[Resolvido!]Tenho esta praga "safetyuptodate"

jjseco · Junho 12, 2006

É a primeira vez que venho a este forum, e para pedir ajuda, o meu PC tem este "safetyuptodate" em todo o lado da internet se me puderem ajudar a livrar-me dele, fico muito agradecido!

Este é o LOG criado pelo "HijackThis":

Logfile of HijackThis v1.99.1

Scan saved at 0:05:05, on 13-06-2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINXP\System32\smss.exe

C:\WINXP\SYSTEM32\winlogon.exe

C:\WINXP\system32\services.exe

C:\WINXP\system32\lsass.exe

C:\WINXP\system32\Ati2evxx.exe

C:\WINXP\system32\svchost.exe

C:\WINXP\System32\svchost.exe

C:\Programas\Ficheiros comuns\Symantec Shared\ccSetMgr.exe

C:\Programas\Ficheiros comuns\Symantec Shared\SNDSrvc.exe

C:\Programas\Ficheiros comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe

C:\WINXP\system32\spoolsv.exe

C:\Programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINXP\System32\drivers\CDAC11BA.EXE

C:\WINXP\System32\DRIVERS\CDANTSRV.EXE

G:\PROGRAMAS_INSTALADOS\spd.exe

C:\Programas\Ficheiros comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\Programas\Norton SystemWorks\Norton AntiVirus\navapsvc.exe

C:\Programas\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe

C:\PROGRA~2\NORTON~1\NORTON~1\NPROTECT.EXE

C:\Programas\Analog Devices\SoundMAX\SMAgent.exe

C:\PROGRA~2\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE

C:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINXP\System32\svchost.exe

C:\Programas\Ficheiros comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINXP\System32\UAService7.exe

C:\WINXP\SYSTEM32\Ati2evxx.exe

C:\WINXP\Explorer.EXE

C:\WINXP\system32\atmclk.exe

C:\WINXP\system32\dcomcfg.exe

C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe

C:\WINXP\system32\rundll32.exe

c:\winxp\system32\mrkscr.exe

C:\Programas\Messenger\msmsgs.exe

C:\Documents and Settings\JULIO\Ambiente de trabalho\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Peer2Mail Toolbar Helper - {4FB971C4-99FB-480d-BA3F-55B8263010FB} - C:\Programas\Peer2Mail Toolbar\v2.0.0.0\Peer2Mail_Toolbar.dll

O2 - BHO: Nothing - {686a161d-5bd1-4999-8832-6393f41e564c} - C:\WINXP\system32\hp100.tmp

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programas\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {F79A2C4B-8776-4ED7-8B2F-4786A4A3500A} - (no file)

O3 - Toolbar: Peer2Mail Toolbar - {43F2A7F9-06F6-48a5-B0DC-8530BF29CE66} - C:\Programas\Peer2Mail Toolbar\v2.0.0.0\Peer2Mail_Toolbar.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programas\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [ccApp] "C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar

O4 - HKCU\..\Run: [Pando] C:\Programas\Pando Networks\Pando\pando.exe /Automation

O4 - HKCU\..\Run: [MSMSGS] "C:\Programas\Messenger\msmsgs.exe" /background

O4 - Startup: Adobe Gamma.lnk = C:\Programas\Ficheiros comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: NETimetro.lnk = C:\Programas\NARS\NETimetro\netimetro.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: Descarga selecionada pelo Free Download Manager - file://C:\Programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Descarregar com o Free Download Manager - file://C:\Programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: Descarregar site com o Free Download Manager - file://C:\Programas\Free Download Manager\dlpage.htm

O8 - Extra context menu item: Descarregar tudo com Free Download Manager - file://C:\Programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Programas\Yahoo!\Messenger\YahooMessenger.exe

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Programas\Yahoo!\Messenger\YahooMessenger.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\winxp\system32\mkls.dll

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {1DB93715-3B60-43EE-93E6-279BB3E1DF76} (OCXDownloadChecker Control) - http://livevideo.dipmap.com/cab/OCXChecker_6110.cab

O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120299027687

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{87F3C716-E02C-4284-A98C-63C8D66F4A94}: NameServer = 195.245.176.19 194.38.131.19

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~2\MSNMES~1\msgrapp.dll" (file missing)

O20 - AppInit_DLLs: PAVWAIT.DLL

O20 - Winlogon Notify: WB - C:\PROGRA~2\OBJECT~1\WINDOW~1\fastload.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINXP\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINXP\system32\ati2sgag.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINXP\System32\drivers\CDAC11BA.EXE

