Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Log: Please help Diagnose


  • Please log in to reply
25 replies to this topic

#1 afonso.leonardo

afonso.leonardo

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:42 AM

Posted 01 September 2005 - 08:53 AM

SpyBot has been unable to remove 2 BackWeb Lite entries. I'm worried, please help me!

Logfile of HijackThis v1.99.1
Scan saved at 10:40:30, on 1/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
E:\Programas\F-Secure\Anti-Virus\fsgk32st.exe
E:\Programas\F-Secure\Anti-Virus\FSGK32.EXE
E:\Programas\F-Secure\backweb\4476822\program\fsbwsys.exe
E:\Programas\F-Secure\Common\FSMA32.EXE
E:\Programas\F-Secure\Common\FSMB32.EXE
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
E:\Programas\F-Secure\Anti-Virus\fssm32.exe
C:\WINDOWS\system32\nvsvc32.exe
E:\Programas\F-Secure\Common\FCH32.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
E:\Programas\F-Secure\Common\FAMEH32.EXE
E:\Programas\F-Secure\FSPC\fspc.exe
E:\Programas\F-Secure\FWES\Program\fsdfwd.exe
E:\Programas\F-Secure\Anti-Virus\fsav32.exe
E:\Programas\HP\HP Software Update\HPWuSchd2.exe
C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe
C:\Arquivos de programas\Santa Cruz Networks\vSkype\vSkype.exe
E:\Programas\F-Secure\Common\FSM32.EXE
E:\Programas\Firefox\firefox.exe
C:\Arquivos de programas\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Programas\eMule\emule.exe
E:\Programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\rundll32.exe
E:\Programas\F-Secure\FSGUI\fsguiexe.exe
C:\Arquivos de programas\HP\hpcoretech\comp\hptskmgr.exe
E:\Programas\HP\Digital Imaging\bin\hpqgalry.exe
E:\Programas\Spybot - Search & Destroy\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.br/mail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...B_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Arquivos de programas\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\01.02.4000.1001\pt-br\msntb.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\01.02.4000.1001\pt-br\msntb.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [HP Software Update] "E:\Programas\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [vSkype] C:\Arquivos de programas\Santa Cruz Networks\vSkype\vSkype.exe no
O4 - HKLM\..\Run: [F-Secure Manager] "E:\Programas\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "E:\Programas\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "E:\Programas\F-Secure\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [eMuleAutoStart] E:\Programas\eMule\emule.exe -AutoStart
O4 - Global Startup: HP Digital Imaging Monitor.lnk = E:\Programas\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Inicialização rápida do HP Image Zone.lnk = E:\Programas\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Filtro da internet - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - E:\Programas\F-Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - E:\Programas\F-Secure\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Mostrar &lista de sites... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - E:\Programas\F-Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - E:\Programas\F-Secure\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Suspender Filtro das Páginas - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - E:\Programas\F-Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - E:\Programas\F-Secure\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Recusar este site - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - E:\Programas\F-Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - E:\Programas\F-Secure\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Permitir este site - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - E:\Programas\F-Secure\FSPC\fspcmsie.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab
O23 - Service: F-Secure product (BackWeb Plug-in - 4476822) - Unknown owner - E:\PROGRA~1\F-Secure\backweb\4476822\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - E:\Programas\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - E:\Programas\F-Secure\backweb\4476822\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - E:\Programas\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - E:\Programas\F-Secure\FSPC\fshttps\fshttps.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - E:\Programas\F-Secure\Common\FSMA32.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

BC AdBot (Login to Remove)

 


m

#2 jahewi

jahewi

    Anti-Malware Helper


  • Members
  • 52 posts
  • OFFLINE
  •  
  • Location:Always nearby
  • Local time:09:42 AM

Posted 05 September 2005 - 02:02 PM

Hi afonso.leonardo,

SpyBot has been unable to remove 2 BackWeb Lite entries. I'm worried, please help me!


Backweb-entries are a bit contraversial.

In principal, backweb-programs have the following function:
- Checking for updates
- Displaying information about f.e. new products
- Assist with problem-shooting

The problem often lies in the last 2 functions.
- Displaying information, without the approval of the owner of the computer is considered AdWare.
- Assisting with a problem sometimes involve sending non-personal information to the developer/distributer of the product, without approval of the owner of the computer. This can be considered Spyware.

It's a thin line, Backweb's are walking! That's why Anti-Spyware-scanners, like AdAware and Spybot, consider all backweb-applications as bad.

In your case, there are 2 backweb-applications active. Both are from your AntiVirus, F-Secure, and considerate save.


Although, if you want to disable them, then try that as follows:
- Open HijackThis and click 'Scan'
- Only select the following items:
O23 - Service: F-Secure product (BackWeb Plug-in - 4476822) - Unknown owner - E:\PROGRA~1\F-Secure\backweb\4476822\Program\SERVIC~1.EXE
O23 - Service: fsbwsys - F-Secure Corp. - E:\Programas\F-Secure\backweb\4476822\program\fsbwsys.exe

- Important: Close all windows, except HijackThis, and click 'Fix Checked'

Then reboot your computer and post a new HijackThis-log to check if they really are disabled.


Jan :thumbsup:
Posted Image
... the best defence against malware is common sense ... ;)

#3 afonso.leonardo

afonso.leonardo
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:42 AM

Posted 08 September 2005 - 11:28 PM

Thanks a lot, man. Better get back to ZoneAlarm...

#4 jahewi

jahewi

    Anti-Malware Helper


  • Members
  • 52 posts
  • OFFLINE
  •  
  • Location:Always nearby
  • Local time:09:42 AM

Posted 09 September 2005 - 09:46 AM

Hi afonso.leonardo,

You could do that, if you want, but it's not necessary.
F-Secure is a good security-program.

If you're really going to switch to ZoneAlarm, keep in mind that you then also need a new AntiVirus-program ;)


Jan :thumbsup:
Posted Image
... the best defence against malware is common sense ... ;)

#5 afonso.leonardo

afonso.leonardo
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:42 AM

Posted 11 September 2005 - 03:40 PM

Trouble is I can't find the right serial for F-Secure IS 2005... and also it keeps sayin that my virus definitions are old. Any clue?

#6 jahewi

jahewi

    Anti-Malware Helper


  • Members
  • 52 posts
  • OFFLINE
  •  
  • Location:Always nearby
  • Local time:09:42 AM

Posted 11 September 2005 - 11:56 PM

Trouble is I can't find the right serial for F-Secure IS 2005... and also it keeps sayin that my virus definitions are old. Any clue?


If you have bought F-Secure, you should have a serial.
If not, the only thing i can suggest is indeed uninstall F-Secure and replace it with f.e. ZoneAlarm Firewall and a free antiVirus-program.

Also, i think you should take a look at the rest of your defence against malware.
The easiest way to do that is by following this security-advice:


Keep your antivirus-program uptodate and do regular scans with it.
If you haven't got a antivirus, you can download and install one of the following free ones:
AVG
aVast
AntiVir

Keep your pestware-scanners uptodate and do regular scans with them.
To keep your computer free of Spyware, Adware, Hijackers etc., download and install the following free pestware-scanners (if you haven't installed them allready):
AdAware
Spybot

Install realtime pestware-scanners and keep them uptodate.
The following free realtime pestscanners prevent a number of malware-variants from entering your computer, in the first place:
SpywareBlaster
SpywareGuard

If you haven't got one, allready, install a firewall and keep it uptodate.
A firewall will prevent unauthorized contact between your computer and internet.
If there is no firewall installed on your computer, you can download and install one of the following free firewalls:
ZoneAlarm
Sygate
Kerio Personal Firewall (Will be discontinued as from the end of 2005)
Important: (Windows XP only) If you install a firewall, be sure to turn off the WinXP-firewall!

