Jump to content



Foto

Search Web... como tirar isso?



Existem 2 respostas neste tópico

#1 jeronymo    

jeronymo
  • Participante
  • 1 mensagens

Publicado 22 April 2005 - 08:27 PM

Salve galera...


 

seguinte, eu já tentei usar tudo quanto é programa para acabar com uma porcaria duma barra que fica aparecendo e algumas pop ups que ficam aparecendo... passei Ad-aware, Spybot, fiz o Scan Online do Panda e nada resolveu... aí me recomendaram um tal da HijackThis... até aí tudo bem, eu baixei ele... mas não sei se algumas coisas podem ser apagadas...

 

então se alguém puder me ajudar, segue o log:

 

Logfile of HijackThis v1.99.1
Scan saved at 20:11:25, on 22/4/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:ARQUIV~1GrisoftAVGFRE~1avgamsvr.exe
C:ARQUIV~1GrisoftAVGFRE~1avgupsvc.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32regsvc.exe
C:WINDOWSsystem32MSTask.exe
C:WINDOWSSystem32tcpsvcs.exe
C:WINDOWSSystem32WBEMWinMgmt.exe
C:WINDOWSSystem32inetsrvinetinfo.exe
C:WINDOWSExplorer.EXE
C:Arquivos de programasJavaj2re1.4.2_03binjusched.exe
C:ARQUIV~1GrisoftAVGFRE~1avgcc.exe
C:ARQUIV~1GrisoftAVGFRE~1avgemc.exe
C:WINDOWSsystem32internat.exe
C:Documents and SettingsAll UsersDesktopDiegoGamesProgramasSpybot - Search & DestroyTeaTimer.exe
C:Arquivos de programasMSN Messengermsnmsgr.exe
C:Arquivos de programasMicrosoft OfficeOfficeOsa.exe
C:Documents and SettingsAll UsersDesktopDiegoGamesProgramasfirewallZoneAlarm 3.7.143ZoneAlarmzonealarm.exe
C:WINDOWSsystem32ZoneLabsvsmon.exe
c:arquiv~1intern~1iexplore.exe
C:Arquivos de programasInternet ExplorerIEXPLORE.EXE
C:hijackthisHijackThis.exe


R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://www.snsyzoimb...KOGN1n17SY.html
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.click21.com.br/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = &http://home.Microsof...ss/allinone.asp
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,SearchAssistant = about:blank
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page =
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 69.57.128.235 startpage #Welcome page
O1 - Hosts: 69.57.129.241 hotteens.com #Hottest Free Porn
O1 - Hosts: 69.57.129.242 onlinesex.com #Online Sex Portal
O1 - Hosts: 69.57.129.243 freegirls.com #Free Nude Girls
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:DOCUME~1ALLUSE~1DesktopDIEGOG~1PROGRA~1SPYBOT~1SDHelper.dll
O2 - BHO: (no name) - {60A42201-EB9A-D354-3D2D-79C6F7FD6297} - C:WINDOWSAPPLIC~1FIVEEA~1chin frag.exe
O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - (no file)
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSsystem32msdxm.ocx
O4 - HKLM..Run: [LoadQM] loadqm.exe
O4 - HKLM..Run: [SystemTray] SysTray.Exe
O4 - HKLM..Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM..Run: [SunJavaUpdateSched] C:Arquivos de programasJavaj2re1.4.2_03binjusched.exe
O4 - HKLM..Run: [AVG7_CC] C:ARQUIV~1GrisoftAVGFRE~1avgcc.exe /STARTUP
O4 - HKLM..Run: [AVG7_EMC] C:ARQUIV~1GrisoftAVGFRE~1avgemc.exe
O4 - HKCU..Run: [internat.exe] internat.exe
O4 - HKCU..Run: [SpybotSD TeaTimer] C:Documents and SettingsAll UsersDesktopDiegoGamesProgramasSpybot - Search & DestroyTeaTimer.exe
O4 - HKCU..Run: [msnmsgr] "C:Arquivos de programasMSN Messengermsnmsgr.exe" /background
O4 - HKCU..Run: [Send Enc] C:WINDOWSAPPLIC~1OKAYBL~1File Tray.exe
O4 - Startup: Inicialização do Office.lnk = C:Arquivos de programasMicrosoft OfficeOfficeOSA.EXE
O4 - User Startup: Inicialização do Office.lnk = C:Arquivos de programasMicrosoft OfficeOfficeOSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:WINDOWSsystem32msjava.dll
O9 - Extra ''Tools'' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:WINDOWSsystem32msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:WINDOWSsystem32SHDOCVW.DLL
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.Microsof...ss/allinone.asp
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {2787712C-2CE4-4C02-9F09-C89F29E7C5CB} (xLauncherImpl Class) - http://www.x2web.com...nt/x2client.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...MineSweeper.cab
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse....iveX/winrep.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_03) -
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -
O16 - DPF: {DCB16E44-D6DB-473E-A251-F6FBB381C1C3} (GINCHESS Class) - http://200.189.188.2...ess_2_0_0_8.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zon...ss.cab31267.cab
O16 - DPF: {F1835D04-7CCF-489E-8184-C08A1F682169} (FileSharingCtrl Class) - http://appdirectory....sharingctrl.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...ireShowdown.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:ARQUIV~1GrisoftAVGFRE~1avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:ARQUIV~1GrisoftAVGFRE~1avgupsvc.exe
O23 - Service: Serviço administrativo do gerenciador de disco lógico (dmadmin) - VERITAS Software Corp. - C:WINDOWSSystem32dmadmin.exe
O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe (file missing)
O23 - Service: PHPGeekUtil - Unknown owner - c:apacheAPACHE.EXE" --ntservice (file missing)

 

obrigado pela atenção,

até mais! 



#2 United    

United
  • Participante
  • 1462 mensagens

Publicado 22 April 2005 - 08:36 PM

Boot em Modo de Segurança, refaça o scan com o Ad-Aware e o Spybot e use também este removedor especializado em Cool Web Search: CWShredder. 

 

 




#3 Mr.Million    

Mr.Million

    Consumer Security MVP

  • Especialista
  • 65365 mensagens

Publicado 22 April 2005 - 09:16 PM

Além do prescrito pelo amigo United

 

Com a Restauração do Sistema desabilitada, reboot em Modo de Segorança

 


 

 

De um Fix em:

 

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://www.snsyzoimbtooqoqvdyxdgw.net/tJ9V...KOGN1n17SY.html

O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 69.57.128.235 startpage #Welcome page
O1 - Hosts: 69.57.129.241 hotteens.com #Hottest Free Porn
O1 - Hosts: 69.57.129.242 onlinesex.com #Online Sex Portal
O1 - Hosts: 69.57.129.243 freegirls.com #Free Nude Girls


O2 - BHO: (no name) - {60A42201-EB9A-D354-3D2D-79C6F7FD6297} - C:WINDOWSAPPLIC~1FIVEEA~1chin frag.exe


O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - (no file)


O16 - DPF: {DCB16E44-D6DB-473E-A251-F6FBB381C1C3} (GINCHESS Class) - http://200.189.188.245/g_bin_eng/chess_2_0_0_8.cab


O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe (file missing)
O23 - Service: PHPGeekUtil - Unknown owner - c:apacheAPACHE.EXE" --ntservice (file missing)


Ainda em Modo de Segurança faça um full Scan com este Programa:


Microsoft Windows AntiSpyware 1.0.509 Beta 1


Veja se resolveu e poste aqui um novo Log.