Ir ao conteúdo
  • Cadastre-se
Entre para seguir isso  
copacabana1

Remocao do win32.Adan-025

Posts recomendados

Oi gente.

Depois de quebrar a cabeca lendo os topicos eu resolvi escrever de novo mesmo depois da primeira pergunta *****.

Eu pesquisei e li muito sobre muitos win32.Adan nas nenhum 025. Sou muito novata nessa area, ;mas notei que a correção desses win 32 tem certo padrão. Fiz o do tutorial e depois desiti e instalei o hijack mas não sei o que fazer depois disso.

O lap deu problemas ha DOIS ANOS atrás e o dono resolveu deixar o lap no porao e comprar um de mesa.

Agora os dois estão com problemas.

Eu vi em um topico dos arquivos antigos que vocês precisam do resultado hijack, então aqui vai.

Logfile of HijackThis v1.99.1

Scan saved at 11:40:18 AM, on 11/8/06

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\PROGRAM FILES\EASY INTERNET\ENCMONTR.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\PROGRAM FILES\AUDIORACK\ESSCDMON.EXE

C:\PROGRAM FILES\COMMON FILES\WINTOOLS\WTOOLSA.EXE

C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE

C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE

C:\WINDOWS\EXPLORER.EXE

C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSSTAT.EXE

C:\PROGRAM FILES\TOOLBAR\TBPS.EXE

C:\PROGRAM FILES\TOOLBAR\PIB.EXE

C:\WINDOWS\SYSTEM\RNAAPP.EXE

C:\WINDOWS\SYSTEM\TAPISRV.EXE

C:\PROGRAM FILES\COMMON FILES\WINTOOLS\WSUP.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPLPR.EXE

C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPENH.EXE

C:\PROGRAM FILES\AMD\POWERNOW!\GEMBACK.EXE

C:\WINDOWS\LOADQM.EXE

C:\PROGRAM FILES\MSN APPS\UPDATER\01.02.3000.1001\EN-US\MSNAPPAU.EXE

C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE

C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE

C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\AVCONSOL.EXE

C:\WINDOWS\SYSTEM\RPCSS.EXE

C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\PROGRAM FILES\NETZERO\EXEC.EXE

C:\PROGRAM FILES\NETZERO\EXEC.EXE

C:\PROGRAM FILES\NETZERO\QSACC\X1EXEC.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50188

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mynetzero.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50188

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/p/hpmcd/?http://www.y.../hp/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50188

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSB.DLL

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_5_0.DLL

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.02.3000.1002\EN-XU\STMAIN.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLST.DLL

O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL

O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSB.DLL

O2 - BHO: X1IEHook Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\PROGRAM FILES\NETZERO\QSACC\X1IEBHO.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\PROGRAM FILES\NETZERO\TOOLBAR.DLL

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL

O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_5_0.DLL

O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\PROGRAM FILES\NETZERO\TOOLBAR.DLL

O4 - HKLM\..\Run: [scanRegistry] c:\windows\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe

O4 - HKLM\..\Run: [systemTray] systray.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [AMD PowerNow!] "C:\Program Files\AMD\PowerNow!\GemBack.exe"

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"

O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\TOOLBAR\TBPS.exe

O4 - HKLM\..\Run: [webscan] C:\PROGRAM FILES\ACCELERATION SOFTWARE\ANTI-VIRUS\STOPSIGNAV.EXE -k

O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE

O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe

O4 - HKLM\..\Run: [AvconsoleEXE] C:\Program Files\Network Associates\McAfee VirusScan\avconsol.exe /minimize

O4 - HKLM\..\Run: [VsecomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSEcomR.EXE

O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE

O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING

O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE

O4 - HKLM\..\RunServices: [Encompass_ENCMONTR] C:\Program Files\Easy Internet\ENCMONTR.EXE

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [ESS CD Button Monitor] C:\Program Files\AudioRack\esscdmon.exe

O4 - HKLM\..\RunServices: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE

O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe

O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE

O4 - HKLM\..\RunServicesOnce: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE /boot

O4 - HKLM\..\RunServicesOnce: [TBPS] C:\PROGRA~1\TOOLBAR\TBPS.exe /boot

O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"

O4 - HKCU\..\Run: [MsnMsgr] "c:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\nzspc.exe" -w

O4 - HKCU\..\RunServices: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"

O4 - HKCU\..\RunServices: [MsnMsgr] "c:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\RunServices: [spc_w] "C:\Program Files\NZSearch\nzspc.exe" -w

O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

O4 - Startup: QuickLink III.lnk = C:\PROGRAM FILES\QUICKLINK III\QL.exe

O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: Display All Images with Full Quality - res://C:\PROGRAM FILES\NETZERO\QSACC\appres.dll/228

O8 - Extra context menu item: Display Image with Full Quality - res://C:\PROGRAM FILES\NETZERO\QSACC\appres.dll/227

O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~4\OFFICE10\EXCEL.EXE/3000

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50188/QDow_AS2.cab

O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab

O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL

Pra mim isso parece motor de carro. Muita peca para entender.

Obrigada pela ajuda.

E agora para complicar o Avast do computador de mesa não saiu do modo de segurança. Depois que eu segui os passos sugeridos pelo Dohko no comeco do forum.

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Abra o HijackThis, clique em Do a system scan only e marque as entradas abaixo:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50188

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mynetzero.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50188

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50188

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLST.DLL

O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL

O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSB.DLL

O2 - BHO: X1IEHook Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\PROGRAM FILES\NETZERO\QSACC\X1IEBHO.DLL

O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\PROGRAM FILES\NETZERO\TOOLBAR.DLL

O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50188/QDow_AS2.cab

O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab

O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL

- Feche todas as janelas, clique em ht-fix.png e em Sim;

- Faça um scan em http://www.kaspersky.com/virusscanner e poste o resultado aqui juntamente com um novo log do HijackThis.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Jose Melo meu filho!!!!

Vou te dar um beeeeiiiiijoooooooo.

Vou abrir o pedroso e fazer o que me mandou.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Jose Melo.

Eu notei que as primeiras entradas que voce me mandou marcar sao do meu provedor a Netzero.

Se eu passar o Hijack nele vai apaga-lo??? Pois sem ele eu não conecto a net. Ou vai so verificar se tem meleca dentro, limpar e deixa-lo para uso depois?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desconsidere as entradas do Netzero e prossiga com os procedimentos.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ola!!

Procedimentos feitos mas o Avast ainda acusa o virus win32.Adan-025 so que agora ele avisa sobre o tal virus ainda no teste de memoria. O laptop continua ultramegamaster lento. Passei o Norton on line e não acusou coisa alguma. Mas não notei diferenca/melhora no lap.

O Kaspersky deu esse resultado.

KASPERSKY ONLINE SCANNER REPORT

Monday, November 13, 2006 11:23:14 AM

Operating System: Microsoft Windows 98 SE

Kaspersky Online Scanner version: 5.0.83.0

Kaspersky Anti-Virus database last update: 13/11/2006

Kaspersky Anti-Virus database records: 227366

Scan Settings

Scan using the following antivirus database standard

Scan Archives true

Scan Mail Bases true

Scan Target My Computer

a:\

c:\

d:\

Scan Statistics

Total number of scanned objects 21432

Number of viruses found 0

Number of infected objects 0 / 0

Number of suspicious objects 0

Duration of the scan process 01:25:39

Infected Object Name Virus Name Last Action

c:\WINDOWS\TEMP\_avast4_\Webshlock.txt Object is locked skipped

c:\WINDOWS\SchedLog.Txt Object is locked skipped

c:\WINDOWS\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

c:\WINDOWS\Cookies\index.dat Object is locked skipped

c:\WINDOWS\History\History.IE5\index.dat Object is locked skipped

c:\WINDOWS\WIN386.SWP Object is locked skipped

c:\WINDOWS\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped

c:\WINDOWS\ESS ES56CVM-PI Data Fax Voice Modem.log Object is locked skipped

c:\Program Files\NetZero\qsacc\dblog.txt Object is locked skipped

c:\Program Files\NetZero\qsacc\sdi.db Object is locked skipped

c:\Program Files\NetZero\PhoneRecs.dat Object is locked skipped

c:\Program Files\NetZero\DialGroups.dat Object is locked skipped

c:\Program Files\NetZero\basket\FIx9IRJ4IAI.spe Object is locked skipped

c:\Program Files\NetZero\custlog.txt Object is locked skipped

c:\Program Files\NetZero\MainExceptions.log Object is locked skipped

c:\Program Files\NetZero\BootExceptions.log Object is locked skipped

c:\Program Files\NetZero\ExecExceptions.log Object is locked skipped

c:\Program Files\Alwil Software\Avast4\DATA\report\Proteção residente.txt Object is locked skipped

c:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped

c:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped

c:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped

c:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped

c:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped

Scan process completed.

e o Hijack This deu esse resultado:

Logfile of HijackThis v1.99.1

Scan saved at 11:25:35 AM, on 11/13/06

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\PROGRAM FILES\EASY INTERNET\ENCMONTR.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\PROGRAM FILES\AUDIORACK\ESSCDMON.EXE

C:\PROGRAM FILES\COMMON FILES\WINTOOLS\WTOOLSA.EXE

C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE

C:\WINDOWS\EXPLORER.EXE

C:\PROGRAM FILES\TOOLBAR\TBPS.EXE

C:\PROGRAM FILES\TOOLBAR\PIB.EXE

C:\PROGRAM FILES\COMMON FILES\WINTOOLS\WSUP.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPLPR.EXE

C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPENH.EXE

C:\PROGRAM FILES\AMD\POWERNOW!\GEMBACK.EXE

C:\WINDOWS\LOADQM.EXE

C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE

C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE

C:\PROGRAM FILES\NETZERO\EXEC.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\WINDOWS\SYSTEM\RNAAPP.EXE

C:\WINDOWS\SYSTEM\RPCSS.EXE

C:\WINDOWS\SYSTEM\TAPISRV.EXE

C:\PROGRAM FILES\NETZERO\EXEC.EXE

C:\PROGRAM FILES\NETZERO\QSACC\X1EXEC.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50188

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mynetzero.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50188

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/p/hpmcd/?http://www.y.../hp/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50188

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:7900

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 64.136.29.30;64.136.21.30;64.136.29.34;searchap.untd.com;127.0.0.1;localhost;*microsoft.com;*windowsupdate.com;*wustat.windows.com;*.pogo.com;*.worldwinner.com;*test-speed.com;liveupdate.symantecliveupdate.com;*symantec.com;*.nai.com;*.networkassociates.com;*photosite.com;*.dir.untd.com;*.prod.untd.com;*.qvc.com;<local>

R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSB.DLL

O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSB.DLL

O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)

O2 - BHO: X1IEHook Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\PROGRAM FILES\NETZERO\QSACC\X1IEBHO.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\PROGRAM FILES\NETZERO\TOOLBAR.DLL

O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL

O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\PROGRAM FILES\NETZERO\TOOLBAR.DLL

O4 - HKLM\..\Run: [scanRegistry] c:\windows\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe

O4 - HKLM\..\Run: [systemTray] systray.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [AMD PowerNow!] "C:\Program Files\AMD\PowerNow!\GemBack.exe"

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\TOOLBAR\TBPS.exe

O4 - HKLM\..\Run: [webscan] C:\PROGRAM FILES\ACCELERATION SOFTWARE\ANTI-VIRUS\STOPSIGNAV.EXE -k

O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE

O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe

O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE

O4 - HKLM\..\RunServices: [Encompass_ENCMONTR] C:\Program Files\Easy Internet\ENCMONTR.EXE

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [ESS CD Button Monitor] C:\Program Files\AudioRack\esscdmon.exe

O4 - HKLM\..\RunServices: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE

O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe

O4 - HKLM\..\RunServicesOnce: [TBPS] C:\PROGRA~1\TOOLBAR\TBPS.exe /boot

O4 - HKLM\..\RunServicesOnce: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE /boot

O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"

O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\nzspc.exe" -w

O4 - HKCU\..\RunServices: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"

O4 - HKCU\..\RunServices: [spc_w] "C:\Program Files\NZSearch\nzspc.exe" -w

O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: Display All Images with Full Quality - res://C:\PROGRAM FILES\NETZERO\QSACC\appres.dll/228

O8 - Extra context menu item: Display Image with Full Quality - res://C:\PROGRAM FILES\NETZERO\QSACC\appres.dll/227

O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~4\OFFICE10\EXCEL.EXE/3000

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_ansi.cab

O que eu fiz errado ou esqueci de fazer??? Pois acho que dei alguma bola fora no meio do caminho. E por isso não cheguei no final feliz.

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Abra o Painel de Controle > Adicionar ou Remover Programas e desinstale:

WebScan

- Faça o download do Killbox e execute-o:

  • Marque a opção Delete on Reboot. Copie a lista abaixo (selecione e clique em Editar > Copiar ou pressione Ctrl + C):

C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE

  • Volte ao KillBox. Clique em File > Paste from clipboard. Clique no botão All Files;
  • Clique no killbox.png e responda Não à pergunta.

- Reinicie o computador em Modo de Segurança (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização);

- Abra o HijackThis, clique em Do a system scan only e marque as entradas abaixo:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50188

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50188

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50188

O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE

O4 - HKLM\..\RunServices: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE

O4 - HKLM\..\RunServicesOnce: [TBPS] C:\PROGRA~1\TOOLBAR\TBPS.exe /boot

O4 - HKLM\..\RunServicesOnce: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE /boot

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

- Feche todas as janelas, clique em ht-fix.png e em Sim;

- Apague a pasta em destaque:

C:\PROGRAM FILES\ACCELERATION SOFTWARE

- Reinicie em modo normal, veja se o problema ainda ocorre, gere novo log e cole na sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

voce disse nas duas primeiras frases so o WebScan. Fui la mas so achei

web Search toolbar

web Search Tools

win-tools Easy Installer (by web Search)

Sera que e um deles?? E sobre a pasta "ACCELERATION SOFTWARE" ha pouco tempo foi baixado um hiSpeed no provedor netzero, voce acha que essa pasta pode ser isso? Se for, e eu deletar, vai deixar a conecxao lenta de novo.(correção: Mais lenta do que já e, de novo?)

Obrigada.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desinstale os três e apague a pasta.

E sobre a pasta "ACCELERATION SOFTWARE" ha pouco tempo foi baixado um hiSpeed no provedor netzero, voce acha que essa pasta pode ser isso?

Se foi, o programa não é recomendado.

http://www.bleepingcomputer.com/startups/s...v.exe-6222.html

Após os procedimentos gere novo log e cole na sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Oi

Tentei fazer o que mandou o dia todo.rsrs

Removi os tres programas de web e passei o killbox. Meu modo de segurança tenho que segurar o ctrl(achar isso já foram duas horas) abri o hijackthis mas 80% das entradas que voce citou acima sumiram. Achei so os com inicio 09.

então fiz todos os procedimentos de novo(as vezes foi algo que fiz errado) mas deu mesmo resultado. As entradas acima sumiram. Usei o hijack so nos que eu tinha.

não achei mais a pasta do acceleration para apaga-la.

Voltei para o modo normal e mais uma vez o Avast não voltou. Tive que desinstala-lo e instalar de novo. Passei o avast outra vez para ver o resultado e ele acusou o mesmo virus mas em endereco direfente.

c:\backups\backup-20061111-081510-498.dll (obs:o computador continua lento)

Via das duvidas passei o hijack de novo e salvei o arquivo.

Segue abaixo.

Logfile of HijackThis v1.99.1

Scan saved at 2:43:30 PM, on 11/14/06

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\PROGRAM FILES\EASY INTERNET\ENCMONTR.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\PROGRAM FILES\AUDIORACK\ESSCDMON.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPLPR.EXE

C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPENH.EXE

C:\PROGRAM FILES\AMD\POWERNOW!\GEMBACK.EXE

C:\WINDOWS\LOADQM.EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE

C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE

C:\WINDOWS\SYSTEM\RNAAPP.EXE

C:\WINDOWS\SYSTEM\TAPISRV.EXE

C:\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mynetzero.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/p/hpmcd/?http://www.y.../hp/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.net/s/search?r=minisearch

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\PROGRAM FILES\NZSEARCH\SEARCHENH1.DLL

O2 - BHO: Popup-Blocker Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\PROGRAM FILES\NETZERO\QSACC\X1IEBHO.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\PROGRAM FILES\NETZERO\TOOLBAR.DLL

O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\PROGRAM FILES\NETZERO\TOOLBAR.DLL

O4 - HKLM\..\Run: [scanRegistry] c:\windows\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe

O4 - HKLM\..\Run: [systemTray] systray.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [AMD PowerNow!] "C:\Program Files\AMD\PowerNow!\GemBack.exe"

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [webscan] C:\PROGRAM FILES\ACCELERATION SOFTWARE\ANTI-VIRUS\STOPSIGNAV.EXE -k

O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE

O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe

O4 - HKLM\..\RunServices: [Encompass_ENCMONTR] C:\Program Files\Easy Internet\ENCMONTR.EXE

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [ESS CD Button Monitor] C:\Program Files\AudioRack\esscdmon.exe

O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe

O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"

O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\nzspc.exe" -w

O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: Display All Images with Full Quality - res://C:\PROGRAM FILES\NETZERO\QSACC\appres.dll/228

O8 - Extra context menu item: Display Image with Full Quality - res://C:\PROGRAM FILES\NETZERO\QSACC\appres.dll/227

O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~4\OFFICE10\EXCEL.EXE/3000

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_ansi.cab

voce acha boa ideia passar o kaspersky de novo???

Obrigada de novo.

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Abra o HijackThis, clique em Do a system scan only e marque a entrada abaixo:

O4 - HKLM\..\Run: [webscan] C:\PROGRAM FILES\ACCELERATION SOFTWARE\ANTI-VIRUS\STOPSIGNAV.EXE -k

- Feche todas as janelas, clique em ht-fix.png e em Sim;

- No mais o log está limpo;

- Apague a pasta backups que está em C:\ e C:\!Killbox;

- Recomendo uma manutenção no computador para exclusão dos arquivos temporários, desnecessários e entradas inválidas no registro. Faça o download do CCleaner:

  • Abra o programa e clique em Executar Cleaner;
  • Após isto, clique em Erros > Procurar erros > Corrigir Erros

- Leia o artigo Proteja seu PC para mais informações sobre como evitar infecções;

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ai que maravilha!!

Depois do cleaner e de apagar a pasta backup o laptop ficou perfeito. Melhor so se instalar o xp.

Tenho problemas no computador de mesa como eu disse no comeco, mas não e com o Adan-025. Posso postar o log dele aqui ou tenho que abrir outro topico?

Segue log do laptop,limpinho, limpinho.

Logfile of HijackThis v1.99.1

Scan saved at 8:20:40 AM, on 11/15/06

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\PROGRAM FILES\EASY INTERNET\ENCMONTR.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\PROGRAM FILES\AUDIORACK\ESSCDMON.EXE

C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPLPR.EXE

C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPENH.EXE

C:\PROGRAM FILES\AMD\POWERNOW!\GEMBACK.EXE

C:\WINDOWS\LOADQM.EXE

C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE

C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE

C:\WINDOWS\SYSTEM\RPCSS.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\WINDOWS\SYSTEM\RNAAPP.EXE

C:\WINDOWS\SYSTEM\TAPISRV.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\PROGRAM FILES\NETZERO\EXEC.EXE

C:\PROGRAM FILES\NETZERO\EXEC.EXE

C:\PROGRAM FILES\NETZERO\QSACC\X1EXEC.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mynetzero.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/p/hpmcd/?http://www.y.../hp/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.net/s/search?r=minisearch

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:7900

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 64.136.29.30;64.136.21.30;64.136.29.34;searchap.untd.com;127.0.0.1;localhost;*microsoft.com;*windowsupdate.com;*wustat.windows.com;*.pogo.com;*.worldwinner.com;*test-speed.com;liveupdate.symantecliveupdate.com;*symantec.com;*.nai.com;*.networkassociates.com;*photosite.com;*.dir.untd.com;*.prod.untd.com;*.qvc.com;<local>

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\PROGRAM FILES\NZSEARCH\SEARCHENH1.DLL

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN0\YT.DLL

O2 - BHO: Popup-Blocker Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\PROGRAM FILES\NETZERO\QSACC\X1IEBHO.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\PROGRAM FILES\NETZERO\TOOLBAR.DLL

O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\PROGRAM FILES\NETZERO\TOOLBAR.DLL

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN0\YT.DLL

O4 - HKLM\..\Run: [scanRegistry] c:\windows\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe

O4 - HKLM\..\Run: [systemTray] systray.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [AMD PowerNow!] "C:\Program Files\AMD\PowerNow!\GemBack.exe"

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE

O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe

O4 - HKLM\..\RunServices: [Encompass_ENCMONTR] C:\Program Files\Easy Internet\ENCMONTR.EXE

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [ESS CD Button Monitor] C:\Program Files\AudioRack\esscdmon.exe

O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe

O4 - HKLM\..\RunOnce: [untd_recovery] "C:\PROGRAM FILES\NETZERO\QSACC\X1EXEC.EXE"

O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"

O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\nzspc.exe" -w

O4 - HKCU\..\RunServices: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"

O4 - HKCU\..\RunServices: [spc_w] "C:\Program Files\NZSearch\nzspc.exe" -w

O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: Display All Images with Full Quality - res://C:\PROGRAM FILES\NETZERO\QSACC\appres.dll/228

O8 - Extra context menu item: Display Image with Full Quality - res://C:\PROGRAM FILES\NETZERO\QSACC\appres.dll/227

O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~4\OFFICE10\EXCEL.EXE/3000

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_ansi.cab

Compartilhar este post


Link para o post
Compartilhar em outros sites

CASO RESOLVIDO!

Caso o autor do tópico necessite, o mesmo será reaberto, para isso o mesmo deverá procurar um Moderador da área e solicitar o desbloqueio!

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.
Entre para seguir isso  





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×
×
  • Criar novo...

 

javaweb-popup.jpg

CURSO ONLINE DE PROGRAMAÇÃO
FULL STACK

Entre para o mercado que paga mais de R$ 12.000 por mês e não tem crise!

CLIQUE AQUI E INSCREVA-SE AGORA MESMO!