Install these programs, to make surfing with Internet Explorer more save:
- a popup-blocker, f.e. Google Toolbar: A popup-blocker prevents popup-windows from opening, when you come along a websites that uses them, during internet-surfing.
- IE-SPYAD: This utility adds a long list of known bad sites to Internet Explorer's Restricted Sites zone. This prevents those sites from executing their malious programs on your computer.

Install and use an alternative browser to surf on the internet.
Internet Explorer is famous for it's security-problems.
Therefore, and because it's most-used browser on the planet, most of the hijackers, adware and spyware are made to abuse your computer thru Internet Explorer.
Here are some good alternative browsers:
Mozilla Suite
Mozilla Firefox
Opera
Netscape
Important: You can not uninstall Internet Explorer.
First of all, it's part of Windows and you'll need it to download and install Windows Updates.
Secondly, There are some sites that are only accessable with Internet Explorer, fe. most of the Online Malware-scanners.

But above all, keep Windows, malware-scanners and firewall UPTODATE at all time!!


Jan :thumbsup:
Posted Image
... the best defence against malware is common sense ... ;)

#7 afonso.leonardo

afonso.leonardo
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:42 AM

Posted 14 September 2005 - 04:27 PM

Thanx again and again.
I thought I could get all security functions from f-secure, but it turned out to cause more trouble than provide solutions.
Last time I tried to re-install it, it kept asking to remove Lavasoft ad-aware, which I never installed!
Still now, it doesn't let me delete its folder...

#8 afonso.leonardo

afonso.leonardo
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:42 AM

Posted 14 September 2005 - 05:32 PM

Worse than that, it does't let me install zonealarm, due to incompabilities. Even after uninstalled! Rats!!!

#9 jahewi

jahewi

    Anti-Malware Helper


  • Members
  • 52 posts
  • OFFLINE
  •  
  • Location:Always nearby
  • Local time:09:42 AM

Posted 15 September 2005 - 12:34 AM

Hi afonso.leonardo,

Please post a new HijackThis-log.
There are probably some pieces of F-Secure left in your registry ...
We can probably remove them with a bit of help from HijackThis and a registry-cleaner ;)


Jan :thumbsup:
Posted Image
... the best defence against malware is common sense ... ;)

#10 afonso.leonardo

afonso.leonardo
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:42 AM

Posted 15 September 2005 - 05:36 PM

Here it is:

Logfile of HijackThis v1.99.1
Scan saved at 19:35:54, on 15/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
E:\Programas\HP\HP Software Update\HPWuSchd2.exe
C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe
C:\Arquivos de programas\Java\jre1.5.0_04\bin\jusched.exe
E:\Programas\F-Secure\Common\FSM32.EXE
E:\Programas\Net Security\AntiVir\AVGNT.EXE
C:\WINDOWS\system32\ctfmon.exe
E:\Programas\eMule\emule.exe
E:\Programas\Net Security\AntiVir\AVGUARD.EXE
E:\Programas\Net Security\AntiVir\AVWUPSRV.EXE
E:\Programas\F-Secure\Anti-Virus\fsgk32st.exe
E:\Programas\F-Secure\Anti-Virus\FSGK32.EXE
E:\Programas\F-Secure\Common\FSMA32.EXE
C:\WINDOWS\system32\rundll32.exe
E:\Programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
E:\Programas\F-Secure\Common\FSMB32.EXE
E:\Programas\F-Secure\Anti-Virus\fssm32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
E:\Programas\F-Secure\Common\FCH32.EXE
C:\WINDOWS\system32\svchost.exe
E:\Programas\F-Secure\Common\FAMEH32.EXE
E:\Programas\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Arquivos de programas\HP\hpcoretech\comp\hptskmgr.exe
E:\Programas\HP\Digital Imaging\bin\hpqgalry.exe
E:\Programas\Skype\Phone\Skype.exe
E:\Programas\Winamp\winamp.exe
E:\Programas\Firefox\firefox.exe
E:\Programas\Net Security\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.br/mail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...B_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Arquivos de programas\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\01.02.4000.1001\pt-br\msntb.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\01.02.4000.1001\pt-br\msntb.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [HP Software Update] "E:\Programas\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [F-Secure Manager] "E:\Programas\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "E:\Programas\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "E:\Programas\F-Secure\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [AWMON] "E:\Programas\F-Secure\Anti-Spyware\Ad-Monitor.exe"
O4 - HKLM\..\Run: [AVGCtrl] "E:\Programas\Net Security\AntiVir\AVGNT.EXE" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [eMuleAutoStart] E:\Programas\eMule\emule.exe -AutoStart
O4 - Global Startup: HP Digital Imaging Monitor.lnk = E:\Programas\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Inicialização rápida do HP Image Zone.lnk = E:\Programas\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Filtro da internet - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - E:\Programas\F-Secure\FSPC\fspcmsie.dll (file missing)
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - E:\Programas\F-Secure\FSPC\fspcmsie.dll (file missing)
O9 - Extra 'Tools' menuitem: Mostrar &lista de sites... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - E:\Programas\F-Secure\FSPC\fspcmsie.dll (file missing)
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - E:\Programas\F-Secure\FSPC\fspcmsie.dll (file missing)
O9 - Extra 'Tools' menuitem: &Suspender Filtro das Páginas - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - E:\Programas\F-Secure\FSPC\fspcmsie.dll (file missing)
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - E:\Programas\F-Secure\FSPC\fspcmsie.dll (file missing)
O9 - Extra 'Tools' menuitem: &Recusar este site - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - E:\Programas\F-Secure\FSPC\fspcmsie.dll (file missing)
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - E:\Programas\F-Secure\FSPC\fspcmsie.dll (file missing)
O9 - Extra 'Tools' menuitem: &Permitir este site - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - E:\Programas\F-Secure\FSPC\fspcmsie.dll (file missing)
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - E:\Programas\Net Security\AntiVir\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - E:\Programas\Net Security\AntiVir\AVWUPSRV.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - E:\Programas\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - E:\Programas\F-Secure\FSPC\fshttps\fshttps.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - E:\Programas\F-Secure\Common\FSMA32.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

#11 afonso.leonardo

afonso.leonardo
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:42 AM

Posted 19 September 2005 - 10:40 AM

I tried F-Secure as a security soft and had it uninstalled, but when I try to install zonealarm, it says there are incompatibilities with f-sec. And I can't delete its files also.
I was being advised by jahewi in another topic, but I'm starting a new one with the latest log. Here it goes:

Logfile of HijackThis v1.99.1
Scan saved at 12:39:43, on 19/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
E:\Programas\HP\HP Software Update\HPWuSchd2.exe
C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe
C:\Arquivos de programas\Java\jre1.5.0_04\bin\jusched.exe
E:\Programas\F-Secure\Common\FSM32.EXE
E:\Programas\Net Security\AntiVir\AVGNT.EXE
C:\WINDOWS\system32\ctfmon.exe
E:\Programas\eMule\emule.exe
E:\Programas\Net Security\AntiVir\AVGUARD.EXE
E:\Programas\Net Security\AntiVir\AVWUPSRV.EXE
C:\WINDOWS\system32\rundll32.exe
E:\Programas\F-Secure\Anti-Virus\fsgk32st.exe
E:\Programas\HP\Digital Imaging\bin\hpqtra08.exe
E:\Programas\F-Secure\Anti-Virus\FSGK32.EXE
E:\Programas\F-Secure\Common\FSMA32.EXE
E:\Programas\F-Secure\Common\FSMB32.EXE
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
E:\Programas\F-Secure\Anti-Virus\fssm32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
E:\Programas\F-Secure\Common\FCH32.EXE
E:\Programas\F-Secure\Common\FAMEH32.EXE
E:\Programas\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Arquivos de programas\HP\hpcoretech\comp\hptskmgr.exe
E:\Programas\HP\Digital Imaging\bin\hpqgalry.exe
E:\Programas\Firefox\firefox.exe
E:\Programas\DC++\DCPlusPlus.exe
E:\Programas\Net Security\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.br/mail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...B_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\NETSEC~1\SPYBOT~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Arquivos de programas\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\01.02.4000.1001\pt-br\msntb.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\01.02.4000.1001\pt-br\msntb.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [HP Software Update] "E:\Programas\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [F-Secure Manager] "E:\Programas\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "E:\Programas\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "E:\Programas\F-Secure\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [AWMON] "E:\Programas\F-Secure\Anti-Spyware\Ad-Monitor.exe"
O4 - HKLM\..\Run: [AVGCtrl] "E:\Programas\Net Security\AntiVir\AVGNT.EXE" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [eMuleAutoStart] E:\Programas\eMule\emule.exe -AutoStart
O4 - Global Startup: HP Digital Imaging Monitor.lnk = E:\Programas\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Inicialização rápida do HP Image Zone.lnk = E:\Programas\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Filtro da internet - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - E:\Programas\F-Secure\FSPC\fspcmsie.dll (file missing)
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - E:\Programas\F-Secure\FSPC\fspcmsie.dll (file missing)
O9 - Extra 'Tools' menuitem: Mostrar &lista de sites... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - E:\Programas\F-Secure\FSPC\fspcmsie.dll (file missing)
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - E:\Programas\F-Secure\FSPC\fspcmsie.dll (file missing)
O9 - Extra 'Tools' menuitem: &Suspender Filtro das Páginas - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - E:\Programas\F-Secure\FSPC\fspcmsie.dll (file missing)
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - E:\Programas\F-Secure\FSPC\fspcmsie.dll (file missing)
O9 - Extra 'Tools' menuitem: &Recusar este site - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - E:\Programas\F-Secure\FSPC\fspcmsie.dll (file missing)
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - E:\Programas\F-Secure\FSPC\fspcmsie.dll (file missing)
O9 - Extra 'Tools' menuitem: &Permitir este site - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - E:\Programas\F-Secure\FSPC\fspcmsie.dll (file missing)
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - E:\Programas\Net Security\AntiVir\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - E:\Programas\Net Security\AntiVir\AVWUPSRV.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - E:\Programas\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - E:\Programas\F-Secure\FSPC\fshttps\fshttps.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - E:\Programas\F-Secure\Common\FSMA32.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

Please help!

#12 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,522 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:42 AM

Posted 23 September 2005 - 12:51 AM

Hi afonso.leonardo,

I merged your new topic with the original thread. Please stick to the one thread for the same issue. Jahewi probably just missed the email notice, so I'll send a PM to make sure it is seen now.

The fate of all mankind, I see

Is in the hands of fools

--King Crimson


#13 jahewi

jahewi

    Anti-Malware Helper


  • Members
  • 52 posts
  • OFFLINE
  •  
  • Location:Always nearby
  • Local time:09:42 AM

Posted 23 September 2005 - 04:17 PM

Hi afonso.leonardo,

Sorry for the delay!
Like Papakid said, i missed the notification, becourse you posted your answer in a different topic ;)

What i can see in your HijackThis-log is that F-Secure is fully operational.
That's why i want to ask you to look into your software-list (Start > Controlpanel > Install or remove software) and make sure there are no F-Secure-programs installed anymore ...
If there are still F-Secure-programs installed, then try to uninstall them from that list, in Save Mode

If that doesn't work, or if F-Secure isn't in the programs-list anymore, try to uninstall it from the F-Secure folder:
Click Start > Program Files > F-Secure Anti-Virus and click Uninstall F-Secure


After you tried those 2 options, let me know how it wend ;)


Jan :thumbsup:
Posted Image
... the best defence against malware is common sense ... ;)

#14 afonso.leonardo

afonso.leonardo
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:42 AM

Posted 23 September 2005 - 07:01 PM

Thanks man.
It is not in the program list and when I try to run the uninstall file, it tells me to use the control panel.
I have now installed AntiVir, Spyware Blaster end SpyBot, and the WinXP Firewall is on. Is that enough?

