartyPoker\PartyPoker.exe (file missing)

O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Zango/ie/bridge-c18.cab

5 - Feche o HijackThis e rode o CCleaner, clicando em Executar Cleaner. Aguarde o scan completar.

6 - Procure por pastas e arquivos com os nomes dos programas que pedi para desinstalar e delete.

7 - Reinicie em modo normal, faça um scan com o HijackThis e salve/poste o log, mais o resultado do Ewido.

Compartilhar este post


Link para o post
Compartilhar em outros sites

3 - Faça um full scan com o Ewido. Salve o resultado.

Pergunta: Precisa ser em modo seguro ??

Porque você mandou colocar modo seguro somente se eu não encontrasse o MediaGateway no adicionar e remover programas e fosse remover com o KillBox.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Não, o que disse foi:

Independente de ter colocado o MediaGateway ou não, coloque este:

C:\WINDOWS\System32\windir32.exe

Clique no botão com o X. Responda Sim à pergunta.

Ao reiniciar o PC, aperte F8 intermitentemente. No menu que vai aparecer, escolha: modo seguro.

Se não encontrasse o MediaGateway no Adicionar/Remover programas, colocasse a sua entrada em FullPath of File to Delete e prosseguisse colocando a seguir, a entrada do windir32.

Se encontrasse o MediaGateway no Adicionar/remover programas (obviamente iria desinstalá-lo) não era preciso que colocasse a sua entrada no KillBox, mas que colocasse o windir32 e reiniciasse em modo de segurança.

As instruções de 3 a 6 tem de realizar neste modo.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bem, costuma estar no diretório System32 como eu coloquei, mas se o KillBox não o encontrou, é porque está em outro local.

Mantenha o Windows configurado para ver todos os arquivos.

Se encontrou e desinstalou o MediaGateway, não precisa usar o KillBox.

Reinicie em modo de segurança, localize e delete o windir32.exe.

Depois prossiga, ainda em modo de segurança, com as instruções de 3 a 6.

Se não encontrar o windir32.exe, prossiga da mesma forma. Poderá sair com o Fix do HijackThis ou com o Ewido.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Segue Log

Logfile of HijackThis v1.99.1

Scan saved at 16:42:29, on 12/1/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

C:\WINDOWS\system32\cisvc.exe

C:\Arquivos de programas\Motherboard Monitor 5\MBM5.EXE

C:\Arquivos de programas\Trend Micro\PC-cillin 2002\Pop3trap.exe

C:\Arquivos de programas\Trend Micro\PC-cillin 2002\pccguide.exe

C:\Arquivos de programas\Trend Micro\PC-cillin 2002\PCCClient.exe

C:\Arquivos de programas\Ewido anti-malware\ewidoctrl.exe

C:\Arquivos de programas\Ewido anti-malware\ewidoguard.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Program Files\ASUS\Probe\AsusProb.exe

C:\WINDOWS\BricoPacks\Vista Inspirat\UberIcon\UberIcon Manager.exe

C:\ARQUIV~1\Cacheman\Cacheman.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Trend Micro\PC-cillin 2002\Tmntsrv.exe

C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe

C:\WINDOWS\BricoPacks\Vista Inspirat\YzShadow\YzShadow.exe

C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe

C:\Arquivos de programas\Trend Micro\PC-cillin 2002\WebTrap.EXE

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgalry.exe

C:\Arquivos de programas\Trend Micro\PC-cillin 2002\PCCPFW.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\3mil\Meus documentos\Caio\Minhas Coisas\Meus

Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -

C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} -

C:\ARQUIV~1\FlashGet\Jccatch.dll

O2 - BHO: G-Buster Browser Defense Real -

{C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program

Files\gbiehabn.dll

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} -

C:\ARQUIV~1\FlashGet\fgiebar.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de

programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [MBM 5] "C:\Arquivos de programas\Motherboard Monitor

5\MBM5.EXE"

O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Arquivos de programas\Trend

Micro\PC-cillin 2002\Pop3trap.exe"

O4 - HKLM\..\Run: [pccguide.exe] "C:\Arquivos de programas\Trend

Micro\PC-cillin 2002\pccguide.exe"

O4 - HKLM\..\Run: [PCCClient.exe] "C:\Arquivos de programas\Trend

Micro\PC-cillin 2002\PCCClient.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE

C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [AVG7_EMC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe

O4 - HKCU\..\Run: [uberIcon] "C:\WINDOWS\BricoPacks\Vista

Inspirat\UberIcon\UberIcon Manager.exe"

O4 - HKCU\..\Run: [Cacheman] C:\ARQUIV~1\Cacheman\Cacheman.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot -

Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [Rdr save] C:\DOCUME~1\3mil\DADOSD~1\SECTFA~1\media great

rect.exe

O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista

Inspirat\ObjectDock\ObjectDock.exe

O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista

Inspirat\UberIcon\UberIcon Manager.exe

O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista

Inspirat\YzShadow\YzShadow.exe

O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista

Inspirat\YzToolbar\YzToolBar.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de

programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Inicialização rápida do HP Image Zone.lnk = C:\Arquivos

de programas\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de

programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: Descarregar tudo com o FlashGet -

C:\ARQUIV~1\FlashGet\jc_all.htm

O8 - Extra context menu item: Descarregar utilizando o FlashGet -

C:\ARQUIV~1\FlashGet\jc_link.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel -

res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -

C:\ARQUIV~1\FlashGet\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet -

{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARQUIV~1\FlashGet\flashget.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de

programas\Messenger\msmsgs.exe

O14 - IERESET.INF:

SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} -

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}

(MsnMessengerSetupDownloadControl Class) -

http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) -

https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

O17 -

HKLM\System\CCS\Services\Tcpip\..\{0419E3AB-3B88-4CB9-B40D-42BB02B5724D}:

NameServer = 200.165.132.154,200.165.132.147

O17 -

HKLM\System\CCS\Services\Tcpip\..\{CB092D10-614F-4593-A280-815DF7AE78E2}:

NameServer = 200.165.132.154,200.165.132.147

O17 -

HKLM\System\CS2\Services\Tcpip\..\{0419E3AB-3B88-4CB9-B40D-42BB02B5724D}:

NameServer = 200.165.132.154,200.165.132.147

O17 -

HKLM\System\CS3\Services\Tcpip\..\{0419E3AB-3B88-4CB9-B40D-42BB02B5724D}:

NameServer = 200.165.132.154,200.165.132.147

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -

"C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: ewido security suite control - ewido networks - C:\Arquivos de

programas\Ewido anti-malware\ewidoctrl.exe

O23 - Service: ewido security suite guard - ewido networks - C:\Arquivos de

programas\Ewido anti-malware\ewidoguard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

Corporation - C:\Arquivos de programas\Arquivos

comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. -

C:\Arquivos de programas\Trend Micro\PC-cillin 2002\PCCPFW.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SmartLinkService (SLService) - -

C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. -

C:\Arquivos de programas\Trend Micro\PC-cillin 2002\Tmntsrv.exe

---------------------------------------------------------

ewido anti-malware - Relatório de verificação

---------------------------------------------------------

+ Criado em: 16:03:12, 12/1/2006

+ Relatório-Checksum: 5CE7EC2C

+ Resultado da verificação:

C:\Arquivos de programas\WinFixer 2005 -> Spyware.WinFixer : Limpo com backup

C:\Documents and Settings\3mil\Cookies\3mil@2o7[2].txt -> Spyware.Cookie.2o7 : Limpo com backup

C:\Documents and Settings\3mil\Cookies\3mil@66.220.17[1].txt -> Spyware.Cookie.66.220.17.154 : Limpo com backup

C:\Documents and Settings\3mil\Cookies\3mil@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Limpo com backup

C:\Documents and Settings\3mil\Cookies\3mil@ads1.revenue[2].txt -> Spyware.Cookie.Revenue : Limpo com backup

C:\Documents and Settings\3mil\Cookies\3mil@as1.falkag[2].txt -> Spyware.Cookie.Falkag : Limpo com backup

C:\Documents and Settings\3mil\Cookies\3mil@fastclick[2].txt -> Spyware.Cookie.Fastclick : Limpo com backup

C:\Documents and Settings\3mil\Cookies\3mil@media.fastclick[2].txt -> Spyware.Cookie.Fastclick : Limpo com backup

C:\Documents and Settings\3mil\Cookies\3mil@partygaming.122.2o7[1].txt -> Spyware.Cookie.2o7 : Limpo com backup

