[Resolvido!]msbcs.exe ... Logfile

[barck 0]

Logfile of HijackThis v1.99.1

Scan saved at 07:52:43, on 16/9/2006

Platform: Windows 2000 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

c:\arquivos de programas\Bin\NetMonSV.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\WINNT\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

c:\arquivos de programas\Bin\mksmonsv.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINNT\system32\stisvc.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\System32\inetsrv\inetinfo.exe

C:\WINNT\Explorer.exe

C:\WINNT\System32\RunDll32.exe

C:\WINNT\loadqm.exe

C:\Arquivos de programas\MSN Apps\Updater\01.03.0000.1005\pt-br\msnappau.exe

C:\Arquivos de programas\Creative\Shared Files\CAMTRAY.EXE

C:\arquivos de programas\Bin\mks_menu.exe

C:\arquivos de programas\Bin\ABregmon.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\WINNT\System32\cmrss.dll.exe

C:\WINNT\System32\isass.exe

C:\WINNT\System32\iexplorer.dll.exe

C:\WINNT\System32\internat.exe

c:\arquiv~1\intern~1\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Samsung\Digimax Viewer 2.1\STImgBrowser.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\HP\Digital Imaging\Product Assistant\bin\hprblog.exe

C:\arquivos de programas\Bin\mks_scan.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINNT\System32\drwtsn32.exe

C:\WINNT\System32\drwtsn32.exe

C:\WINNT\System32\drwtsn32.exe

C:\WINNT\System32\drwtsn32.exe

C:\WINNT\System32\drwtsn32.exe

C:\WINNT\System32\drwtsn32.exe

C:\WINNT\System32\drwtsn32.exe

C:\WINNT\System32\drwtsn32.exe

C:\WINNT\System32\drwtsn32.exe

C:\WINNT\System32\drwtsn32.exe

C:\WINNT\System32\drwtsn32.exe

C:\WINNT\System32\drwtsn32.exe

C:\hijack\HijackThis.exe

C:\WINNT\System32\drwtsn32.exe

C:\WINNT\System32\msbcs.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://web.kjaeuhqzdgwsssnk.uk/Eql9owraedo...RI1eJai9_M.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = &http://home.microsoft.com/intl/br/access/allinone.asp

O2 - BHO: XBTP05231 - {031F120A-BBAF-45d8-B306-375F2A6B9398} - C:\ARQUIV~1\ALCOHO~1\ALCOHO~2\a120_tb.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: SABHO - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - c:\arquivos de programas\zango\zangohook.dll (file missing)

O2 - BHO: (no name) - {4BEABC1E-CB65-B0D1-BE52-C0F14353F301} - C:\DOCUME~1\ADMINI~1\DADOSD~1\SIXTHP~1\CLOCK OPTION.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Arquivos de programas\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\01.02.5000.1021\pt-br\msntb.dll

O2 - BHO: IEHlprObj Class - {F62A47A7-4CA3-9D00-95A3-6724d43a9E8C} - LineAudio.dll (file missing)

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\01.02.5000.1021\pt-br\msntb.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Zango Toolbar - {EA0D26BD-9029-431A-86E0-83152D67828A} - C:\Program Files\Zango Programs\Zango Toolbar\ZangoTB.dll (file missing)

O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [msnappau] "C:\Arquivos de programas\MSN Apps\Updater\01.03.0000.1005\pt-br\msnappau.exe"

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Arquivos de programas\Creative\Shared Files\CAMTRAY.EXE

O4 - HKLM\..\Run: [MKS_MENU] c:/arquivos de programas\Bin\mks_menu.exe

O4 - HKLM\..\Run: [ABREGMON] C:\arquivos de programas\Bin\ABregmon.exe

O4 - HKLM\..\Run: [MediaGateway] C:\Arquivos de programas\MediaGateway\MediaGateway.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe

O4 - HKLM\..\Run: [CloneCDTray] "C:\Arquivos de programas\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [cmrss] C:\WINNT\System32\cmrss.dll.exe

O4 - HKLM\..\Run: [isass] C:\WINNT\System32\isass.exe

O4 - HKLM\..\Run: [msbcs] C:\WINNT\System32\msbcs.exe

O4 - HKLM\..\Run: [iexplorer] C:\WINNT\System32\iexplorer.dll.exe

O4 - HKCU\..\Run: [internat.exe] internat.exe

O4 - HKCU\..\Run: [liveopen] C:\DOCUME~1\ADMINI~1\DADOSD~1\PARTBA~1\LoudFree.exe

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Digimax Viewer 2.1.lnk = C:\Arquivos de programas\Samsung\Digimax Viewer 2.1\STImgBrowser.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Zango/ie/bridge-c18.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{AA3F3441-BEE7-41AE-997F-55544B5CB740}: Domain = @

