[resolvido] Log Do Hijackthis

FredAsterr · Janeiro 15, 2007

LOG

Logfile of HijackThis v1.99.1

Scan saved at 14:56:12, on 15-01-2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\RunDLL32.EXE

C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O4 - HKLM\..\Run: [kav] "C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Antivírus para Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll

O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)

JackSSA · Janeiro 15, 2007

Uma perguntinha, você aplicou algum Fix nas entradas do Hijackthis?

FredAsterr · Janeiro 16, 2007

acho k não ... Pk k diz isso?

FredAsterr · Janeiro 16, 2007

JackSSA · Janeiro 16, 2007

Baixe o KillBox

Salve em uma pasta em C:\

Abra o KillBox e marque Delete on Reboot e na caixa Full Path of File to Delete coloque esta linha: C:\WINDOWS\system32\cmd32.exe

Clique no botão Vermelho com um X, e ao perguntar Reboot Now? Clique em Não.

Abra o Hijackthis, clique em Do scan a system only, marque as entradas abaixo e clique no botão Fix Checked.

O3 - Toolbar: Alexa - {3CEFF6CD-6F08-4e4d-BCCD-FF7415288C3B} - C:\WINDOWS\system32\SHDOCVW.DLL

O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\system32\cmd32.exe internat.dll,LoadKeyboardProfile

O8 - Extra context menu item: Alexa Web Search - http://client.alexa.com/holiday/script/actions/search.htm

O8 - Extra context menu item: Get Alexa Data - http://client.alexa.com/holiday/script/actions/sitedata.htm

O8 - Extra context menu item: Mail to a Friend... - http://client.alexa.com/holiday/script/actions/mailto.htm

O8 - Extra context menu item: See Related Links - http://client.alexa.com/holiday/script/actions/related.htm

O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/actions/review.htm

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)

Reinicie e poste um novo Log do Hijackthis.

FredAsterr · Janeiro 17, 2007

Logfile of HijackThis v1.99.1

Scan saved at 11:37:17, on 17-01-2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5700.0006)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Programas\Microsoft IntelliType Pro\type32.exe

C:\Programas\Microsoft IntelliPoint\point32.exe

C:\Programas\Java\jre1.5.0_10\bin\jusched.exe

C:\Programas\Samsung\SmarThru\PORTCTRL.EXE

C:\Programas\MessengerPlus! 3\MsgPlus.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0P1.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Programas\QuickTime\qttask.exe

C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Programas\GetRight\getright.exe

C:\Programas\MSN Toolbar Suite\DS\02.05.0001.1119\pt-br\bin\WindowsSearch.exe

C:\Programas\GetRight\getright.exe

C:\WINDOWS\System32\svchost.exe

C:\Programas\MSN Toolbar Suite\DS\02.05.0001.1119\pt-br\bin\WindowsSearchIndexer.exe

C:\Programas\MSN Messenger\msnmsgr.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.MSN.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.MSN.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=552...cid={SUB_CLCID}

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.MSN.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O1 - Hosts: 194.79.73.118 pombaldir.com

O1 - Hosts: 194.79.73.118 www.pombaldir.com

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Programas\GetRight\xx2gr.dll

O2 - BHO: FlpLauncher Class - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\Programas\E-Book Systems\FlipAlbum 5 Pro\FpLaunch.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.5.0_10\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programas\google\googletoolbar1.dll

O2 - BHO: Barra do MSN Busca Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programas\MSN Toolbar Suite\também\02.05.0000.1082\pt-br\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programas\google\googletoolbar1.dll

O3 - Toolbar: Barra do MSN Busca - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programas\MSN Toolbar Suite\também\02.05.0000.1082\pt-br\msntb.dll

O4 - HKLM\..\Run: [ATIPTA] C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [type32] "C:\Programas\Microsoft IntelliType Pro\type32.exe"

O4 - HKLM\..\Run: [intelliPoint] "C:\Programas\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programas\Java\jre1.5.0_10\bin\jusched.exe"

O4 - HKLM\..\Run: [GW Port Controller] C:\Programas\Samsung\SmarThru\PORTCTRL.EXE

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programas\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [EPSON PictureMate] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0P1.EXE /P17 "EPSON PictureMate" /O5 "LPT1:" /M "PictureMate"

O4 - HKLM\..\Run: [sbad] C:\SuperBock\ActiveDesktop\restart.bat

O4 - HKLM\..\Run: [FlashSaver] C:\PROGRA~1\FLASHS~1.0\FlashSaver.exe -mini

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [KAVWks50] "C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\kav.exe" /minimize /chkas

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programas\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [shareaza] "C:\Programas\Shareaza\Shareaza.exe" -tray

O4 - HKCU\..\Run: [AdobeUpdater] C:\Programas\Ficheiros comuns\Adobe\Updater\AdobeUpdater.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Programas\MSN Messenger\msnmsgr.exe" /background

O4 - Startup: Adobe Gamma.lnk = C:\Programas\Ficheiros comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Programas\GetRight\getright.exe

O4 - Global Startup: Windows Desktop Search.lnk = C:\Programas\MSN Toolbar Suite\DS\02.05.0001.1119\pt-br\bin\WindowsSearch.exe

O8 - Extra context menu item: &Google Search - res://c:\programas\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &MSN Busca - res://C:\Programas\MSN Toolbar Suite\também\02.05.0000.1082\pt-br\msntb.dll/search.htm

O8 - Extra context menu item: &Save Flash In This Page - C:\PROGRA~1\FLASHS~1.0\save.htm

O8 - Extra context menu item: &Translate English Word - res://c:\programas\google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\programas\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programas\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: Download with GetRight - C:\Programas\GetRight\GRdownload.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Open with GetRight Browser - C:\Programas\GetRight\GRbrowse.htm

O8 - Extra context menu item: Similar Pages - res://c:\programas\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Sothink SWF Catcher - C:\Programas\Ficheiros comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O8 - Extra context menu item: Translate Page into English - res://c:\programas\google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1.0\save.htm

O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1.0\save.htm

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL

O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programas\Ficheiros comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programas\Ficheiros comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)

O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.MSN.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.MSN.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.MSN.com/binary/MineS...er.cab31267.cab

O16 - DPF: {2EF3FB47-7B1E-4536-BA4D-51427BD45DFA} (PIXACO Drag and Drop upload plugin) - http://www.pixaco.pt/static/download/pixacodndupload.cab

O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.MSN.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.MSN.com/AppD...ap/PhtPkMSN.cab

O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.MSN.com/AppD...ap/DigWXMSN.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.MSN.com/binary/Solit...wn.cab31267.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{0154046C-BDB2-4F9F-A8A8-DD826FAAF2EC}: NameServer = 195.23.129.126,194.79.69.222

O17 - HKLM\System\CS1\Services\Tcpip\..\{0154046C-BDB2-4F9F-A8A8-DD826FAAF2EC}: NameServer = 195.23.129.126,194.79.69.222

O17 - HKLM\System\CS2\Services\Tcpip\..\{0154046C-BDB2-4F9F-A8A8-DD826FAAF2EC}: NameServer = 195.23.129.126,194.79.69.222

O18 - Protocol: asp - {8D32BA61-D15B-11D4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll

O18 - Protocol: ezpp - {810403FA-E82E-11D5-8AAB-0010A404A3DE} - C:\WINDOWS\system32\EZTOOL~1.DLL

O18 - Protocol: hsp - {8D32BA61-D15B-11D4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programas\Ficheiros comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: x-asp - {8D32BA61-D15B-11D4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll

O18 - Protocol: x-hsp - {8D32BA61-D15B-11D4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programas\Ficheiros comuns\Microsoft Shared\OFFICE12\MSOXMLMF.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Kaspersky Anti-Virus Service (kavsvc) - Kaspersky Lab - C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\kavsvc.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programas\Ficheiros comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programas\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: wampapache - Unknown owner - c:\wamp\apache2\bin\Apache.exe" -k runservice (file missing)

O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe

JackSSA · Janeiro 17, 2007

Você conhece esta entrada?

O4 - HKLM\..\Run: [sbad] C:\SuperBock\ActiveDesktop\restart.bat

FredAsterr · Janeiro 18, 2007

Sim é de um screensaver da superbook... pK?

poderá esta aí o virus????

JackSSA · Janeiro 18, 2007

Baixe o Hoster Descompacte, abra o Programa, clique em Restore Microsoft’s Original Hosts File.