C:\Documents and Settings\3mil\Cookies\3mil@paypopup[2].txt -> Spyware.Cookie.Paypopup : Limpo com backup

C:\Documents and Settings\3mil\Cookies\3mil@revenue[1].txt -> Spyware.Cookie.Revenue : Limpo com backup

C:\Documents and Settings\3mil\Cookies\3mil@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Limpo com backup

C:\WINDOWS\Downloaded Program Files\UWFX5Z_0001_N56M1411NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.c : Limpo com backup

::Fim do Relatório

Compartilhar este post


Link para o post
Compartilhar em outros sites

Logfile of HijackThis v1.99.1

Scan saved at 16:42:29, on 12/1/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

C:\WINDOWS\system32\cisvc.exe

C:\Arquivos de programas\Motherboard Monitor 5\MBM5.EXE

C:\Arquivos de programas\Trend Micro\PC-cillin 2002\Pop3trap.exe

C:\Arquivos de programas\Trend Micro\PC-cillin 2002\pccguide.exe

C:\Arquivos de programas\Trend Micro\PC-cillin 2002\PCCClient.exe

C:\Arquivos de programas\Ewido anti-malware\ewidoctrl.exe

C:\Arquivos de programas\Ewido anti-malware\ewidoguard.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Program Files\ASUS\Probe\AsusProb.exe

C:\WINDOWS\BricoPacks\Vista Inspirat\UberIcon\UberIcon Manager.exe

C:\ARQUIV~1\Cacheman\Cacheman.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Trend Micro\PC-cillin 2002\Tmntsrv.exe

C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe

C:\WINDOWS\BricoPacks\Vista Inspirat\YzShadow\YzShadow.exe

C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe

C:\Arquivos de programas\Trend Micro\PC-cillin 2002\WebTrap.EXE

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgalry.exe

C:\Arquivos de programas\Trend Micro\PC-cillin 2002\PCCPFW.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\3mil\Meus documentos\Caio\Minhas Coisas\Meus Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\ARQUIV~1\FlashGet\Jccatch.dll

O2 - BHO: G-Buster Browser Defense Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\ARQUIV~1\FlashGet\fgiebar.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [MBM 5] "C:\Arquivos de programas\Motherboard Monitor 5\MBM5.EXE"

O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Arquivos de programas\Trend Micro\PC-cillin 2002\Pop3trap.exe"

O4 - HKLM\..\Run: [pccguide.exe] "C:\Arquivos de programas\Trend Micro\PC-cillin 2002\pccguide.exe"

O4 - HKLM\..\Run: [PCCClient.exe] "C:\Arquivos de programas\Trend Micro\PC-cillin 2002\PCCClient.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [AVG7_EMC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe

O4 - HKCU\..\Run: [uberIcon] "C:\WINDOWS\BricoPacks\Vista Inspirat\UberIcon\UberIcon Manager.exe"

O4 - HKCU\..\Run: [Cacheman] C:\ARQUIV~1\Cacheman\Cacheman.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [Rdr save] C:\DOCUME~1\3mil\DADOSD~1\SECTFA~1\media great rect.exe

O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe

O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\UberIcon\UberIcon Manager.exe

O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzShadow\YzShadow.exe

O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Inicialização rápida do HP Image Zone.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: Descarregar tudo com o FlashGet - C:\ARQUIV~1\FlashGet\jc_all.htm

O8 - Extra context menu item: Descarregar utilizando o FlashGet - C:\ARQUIV~1\FlashGet\jc_link.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARQUIV~1\FlashGet\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARQUIV~1\FlashGet\flashget.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} -

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{0419E3AB-3B88-4CB9-B40D-42BB02B5724D}: NameServer = 200.165.132.154,200.165.132.147

O17 - HKLM\System\CCS\Services\Tcpip\..\{CB092D10-614F-4593-A280-815DF7AE78E2}: NameServer = 200.165.132.154,200.165.132.147

O17 - HKLM\System\CS2\Services\Tcpip\..\{0419E3AB-3B88-4CB9-B40D-42BB02B5724D}: NameServer = 200.165.132.154,200.165.132.147

