Jump to content
Fórum Script Brasil
  • 0

[resolvido] Log Do Hijackthis


FredAsterr

Question

LOG

Logfile of HijackThis v1.99.1

Scan saved at 14:56:12, on 15-01-2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\RunDLL32.EXE

C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O4 - HKLM\..\Run: [kav] "C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Antivírus para Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll

O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)

Link to comment
Share on other sites

14 answers to this question

Recommended Posts

  • 0

Baixe o KillBox

Salve em uma pasta em C:\

Abra o KillBox e marque Delete on Reboot e na caixa Full Path of File to Delete coloque esta linha: C:\WINDOWS\system32\cmd32.exe

Clique no botão Vermelho com um X, e ao perguntar Reboot Now? Clique em Não.

Abra o Hijackthis, clique em Do scan a system only, marque as entradas abaixo e clique no botão Fix Checked.

O3 - Toolbar: Alexa - {3CEFF6CD-6F08-4e4d-BCCD-FF7415288C3B} - C:\WINDOWS\system32\SHDOCVW.DLL

O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\system32\cmd32.exe internat.dll,LoadKeyboardProfile

O8 - Extra context menu item: Alexa Web Search - http://client.alexa.com/holiday/script/actions/search.htm

O8 - Extra context menu item: Get Alexa Data - http://client.alexa.com/holiday/script/actions/sitedata.htm

O8 - Extra context menu item: Mail to a Friend... - http://client.alexa.com/holiday/script/actions/mailto.htm

O8 - Extra context menu item: See Related Links - http://client.alexa.com/holiday/script/actions/related.htm

O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/actions/review.htm

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)

Reinicie e poste um novo Log do Hijackthis.

Link to comment
Share on other sites

  • 0

Logfile of HijackThis v1.99.1

Scan saved at 11:37:17, on 17-01-2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5700.0006)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Programas\Microsoft IntelliType Pro\type32.exe

C:\Programas\Microsoft IntelliPoint\point32.exe

C:\Programas\Java\jre1.5.0_10\bin\jusched.exe

C:\Programas\Samsung\SmarThru\PORTCTRL.EXE

C:\Programas\MessengerPlus! 3\MsgPlus.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0P1.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Programas\QuickTime\qttask.exe

C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Programas\GetRight\getright.exe

C:\Programas\MSN Toolbar Suite\DS\02.05.0001.1119\pt-br\bin\WindowsSearch.exe

C:\Programas\GetRight\getright.exe

C:\WINDOWS\System32\svchost.exe

C:\Programas\MSN Toolbar Suite\DS\02.05.0001.1119\pt-br\bin\WindowsSearchIndexer.exe

C:\Programas\MSN Messenger\msnmsgr.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.MSN.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.MSN.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=552...cid={SUB_CLCID}

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.MSN.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O1 - Hosts: 194.79.73.118 pombaldir.com

O1 - Hosts: 194.79.73.118 www.pombaldir.com

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Programas\GetRight\xx2gr.dll

O2 - BHO: FlpLauncher Class - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\Programas\E-Book Systems\FlipAlbum 5 Pro\FpLaunch.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.5.0_10\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programas\google\googletoolbar1.dll

O2 - BHO: Barra do MSN Busca Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programas\MSN Toolbar Suite\também\02.05.0000.1082\pt-br\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programas\google\googletoolbar1.dll

O3 - Toolbar: Barra do MSN Busca - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programas\MSN Toolbar Suite\também\02.05.0000.1082\pt-br\msntb.dll

O4 - HKLM\..\Run: [ATIPTA] C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [type32] "C:\Programas\Microsoft IntelliType Pro\type32.exe"

O4 - HKLM\..\Run: [intelliPoint] "C:\Programas\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programas\Java\jre1.5.0_10\bin\jusched.exe"

O4 - HKLM\..\Run: [GW Port Controller] C:\Programas\Samsung\SmarThru\PORTCTRL.EXE

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programas\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [EPSON PictureMate] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0P1.EXE /P17 "EPSON PictureMate" /O5 "LPT1:" /M "PictureMate"

O4 - HKLM\..\Run: [sbad] C:\SuperBock\ActiveDesktop\restart.bat

O4 - HKLM\..\Run: [FlashSaver] C:\PROGRA~1\FLASHS~1.0\FlashSaver.exe -mini

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [KAVWks50] "C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\kav.exe" /minimize /chkas

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programas\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [shareaza] "C:\Programas\Shareaza\Shareaza.exe" -tray

O4 - HKCU\..\Run: [AdobeUpdater] C:\Programas\Ficheiros comuns\Adobe\Updater\AdobeUpdater.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Programas\MSN Messenger\msnmsgr.exe" /background

O4 - Startup: Adobe Gamma.lnk = C:\Programas\Ficheiros comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Programas\GetRight\getright.exe

O4 - Global Startup: Windows Desktop Search.lnk = C:\Programas\MSN Toolbar Suite\DS\02.05.0001.1119\pt-br\bin\WindowsSearch.exe

O8 - Extra context menu item: &Google Search - res://c:\programas\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &MSN Busca - res://C:\Programas\MSN Toolbar Suite\também\02.05.0000.1082\pt-br\msntb.dll/search.htm

O8 - Extra context menu item: &Save Flash In This Page - C:\PROGRA~1\FLASHS~1.0\save.htm

O8 - Extra context menu item: &Translate English Word - res://c:\programas\google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\programas\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programas\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: Download with GetRight - C:\Programas\GetRight\GRdownload.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Open with GetRight Browser - C:\Programas\GetRight\GRbrowse.htm

O8 - Extra context menu item: Similar Pages - res://c:\programas\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Sothink SWF Catcher - C:\Programas\Ficheiros comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O8 - Extra context menu item: Translate Page into English - res://c:\programas\google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1.0\save.htm

O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1.0\save.htm

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL

O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programas\Ficheiros comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programas\Ficheiros comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)

O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.MSN.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.MSN.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.MSN.com/binary/MineS...er.cab31267.cab

O16 - DPF: {2EF3FB47-7B1E-4536-BA4D-51427BD45DFA} (PIXACO Drag and Drop upload plugin) - http://www.pixaco.pt/static/download/pixacodndupload.cab

O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.MSN.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.MSN.com/AppD...ap/PhtPkMSN.cab

O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.MSN.com/AppD...ap/DigWXMSN.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.MSN.com/binary/Solit...wn.cab31267.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{0154046C-BDB2-4F9F-A8A8-DD826FAAF2EC}: NameServer = 195.23.129.126,194.79.69.222

O17 - HKLM\System\CS1\Services\Tcpip\..\{0154046C-BDB2-4F9F-A8A8-DD826FAAF2EC}: NameServer = 195.23.129.126,194.79.69.222

O17 - HKLM\System\CS2\Services\Tcpip\..\{0154046C-BDB2-4F9F-A8A8-DD826FAAF2EC}: NameServer = 195.23.129.126,194.79.69.222

O18 - Protocol: asp - {8D32BA61-D15B-11D4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll

O18 - Protocol: ezpp - {810403FA-E82E-11D5-8AAB-0010A404A3DE} - C:\WINDOWS\system32\EZTOOL~1.DLL

O18 - Protocol: hsp - {8D32BA61-D15B-11D4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programas\Ficheiros comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: x-asp - {8D32BA61-D15B-11D4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll

O18 - Protocol: x-hsp - {8D32BA61-D15B-11D4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programas\Ficheiros comuns\Microsoft Shared\OFFICE12\MSOXMLMF.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Kaspersky Anti-Virus Service (kavsvc) - Kaspersky Lab - C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\kavsvc.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programas\Ficheiros comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programas\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: wampapache - Unknown owner - c:\wamp\apache2\bin\Apache.exe" -k runservice (file missing)

O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe

Link to comment
Share on other sites

  • 0

Incident Status Location

Adware:adware/beehappyy Not disinfected c:\windows\system32\z14.exe

Adware:adware/spysheriff Not disinfected C:\Documents and Settings\Posto_3\Menu Iniciar\Programas\SpySheriff

Adware:adware/alexa-toolbar Not disinfected c:\programas\Alexa Toolbar

Virus:Bck/mIRCBased.X Not disinfected C:\Documentos joana\Programas\scoop2004.exe[mirc.exe]

Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Compt_1\Cookies\compt_1@2o7[2].txt

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Compt_1\Cookies\compt_1@ad.yieldmanager[2].txt

Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Compt_1\Cookies\compt_1@adtech[2].txt

Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Compt_1\Cookies\compt_1@adultfriendfinder[1].txt

Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Compt_1\Cookies\compt_1@advertising[1].txt

Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Compt_1\Cookies\compt_1@atdmt[2].txt

Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\Compt_1\Cookies\compt_1@centrport[1].txt

Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\Compt_1\Cookies\compt_1@data.coremetrics[1].txt

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Compt_1\Cookies\compt_1@doubleclick[2].txt

Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Compt_1\Cookies\compt_1@errorsafe[2].txt

Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Compt_1\Cookies\compt_1@fastclick[2].txt

Spyware:Cookie/Itrack Not disinfected C:\Documents and Settings\Compt_1\Cookies\compt_1@ilead.itrack[1].txt

Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Compt_1\Cookies\compt_1@media.fastclick[1].txt

Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Compt_1\Cookies\compt_1@mediaplex[1].txt

Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Compt_1\Cookies\compt_1@revenue[2].txt

Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Compt_1\Cookies\compt_1@stats1.reliablestats[2].txt

Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Compt_1\Cookies\compt_1@tribalfusion[1].txt

Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Compt_1\Cookies\compt_1@winfixer[2].txt

Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Compt_1\Cookies\compt_1@www.errorsafe[1].txt

Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Compt_1\Cookies\compt_1@zedo[2].txt

Potentially unwanted tool:Application/MyWay Not disinfected C:\Documents and Settings\Posto_3\Ambiente de trabalho\Fred\Prog\ Sothink SWF Decompiler MX 2005 + crack\swfdec\data1.cab[MySetp.exe]

Dialer:Dialer.IQK Not disinfected C:\Documents and Settings\Posto_3\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\ActiveXComponent.class-2cd8806b-19215ca8.class

Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@2o7[2].txt

Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@888[2].txt

Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@adrevolver[2].txt

Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@ads.pointroll[2].txt

Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@adtech[2].txt

Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@adultfriendfinder[2].txt

Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@advertising[1].txt

Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@apmebf[1].txt

Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@as-eu.falkag[2].txt

Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@as-us.falkag[2].txt

Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@as1.falkag[1].txt

Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@atdmt[2].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@bannerlandia.com[1].txt

Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@belnk[1].txt

Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@bfast[2].txt

Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@bluestreak[2].txt

Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@bravenet[2].txt

Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@bs.serving-sys[2].txt

Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@burstnet[2].txt

Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@casalemedia[2].txt

Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@centrport[2].txt

Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@cgi-bin[3].txt

Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@citi.bridgetrack[2].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@com[1].txt

Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@counter.hitslink[1].txt

Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@counter9.sextracker[1].txt

Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@cs.sexcounter[2].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@de.uol.com[1].txt

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@doubleclick[1].txt

Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@ehg-ati.hitbox[2].txt

Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@ehg.hitbox[2].txt

Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@fastclick[2].txt

Spyware:Cookie/Comclick Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@fl01.ct2.comclick[1].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@google.com[1].txt

Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@hitbox[2].txt

Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@hotlog[2].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@ig.com[1].txt

Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@int.sitestat[1].txt

Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@int.sitestat[2].txt

Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@landing.domainsponsor[2].txt

Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@media.adrevolver[1].txt

Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@mediaplex[1].txt

Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@overture[2].txt

Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@perf.overture[1].txt

Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@qksrv[2].txt

Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@questionmarket[1].txt

Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@realmedia[1].txt

Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@revenue[1].txt

Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@searchportal.information[2].txt

Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@server.iad.liveperson[1].txt

Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@serving-sys[2].txt

Spyware:Cookie/SexList Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@sexlist[1].txt

Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@sextracker[2].txt

Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@spylog[1].txt

Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@stat.onestat[2].txt

Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@statcounter[1].txt

Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@statse.webtrendslive[1].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@terra.com[1].txt

Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@tradedoubler[2].txt

Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@trafficmp[2].txt

Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@tribalfusion[1].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@uol.com[1].txt

Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@valueclick[2].txt

Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@weborama[2].txt

Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@www2.addfreestats[1].txt

Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@www6.addfreestats[1].txt

Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@xiti[1].txt

Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@yadro[2].txt

Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@zedo[2].txt

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Posto_3\Definições locais\Temp\Cookies\posto_3@ad.yieldmanager[2].txt

Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Posto_3\Definições locais\Temp\Cookies\posto_3@adtech[2].txt

Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Posto_3\Definições locais\Temp\Cookies\posto_3@bravenet[2].txt

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Posto_3\Definições locais\Temp\Cookies\posto_3@doubleclick[1].txt

Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Posto_3\Definições locais\Temp\Cookies\posto_3@fastclick[1].txt

Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Posto_3\Definições locais\Temp\Cookies\posto_3@landing.domainsponsor[1].txt

Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Posto_3\Definições locais\Temp\Cookies\posto_3@media.fastclick[2].txt

Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Posto_3\Definições locais\Temp\Cookies\posto_3@revenue[2].txt

Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\Posto_3\Definições locais\Temp\Cookies\posto_3@spylog[1].txt

Virus:Trj/Downloader.KWU Disinfected C:\Documents and Settings\Posto_3\Definições locais\Temp\dkrendis.tmp

Hacktool:Exploit/LoadImage Not disinfected C:\Documents and Settings\Posto_3\Definições locais\Temp\Ficheiros temporários da Internet\Content.IE5\CPEFSH67\free[1].anr

Adware:Adware/Alexa-Toolbar Not disinfected C:\Downloads\AlexaInstaller.exe

Adware:Adware/SpySheriff Not disinfected C:\Program Files\SpySheriff\heur000.dll

Adware:Adware/SpySheriff Not disinfected C:\Program Files\SpySheriff\heur001.dll

Adware:Adware/SpySheriff Not disinfected C:\Program Files\SpySheriff\heur002.dll

Adware:Adware/SpySheriff Not disinfected C:\Program Files\SpySheriff\heur003.dll

Adware:Adware/SpywareNo Not disinfected C:\Program Files\SpySheriff\IESecurity.dll

Adware:Adware/SpywareNo Not disinfected C:\Program Files\SpySheriff\ProcMon.dll

Adware:Adware/SpySheriff Not disinfected C:\Program Files\SpySheriff\SpySheriff.exe

Adware:Adware/Spytrooper Not disinfected C:\Program Files\SpySheriff\Uninstall.exe

Adware:Adware/Alexa-Toolbar Not disinfected C:\Programas\Alexa Toolbar\uninstall.exe

Virus:Trj/Jupillites.P Disinfected C:\WINDOWS\system32\msdtkysx.dll

Virus:Trj/Jupillites.P Disinfected C:\WINDOWS\thunderbird.exe

Virus:W32/Mytob.DR.worm Disinfected Pastas locais\A receber\Your Email Account is Suspended For Security Reasons\email-doc.zip[email-doc.txt .pif]

Link to comment
Share on other sites

  • 0

Faça o download do SmitFraudFix

Descompacte o conteúdo do arquivo SmitfraudFix.zip para uma pasta própria na sua área de trabalho.

Talvez você queira imprimir essas instruções ou salvá-las em um arquivo texto para fácil acesso.

Reinicie o computador no Modo de Segurança apertando F8 logo que iniciar até aparecer um menu onde você pode selecionar a opção Modo Seguro ou Modo de Segurança.

  • Entre na pasta criada para o SmitFraudFix e rode o SmitfraudFix.cmd. Aperte a opção 2 e aperte Enter.

    Quando aparecer a mensagem "Do you want to clean the registry ?" aperte y e aperte Enter.

  • Reinicie o computador normalmente.
Faça e poste um novo log do HijackThis.

Na sua resposta, poste também o log do SmitFraudFix, que estará no arquivo rapport.txt em C:\ ou na partição onde está instalado o sistema.

Link to comment
Share on other sites

  • 0

Logfile of HijackThis v1.99.1

Scan saved at 14:16:59, on 23-01-2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5700.0006)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\Ati2evxx.exe

C:\Programas\Analog Devices\SoundMAX\SMAgent.exe

C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Programas\Microsoft IntelliType Pro\type32.exe

C:\Programas\Microsoft IntelliPoint\point32.exe

C:\Programas\Java\jre1.5.0_10\bin\jusched.exe

C:\Programas\Samsung\SmarThru\PORTCTRL.EXE

C:\Programas\MessengerPlus! 3\MsgPlus.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0P1.EXE

C:\Programas\QuickTime\qttask.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programas\Shareaza\Shareaza.exe

C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Programas\GetRight\getright.exe

C:\Programas\MSN Toolbar Suite\DS\02.05.0001.1119\pt-br\bin\WindowsSearch.exe

C:\Programas\GetRight\getright.exe

C:\Programas\MSN Toolbar Suite\DS\02.05.0001.1119\pt-br\bin\WindowsSearchIndexer.exe

C:\Programas\MSN Messenger\msnmsgr.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.MSN.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.MSN.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.MSN.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O1 - Hosts: 194.79.73.118 pombaldir.com

O1 - Hosts: 194.79.73.118 www.pombaldir.com

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Programas\GetRight\xx2gr.dll

O2 - BHO: FlpLauncher Class - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\Programas\E-Book Systems\FlipAlbum 5 Pro\FpLaunch.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.5.0_10\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programas\google\googletoolbar1.dll

O2 - BHO: Barra do MSN Busca Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programas\MSN Toolbar Suite\também\02.05.0000.1082\pt-br\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programas\google\googletoolbar1.dll

O3 - Toolbar: Barra do MSN Busca - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programas\MSN Toolbar Suite\também\02.05.0000.1082\pt-br\msntb.dll

O4 - HKLM\..\Run: [ATIPTA] C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [type32] "C:\Programas\Microsoft IntelliType Pro\type32.exe"

O4 - HKLM\..\Run: [intelliPoint] "C:\Programas\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programas\Java\jre1.5.0_10\bin\jusched.exe"

O4 - HKLM\..\Run: [GW Port Controller] C:\Programas\Samsung\SmarThru\PORTCTRL.EXE

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programas\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [EPSON PictureMate] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0P1.EXE /P17 "EPSON PictureMate" /O5 "LPT1:" /M "PictureMate"

O4 - HKLM\..\Run: [sbad] C:\SuperBock\ActiveDesktop\restart.bat

O4 - HKLM\..\Run: [FlashSaver] C:\PROGRA~1\FLASHS~1.0\FlashSaver.exe -mini

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [KAVWks50] "C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\kav.exe" /minimize /chkas

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programas\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [shareaza] "C:\Programas\Shareaza\Shareaza.exe" -tray

O4 - HKCU\..\Run: [AdobeUpdater] C:\Programas\Ficheiros comuns\Adobe\Updater\AdobeUpdater.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Programas\MSN Messenger\msnmsgr.exe" /background

O4 - Startup: Adobe Gamma.lnk = C:\Programas\Ficheiros comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Programas\GetRight\getright.exe

O4 - Global Startup: Windows Desktop Search.lnk = C:\Programas\MSN Toolbar Suite\DS\02.05.0001.1119\pt-br\bin\WindowsSearch.exe

O8 - Extra context menu item: &Google Search - res://c:\programas\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &MSN Busca - res://C:\Programas\MSN Toolbar Suite\também\02.05.0000.1082\pt-br\msntb.dll/search.htm

O8 - Extra context menu item: &Save Flash In This Page - C:\PROGRA~1\FLASHS~1.0\save.htm

O8 - Extra context menu item: &Translate English Word - res://c:\programas\google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\programas\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programas\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: Download with GetRight - C:\Programas\GetRight\GRdownload.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Open with GetRight Browser - C:\Programas\GetRight\GRbrowse.htm

O8 - Extra context menu item: Similar Pages - res://c:\programas\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Sothink SWF Catcher - C:\Programas\Ficheiros comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O8 - Extra context menu item: Translate Page into English - res://c:\programas\google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1.0\save.htm

O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1.0\save.htm

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL

O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programas\Ficheiros comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programas\Ficheiros comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)

O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.MSN.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.MSN.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.MSN.com/binary/MineS...er.cab31267.cab

O16 - DPF: {2EF3FB47-7B1E-4536-BA4D-51427BD45DFA} (PIXACO Drag and Drop upload plugin) - http://www.pixaco.pt/static/download/pixacodndupload.cab

O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.MSN.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.MSN.com/AppD...ap/PhtPkMSN.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.MSN.com/AppD...ap/DigWXMSN.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.MSN.com/binary/Solit...wn.cab31267.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{0154046C-BDB2-4F9F-A8A8-DD826FAAF2EC}: NameServer = 195.23.129.126,194.79.69.222

O17 - HKLM\System\CS1\Services\Tcpip\..\{0154046C-BDB2-4F9F-A8A8-DD826FAAF2EC}: NameServer = 195.23.129.126,194.79.69.222

O17 - HKLM\System\CS2\Services\Tcpip\..\{0154046C-BDB2-4F9F-A8A8-DD826FAAF2EC}: NameServer = 195.23.129.126,194.79.69.222

O18 - Protocol: asp - {8D32BA61-D15B-11D4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll

O18 - Protocol: ezpp - {810403FA-E82E-11D5-8AAB-0010A404A3DE} - C:\WINDOWS\system32\EZTOOL~1.DLL

O18 - Protocol: hsp - {8D32BA61-D15B-11D4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programas\Ficheiros comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: x-asp - {8D32BA61-D15B-11D4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll

O18 - Protocol: x-hsp - {8D32BA61-D15B-11D4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programas\Ficheiros comuns\Microsoft Shared\OFFICE12\MSOXMLMF.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Kaspersky Anti-Virus Service (kavsvc) - Kaspersky Lab - C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\kavsvc.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programas\Ficheiros comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programas\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: wampapache - Unknown owner - c:\wamp\apache2\bin\Apache.exe" -k runservice (file missing)

O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe

SmitFraudFix v2.133

Scan done at 14:13:45,07, 23-01-2007

Run from C:\Documents and Settings\Administrador\Ambiente de trabalho\SmitfraudFix\SmitfraudFix

OS: Microsoft Windows XP [VersÆo 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

Link to comment
Share on other sites

  • 0

Baixe o Hoster descompacte-o, abra o programa, clique em Restore Microsoft’s Original Hosts File.

Abra o Bloco de Notas, copie estas linhas e salve.

C:\Downloads\AlexaInstaller.exe

C:\Program Files\SpySheriff\heur000.dll

C:\Program Files\SpySheriff\heur001.dll

C:\Program Files\SpySheriff\heur002.dll

C:\Program Files\SpySheriff\heur003.dll

C:\Program Files\SpySheriff\IESecurity.dll

C:\Program Files\SpySheriff\ProcMon.dll

C:\Program Files\SpySheriff\SpySheriff.exe

C:\Program Files\SpySheriff\Uninstall.exe

C:\Programas\Alexa Toolbar\uninstall.exe

Abra o KillBox e marque a função Delete on Reboot. Abra o Bloco de notas, selecione e copie as linhas salvas. No KillBox, clique em File, depois em Paste from Clipboard, Clique no botão All Files e clique no botão vermelhor com um X. Depois clique em Não.

Reinicie.

Delete a pasta C:\Program Files\SpySheriff

Delete a pasta !KillBox localizada em C:\ e limpe a lixeira.

Bom trabalho, seu Log está limpo. Como está o PC?

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.


  • Forum Statistics

    • Total Topics
      152.1k
    • Total Posts
      651.8k
×
×
  • Create New...