Faça este scan on-line e poste o resultado final aqui no Tópico:

http://www.pandasoftware.com/activescan/ac...can/ascan_2.asp

FredAsterr · Janeiro 19, 2007

Incident Status Location

Adware:adware/beehappyy Not disinfected c:\windows\system32\z14.exe

Adware:adware/spysheriff Not disinfected C:\Documents and Settings\Posto_3\Menu Iniciar\Programas\SpySheriff

Adware:adware/alexa-toolbar Not disinfected c:\programas\Alexa Toolbar

Virus:Bck/mIRCBased.X Not disinfected C:\Documentos joana\Programas\scoop2004.exe[mirc.exe]

Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Compt_1\Cookies\compt_1@2o7[2].txt

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Compt_1\Cookies\compt_1@ad.yieldmanager[2].txt

Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Compt_1\Cookies\compt_1@adtech[2].txt

Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Compt_1\Cookies\compt_1@adultfriendfinder[1].txt

Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Compt_1\Cookies\compt_1@advertising[1].txt

Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Compt_1\Cookies\compt_1@atdmt[2].txt

Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\Compt_1\Cookies\compt_1@centrport[1].txt

Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\Compt_1\Cookies\compt_1@data.coremetrics[1].txt

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Compt_1\Cookies\compt_1@doubleclick[2].txt

Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Compt_1\Cookies\compt_1@errorsafe[2].txt

Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Compt_1\Cookies\compt_1@fastclick[2].txt

Spyware:Cookie/Itrack Not disinfected C:\Documents and Settings\Compt_1\Cookies\compt_1@ilead.itrack[1].txt

Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Compt_1\Cookies\compt_1@media.fastclick[1].txt

Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Compt_1\Cookies\compt_1@mediaplex[1].txt

Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Compt_1\Cookies\compt_1@revenue[2].txt

Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Compt_1\Cookies\compt_1@stats1.reliablestats[2].txt

Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Compt_1\Cookies\compt_1@tribalfusion[1].txt

Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Compt_1\Cookies\compt_1@winfixer[2].txt

Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Compt_1\Cookies\compt_1@www.errorsafe[1].txt

Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Compt_1\Cookies\compt_1@zedo[2].txt

Potentially unwanted tool:Application/MyWay Not disinfected C:\Documents and Settings\Posto_3\Ambiente de trabalho\Fred\Prog\ Sothink SWF Decompiler MX 2005 + crack\swfdec\data1.cab[MySetp.exe]

Dialer:Dialer.IQK Not disinfected C:\Documents and Settings\Posto_3\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\ActiveXComponent.class-2cd8806b-19215ca8.class

Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@2o7[2].txt

Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@888[2].txt

Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@adrevolver[2].txt

Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@ads.pointroll[2].txt

Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@adtech[2].txt

Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@adultfriendfinder[2].txt

Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@advertising[1].txt

Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@apmebf[1].txt

Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@as-eu.falkag[2].txt

Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@as-us.falkag[2].txt

Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@as1.falkag[1].txt

Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@atdmt[2].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@bannerlandia.com[1].txt

Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@belnk[1].txt

Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@bfast[2].txt

Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@bluestreak[2].txt

Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@bravenet[2].txt

Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@bs.serving-sys[2].txt

Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@burstnet[2].txt

Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@casalemedia[2].txt

Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@centrport[2].txt

Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@cgi-bin[3].txt

Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@citi.bridgetrack[2].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@com[1].txt

Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@counter.hitslink[1].txt

Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@counter9.sextracker[1].txt

Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@cs.sexcounter[2].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@de.uol.com[1].txt

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@doubleclick[1].txt

Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@ehg-ati.hitbox[2].txt

Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@ehg.hitbox[2].txt

Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@fastclick[2].txt

Spyware:Cookie/Comclick Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@fl01.ct2.comclick[1].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@google.com[1].txt

Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@hitbox[2].txt

Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@hotlog[2].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@ig.com[1].txt

Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@int.sitestat[1].txt

Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@int.sitestat[2].txt

Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@landing.domainsponsor[2].txt

Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@media.adrevolver[1].txt

Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@mediaplex[1].txt

Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@overture[2].txt

Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@perf.overture[1].txt

Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@qksrv[2].txt

Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@questionmarket[1].txt

Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@realmedia[1].txt

Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@revenue[1].txt

Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@searchportal.information[2].txt

Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@server.iad.liveperson[1].txt

Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@serving-sys[2].txt

Spyware:Cookie/SexList Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@sexlist[1].txt

Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@sextracker[2].txt

Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@spylog[1].txt

Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@stat.onestat[2].txt

Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@statcounter[1].txt

Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@statse.webtrendslive[1].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@terra.com[1].txt

Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@tradedoubler[2].txt

Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@trafficmp[2].txt

Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@tribalfusion[1].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@uol.com[1].txt

Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@valueclick[2].txt

Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@weborama[2].txt

Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@www2.addfreestats[1].txt

Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@www6.addfreestats[1].txt

Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@xiti[1].txt

Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@yadro[2].txt

Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@zedo[2].txt

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Posto_3\Definições locais\Temp\Cookies\posto_3@ad.yieldmanager[2].txt

Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Posto_3\Definições locais\Temp\Cookies\posto_3@adtech[2].txt

Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Posto_3\Definições locais\Temp\Cookies\posto_3@bravenet[2].txt

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Posto_3\Definições locais\Temp\Cookies\posto_3@doubleclick[1].txt

Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Posto_3\Definições locais\Temp\Cookies\posto_3@fastclick[1].txt

Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Posto_3\Definições locais\Temp\Cookies\posto_3@landing.domainsponsor[1].txt

Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Posto_3\Definições locais\Temp\Cookies\posto_3@media.fastclick[2].txt

Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Posto_3\Definições locais\Temp\Cookies\posto_3@revenue[2].txt

Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\Posto_3\Definições locais\Temp\Cookies\posto_3@spylog[1].txt

Virus:Trj/Downloader.KWU Disinfected C:\Documents and Settings\Posto_3\Definições locais\Temp\dkrendis.tmp

Hacktool:Exploit/LoadImage Not disinfected C:\Documents and Settings\Posto_3\Definições locais\Temp\Ficheiros temporários da Internet\Content.IE5\CPEFSH67\free[1].anr

Adware:Adware/Alexa-Toolbar Not disinfected C:\Downloads\AlexaInstaller.exe

Adware:Adware/SpySheriff Not disinfected C:\Program Files\SpySheriff\heur000.dll

Adware:Adware/SpySheriff Not disinfected C:\Program Files\SpySheriff\heur001.dll

Adware:Adware/SpySheriff Not disinfected C:\Program Files\SpySheriff\heur002.dll

Adware:Adware/SpySheriff Not disinfected C:\Program Files\SpySheriff\heur003.dll

Adware:Adware/SpywareNo Not disinfected C:\Program Files\SpySheriff\IESecurity.dll

Adware:Adware/SpywareNo Not disinfected C:\Program Files\SpySheriff\ProcMon.dll

Adware:Adware/SpySheriff Not disinfected C:\Program Files\SpySheriff\SpySheriff.exe

Adware:Adware/Spytrooper Not disinfected C:\Program Files\SpySheriff\Uninstall.exe

Adware:Adware/Alexa-Toolbar Not disinfected C:\Programas\Alexa Toolbar\uninstall.exe

Virus:Trj/Jupillites.P Disinfected C:\WINDOWS\system32\msdtkysx.dll

Virus:Trj/Jupillites.P Disinfected C:\WINDOWS\thunderbird.exe

Virus:W32/Mytob.DR.worm Disinfected Pastas locais\A receber\Your Email Account is Suspended For Security Reasons\email-doc.zip[email-doc.txt .pif]

JackSSA · Janeiro 19, 2007

Faça o download do SmitFraudFix

Descompacte o conteúdo do arquivo SmitfraudFix.zip para uma pasta própria na sua área de trabalho.

Talvez você queira imprimir essas instruções ou salvá-las em um arquivo texto para fácil acesso.

Reinicie o computador no Modo de Segurança apertando F8 logo que iniciar até aparecer um menu onde você pode selecionar a opção Modo Seguro ou Modo de Segurança.

Entre na pasta criada para o SmitFraudFix e rode o SmitfraudFix.cmd. Aperte a opção 2 e aperte Enter.
Quando aparecer a mensagem "Do you want to clean the registry ?" aperte y e aperte Enter.
Reinicie o computador normalmente.

Faça e poste um novo log do HijackThis.

Na sua resposta, poste também o log do SmitFraudFix, que estará no arquivo rapport.txt em C:\ ou na partição onde está instalado o sistema.

FredAsterr · Janeiro 23, 2007

Logfile of HijackThis v1.99.1

Scan saved at 14:16:59, on 23-01-2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5700.0006)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\Ati2evxx.exe

C:\Programas\Analog Devices\SoundMAX\SMAgent.exe

C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Programas\Microsoft IntelliType Pro\type32.exe

C:\Programas\Microsoft IntelliPoint\point32.exe

C:\Programas\Java\jre1.5.0_10\bin\jusched.exe

C:\Programas\Samsung\SmarThru\PORTCTRL.EXE

C:\Programas\MessengerPlus! 3\MsgPlus.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0P1.EXE

C:\Programas\QuickTime\qttask.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programas\Shareaza\Shareaza.exe

C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Programas\GetRight\getright.exe

C:\Programas\MSN Toolbar Suite\DS\02.05.0001.1119\pt-br\bin\WindowsSearch.exe

C:\Programas\GetRight\getright.exe

C:\Programas\MSN Toolbar Suite\DS\02.05.0001.1119\pt-br\bin\WindowsSearchIndexer.exe

C:\Programas\MSN Messenger\msnmsgr.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\explorer.exe