I'll send a new log.

#15 afonso.leonardo

afonso.leonardo
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:42 AM

Posted 23 September 2005 - 07:05 PM

Logfile of HijackThis v1.99.1
Scan saved at 21:04:54, on 23/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
E:\Programas\HP\HP Software Update\HPWuSchd2.exe
C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe
C:\Arquivos de programas\Java\jre1.5.0_04\bin\jusched.exe
E:\Programas\F-Secure\Common\FSM32.EXE
E:\Programas\Net Security\AntiVir\AVGNT.EXE
C:\WINDOWS\system32\ctfmon.exe
E:\Programas\eMule\emule.exe
E:\Programas\Net Security\AntiVir\AVGUARD.EXE
E:\Programas\Net Security\AntiVir\AVWUPSRV.EXE
E:\Programas\F-Secure\Anti-Virus\fsgk32st.exe
E:\Programas\F-Secure\Anti-Virus\FSGK32.EXE
E:\Programas\F-Secure\Common\FSMA32.EXE
C:\WINDOWS\system32\rundll32.exe
E:\Programas\F-Secure\Common\FSMB32.EXE
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
E:\Programas\HP\Digital Imaging\bin\hpqtra08.exe
E:\Programas\F-Secure\Anti-Virus\fssm32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
E:\Programas\F-Secure\Common\FCH32.EXE
C:\WINDOWS\system32\svchost.exe
E:\Programas\F-Secure\Common\FAMEH32.EXE
E:\Programas\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\wscntfy.exe
E:\Programas\HP\Digital Imaging\bin\hpqgalry.exe
E:\Programas\DC++\DCPlusPlus.exe
E:\Programas\Players\BSPlayer\bsplayer.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
E:\Programas\Net Security\AntiVir\AVWIN.EXE
E:\Programas\Net Security\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.br/mail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...B_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\NETSEC~1\SPYBOT~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Arquivos de programas\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\01.02.4000.1001\pt-br\msntb.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\01.02.4000.1001\pt-br\msntb.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [HP Software Update] "E:\Programas\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [F-Secure Manager] "E:\Programas\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "E:\Programas\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "E:\Programas\F-Secure\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [AWMON] "E:\Programas\F-Secure\Anti-Spyware\Ad-Monitor.exe"
O4 - HKLM\..\Run: [AVGCtrl] E:\Programas\Net Security\AntiVir\AVGNT.EXE /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [eMuleAutoStart] E:\Programas\eMule\emule.exe -AutoStart
O4 - Global Startup: HP Digital Imaging Monitor.lnk = E:\Programas\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Inicialização rápida do HP Image Zone.lnk = E:\Programas\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Filtro da internet - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - E:\Programas\F-Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - E:\Programas\F-Secure\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Mostrar &lista de sites... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - E:\Programas\F-Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - E:\Programas\F-Secure\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Suspender Filtro das Páginas - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - E:\Programas\F-Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - E:\Programas\F-Secure\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Recusar este site - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - E:\Programas\F-Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - E:\Programas\F-Secure\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Permitir este site - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - E:\Programas\F-Secure\FSPC\fspcmsie.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - E:\Programas\Net Security\AntiVir\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - E:\Programas\Net Security\AntiVir\AVWUPSRV.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - E:\Programas\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - E:\Programas\F-Secure\FSPC\fshttps\fshttps.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - E:\Programas\F-Secure\Common\FSMA32.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users