O17 - HKLM\System\CS3\Services\Tcpip\..\{0419E3AB-3B88-4CB9-B40D-42BB02B5724D}: NameServer = 200.165.132.154,200.165.132.147

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: ewido security suite control - ewido networks - C:\Arquivos de programas\Ewido anti-malware\ewidoctrl.exe

O23 - Service: ewido security suite guard - ewido networks - C:\Arquivos de programas\Ewido anti-malware\ewidoguard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\PC-cillin 2002\PCCPFW.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\PC-cillin 2002\Tmntsrv.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

É, o Lop não ia deixar barato. Está voltando mesmo tendo desinstalado o Messenger Plus:

O4 - HKCU\..\Run: [Rdr save] C:\DOCUME~1\3mil\DADOSD~1\SECTFA~1\media great rect.exe

Vai ser necessário usar o desinstalador do Lop e uma ferramenta que detecta os arquivos escondidos.

Baixe primeiro o FindLop > Extraia os arquivos para uma pasta própria mas não use ainda.

Faça o download do Lop Uninstaller de uma das URLs:

http://lop.com/new_uninstall.exe

http://homepage.ntlworld.com/tc.alpha85/lo...w_uninstall.exe

Se o seu antivírus detectar algum problema no arquivo, ignore. O arquivo é seguro.

Desabilite seu antivírus e qualquer antispyware. Rode-o. Coloque os números e confirme.

Faça um scan com o HijackThis e salve o log.

Rode o findlop.bat e depois localize o findlop.txt em C:\

Ative novamente o anti vírus e os anti spywares.

Poste:

Log do HijackThis

findlop.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

[TRACE] Enumerating jobs and queues

[TRACE] Activating job 'FAST Defrag.job'

[TRACE] Printing all job properties

ApplicationName: 'C:\ARQUIV~1\FASTDE~1\FAST2.EXE'

Parameters: ''

WorkingDirectory: 'C:\ARQUIV~1\FASTDE~1'

Comment: ''

Creator: '3mil'

Priority: NORMAL

MaxRunTime: 259200000 (3d 0:00:00)

IdleWait: 10

IdleDeadline: 60

MostRecentRun: 00/00/0000 0:00:00

NextRun: 00/00/0000 0:00:00

StartError: SCHED_E_ACCOUNT_INFORMATION_NOT_SET

ExitCode: 0

Status: SCHED_S_TASK_HAS_NOT_RUN

ScheduledWorkItem Flags:

DeleteWhenDone = 0

Suspend = 0

StartOnlyIfIdle = 0

KillOnIdleEnd = 0

RestartOnIdleResume = 0

DontStartIfOnBatteries = 1

KillIfGoingOnBatteries = 1

RunOnlyIfLoggedOn = 0

SystemRequired = 0

Hidden = 0

TaskFlags: 0

1 Trigger

Logfile of HijackThis v1.99.1

Scan saved at 17:22:00, on 12/1/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

C:\WINDOWS\system32\cisvc.exe

C:\Arquivos de programas\Motherboard Monitor 5\MBM5.EXE

C:\Arquivos de programas\Trend Micro\PC-cillin 2002\Pop3trap.exe

C:\Arquivos de programas\Trend Micro\PC-cillin 2002\PCCClient.exe

C:\Arquivos de programas\Ewido anti-malware\ewidoctrl.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

C:\WINDOWS\BricoPacks\Vista Inspirat\UberIcon\UberIcon Manager.exe

C:\ARQUIV~1\Cacheman\Cacheman.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe

C:\WINDOWS\BricoPacks\Vista Inspirat\YzShadow\YzShadow.exe

C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe

C:\Arquivos de programas\Trend Micro\PC-cillin 2002\WebTrap.EXE

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgalry.exe

C:\Arquivos de programas\Trend Micro\PC-cillin 2002\PCCPFW.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Grisoft\AVG Free\avgcc.exe

C:\Documents and Settings\3mil\Meus documentos\Caio\Minhas Coisas\Meus Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\ARQUIV~1\FlashGet\Jccatch.dll

O2 - BHO: G-Buster Browser Defense Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\ARQUIV~1\FlashGet\fgiebar.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [MBM 5] "C:\Arquivos de programas\Motherboard Monitor 5\MBM5.EXE"

O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Arquivos de programas\Trend Micro\PC-cillin 2002\Pop3trap.exe"

