barck 0 Denunciar post Postado Outubro 24, 2006 Logfile of HijackThis v1.99.1 Scan saved at 07:52:43, on 16/9/2006 Platform: Windows 2000 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe c:\arquivos de programas\Bin\NetMonSV.exe C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe C:\WINNT\System32\svchost.exe C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe c:\arquivos de programas\Bin\mksmonsv.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\inetsrv\inetinfo.exe C:\WINNT\Explorer.exe C:\WINNT\System32\RunDll32.exe C:\WINNT\loadqm.exe C:\Arquivos de programas\MSN Apps\Updater\01.03.0000.1005\pt-br\msnappau.exe C:\Arquivos de programas\Creative\Shared Files\CAMTRAY.EXE C:\arquivos de programas\Bin\mks_menu.exe C:\arquivos de programas\Bin\ABregmon.exe C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\Arquivos de programas\Ahead\InCD\InCD.exe C:\WINNT\System32\cmrss.dll.exe C:\WINNT\System32\isass.exe C:\WINNT\System32\iexplorer.dll.exe C:\WINNT\System32\internat.exe c:\arquiv~1\intern~1\iexplore.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\Arquivos de programas\Samsung\Digimax Viewer 2.1\STImgBrowser.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe C:\Arquivos de programas\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\arquivos de programas\Bin\mks_scan.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\WINNT\System32\drwtsn32.exe C:\WINNT\System32\drwtsn32.exe C:\WINNT\System32\drwtsn32.exe C:\WINNT\System32\drwtsn32.exe C:\WINNT\System32\drwtsn32.exe C:\WINNT\System32\drwtsn32.exe C:\WINNT\System32\drwtsn32.exe C:\WINNT\System32\drwtsn32.exe C:\WINNT\System32\drwtsn32.exe C:\WINNT\System32\drwtsn32.exe C:\WINNT\System32\drwtsn32.exe C:\WINNT\System32\drwtsn32.exe C:\hijack\HijackThis.exe C:\WINNT\System32\drwtsn32.exe C:\WINNT\System32\msbcs.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://web.kjaeuhqzdgwsssnk.uk/Eql9owraedo...RI1eJai9_M.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = &http://home.microsoft.com/intl/br/access/allinone.asp O2 - BHO: XBTP05231 - {031F120A-BBAF-45d8-B306-375F2A6B9398} - C:\ARQUIV~1\ALCOHO~1\ALCOHO~2\a120_tb.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SABHO - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - c:\arquivos de programas\zango\zangohook.dll (file missing) O2 - BHO: (no name) - {4BEABC1E-CB65-B0D1-BE52-C0F14353F301} - C:\DOCUME~1\ADMINI~1\DADOSD~1\SIXTHP~1\CLOCK OPTION.exe O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Arquivos de programas\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\01.02.5000.1021\pt-br\msntb.dll O2 - BHO: IEHlprObj Class - {F62A47A7-4CA3-9D00-95A3-6724d43a9E8C} - LineAudio.dll (file missing) O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\01.02.5000.1021\pt-br\msntb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Zango Toolbar - {EA0D26BD-9029-431A-86E0-83152D67828A} - C:\Program Files\Zango Programs\Zango Toolbar\ZangoTB.dll (file missing) O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [msnappau] "C:\Arquivos de programas\MSN Apps\Updater\01.03.0000.1005\pt-br\msnappau.exe" O4 - HKLM\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Arquivos de programas\Creative\Shared Files\CAMTRAY.EXE O4 - HKLM\..\Run: [MKS_MENU] c:/arquivos de programas\Bin\mks_menu.exe O4 - HKLM\..\Run: [ABREGMON] C:\arquivos de programas\Bin\ABregmon.exe O4 - HKLM\..\Run: [MediaGateway] C:\Arquivos de programas\MediaGateway\MediaGateway.exe O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKLM\..