Ir ao conteúdo
  • Cadastre-se
Entre para seguir isso  
Gomezito

Ajuda P.F.

Posts recomendados

Boas Tardes!!!

Alguém podia dar uma pequena ajuda sobre este malware que não me deixa em paz

Aqui fica o log do HijackThis!!

Obrigado

C:\WINDOWS\system32\LEXPPS.EXE

C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

C:\Programas\arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Programas\Synaptics\SynTP\SynTPLpr.exe

C:\Programas\Synaptics\SynTP\SynTPEnh.exe

C:\Programas\Java\jre1.5.0_06\bin\jusched.exe

C:\WINDOWS\Twain_32\USB2.0Camera\SnapTrap.exe

C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

C:\Programas\Windows Defender\MSASCui.exe

C:\Programas\VoipBuster.com\VoipBuster\VoipBuster.exe

C:\Programas\MSN Messenger\MsnMsgr.Exe

C:\Nova pasta\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.clix.pt/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: (no name) - {8bf5b8fc-11cb-409f-8c91-4d4ca04a1b6d} - C:\Programas\TrueCodec\isaddon.dll (file missing)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Protection Bar - {1a29a79a-b9c8-44a9-bedf-7fadde3cf33f} - C:\Programas\TrueCodec\iesplugin.dll

O4 - HKLM\..\Run: [synTPLpr] C:\Programas\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Programas\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programas\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [sTICAP] C:\WINDOWS\Twain_32\USB2.0Camera\SnapTrap.exe

O4 - HKLM\..\Run: [kav] "C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"

O4 - HKLM\..\Run: [Windows Defender] "C:\Programas\Windows Defender\MSASCui.exe" -hide

O4 - HKCU\..\Run: [VoipBuster] "C:\Programas\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Programas\arquivos comuns\Autodesk Shared\acstart16.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - AppInit_DLLs: 01

O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll

O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

O21 - SSODL: clamoring - {0d9eb558-0666-479e-868a-21b1d1a53bd1} - C:\WINDOWS\system32\veklo.dll

O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Programas\arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programas\arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Alma Mater,

@- Faça o download do programa abaixo, a descompactação e reserve-o em uma pasta própria ou em seu desktop.

- Copie as instruções para o bloco de notas ou imprima!

@- Reinicie o computador em Modo Seguro (fique pressionando a tecla F8, ou F5 em alguns casos, durante a inicialização).

  • Na pasta criada (SmitfraudFix), execute a Ferramenta SmitfraudFix.cmd.
  • Escolha a opção 2 e tecle <Enter>.
  • Clique (Yes) à pergunta: "Do you want to clean the registry ?" e tecle <Enter>.

- Reserve o log: C:\rapport.txt

- Execute o HijackThis - Clique em Do a System Scan Only. Marque as caixinhas referentes às entradas relacionadas abaixo em azul. Ao final da seleção, clique em Fix Checked...

O2 - BHO: (no name) - {8bf5b8fc-11cb-409f-8c91-4d4ca04a1b6d} - C:\Programas\TrueCodec\isaddon.dll (file missing)

O3 - Toolbar: Protection Bar - {1a29a79a-b9c8-44a9-bedf-7fadde3cf33f} - C:\Programas\TrueCodec\iesplugin.dll

O20 - AppInit_DLLs: 01

@- Reinicie em modo normal.

- Agora, ON-LINE...

@- Faça um scan on-line em um desses links disponíveis: PANDA ou BITDEFENDER

...em todos os discos; reserve log...

Post os log do Hijack, Scan on-line, SmitfraudFix e cole-os na sequência.

<div align="center">Mr. Coruj@</div>

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bons dias!!

Abaixo ficam os logs do scan do Bitdefender, do Hjackthis e do smitfraudfix

Obrigado

BITDEFENDER SCAN

<HTML>

<HEAD>

<TITLE>BitDefender Online Scanner -Scan Report</TITLE>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">

<meta name="generator" content="Namo WebEditor v5.0(Trial)">

</HEAD>

<BODY BGCOLOR=#FFFFFF leftmargin="10" marginwidth="0" topmargin="20" marginheight="0" >

<table align="center" border="0" cellpadding="0" cellspacing="0" width="90%">

<tr>

<td width="458">

<font face="Arial" color=red>BitDefender

Online Scanner</font></p>

</td>

<td width="40%">

</p>

</td>

<td width="10%">

</p>

</td>

</tr>

<tr>

<td colspan="3" width="912">

<font face="Arial">Scan report generated

at: Fri, Nov 10, 2006 - 11:54:39</font></p>

</td>

</tr>

<tr>

<td width="458">

<font face="Arial"></font></p>

</td>

<td width="40%">

</p>

</td>

<td width="10%">

</p>

</td>

</tr>

<tr>

<td width="458">

<font face="Arial">Scan

path: C:\;E:\;</font></p>

</td>

<td width="40%">

</p>

</td>

<td width="10%">

</p>

</td>

</tr>

<tr>

<td width="458">

<font face="Arial"></font></p>

</td>

<td width="40%">

</p>

</td>

<td width="10%">

</p>

</td>

</tr>

<tr>

<td width="458">

<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">

<tr>

<td width="451" colspan="2" bgcolor="#CCCCCC">

<font face="Arial" size="2">Statistics</font></p>

</td>

</tr>

<tr>

<td width="57%">

<font face="Arial" size="2">Time</font></p>

</td>

<td width="43%" align="right">

<font face="Arial" size="2">00:32:33</font></p>

</td>

</tr>

<tr>

<td width="57%">

<font face="Arial" size="2">Files</font></p>

</td>

<td width="43%" align="right">

<font face="Arial" size="2">233323</font></p>

</td>

</tr>

<tr>

<td width="57%">

<font face="Arial" size="2">Folders</font></p>

</td>

<td width="43%" align="right">

<font face="Arial" size="2">3001</font></p>

</td>

</tr>

<tr>

<td width="57%">

<font face="Arial" size="2">Boot Sectors</font></p>

</td>

<td width="43%" align="right">

<font face="Arial" size="2">5</font></p>

</td>

</tr>

<tr>

<td width="57%">

<font face="Arial" size="2">Archives</font></p>

</td>

<td width="43%" align="right">

<font face="Arial" size="2">1062</font></p>

</td>

</tr>

<tr>

<td width="57%">

<font face="Arial" size="2">Packed Files</font></p>

</td>

<td width="43%" align="right">

<font face="Arial" size="2">34721</font></p>

</td>

</tr>

</table>

</td>

<td width="40%">

</p>

</td>

<td width="10%">

</p>

</td>

</tr>

<tr>

<td width="458">

<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">

<tr>

<td width="451" colspan="2" bgcolor="#CCCCCC">

<font face="Arial" size="2">Results</font></p>

</td>

</tr>

<tr>

<td width="57%">

<font face="Arial" size="2">Identified Viruses </font></p>

</td>

<td width="43%" align="right">

<font face="Arial" size="2">1</font></p>

</td>

</tr>

<tr>

<td width="57%">

<font face="Arial" size="2">Infected Files </font></p>

</td>

<td width="43%" align="right">

<font face="Arial" size="2">3</font></p>

</td>

</tr>

<tr>

<td width="57%">

<font face="Arial" size="2">SuspectFiles </font></p>

</td>

<td width="43%" align="right">

<font face="Arial" size="2">0</font></p>

</td>

</tr>

<tr>

<td width="57%">

<font face="Arial" size="2">Warnings</font></p>

</td>

<td width="43%" align="right">

<font face="Arial" size="2">0</font></p>

</td>

</tr>

<tr>

<td width="57%">

<font face="Arial" size="2">Disinfected</font></p>

</td>

<td width="43%" align="right">

<font face="Arial" size="2">0</font></p>

</td>

</tr>

<tr>

<td width="57%">

<font face="Arial" size="2">Deleted Files</font></p>

</td>

<td width="43%" align="right">

<font face="Arial" size="2">3</font></p>

</td>

</tr>

</table>

</td>

<td width="40%">

</p>

</td>

<td width="10%">

</p>

</td>

</tr>

<tr>

<td width="458">

<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">

<tr>

<td width="451" colspan="2" bgcolor="#CCCCCC">

<font face="Arial" size="2">Engines Info</font></p>

</td>

</tr>

<tr>

<td width="57%">

<font face="Arial" size="2">Virus Definitions</font></p>

</td>

<td width="43%" align="right">

<font face="Arial" size="2">313487</font></p>

</td>

</tr>

<tr>

<td width="57%">

<font face="Arial" size="2">Engine build</font></p>

</td>

<td width="43%" align="right">

<font face="Arial" size="2">AVCORE v1.0 (build 2355) (i386) (Sep 25 2006 13:46:24)</font></p>

</td>

</tr>

<tr>

<td width="57%">

<font face="Arial" size="2">Scan plugins</font></p>

</td>

<td width="43%" align="right">

<font face="Arial" size="2">13</font></p>

</td>

</tr>

<tr>

<td width="57%">

<font face="Arial" size="2">Archive plugins</font></p>

</td>

<td width="43%" align="right">

<font face="Arial" size="2">38</font></p>

</td>

</tr>

<tr>

<td width="57%">

<font face="Arial" size="2">Unpack plugins</font></p>

</td>

<td width="43%" align="right">

<font face="Arial" size="2">6</font></p>

</td>

</tr>

<tr>

<td width="57%">

<font face="Arial" size="2">E-mail plugins</font></p>

</td>

<td width="43%" align="right">

<font face="Arial" size="2">6</font></p>

</td>

</tr>

<tr>

<td width="57%">

<font face="Arial" size="2">Systemplugins</font></p>

</td>

<td width="43%" align="right">

<font face="Arial" size="2">1</font></p>

</td>

</tr>

</table>

</td>

<td width="40%">

</p>

</td>

<td width="10%">

</p>

</td>

</tr>

<tr>

<td width="458">

<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">

<tr>

<td width="451" colspan="2" bgcolor="#CCCCCC">

<font face="Arial" size="2">Scan Settings</font></p>

</td>

</tr>

<tr>

<td width="57%">

<font face="Arial" size="2">First Action</font></p>

</td>

<td width="43%" align="right">

<font face="Arial" size="2">Disinfect</font></p>

</td>

</tr>

<tr>

<td width="57%">

<font face="Arial" size="2">Second Action</font></p>

</td>

<td width="43%" align="right">

<font face="Arial" size="2">Delete</font></p>

</td>

</tr>

<tr>

<td width="57%">

<font face="Arial" size="2">Heuristics</font></p>

</td>

<td width="43%" align="right">

<font face="Arial" size="2">Yes</font></p>

</td>

</tr>

<tr>

<td width="57%">

<font face="Arial" size="2">Enable Warnings</font></p>

</td>

<td width="43%" align="right">

<font face="Arial" size="2">Yes</font></p>

</td>

</tr>

<tr>

<td width="57%">

<font face="Arial" size="2">Scanned Extensions</font></p>

</td>

<td width="43%" align="right">

<font face="Arial" size="2">*;</font></p>

</td>

</tr>

<tr>

<td width="57%">

<font face="Arial" size="2">Exclude Extensions</font></p>

</td>

<td width="43%" align="right">

<font face="Arial" size="2"></font></p>

</td>

</tr>

<tr>

<td width="57%">

<font face="Arial" size="2">Scan Emails</font></p>

</td>

<td width="43%" align="right">

<font face="Arial" size="2">Yes</font></p>

</td>

</tr>

<tr>

<td width="57%">

<font face="Arial" size="2">Scan Archives</font></p>

</td>

<td width="43%" align="right">

<font face="Arial" size="2">Yes</font></p>

</td>

</tr>

<tr>

<td width="57%">

<font face="Arial" size="2">Scan Packed</font></p>

</td>

<td width="43%" align="right">

<font face="Arial" size="2">Yes</font></p>

</td>

</tr>

<tr>

<td width="57%">

<font face="Arial" size="2">Scan Files</font></p>

</td>

<td width="43%" align="right">

<font face="Arial" size="2">Yes</font></p>

</td>

</tr>

<tr>

<td width="57%">

<font face="Arial" size="2">Scan Boot</font></p>

</td>

<td width="43%" align="right">

<font face="Arial" size="2">Yes</font></p>

</td>

</tr>

</table>

</td>

<td width="40%">

</p>

</td>

<td width="10%">

</p>

</td>

</tr>

<tr>

<td colspan=2>

<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">

<tr>

<td width="252" bgcolor="#CCCCCC">

<font face="Arial" size="2">Scanned File</font></p>

</td>

<td width="195" bgcolor="#CCCCCC" align="right">

<p align="left"><font size="2" face="Arial">Status</font></p>

</td>

</tr>

<tr>

<td width="57%">

<font face="Arial" size="2">C:\Documents and Settings\Administrador\Ambiente de trabalho\virus blaster\AdwareAway.exe=>(Inno Installer o)=>(Inno Module 9)</font></p>

</td>

<td width="43%" align="left">

<font face="Arial" size="2">Infected with: Generic.Malware.sp!.FC7A718F</font></p>

</td>

</tr><tr>

<td width="57%">

<font face="Arial" size="2">C:\Documents and Settings\Administrador\Ambiente de trabalho\virus blaster\AdwareAway.exe=>(Inno Installer o)=>(Inno Module 9)</font></p>

</td>

<td width="43%" align="left">

<font face="Arial" size="2">Disinfection failed</font></p>

</td>

</tr><tr>

<td width="57%">

<font face="Arial" size="2">C:\Documents and Settings\Administrador\Ambiente de trabalho\virus blaster\AdwareAway.exe=>(Inno Installer o)=>(Inno Module 9)</font></p>

</td>

<td width="43%" align="left">

<font face="Arial" size="2">Deleted</font></p>

</td>

</tr><tr>

<td width="57%">

<font face="Arial" size="2">C:\Documents and Settings\Administrador\Ambiente de trabalho\virus blaster\AdwareAway.exe=>(Inno Installer o)</font></p>

</td>

<td width="43%" align="left">

<font face="Arial" size="2">Update failed</font></p>

</td>

</tr><tr>

<td width="57%">

<font face="Arial" size="2">C:\Documents and Settings\Administrador\Ambiente de trabalho\virus blaster\AdwareAway_2.2.3.exe=>(Inno Installer o)=>(Inno Module 9)</font></p>

</td>

<td width="43%" align="left">

<font face="Arial" size="2">Infected with: Generic.Malware.sp!.FC7A718F</font></p>

</td>

</tr><tr>

<td width="57%">

<font face="Arial" size="2">C:\Documents and Settings\Administrador\Ambiente de trabalho\virus blaster\AdwareAway_2.2.3.exe=>(Inno Installer o)=>(Inno Module 9)</font></p>

</td>

<td width="43%" align="left">

<font face="Arial" size="2">Disinfection failed</font></p>

</td>

</tr><tr>

<td width="57%">

<font face="Arial" size="2">C:\Documents and Settings\Administrador\Ambiente de trabalho\virus blaster\AdwareAway_2.2.3.exe=>(Inno Installer o)=>(Inno Module 9)</font></p>

</td>

<td width="43%" align="left">

<font face="Arial" size="2">Deleted</font></p>

</td>

</tr><tr>

<td width="57%">

<font face="Arial" size="2">C:\Documents and Settings\Administrador\Ambiente de trabalho\virus blaster\AdwareAway_2.2.3.exe=>(Inno Installer o)</font></p>

</td>

<td width="43%" align="left">

<font face="Arial" size="2">Update failed</font></p>

</td>

</tr><tr>

<td width="57%">

<font face="Arial" size="2">C:\Documents and Settings\Administrador\Ambiente de trabalho\virus blaster\malware_300804.zip=>AdwareAway_2.2.3.exe=>(Inno Installer o)=>(Inno Module 9)</font></p>

</td>

<td width="43%" align="left">

<font face="Arial" size="2">Infected with: Generic.Malware.sp!.FC7A718F</font></p>

</td>

</tr><tr>

<td width="57%">

<font face="Arial" size="2">C:\Documents and Settings\Administrador\Ambiente de trabalho\virus blaster\malware_300804.zip=>AdwareAway_2.2.3.exe=>(Inno Installer o)=>(Inno Module 9)</font></p>

</td>

<td width="43%" align="left">

<font face="Arial" size="2">Disinfection failed</font></p>

</td>

</tr><tr>

<td width="57%">

<font face="Arial" size="2">C:\Documents and Settings\Administrador\Ambiente de trabalho\virus blaster\malware_300804.zip=>AdwareAway_2.2.3.exe=>(Inno Installer o)=>(Inno Module 9)</font></p>

</td>

<td width="43%" align="left">

<font face="Arial" size="2">Deleted</font></p>

</td>

</tr><tr>

<td width="57%">

<font face="Arial" size="2">C:\Documents and Settings\Administrador\Ambiente de trabalho\virus blaster\malware_300804.zip=>AdwareAway_2.2.3.exe=>(Inno Installer o)</font></p>

</td>

<td width="43%" align="left">

<font face="Arial" size="2">Update failed</font></p>

</td>

</tr>

</table>

</td>

<td width="10%">

</p>

</td>

</tr>

<tr>

<td width="458">

<font face="Arial"></font></p>

</td>

<td width="40%">

</p>

</td>

<td width="10%">

</p>

</td>

</tr>

<tr>

<td width="458">

<font face="Arial"></font></p>

</td>

<td width="40%">

</p>

</td>

<td width="10%">

</p>

</td>

</tr>

</table>

</p>

</body>

</html>

HjackThis

Logfile of HijackThis v1.99.1

Scan saved at 11:14:16, on 10-11-2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Programas\Synaptics\SynTP\SynTPLpr.exe

C:\Programas\Synaptics\SynTP\SynTPEnh.exe

C:\Programas\Java\jre1.5.0_06\bin\jusched.exe

C:\WINDOWS\Twain_32\USB2.0Camera\SnapTrap.exe

C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

C:\Programas\Windows Defender\MSASCui.exe

C:\Programas\VoipBuster.com\VoipBuster\VoipBuster.exe

C:\Programas\MSN Messenger\MsnMsgr.Exe

C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

C:\Programas\arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\system32\svchost.exe

F:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [synTPLpr] C:\Programas\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Programas\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programas\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [sTICAP] C:\WINDOWS\Twain_32\USB2.0Camera\SnapTrap.exe

O4 - HKLM\..\Run: [kav] "C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"

O4 - HKLM\..\Run: [Windows Defender] "C:\Programas\Windows Defender\MSASCui.exe" -hide

O4 - HKCU\..\Run: [VoipBuster] "C:\Programas\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Programas\arquivos comuns\Autodesk Shared\acstart16.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll

O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Programas\arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programas\arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

SmitFraudfix

SmitFraudFix v2.120

Scan done at 11:07:04,39, 10-11-2006

Run from C:\Documents and Settings\Jose Torres\Ambiente de trabalho\SmitfraudFix

OS: Microsoft Windows XP [VersÆo 5.1.2600] - Windows_NT

Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"{C9FA1DC9-1FB3-C2A8-2F1A-DC1A33E7AF9D}"="Prestige Software"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"{27321538-5739-4aa1-b84c-7d18e4383f1f}"="ferrateen"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"{0d9eb558-0666-479e-868a-21b1d1a53bd1}"="clamoring"

[HKEY_CLASSES_ROOT\CLSID\{0d9eb558-0666-479e-868a-21b1d1a53bd1}\InProcServer32]

@="C:\WINDOWS\system32\veklo.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0d9eb558-0666-479e-868a-21b1d1a53bd1}\InProcServer32]

@="C:\WINDOWS\system32\veklo.dll"

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

C:\WINDOWS\system32\veklo.dll -> Hoax.Win32.Renos.gen.g

C:\WINDOWS\system32\veklo.dll -> Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\ot.ico Deleted

C:\WINDOWS\system32\1024\ Deleted

C:\DOCUME~1\ALLUSE~1\AMBIEN~1\Online Security Guide.url Deleted

C:\DOCUME~1\JOSETO~1\FAVORI~1\Antivirus Test Online.url Deleted

C:\DOCUME~1\ALLUSE~1\MENUIN~1\Online Security Guide.url Deleted

C:\DOCUME~1\ALLUSE~1\MENUIN~1\Security Troubleshooting.url Deleted

C:\Programas\eMedia Codec\ Deleted

C:\Programas\iVideoCodec\ Deleted

C:\Programas\TrueCodec\ Deleted

C:\Programas\VirusBursters\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

Compartilhar este post


Link para o post
Compartilhar em outros sites

<div align="center">Alma Mater,

O seu log está LIMPO! Mais algum problema relacionado com os malwares?

Se até amanhã o seu sistema não apresentar nenhum problema, desabilite e reabilite a Restauração do Sistema.

Poderá clicar no botão ALERTAR, informar ao moderador da área que o problema foi resolvido e que o tópico já pode ser fechado.

Conte sempre com a ajuda do pessoal do fórum do Clube do Hardware.</div>

<div align="center">Obrigado pelo retorno e um forte abraço!</div>

<div align="center">buho8xs.gif</div>

<div align="center">Mr. Coruj@</div>

Compartilhar este post


Link para o post
Compartilhar em outros sites
Entre para seguir isso  





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×
×
  • Criar novo...

Aprenda_a_Ler_Resistores_e_Capacitores-capa-3d-newsletter.jpg

EBOOK GRÁTIS!

CLIQUE AQUI E BAIXE AGORA MESMO!