WINXP, é só entrar na net pelo IE que ele abre uma segunda página com endereço randomico.
Foi rodado o AdWare, o Spyboot, o PestPatrol e a praga não sai :x
Segue abaixo o log do HijackThis:
Logfile of HijackThis v1.97.7
Scan saved at 09:51:47, on 25/3/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\System32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\System32\sm56hlpr.exe
H:\WINDOWS\System32\Fmctrl.EXE
H:\Arquivos de programas\ATI Technologies\ATI Control Panel\atiptaxx.exe
H:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe
H:\Arquivos de programas\iGv6\Discador iG.exe
H:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
H:\Arquivos de programas\MSN Apps\Updater\01.02.3000.1001\pt-br\msnappau.exe
H:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
H:\Arquivos de programas\InkSaver\InkSaver.exe
H:\ARQUIV~1\PESTPA~1\PPControl.exe
H:\ARQUIV~1\PESTPA~1\PPMemCheck.exe
H:\ARQUIV~1\PESTPA~1\CookiePatrol.exe
H:\Arquivos de programas\MSN Messenger\msnmsgr.exe
H:\VCool\VCool.exe
H:\ARQUIV~1\ICQ\ICQ.exe
H:\Arquivos de programas\Logitech\MouseWare\system\em_exec.exe
H:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccProxy.exe
H:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe
H:\Arquivos de programas\ewido\security suite\ewidoctrl.exe
H:\Arquivos de programas\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
H:\Arquivos de programas\No-IP\DUC20.exe
H:\Arquivos de programas\Norton Internet Security Professional\Norton AntiVirus\AdvTools\NPROTECT.EXE
H:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe
H:\WINDOWS\System32\svchost.exe
H:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe
H:\Arquivos de programas\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe
H:\Arquivos de programas\Outlook Express\msimn.exe
H:\Arquivos de programas\Internet Explorer\iexplore.exe
H:\Nova pasta\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://farejador.ig.com.br/ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://farejador.ig.com.br
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://farejador.ig.com.br/ie/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - H:\Arquivos de programas\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: (no name) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - H:\Arquivos de programas\Arquivos comuns\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - H:\Arquivos de programas\MSN Apps\MSN Toolbar\01.02.3000.1001\pt-br\msntb.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - H:\Arquivos de programas\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - H:\WINDOWS\Downloaded Program Files\gbieh.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - H:\Arquivos de programas\Arquivos comuns\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - H:\Arquivos de programas\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - H:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - H:\Arquivos de programas\MSN Apps\MSN Toolbar\01.02.3000.1001\pt-br\msntb.dll
O4 - HKLM\..\Run: [SM56ACL] sm56hlpr.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [FmctrlTray] Fmctrl.EXE
O4 - HKLM\..\Run: [ATIPTA] H:\Arquivos de programas\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ccApp] "H:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] H:\ARQUIV~1\NORTON~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Mirabilis ICQ] H:\ARQUIV~1\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [NeroCheck] H:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] H:\ARQUIV~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Discador iG] "H:\Arquivos de programas\iGv6\Discador iG.exe" boot
O4 - HKLM\..\Run: [TkBellExe] "H:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [msnappau] "H:\Arquivos de programas\MSN Apps\Updater\01.02.3000.1001\pt-br\msnappau.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] H:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [InkSaver] H:\Arquivos de programas\InkSaver\InkSaver.exe hide
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [PestPatrol Control Center] H:\ARQUIV~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] H:\ARQUIV~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] H:\ARQUIV~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [MCAgentExe] h:\ARQUIV~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] h:\ARQUIV~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [_AntiSpyware] H:\Arquivos de programas\McAfee\McAfee AntiSpyware\MssCli.exe
O4 - HKLM\..\Run: [msci] H:\DOCUME~1\ANDR~1\CONFIG~1\Temp\200532420653_mcinfo.exe /insfin
O4 - HKCU\..\Run: [msnmsgr] "H:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: VCool.lnk = H:\VCool\VCool.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = H:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = H:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://H:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 (HKLM)
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {826804C4-A71F-4CFF-BBC1-C8EC2FECA55B} (AddrAccess Control) - http://br.kibop.com/html/friends/addr_import/CleonOCX.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D9CE2963-8547-4C18-A4CE-DA27278310D8} (Instalador Remoto UOL) - http://download.uol.com.br/discadorUOL/light/UOLActiveInstall.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_3_16_0.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{67D1370E-3683-454F-90A4-EF46016E5FA8}: NameServer = 200.204.0.10 200.204.0.138
Se alguém puder dar uma luz, agradeço