\Run: [CloneCDTray] "C:\Arquivos de programas\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [cmrss] C:\WINNT\System32\cmrss.dll.exe O4 - HKLM\..\Run: [isass] C:\WINNT\System32\isass.exe O4 - HKLM\..\Run: [msbcs] C:\WINNT\System32\msbcs.exe O4 - HKLM\..\Run: [iexplorer] C:\WINNT\System32\iexplorer.dll.exe O4 - HKCU\..\Run: [internat.exe] internat.exe O4 - HKCU\..\Run: [liveopen] C:\DOCUME~1\ADMINI~1\DADOSD~1\PARTBA~1\LoudFree.exe O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Digimax Viewer 2.1.lnk = C:\Arquivos de programas\Samsung\Digimax Viewer 2.1\STImgBrowser.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Zango/ie/bridge-c18.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{AA3F3441-BEE7-41AE-997F-55544B5CB740}: Domain = @ O17 - HKLM\System\CCS\Services\Tcpip\..\{D3777D6E-447B-4C48-8C0B-BAB1E9C2BFCB}: NameServer = 201.10.120.3 201.10.1.2 O23 - Service: ArcaBit NetMonitor (ABNetMon) - ArcaBit sp. z o.o. - c:/arquivos de programas\Bin\NetMonSV.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Serviço administrativo do gerenciador de disco lógico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe O23 - Service: MkSUpdateInt - MkS Sp. z o. o. - C:\arquivos de programas\bin\MkSUpdateInt.exe O23 - Service: mks_vir antivirus monitor (MksVirMonSvc) - Unknown owner - c:/arquivos de programas\Bin\mksmonsv.exe O23 - Service: MkS_Scan - Unknown owner - C:\arquivos de programas\Bin\mks_scan.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe Olá rapaziada, peço a ajuda de vcs para me livrar dessa praga ... Abraços Compartilhar este post Link para o post Compartilhar em outros sites
jgarcia 1 Denunciar post Postado Outubro 24, 2006 Opa barck, 1. Baixe o SmitfraudFix; 2. Desabilite a proteção do seu anti-vírus (temporariamente); 3. Extraia o arquivo SmitFraudFix para o seu desktop; 4. Reinicie em Modo Seguro; 5. Execute o SmitfraudFix dando um duplo clique sobre smitfraudfix.cmd --> escolha a Opção 2; 6. Responda sim (y) à pergunta sobre a limpeza no registro (Do you want to clean the registry?); 7. Aguarde o término do scan e a geração do log; 8. Reinicie em Modo Normal; 9. Poste o log do SmitfraudFix (opção 2) + log HijackThis (gerado em Modo Normal). Aguardo retorno. Abraços. Compartilhar este post Link para o post Compartilhar em outros sites
barck 0 Denunciar post Postado Outubro 24, 2006 SmitFraudFix v2.113 Scan done at 20:50:14,28, s b 16/09/2006 Run from C:\Documents and Settings\Administrador\Desktop OS: Microsoft Windows 2000 [VersÆo 5.00.2195] - Windows_NT Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End ________________________________________________________________________________ ____ Logfile of HijackThis v1.99.1 Scan saved at 21:15:49, on 16/9/2006 Platform: Windows 2000 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe c:\arquivos de programas\Bin\NetMonSV.exe C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe C:\WINNT\System32\svchost.exe C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe c:\arquivos de programas\Bin\mksmonsv.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\inetsrv\inetinfo.exe C:\arquivos de programas\Bin\mks_scan.exe C:\WINNT\Explorer.exe C:\WINNT\System32\RunDll32.exe C:\WINNT\loadqm.exe C:\Arquivos de programas\MSN Apps\Updater\01.03.0000.1005\pt-br\msnappau.exe C:\Arquivos de programas\Creative\Shared Files\CAMTRAY.EXE C:\arquivos de programas\Bin\mks_menu.exe C:\arquivos de programas\Bin\ABregmon.exe C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\Arquivos de programas\Ahead\InCD\InCD.exe C:\WINNT\System32\cmrss.dll.exe C:\WINNT\System32\isass.exe C:\WINNT\System32\iexplorer.dll.exe C:\WINNT\System32\internat.exe c:\arquiv~1\intern~1\iexplore.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\Arquivos de programas\Samsung\Digimax Viewer 2.1\STImgBrowser.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe C:\WINNT\System32\drwtsn32.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe C:\Arquivos de programas\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\WINNT\System32\drwtsn32.exe C:\Documents and Settings\Administrador\Desktop\HijackThis.exe C:\WINNT\System32\msbcs.exe C:\WINNT\System32\drwtsn32.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ccxdbtmlneqph.com/Eql9owraedo3j...RI1eJai9_M.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm O2 - BHO: XBTP05231 - {031F120A-BBAF-45d8-B306-375F2A6B9398} - C:\ARQUIV~1\ALCOHO~1\ALCOHO~2\a120_tb.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SABHO - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - c:\arquivos de programas\zango\zangohook.dll (file missing) O2 - BHO: (no name) - {4BEABC1E-CB65-B0D1-BE52-C0F14353F301} - C:\DOCUME~1\ADMINI~1\DADOSD~1\SIXTHP~1\CLOCK OPTION.exe O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Arquivos de programas\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\01.02.5000.1021\pt-br\msntb.dll O2 - BHO: IEHlprObj Class - {F62A47A7-4CA3-9D00-95A3-6724d43a9E8C} - LineAudio.dll (file missing) O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\01.02.5000.1021\pt-br\msntb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Zango Toolbar - {EA0D26BD-9029-431A-86E0-83152D67828A} - C:\Program Files\Zango Programs\Zango Toolbar\ZangoTB.dll (file missing) O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [msnappau] "C:\Arquivos de programas\MSN Apps\Updater\01.03.0000.1005\pt-br\msnappau.exe" O4 - HKLM\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Arquivos de programas\Creative\Shared Files\CAMTRAY.EXE O4 - HKLM\..\Run: [MKS_MENU] c:/arquivos de programas\Bin\mks_menu.exe O4 - HKLM\..\Run: [ABREGMON] C:\arquivos de programas\Bin\ABregmon.exe O4 - HKLM\..\Run: [MediaGateway] C:\Arquivos de programas\MediaGateway\MediaGateway.exe O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKLM\..\Run: [CloneCDTray] "C:\Arquivos de programas\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [cmrss] C:\WINNT\System32\cmrss.dll.exe O4 - HKLM\..\Run: [isass] C:\WINNT\System32\isass.exe O4 - HKLM\..\Run: [msbcs] C:\WINNT\System32\msbcs.exe O4 - HKLM\..\Run: [iexplorer] C:\WINNT\System32\iexplorer.dll.exe O4 - HKCU\..\Run: [internat.exe] internat.exe O4 - HKCU\..\Run: [liveopen] C:\DOCUME~1\ADMINI~1\DADOSD~1\PARTBA~1\LoudFree.exe O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Digimax Viewer 2.1.lnk = C:\Arquivos de programas\Samsung\Digimax Viewer 2.1\STImgBrowser.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Zango/ie/bridge-c18.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{AA3F3441-BEE7-41AE-997F-55544B5CB740}: Domain = @ O17 - HKLM\System\CCS\Services\Tcpip\..\{D3777D6E-447B-4C48-8C0B-BAB1E9C2BFCB}: NameServer = 201.10.120.3 201.10.1.2 O23 - Service: ArcaBit NetMonitor (ABNetMon) - ArcaBit sp. z o.o. - c:/arquivos de programas\Bin\NetMonSV.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Serviço administrativo do gerenciador de disco lógico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe O23 - Service: MkSUpdateInt - MkS Sp. z o. o. - C:\arquivos de programas\bin\MkSUpdateInt.exe O23 - Service: mks_vir antivirus monitor (MksVirMonSvc) - Unknown owner - c:/arquivos de programas\Bin\mksmonsv.exe O23 - Service: MkS_Scan - Unknown owner - C:\arquivos de programas\Bin\mks_scan.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe Grato pela atenção. espero sua resposta. =) Compartilhar este post Link para o post Compartilhar em outros sites
jgarcia 1 Denunciar post Postado Outubro 24, 2006 Opa barck, Vamos lá. Habilite o Windows para mostrar todos os arquivos (até ocultos). Desinstale: --> zango --> Zango Toolbar --> MediaGateway --> MessengerPlus! 3 Utilize Adicionar / Remover programas. Desinstale, um a um, e reinicie após tê-los desinstalado. Você poderá reinstalar o MessengerPlus! 3, mas sem o patrocinador. Obs.: Caso não encontre algum dos programas acima citados na lista, apenas passe para a próxima etapa. 1ª Etapa Baixe o Uninstall Lop em (talvez precise desabilitar o AV para executá-lo): Uninstall Lop Execute-o. Baixe o Killbox em: Killbox 1) Execute o Killbox, clique em Delete on Reboot. 2) Copie a lista abaixo em negrito para a área de transferência. Selecione --> Editar --> Copiar. c:\arquivos de programas\zango\zangohook.dllC:\Program Files\Zango Programs\Zango Toolbar\ZangoTB.dll C:\Arquivos de programas\MediaGateway\MediaGateway.exe C:\DOCUME~1\ADMINI~1\DADOSD~1\SIXTHP~1 C:\DOCUME~1\ADMINI~1\DADOSD~1\PARTBA~1 C:\WINNT\System32\cmrss.dll.exe C:\WINNT\System32\isass.exe C:\WINNT\System32\iexplorer.dll.exe C:\WINNT\System32\msbcs.exe 3. Retorne ao Killbox. Clique em File > Paste from clipboard. Clique em All Files. 4. Aperte em "X". Responda "não" à pergunta. É prudente que você faça a impressão deste documento ou salve-o em um lugar de fácil acesso, pois na próxima etapa entraremos em Modo de Seguro e a conexão à internet não será possível. 2ª Etapa Reinicie o computador em Modo Seguro (após reiniciar aperte a tecla F8 até aparecer uma tela preta em DOS e escolha Modo Seguro). Execute o HijackThis, clique em Do a system scan only e marque: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ccxdbtmlneqph.com/Eql9owraedo3j...RI1eJai9_M.htmlR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm O2 - BHO: SABHO - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - c:\arquivos de programas\zango\zangohook.dll (file missing) O2 - BHO: (no name) - {4BEABC1E-CB65-B0D1-BE52-C0F14353F301} - C:\DOCUME~1\ADMINI~1\DADOSD~1\SIXTHP~1\CLOCK OPTION.exe O3 - Toolbar: Zango Toolbar - {EA0D26BD-9029-431A-86E0-83152D67828A} - C:\Program Files\Zango Programs\Zango Toolbar\ZangoTB.dll (file missing) O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [MediaGateway] C:\Arquivos de programas\MediaGateway\MediaGateway.exe O4 - HKLM\..\Run: [cmrss] C:\WINNT\System32\cmrss.dll.exe O4 - HKLM\..\Run: [isass] C:\WINNT\System32\isass.exe O4 - HKLM\..\Run: [msbcs] C:\WINNT\System32\msbcs.exe O4 - HKLM\..\Run: [iexplorer] C:\WINNT\System32\iexplorer.dll.exe O4 - HKCU\..\Run: [liveopen] C:\DOCUME~1\ADMINI~1\DADOSD~1\PARTBA~1\LoudFree.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Zango/ie/bridge-c18.cab Clique em Fix Checked. 3ª Etapa Ainda em Modo Seguro localize e delete: c:\arquivos de programas\zango <- a pasta C:\Program Files\Zango Programs\Zango Toolbar <- a pasta C:\Arquivos de programas\MediaGateway <- a pasta 4ª Etapa Reinicie em Modo Normal. Poste um novo log do HijackThis. Aguardo retorno. Um abraço. Compartilhar este post Link para o post Compartilhar em outros sites
barck 0 Denunciar post Postado Outubro 26, 2006 Logfile of HijackThis v1.99.1Scan saved at 11:20:33, on 1/1/2002Platform: Windows 2000 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\svchost.exeC:\WINNT\system32\spoolsv.exec:\arquivos de programas\Bin\NetMonSV.exeC:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exeC:\WINNT\System32\svchost.exeC:\Arquivos de programas\Ahead\InCD\InCDsrv.exec:\arquivos de programas\Bin\mksmonsv.exeC:\WINNT\system32\regsvc.exeC:\WINNT\system32\MSTask.exeC:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exeC:\WINNT\system32\stisvc.exeC:\WINNT\System32\WBEM\WinMgmt.exeC:\WINNT\System32\inetsrv\inetinfo.exeC:\arquivos de programas\Bin\mks_scan.exeC:\WINNT\Explorer.exeC:\arquivos de programas\Bin\mks_menu.exeC:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exeC:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exeC:\Arquivos de programas\Winamp\winamp.exeC:\Arquivos de programas\MSN Messenger\msnmsgr.exeC:\Documents and Settings\Administrador\Desktop\HijackThis.exeO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocxO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dllO4 - HKLM\..\Run: [MKS_MENU] c:/arquivos de programas\Bin\mks_menu.exeO4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logonO4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /backgroundO4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXEO17 - HKLM\System\CCS\Services\Tcpip\..\{D3777D6E-447B-4C48-8C0B-BAB1E9C2BFCB}: NameServer = 201.10.120.3 201.10.1.2O23 - Service: ArcaBit NetMonitor (ABNetMon) - ArcaBit sp. z o.o. - c:/arquivos de programas\Bin\NetMonSV.exeO23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: Serviço administrativo do gerenciador de disco lógico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exeO23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exeO23 - Service: MkSUpdateInt - MkS Sp. z o. o. - C:\arquivos de programas\bin\MkSUpdateInt.exeO23 - Service: mks_vir antivirus monitor (MksVirMonSvc) - Unknown owner - c:/arquivos de programas\Bin\mksmonsv.exeO23 - Service: MkS_Scan - Unknown owner - C:\arquivos de programas\Bin\mks_scan.exeO23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exemeu pc jah tah bem melhor vélho . deletei vários programas que eu não tava usando e não deletava de preguiça ... mto obrigado mesmo, você não sabe o galho que me quebro ... não posso formata essa maquina aqui .. e os vírus antes tavam bem violentos .. agora nem tem + eu acho .. vlww brow, aquele abraço .. vou recomendar o fórum aos meus amigos .... ;) Compartilhar este post Link para o post Compartilhar em outros sites
jgarcia 1 Denunciar post Postado Outubro 26, 2006 Opa barck, O seu log está LIMPO. :thumbsup: Para finalizar: 1. Atualize o seu Sistema Operacional urgentemente. Para que tenha uma idéia, já foram lançados 04 (quatro) pacotes de atualização (SP1, SP2, SP3 e SP4) e você não possui sequer o primeiro deles instalado. Utilize o Windows UpDate contido no menu Iniciar para atualizar o seu sistema. Abraços. Compartilhar este post Link para o post Compartilhar em outros sites
jgarcia 1 Denunciar post Postado Janeiro 10, 2007 PROBLEMA RESOLVIDO! Caso o autor necessite que o tópico seja reaberto é necessário enviar uma Mensagem Privada para um Moderador com um link para o tópico. Compartilhar este post Link para o post Compartilhar em outros sites