O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINXP\System32\DRIVERS\CDANTSRV.EXE

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccSetMgr.exe

O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - G:\PROGRAMAS_INSTALADOS\spd.exe" -service (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programas\Norton SystemWorks\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programas\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~2\NORTON~1\NORTON~1\NPROTECT.EXE

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

O23 - Service: SAVScan - Symantec Corporation - C:\Programas\Norton SystemWorks\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~2\FICHEI~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\SNDSrvc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programas\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~2\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINXP\System32\UAService7.exe

jgarcia · Junho 15, 2006

Opa jjseco,

1. Baixe o SmitfraudFix;

2. Desabilite a proteção do seu anti-vírus (temporariamente);

3. Extraia o arquivo SmitFraudFix para o seu desktop;

4. Reinicie em Modo Seguro;

5. Execute o SmitfraudFix --> Opção 2;

6. Responda sim (oui) à pergunta sobre a limpeza no registro;

7. Aguarde o término do scan e a geração do log;

8. Reinicie em Modo Normal;

9. Poste o log do SmitfraudFix (opção 2) + log HijackThis (gerado em Modo Normal).

Aguardo retorno.

Abraços.

jjseco · Junho 15, 2006

Obrigado pela rápida resposta, junto o log do SmitfraudFix (opção 2) + log HijackThis (gerado em Modo Normal).

SmitFraudFix v2.61

Scan done at 23:59:49,57, 15-06-2006

Run from C:\Documents and Settings\JULIO\Ambiente de trabalho\hijackthis_199\SmitfraudFix\SmitfraudFix

OS: Microsoft Windows XP [VersÆo 5.1.2600] - Windows_NT

Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"{8dc1f789-e073-4363-b40d-07376bc5ecc5}"="articulation"

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINXP\system32\atmclk.exe Deleted

C:\WINXP\system32\dcomcfg.exe Deleted

C:\WINXP\system32\hp???.tmp Deleted

C:\WINXP\system32\ld????.tmp Deleted

C:\WINXP\system32\ot.ico Deleted

C:\WINXP\system32\regperf.exe Deleted

C:\WINXP\system32\simpole.tlb Deleted

C:\WINXP\system32\stdole3.tlb Deleted

C:\WINXP\system32\ts.ico Deleted

C:\WINXP\system32\1024\ Deleted

C:\DOCUME~1\ALLUSE~1\AMBIEN~1\Online Security Guide.url Deleted

C:\DOCUME~1\JULIO\FAVORI~1\Antivirus Test Online.url Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

Logfile of HijackThis v1.99.1

Scan saved at 0:07:19, on 16-06-2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINXP\System32\smss.exe

C:\WINXP\SYSTEM32\winlogon.exe

C:\WINXP\system32\services.exe

C:\WINXP\system32\lsass.exe

C:\WINXP\system32\Ati2evxx.exe

C:\WINXP\system32\svchost.exe

C:\WINXP\System32\svchost.exe

C:\Programas\Ficheiros comuns\Symantec Shared\ccSetMgr.exe

C:\Programas\Ficheiros comuns\Symantec Shared\SNDSrvc.exe

C:\Programas\Ficheiros comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe

C:\WINXP\system32\spoolsv.exe

C:\Programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINXP\System32\drivers\CDAC11BA.EXE

C:\WINXP\System32\DRIVERS\CDANTSRV.EXE

G:\PROGRAMAS_INSTALADOS\spd.exe

C:\Programas\Ficheiros comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\Programas\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe

C:\PROGRA~2\NORTON~1\NORTON~1\NPROTECT.EXE

C:\Programas\Analog Devices\SoundMAX\SMAgent.exe

C:\PROGRA~2\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE

C:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINXP\System32\svchost.exe

C:\Programas\Ficheiros comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINXP\System32\UAService7.exe

C:\WINXP\SYSTEM32\Ati2evxx.exe

C:\WINXP\Explorer.EXE

C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe

C:\WINXP\system32\rundll32.exe

C:\Programas\QuickTime\qttask.exe

C:\Programas\Messenger\msmsgs.exe

C:\Programas\NARS\NETimetro\netimetro.exe

C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\WINXP\System32\msiexec.exe

C:\WINXP\system32\wuauclt.exe

C:\Documents and Settings\JULIO\Ambiente de trabalho\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm