Ir ao conteúdo
  • Cadastre-se
Entre para seguir isso  
hamiltonm

Socorro virus do email do cartão

Recommended Posts

Logfile of HijackThis v1.99.1

Scan saved at 18:48:59, on 03/01/06

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gratis.com.br

R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\ARQUIVOS DE PROGRAMAS\ICQTOOLBAR\TOOLBAR.DLL

F1 - win.ini: run=hpfsched

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\ARQUIVOS DE PROGRAMAS\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX

O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Arquivos de programas\NewDotNet\newdotnet3_88.dll (file missing)

O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\ARQUIVOS DE PROGRAMAS\ICQTOOLBAR\TOOLBAR.DLL

O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [CountrySelection] pctptt.exe

O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe

O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [LexStart] Lexstart.exe

O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe

O4 - HKLM\..\Run: [tspuf] C:\ARQUIVOS DE PROGRAMAS\TELEFONICA\SPEEDY\SATUF.exe

O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A

O4 - HKLM\..\Run: [RealTray] C:\Arquivos de programas\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [LVComs] C:\WINDOWS\SYSTEM\LVComS.exe

O4 - HKLM\..\Run: [instantAccess] C:\Arquivos de programas\ScannerP\TBRIDGE\BIN\InstantAccess.EXE /h

O4 - HKLM\..\Run: [RegisterDropHandler] C:\Arquivos de programas\ScannerP\TBRIDGE\BIN\RegisterDropHandler.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\ARQUIV~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP

O4 - HKLM\..\Run: [AVG7_EMC] C:\ARQUIV~1\GRISOFT\AVGFRE~1\AVGEMC.EXE

O4 - HKLM\..\Run: [AVG7_AMSVR] C:\ARQUIV~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE

O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\Arquivos de programas\ScannerP\TBRIDGE\BIN\RegisterDropHandler.EXE

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\RunServices: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE

O4 - Startup: WinZip Quick Pick.lnk = C:\Arquivos de programas\WinZip\WZQKPICK.EXE

O4 - Startup: Action Manager 32.lnk = C:\Arquivos de programas\ScannerP\Am32.exe

O4 - Startup: Picture Package VCD Maker.lnk = C:\Meus documentos\Picture Package Applications\Residence.exe

O4 - Startup: Picture Package Menu.lnk = C:\Meus documentos\Picture Package Menu\SonyTray.exe

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm595YYBR

O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\ARQUIVOS DE PROGRAMAS\ICQTOOLBAR\TOOLBAR.DLL/SEARCH.HTML

O10 - Broken Internet access because of LSP provider 'c:\arquivos de programas\newdotnet\newdotnet3_88.dll' missing

O12 - Plugin for .spop: C:\ARQUIV~1\INTERN~1\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.gratis.com.br

O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 192.168.0.1

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Faça o download do WinsockFix mas não o execute ainda;

- Abra o Painel de Controle > Adicionar e Remover Programas e desinstale:

NewDot.Net ou NewNet.Domains

- Gere um novo log em modo normal e cole na sua resposta.

- Se você tiver problemas com a conexão, execute o WinsockFix.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Logfile of HijackThis v1.99.1

Scan saved at 20:11:58, on 03/01/06

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\ptsnoop.exe

C:\WINDOWS\LOADQM.EXE

C:\ARQUIVOS DE PROGRAMAS\TELEFONICA\SPEEDY\SATUF.EXE

C:\ARQUIVOS DE PROGRAMAS\REAL\REALPLAYER\REALPLAY.EXE

C:\WINDOWS\SYSTEM\LVCOMS.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\LEXBCES.EXE

C:\WINDOWS\SYSTEM\QTTASK.EXE

C:\ARQUIVOS DE PROGRAMAS\GRISOFT\AVG FREE\AVGCC.EXE

C:\ARQUIVOS DE PROGRAMAS\GRISOFT\AVG FREE\AVGEMC.EXE

C:\ARQUIVOS DE PROGRAMAS\GRISOFT\AVG FREE\AVGAMSVR.EXE

C:\ARQUIVOS DE PROGRAMAS\MSN MESSENGER\MSNMSGR.EXE

C:\WINDOWS\SYSTEM\RPCSS.EXE

C:\ARQUIVOS DE PROGRAMAS\WINZIP\WZQKPICK.EXE

C:\MEUS DOCUMENTOS\PICTURE PACKAGE APPLICATIONS\RESIDENCE.EXE

C:\MEUS DOCUMENTOS\PICTURE PACKAGE MENU\SONYTRAY.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\WINDOWS\SYSTEM\LEXPPS.EXE

C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gratis.com.br

R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\ARQUIVOS DE PROGRAMAS\ICQTOOLBAR\TOOLBAR.DLL

F1 - win.ini: run=hpfsched

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\ARQUIVOS DE PROGRAMAS\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX

O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\ARQUIVOS DE PROGRAMAS\ICQTOOLBAR\TOOLBAR.DLL

O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [CountrySelection] pctptt.exe

O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe

O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [LexStart] Lexstart.exe

O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe

O4 - HKLM\..\Run: [tspuf] C:\ARQUIVOS DE PROGRAMAS\TELEFONICA\SPEEDY\SATUF.exe

O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A

O4 - HKLM\..\Run: [RealTray] C:\Arquivos de programas\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [LVComs] C:\WINDOWS\SYSTEM\LVComS.exe

O4 - HKLM\..\Run: [instantAccess] C:\Arquivos de programas\ScannerP\TBRIDGE\BIN\InstantAccess.EXE /h

O4 - HKLM\..\Run: [RegisterDropHandler] C:\Arquivos de programas\ScannerP\TBRIDGE\BIN\RegisterDropHandler.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP

O4 - HKLM\..\Run: [AVG7_EMC] C:\ARQUIV~1\GRISOFT\AVGFRE~1\AVGEMC.EXE

O4 - HKLM\..\Run: [AVG7_AMSVR] C:\ARQUIV~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE

O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\Arquivos de programas\ScannerP\TBRIDGE\BIN\RegisterDropHandler.EXE

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE

O4 - Startup: WinZip Quick Pick.lnk = C:\Arquivos de programas\WinZip\WZQKPICK.EXE

O4 - Startup: Action Manager 32.lnk = C:\Arquivos de programas\ScannerP\Am32.exe

O4 - Startup: Picture Package VCD Maker.lnk = C:\Meus documentos\Picture Package Applications\Residence.exe

O4 - Startup: Picture Package Menu.lnk = C:\Meus documentos\Picture Package Menu\SonyTray.exe

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm595YYBR

O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\ARQUIVOS DE PROGRAMAS\ICQTOOLBAR\TOOLBAR.DLL/SEARCH.HTML

O12 - Plugin for .spop: C:\ARQUIV~1\INTERN~1\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.gratis.com.br

O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 192.168.0.1

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Reinicie o computador em modo seguro (pressione F8 durante a inicialização);

- Abra o HijackThis, clique em Do a system scan only, marque as entradas abaixo e clique em Fix checked:

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm595YYBR

- Reinicie em modo normal, gere novo log e cole na sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Logfile of HijackThis v1.99.1

Scan saved at 20:46:07, on 03/01/06

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\ptsnoop.exe

C:\WINDOWS\LOADQM.EXE

C:\ARQUIVOS DE PROGRAMAS\TELEFONICA\SPEEDY\SATUF.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\ARQUIVOS DE PROGRAMAS\REAL\REALPLAYER\REALPLAY.EXE

C:\WINDOWS\SYSTEM\LVCOMS.EXE

C:\WINDOWS\SYSTEM\LEXBCES.EXE

C:\WINDOWS\SYSTEM\QTTASK.EXE

C:\ARQUIVOS DE PROGRAMAS\GRISOFT\AVG FREE\AVGCC.EXE

C:\ARQUIVOS DE PROGRAMAS\GRISOFT\AVG FREE\AVGEMC.EXE

C:\ARQUIVOS DE PROGRAMAS\GRISOFT\AVG FREE\AVGAMSVR.EXE

C:\ARQUIVOS DE PROGRAMAS\MSN MESSENGER\MSNMSGR.EXE

C:\WINDOWS\SYSTEM\RPCSS.EXE

C:\ARQUIVOS DE PROGRAMAS\WINZIP\WZQKPICK.EXE

C:\MEUS DOCUMENTOS\PICTURE PACKAGE APPLICATIONS\RESIDENCE.EXE

C:\MEUS DOCUMENTOS\PICTURE PACKAGE MENU\SONYTRAY.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\WINDOWS\SYSTEM\LEXPPS.EXE

C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gratis.com.br

R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\ARQUIVOS DE PROGRAMAS\ICQTOOLBAR\TOOLBAR.DLL

F1 - win.ini: run=hpfsched

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\ARQUIVOS DE PROGRAMAS\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX

O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\ARQUIVOS DE PROGRAMAS\ICQTOOLBAR\TOOLBAR.DLL

O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [CountrySelection] pctptt.exe

O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe

O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [LexStart] Lexstart.exe

O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe

O4 - HKLM\..\Run: [tspuf] C:\ARQUIVOS DE PROGRAMAS\TELEFONICA\SPEEDY\SATUF.exe

O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A

O4 - HKLM\..\Run: [RealTray] C:\Arquivos de programas\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [LVComs] C:\WINDOWS\SYSTEM\LVComS.exe

O4 - HKLM\..\Run: [instantAccess] C:\Arquivos de programas\ScannerP\TBRIDGE\BIN\InstantAccess.EXE /h

O4 - HKLM\..\Run: [RegisterDropHandler] C:\Arquivos de programas\ScannerP\TBRIDGE\BIN\RegisterDropHandler.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP

O4 - HKLM\..\Run: [AVG7_EMC] C:\ARQUIV~1\GRISOFT\AVGFRE~1\AVGEMC.EXE

O4 - HKLM\..\Run: [AVG7_AMSVR] C:\ARQUIV~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE

O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\Arquivos de programas\ScannerP\TBRIDGE\BIN\RegisterDropHandler.EXE

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE

O4 - Startup: WinZip Quick Pick.lnk = C:\Arquivos de programas\WinZip\WZQKPICK.EXE

O4 - Startup: Action Manager 32.lnk = C:\Arquivos de programas\ScannerP\Am32.exe

O4 - Startup: Picture Package VCD Maker.lnk = C:\Meus documentos\Picture Package Applications\Residence.exe

O4 - Startup: Picture Package Menu.lnk = C:\Meus documentos\Picture Package Menu\SonyTray.exe

O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\ARQUIVOS DE PROGRAMAS\ICQTOOLBAR\TOOLBAR.DLL/SEARCH.HTML

O12 - Plugin for .spop: C:\ARQUIV~1\INTERN~1\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.gratis.com.br

O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 192.168.0.1

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.
Entre para seguir isso  





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×