O17 - HKLM\System\CCS\Services\Tcpip\..\{D3777D6E-447B-4C48-8C0B-BAB1E9C2BFCB}: NameServer = 201.10.120.3 201.10.1.2

O23 - Service: ArcaBit NetMonitor (ABNetMon) - ArcaBit sp. z o.o. - c:/arquivos de programas\Bin\NetMonSV.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Serviço administrativo do gerenciador de disco lógico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: MkSUpdateInt - MkS Sp. z o. o. - C:\arquivos de programas\bin\MkSUpdateInt.exe

O23 - Service: mks_vir antivirus monitor (MksVirMonSvc) - Unknown owner - c:/arquivos de programas\Bin\mksmonsv.exe

O23 - Service: MkS_Scan - Unknown owner - C:\arquivos de programas\Bin\mks_scan.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

 

 

 

 

Olá rapaziada, peço a ajuda de vcs para me livrar dessa praga ...

Abraços

[jgarcia 1]

Opa barck,

 

1. Baixe o SmitfraudFix;

 

2. Desabilite a proteção do seu anti-vírus (temporariamente);

 

3. Extraia o arquivo SmitFraudFix para o seu desktop;

 

4. Reinicie em Modo Seguro;

 

5. Execute o SmitfraudFix dando um duplo clique sobre smitfraudfix.cmd --> escolha a Opção 2;

 

6. Responda sim (y) à pergunta sobre a limpeza no registro (Do you want to clean the registry?);

 

7. Aguarde o término do scan e a geração do log;

 

8. Reinicie em Modo Normal;

 

9. Poste o log do SmitfraudFix (opção 2) + log HijackThis (gerado em Modo Normal).

 

Aguardo retorno.

 

Abraços.

[barck 0]

SmitFraudFix v2.113

 

Scan done at 20:50:14,28, s b 16/09/2006

Run from C:\Documents and Settings\Administrador\Desktop

OS: Microsoft Windows 2000 [VersÆo 5.00.2195] - Windows_NT

Fix run in safe mode

 

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

 

GenericRenosFix by S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

 

Registry Cleaning done.

 

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End

 

 

 

 

________________________________________________________________________________

____

 

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 21:15:49, on 16/9/2006

Platform: Windows 2000 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

c:\arquivos de programas\Bin\NetMonSV.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\WINNT\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

c:\arquivos de programas\Bin\mksmonsv.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINNT\system32\stisvc.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\System32\inetsrv\inetinfo.exe

C:\arquivos de programas\Bin\mks_scan.exe

C:\WINNT\Explorer.exe

C:\WINNT\System32\RunDll32.exe

C:\WINNT\loadqm.exe

C:\Arquivos de programas\MSN Apps\Updater\01.03.0000.1005\pt-br\msnappau.exe

C:\Arquivos de programas\Creative\Shared Files\CAMTRAY.EXE

C:\arquivos de programas\Bin\mks_menu.exe

C:\arquivos de programas\Bin\ABregmon.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\WINNT\System32\cmrss.dll.exe

C:\WINNT\System32\isass.exe

C:\WINNT\System32\iexplorer.dll.exe

C:\WINNT\System32\internat.exe

c:\arquiv~1\intern~1\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Samsung\Digimax Viewer 2.1\STImgBrowser.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINNT\System32\drwtsn32.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\HP\Digital Imaging\Product Assistant\bin\hprblog.exe

C:\WINNT\System32\drwtsn32.exe

C:\Documents and Settings\Administrador\Desktop\HijackThis.exe

C:\WINNT\System32\msbcs.exe

C:\WINNT\System32\drwtsn32.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ccxdbtmlneqph.com/Eql9owraedo3j...RI1eJai9_M.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm

O2 - BHO: XBTP05231 - {031F120A-BBAF-45d8-B306-375F2A6B9398} - C:\ARQUIV~1\ALCOHO~1\ALCOHO~2\a120_tb.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: SABHO - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - c:\arquivos de programas\zango\zangohook.dll (file missing)

O2 - BHO: (no name) - {4BEABC1E-CB65-B0D1-BE52-C0F14353F301} - C:\DOCUME~1\ADMINI~1\DADOSD~1\SIXTHP~1\CLOCK OPTION.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Arquivos de programas\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\01.02.5000.1021\pt-br\msntb.dll

O2 - BHO: IEHlprObj Class - {F62A47A7-4CA3-9D00-95A3-6724d43a9E8C} - LineAudio.dll (file missing)

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\01.02.5000.1021\pt-br\msntb.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Zango Toolbar - {EA0D26BD-9029-431A-86E0-83152D67828A} - C:\Program Files\Zango Programs\Zango Toolbar\ZangoTB.dll (file missing)

O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [msnappau] "C:\Arquivos de programas\MSN Apps\Updater\01.03.0000.1005\pt-br\msnappau.exe"

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Arquivos de programas\Creative\Shared Files\CAMTRAY.EXE

O4 - HKLM\..\Run: [MKS_MENU] c:/arquivos de programas\Bin\mks_menu.exe

O4 - HKLM\..\Run: [ABREGMON] C:\arquivos de programas\Bin\ABregmon.exe

O4 - HKLM\..\Run: [MediaGateway] C:\Arquivos de programas\MediaGateway\MediaGateway.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe

O4 - HKLM\..\Run: [CloneCDTray] "C:\Arquivos de programas\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [cmrss] C:\WINNT\System32\cmrss.dll.exe

O4 - HKLM\..\Run: [isass] C:\WINNT\System32\isass.exe

O4 - HKLM\..\Run: [msbcs] C:\WINNT\System32\msbcs.exe

O4 - HKLM\..\Run: [iexplorer] C:\WINNT\System32\iexplorer.dll.exe

O4 - HKCU\..\Run: [internat.exe] internat.exe

O4 - HKCU\..\Run: [liveopen] C:\DOCUME~1\ADMINI~1\DADOSD~1\PARTBA~1\LoudFree.exe

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Digimax Viewer 2.1.lnk = C:\Arquivos de programas\Samsung\Digimax Viewer 2.1\STImgBrowser.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Zango/ie/bridge-c18.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{AA3F3441-BEE7-41AE-997F-55544B5CB740}: Domain = @

O17 - HKLM\System\CCS\Services\Tcpip\..\{D3777D6E-447B-4C48-8C0B-BAB1E9C2BFCB}: NameServer = 201.10.120.3 201.10.1.2

O23 - Service: ArcaBit NetMonitor (ABNetMon) - ArcaBit sp. z o.o. - c:/arquivos de programas\Bin\NetMonSV.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Serviço administrativo do gerenciador de disco lógico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: MkSUpdateInt - MkS Sp. z o. o. - C:\arquivos de programas\bin\MkSUpdateInt.exe

O23 - Service: mks_vir antivirus monitor (MksVirMonSvc) - Unknown owner - c:/arquivos de programas\Bin\mksmonsv.exe

O23 - Service: MkS_Scan - Unknown owner - C:\arquivos de programas\Bin\mks_scan.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

 

 

 

Grato pela atenção.

espero sua resposta.

=)

[jgarcia 1]

Opa barck,

 

Vamos lá.

 

Habilite o Windows para mostrar todos os arquivos (até ocultos).

 

Desinstale:

--> zango

--> Zango Toolbar

--> MediaGateway

--> MessengerPlus! 3

 

Utilize Adicionar / Remover programas.

 

Desinstale, um a um, e reinicie após tê-los desinstalado.

 

Você poderá reinstalar o MessengerPlus! 3, mas sem o patrocinador.

 

Obs.: Caso não encontre algum dos programas acima citados na lista, apenas passe para a próxima etapa.

 

1ª Etapa

 

Baixe o Uninstall Lop em (talvez precise desabilitar o AV para executá-lo):

Uninstall Lop

 

Execute-o.

 

Baixe o Killbox em:

Killbox

 

1) Execute o Killbox, clique em Delete on Reboot.

 

2) Copie a lista abaixo em negrito para a área de transferência. Selecione --> Editar --> Copiar.

c:\arquivos de programas\zango\zangohook.dll

C:\Program Files\Zango Programs\Zango Toolbar\ZangoTB.dll

C:\Arquivos de programas\MediaGateway\MediaGateway.exe

C:\DOCUME~1\ADMINI~1\DADOSD~1\SIXTHP~1

C:\DOCUME~1\ADMINI~1\DADOSD~1\PARTBA~1

C:\WINNT\System32\cmrss.dll.exe

C:\WINNT\System32\isass.exe

C:\WINNT\System32\iexplorer.dll.exe

C:\WINNT\System32\msbcs.exe

3. Retorne ao Killbox. Clique em File > Paste from clipboard. Clique em All Files.

 

4. Aperte em "X". Responda "não" à pergunta.

 

É prudente que você faça a impressão deste documento ou salve-o em um lugar de fácil acesso, pois na próxima etapa entraremos em Modo de Seguro e a conexão à internet não será possível.

 

2ª Etapa

 

Reinicie o computador em Modo Seguro (após reiniciar aperte a tecla F8 até aparecer uma tela preta em DOS e escolha Modo Seguro).

 

Execute o HijackThis, clique em Do a system scan only e marque:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ccxdbtmlneqph.com/Eql9owraedo3j...RI1eJai9_M.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm

O2 - BHO: SABHO - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - c:\arquivos de programas\zango\zangohook.dll (file missing)

O2 - BHO: (no name) - {4BEABC1E-CB65-B0D1-BE52-C0F14353F301} - C:\DOCUME~1\ADMINI~1\DADOSD~1\SIXTHP~1\CLOCK OPTION.exe

O3 - Toolbar: Zango Toolbar - {EA0D26BD-9029-431A-86E0-83152D67828A} - C:\Program Files\Zango Programs\Zango Toolbar\ZangoTB.dll (file missing)

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [MediaGateway] C:\Arquivos de programas\MediaGateway\MediaGateway.exe

O4 - HKLM\..\Run: [cmrss] C:\WINNT\System32\cmrss.dll.exe

O4 - HKLM\..\Run: [isass] C:\WINNT\System32\isass.exe

O4 - HKLM\..\Run: [msbcs] C:\WINNT\System32\msbcs.exe

O4 - HKLM\..\Run: [iexplorer] C:\WINNT\System32\iexplorer.dll.exe

O4 - HKCU\..\Run: [liveopen] C:\DOCUME~1\ADMINI~1\DADOSD~1\PARTBA~1\LoudFree.exe

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm

O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Zango/ie/bridge-c18.cab

Clique em Fix Checked.

 

3ª Etapa

 

Ainda em Modo Seguro localize e delete:

 

c:\arquivos de programas\zango <- a pasta

C:\Program Files\Zango Programs\Zango Toolbar <- a pasta

C:\Arquivos de programas\MediaGateway <- a pasta

 

4ª Etapa

 

Reinicie em Modo Normal.

 

Poste um novo log do HijackThis.

 

Aguardo retorno.

 

Um abraço.

[barck 0]

Logfile of HijackThis v1.99.1Scan saved at 11:20:33, on 1/1/2002Platform: Windows 2000 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\svchost.exeC:\WINNT\system32\spoolsv.exec:\arquivos de programas\Bin\NetMonSV.exeC:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exeC:\WINNT\System32\svchost.exeC:\Arquivos de programas\Ahead\InCD\InCDsrv.exec:\arquivos de programas\Bin\mksmonsv.exeC:\WINNT\system32\regsvc.exeC:\WINNT\system32\MSTask.exeC:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exeC:\WINNT\system32\stisvc.exeC:\WINNT\System32\WBEM\WinMgmt.exeC:\WINNT\System32\inetsrv\inetinfo.exeC:\arquivos de programas\Bin\mks_scan.exeC:\WINNT\Explorer.exeC:\arquivos de programas\Bin\mks_menu.exeC:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exeC:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exeC:\Arquivos de programas\Winamp\winamp.exeC:\Arquivos de programas\MSN Messenger\msnmsgr.exeC:\Documents and Settings\Administrador\Desktop\HijackThis.exeO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocxO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dllO4 - HKLM\..\Run: [MKS_MENU] c:/arquivos de programas\Bin\mks_menu.exeO4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logonO4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /backgroundO4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXEO17 - HKLM\System\CCS\Services\Tcpip\..\{D3777D6E-447B-4C48-8C0B-BAB1E9C2BFCB}: NameServer = 201.10.120.3 201.10.1.2O23 - Service: ArcaBit NetMonitor (ABNetMon) - ArcaBit sp. z o.o. - c:/arquivos de programas\Bin\NetMonSV.exeO23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: Serviço administrativo do gerenciador de disco lógico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exeO23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exeO23 - Service: MkSUpdateInt - MkS Sp. z o. o. - C:\arquivos de programas\bin\MkSUpdateInt.exeO23 - Service: mks_vir antivirus monitor (MksVirMonSvc) - Unknown owner - c:/arquivos de programas\Bin\mksmonsv.exeO23 - Service: MkS_Scan - Unknown owner - C:\arquivos de programas\Bin\mks_scan.exeO23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exemeu pc jah tah bem melhor vélho . deletei vários programas que eu não tava usando e não deletava de preguiça ... mto obrigado mesmo, você não sabe o galho que me quebro ... não posso formata essa maquina aqui .. e os vírus antes tavam bem violentos .. agora nem tem + eu acho .. vlww brow, aquele abraço .. vou recomendar o fórum aos meus amigos .... ;)

[jgarcia 1]

Opa barck,

 

O seu log está LIMPO. :thumbsup:

 

Para finalizar:

 

1. Atualize o seu Sistema Operacional urgentemente.

 

Para que tenha uma idéia, já foram lançados 04 (quatro) pacotes de atualização (SP1, SP2, SP3 e SP4) e você não possui sequer o primeiro deles instalado. Utilize o Windows UpDate contido no menu Iniciar para atualizar o seu sistema.

 

Abraços.

[jgarcia 1]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto é necessário enviar uma Mensagem Privada para um Moderador com um link para o tópico.