O4 - HKLM\..\Run: [pccguide.exe] "C:\Arquivos de programas\Trend Micro\PC-cillin 2002\pccguide.exe"

O4 - HKLM\..\Run: [PCCClient.exe] "C:\Arquivos de programas\Trend Micro\PC-cillin 2002\PCCClient.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [AVG7_EMC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe

O4 - HKCU\..\Run: [uberIcon] "C:\WINDOWS\BricoPacks\Vista Inspirat\UberIcon\UberIcon Manager.exe"

O4 - HKCU\..\Run: [Cacheman] C:\ARQUIV~1\Cacheman\Cacheman.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [Rdr save] C:\DOCUME~1\3mil\DADOSD~1\SECTFA~1\media great rect.exe

O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe

O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\UberIcon\UberIcon Manager.exe

O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzShadow\YzShadow.exe

O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Inicialização rápida do HP Image Zone.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: Descarregar tudo com o FlashGet - C:\ARQUIV~1\FlashGet\jc_all.htm

O8 - Extra context menu item: Descarregar utilizando o FlashGet - C:\ARQUIV~1\FlashGet\jc_link.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARQUIV~1\FlashGet\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARQUIV~1\FlashGet\flashget.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} -

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{0419E3AB-3B88-4CB9-B40D-42BB02B5724D}: NameServer = 200.165.132.154,200.165.132.147

O17 - HKLM\System\CCS\Services\Tcpip\..\{CB092D10-614F-4593-A280-815DF7AE78E2}: NameServer = 200.165.132.154,200.165.132.147

O17 - HKLM\System\CS2\Services\Tcpip\..\{0419E3AB-3B88-4CB9-B40D-42BB02B5724D}: NameServer = 200.165.132.154,200.165.132.147

O17 - HKLM\System\CS3\Services\Tcpip\..\{0419E3AB-3B88-4CB9-B40D-42BB02B5724D}: NameServer = 200.165.132.154,200.165.132.147

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: ewido security suite control - ewido networks - C:\Arquivos de programas\Ewido anti-malware\ewidoctrl.exe

O23 - Service: ewido security suite guard - ewido networks - C:\Arquivos de programas\Ewido anti-malware\ewidoguard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\PC-cillin 2002\PCCPFW.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\PC-cillin 2002\Tmntsrv.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

O log do FindLop está limpo. Só há mesmo aquela entrada.

Reinicie o PC e aperte F8 intermitentemente. No menu que vai aparecer, escolha: modo seguro.

Faça um scan com o HijackThis, marque as entradas abaixo e clique em Fix checked:

O4 - HKCU\..\Run: [Rdr save] C:\DOCUME~1\3mil\DADOSD~1\SECTFA~1\media great rect.exe

O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} -

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -

Reinicie em modo normal, faça um scan com o HijackThis e salve/poste o log.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Logfile of HijackThis v1.99.1

Scan saved at 17:44:24, on 12/1/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

C:\Arquivos de programas\Motherboard Monitor 5\MBM5.EXE

C:\Arquivos de programas\Trend Micro\PC-cillin 2002\Pop3trap.exe

C:\Arquivos de programas\Trend Micro\PC-cillin 2002\pccguide.exe

C:\Arquivos de programas\Trend Micro\PC-cillin 2002\PCCClient.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Program Files\ASUS\Probe\AsusProb.exe

C:\WINDOWS\BricoPacks\Vista Inspirat\UberIcon\UberIcon Manager.exe

C:\ARQUIV~1\Cacheman\Cacheman.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\WINDOWS\system32\cisvc.exe

C:\Arquivos de programas\Ewido anti-malware\ewidoctrl.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\Ewido anti-malware\ewidoguard.exe

C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe

C:\WINDOWS\BricoPacks\Vista Inspirat\YzShadow\YzShadow.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Trend Micro\PC-cillin 2002\Tmntsrv.exe

C:\Arquivos de programas\Trend Micro\PC-cillin 2002\WebTrap.EXE

C:\Arquivos de programas\Trend Micro\PC-cillin 2002\PCCPFW.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgalry.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\3mil\Meus documentos\Caio\Minhas Coisas\Meus Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\ARQUIV~1\FlashGet\Jccatch.dll

O2 - BHO: G-Buster Browser Defense Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\ARQUIV~1\FlashGet\fgiebar.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [MBM 5] "C:\Arquivos de programas\Motherboard Monitor 5\MBM5.EXE"

O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Arquivos de programas\Trend Micro\PC-cillin 2002\Pop3trap.exe"

O4 - HKLM\..\Run: [pccguide.exe] "C:\Arquivos de programas\Trend Micro\PC-cillin 2002\pccguide.exe"

O4 - HKLM\..\Run: [PCCClient.exe] "C:\Arquivos de programas\Trend Micro\PC-cillin 2002\PCCClient.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [AVG7_EMC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe

O4 - HKCU\..\Run: [uberIcon] "C:\WINDOWS\BricoPacks\Vista Inspirat\UberIcon\UberIcon Manager.exe"

O4 - HKCU\..\Run: [Cacheman] C:\ARQUIV~1\Cacheman\Cacheman.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe

O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\UberIcon\UberIcon Manager.exe

O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzShadow\YzShadow.exe

O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Inicialização rápida do HP Image Zone.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: Descarregar tudo com o FlashGet - C:\ARQUIV~1\FlashGet\jc_all.htm

O8 - Extra context menu item: Descarregar utilizando o FlashGet - C:\ARQUIV~1\FlashGet\jc_link.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARQUIV~1\FlashGet\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARQUIV~1\FlashGet\flashget.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} -

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{0419E3AB-3B88-4CB9-B40D-42BB02B5724D}: NameServer = 200.165.132.154,200.165.132.147

O17 - HKLM\System\CCS\Services\Tcpip\..\{CB092D10-614F-4593-A280-815DF7AE78E2}: NameServer = 200.165.132.154,200.165.132.147

O17 - HKLM\System\CS2\Services\Tcpip\..\{0419E3AB-3B88-4CB9-B40D-42BB02B5724D}: NameServer = 200.165.132.154,200.165.132.147

O17 - HKLM\System\CS3\Services\Tcpip\..\{0419E3AB-3B88-4CB9-B40D-42BB02B5724D}: NameServer = 200.165.132.154,200.165.132.147

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: ewido security suite control - ewido networks - C:\Arquivos de programas\Ewido anti-malware\ewidoctrl.exe

O23 - Service: ewido security suite guard - ewido networks - C:\Arquivos de programas\Ewido anti-malware\ewidoguard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\PC-cillin 2002\PCCPFW.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\PC-cillin 2002\Tmntsrv.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Modo de segurança é o mesmo modo seguro. Se fez em modo normal, repita em modo de segurança o Fix nestas entradas:

O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} -

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -

Reinicie em modo normal e gere um novo log e poste.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Logfile of HijackThis v1.99.1

Scan saved at 18:19:18, on 12/1/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

C:\Arquivos de programas\Motherboard Monitor 5\MBM5.EXE

C:\Arquivos de programas\Trend Micro\PC-cillin 2002\Pop3trap.exe

C:\Arquivos de programas\Trend Micro\PC-cillin 2002\pccguide.exe

C:\Arquivos de programas\Trend Micro\PC-cillin 2002\PCCClient.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Program Files\ASUS\Probe\AsusProb.exe

C:\WINDOWS\BricoPacks\Vista Inspirat\UberIcon\UberIcon Manager.exe

C:\ARQUIV~1\Cacheman\Cacheman.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe

C:\WINDOWS\BricoPacks\Vista Inspirat\YzShadow\YzShadow.exe

C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\WINDOWS\system32\cisvc.exe

C:\Arquivos de programas\Ewido anti-malware\ewidoctrl.exe

C:\Arquivos de programas\Ewido anti-malware\ewidoguard.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Trend Micro\PC-cillin 2002\Tmntsrv.exe

C:\Arquivos de programas\Trend Micro\PC-cillin 2002\PCCPFW.exe

C:\Arquivos de programas\Trend Micro\PC-cillin 2002\WebTrap.EXE

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgalry.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Documents and Settings\3mil\Meus documentos\Caio\Minhas Coisas\Meus Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\ARQUIV~1\FlashGet\Jccatch.dll

O2 - BHO: G-Buster Browser Defense Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\ARQUIV~1\FlashGet\fgiebar.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [MBM 5] "C:\Arquivos de programas\Motherboard Monitor 5\MBM5.EXE"

O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Arquivos de programas\Trend Micro\PC-cillin 2002\Pop3trap.exe"

O4 - HKLM\..\Run: [pccguide.exe] "C:\Arquivos de programas\Trend Micro\PC-cillin 2002\pccguide.exe"

O4 - HKLM\..\Run: [PCCClient.exe] "C:\Arquivos de programas\Trend Micro\PC-cillin 2002\PCCClient.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [AVG7_EMC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe

O4 - HKCU\..\Run: [uberIcon] "C:\WINDOWS\BricoPacks\Vista Inspirat\UberIcon\UberIcon Manager.exe"

O4 - HKCU\..\Run: [Cacheman] C:\ARQUIV~1\Cacheman\Cacheman.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe

O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\UberIcon\UberIcon Manager.exe

O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzShadow\YzShadow.exe

O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Inicialização rápida do HP Image Zone.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: Descarregar tudo com o FlashGet - C:\ARQUIV~1\FlashGet\jc_all.htm

O8 - Extra context menu item: Descarregar utilizando o FlashGet - C:\ARQUIV~1\FlashGet\jc_link.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARQUIV~1\FlashGet\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARQUIV~1\FlashGet\flashget.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} -

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{0419E3AB-3B88-4CB9-B40D-42BB02B5724D}: NameServer = 200.165.132.154,200.165.132.147

O17 - HKLM\System\CCS\Services\Tcpip\..\{CB092D10-614F-4593-A280-815DF7AE78E2}: NameServer = 200.165.132.154,200.165.132.147

O17 - HKLM\System\CS2\Services\Tcpip\..\{0419E3AB-3B88-4CB9-B40D-42BB02B5724D}: NameServer = 200.165.132.154,200.165.132.147

O17 - HKLM\System\CS3\Services\Tcpip\..\{0419E3AB-3B88-4CB9-B40D-42BB02B5724D}: NameServer = 200.165.132.154,200.165.132.147

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: ewido security suite control - ewido networks - C:\Arquivos de programas\Ewido anti-malware\ewidoctrl.exe

O23 - Service: ewido security suite guard - ewido networks - C:\Arquivos de programas\Ewido anti-malware\ewidoguard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\PC-cillin 2002\PCCPFW.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\PC-cillin 2002\Tmntsrv.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bem, o Fix do HijackThis não está resolvendo. Vamos deixar esta em paz que é de um plug-in que você tinha da Macromedia (Flash):

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -

Para a do Zango siga estas instruções:

Selecione e copie no Bloco de notas o que está dentro do Quote:

REGEDIT4

[-HKEY_CLASSES_ROOT\CLSID\{8FCDF9D9-A28B-480F-8C3D-581F119A8AB8}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FCDF9D9-A28B-480F-8C3D-581F119A8AB8}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FCDF9D9-A28B-480F-8C3D-581F119A8AB8}]

O REGEDIT4 fica colado aonde se inicia o texto no bloco. Não altere em nada a disposição do que colou.

Salve no desktop com o nome zangofix.reg e colocando como tipo de arquivo: todos os arquivos.

Reinicie o PC e aperte F8 intermitentemente. No menu que vai aparecer, escolha: modo seguro.

Localize no desktop o zangofix.reg e dê um duplo-clique em cima. Aceite a incorporação no registro.

Faça um scan com o HijackThis, marque a entrada abaixo, se ainda a encontrar e clique em Fix checked:

O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} -

Reinicie em modo normal, faça um scan com o HijackThis e salve/poste o log.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Logfile of HijackThis v1.99.1

Scan saved at 15:15:38, on 13/1/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

C:\Arquivos de programas\Motherboard Monitor 5\MBM5.EXE

C:\Arquivos de programas\Trend Micro\PC-cillin 2002\Pop3trap.exe

C:\Arquivos de programas\Trend Micro\PC-cillin 2002\pccguide.exe

C:\Arquivos de programas\Trend Micro\PC-cillin 2002\PCCClient.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Program Files\ASUS\Probe\AsusProb.exe

C:\WINDOWS\BricoPacks\Vista Inspirat\UberIcon\UberIcon Manager.exe

C:\ARQUIV~1\Cacheman\Cacheman.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\cisvc.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\Trend Micro\PC-cillin 2002\WebTrap.EXE

C:\Arquivos de programas\Ewido anti-malware\ewidoctrl.exe

C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe

C:\WINDOWS\BricoPacks\Vista Inspirat\YzShadow\YzShadow.exe

C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe

C:\Arquivos de programas\Ewido anti-malware\ewidoguard.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Trend Micro\PC-cillin 2002\Tmntsrv.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgalry.exe

C:\Arquivos de programas\Trend Micro\PC-cillin 2002\PCCPFW.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Documents and Settings\3mil\Meus documentos\Caio\Minhas Coisas\Meus Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\ARQUIV~1\FlashGet\Jccatch.dll

O2 - BHO: G-Buster Browser Defense Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\ARQUIV~1\FlashGet\fgiebar.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [MBM 5] "C:\Arquivos de programas\Motherboard Monitor 5\MBM5.EXE"

O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Arquivos de programas\Trend Micro\PC-cillin 2002\Pop3trap.exe"

O4 - HKLM\..\Run: [pccguide.exe] "C:\Arquivos de programas\Trend Micro\PC-cillin 2002\pccguide.exe"

O4 - HKLM\..\Run: [PCCClient.exe] "C:\Arquivos de programas\Trend Micro\PC-cillin 2002\PCCClient.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [AVG7_EMC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe

O4 - HKCU\..\Run: [uberIcon] "C:\WINDOWS\BricoPacks\Vista Inspirat\UberIcon\UberIcon Manager.exe"

O4 - HKCU\..\Run: [Cacheman] C:\ARQUIV~1\Cacheman\Cacheman.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe

O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\UberIcon\UberIcon Manager.exe

O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzShadow\YzShadow.exe

O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Inicialização rápida do HP Image Zone.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: Descarregar tudo com o FlashGet - C:\ARQUIV~1\FlashGet\jc_all.htm

O8 - Extra context menu item: Descarregar utilizando o FlashGet - C:\ARQUIV~1\FlashGet\jc_link.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARQUIV~1\FlashGet\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARQUIV~1\FlashGet\flashget.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} -

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{0419E3AB-3B88-4CB9-B40D-42BB02B5724D}: NameServer = 200.165.132.154,200.165.132.147

O17 - HKLM\System\CCS\Services\Tcpip\..\{CB092D10-614F-4593-A280-815DF7AE78E2}: NameServer = 200.165.132.154,200.165.132.147

O17 - HKLM\System\CS2\Services\Tcpip\..\{0419E3AB-3B88-4CB9-B40D-42BB02B5724D}: NameServer = 200.165.132.154,200.165.132.147

O17 - HKLM\System\CS3\Services\Tcpip\..\{0419E3AB-3B88-4CB9-B40D-42BB02B5724D}: NameServer = 200.165.132.154,200.165.132.147

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: ewido security suite control - ewido networks - C:\Arquivos de programas\Ewido anti-malware\ewidoctrl.exe

O23 - Service: ewido security suite guard - ewido networks - C:\Arquivos de programas\Ewido anti-malware\ewidoguard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\PC-cillin 2002\PCCPFW.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\PC-cillin 2002\Tmntsrv.exe

não sai de jeito nenhum!!!

Compartilhar este post


Link para o post
Compartilhar em outros sites

É somente a CLSID do Zango que ainda está em algum lugar do Registro. O fix foi para as chaves, que consegui por pesquisas, onde o Zango poderia estar. Se quiser deletar esta CLSID terá de procurá-la no seu Registro.

Em modo de segurança, siga estas instruções.

Iniciar > Executar > digite: regedit

No menu Editar clique em Localizar... e na caixa coloque:

{8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} <<< copie e cole

Clique no botão Localizar próxima... que vai mostrar aonde está.

No lado direito do Editor, vai estar a CLSID do Zango e aí é só excluí-la.

Feche o Editor do Registro, faça um scan com o HijackThis e se ainda encontrar a entrada, marque e clique em Fix checked:

O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} -

Reinicie em modo normal, gere um novo log com o HijackThis e poste.

OBS: Se não tiver segurança em usar o Editor do Registro e não quiser seguir estas instruções, não há problema, pois esta entrada está sem o arquivo e assim não causará mais nada.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.
Entre para seguir isso  





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×