[Resolvido] Carissimos Estou infectado com Sheriff

[pteixeira 0]

Logfile of HijackThis v1.99.1

Scan saved at 18:04:35, on 25-08-2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programas\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Programas\Google\Google Desktop Search\GoogleDesktop.exe

C:\Programas\HP\HP Software Update\HPWuSchd2.exe

C:\Programas\Google\Google Desktop Search\GoogleDesktopIndex.exe

C:\Programas\Google\Google Desktop Search\GoogleDesktopCrawl.exe

C:\WINDOWS\System32\svchost.exe

C:\Programas\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

C:\WINDOWS\system32\stonedrv.exe

C:\WINDOWS\system32\rundll32.exe

C:\Documents and Settings\pedro_teixeira\Ambiente de trabalho\ferra\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.imasters.com.br/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

F2 - REG:system.ini: Shell=explorer.exe "C:\Programas\Ficheiros comuns\Microsoft Shared\Web Folders\ibm00001.exe"

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Programas\SiteAdvisor\SiteAdv.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Programas\SiteAdvisor\SiteAdv.dll

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programas\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [HP Software Update] C:\Programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programas\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [stonedrv] c:\windows\system32\stonedrv.exe

O4 - HKLM\..\RunServices: [stonedrv] c:\windows\system32\stonedrv.exe

O4 - HKLM\..\RunOnce: [WMC_RebootCheck] C:\WINDOWS\inf\unregmp2.exe /FixUps

O4 - HKLM\..\RunOnce: [iE 3.0 RegSvr schannel.dll] C:\WINDOWS\system32\regsvr32.exe /s C:\WINDOWS\system32\schannel.dll

O4 - HKCU\..\Run: [updateMgr] "C:\Programas\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_7 -reboot 1

O4 - HKCU\..\Run: [bitTorrent] "C:\Programas\BitTorrent\bittorrent.exe" --force_start_minimized

O4 - HKCU\..\Run: [eMuleAutoStart] C:\Programas\eMule\emule.exe -AutoStart

O4 - HKCU\..\Run: [skype] "C:\Programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [shell] "C:\Programas\Ficheiros comuns\Microsoft Shared\Web Folders\ibm00001.exe"

O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe

O4 - HKCU\..\Run: [stonedrv] c:\windows\system32\stonedrv.exe

O4 - HKCU\..\Run: [spySheriff] C:\Program Files\SpySheriff\SpySheriff.exe

O4 - HKCU\..\RunOnce: [MPlayer2_FixUp] C:\WINDOWS\inf\unregmp2.exe /Fixups

O4 - Startup: Adobe Gamma.lnk = C:\Programas\Ficheiros comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Acrobat Assistant.lnk = C:\Programas\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programas\Ficheiros comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: Converter destino de link em Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter destino de link em PDF existente - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Converter em PDF existente - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Converter links selecionados em PDF existente - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Programas\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O21 - SSODL: SysTray.Exbr - {6368D1FC-6F5C-4f1b-B164-E67214F678E9} - C:\WINDOWS\system32\acnnqmcn.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programas\Ficheiros comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: MySQL - Unknown owner - C:\Programas\MySQL\MySQL.exe (file missing)

 

Obrigado

[Sam Spade 2]

Olá pteixeira! Baixe > SmitFraudFix

 

Antes de prosseguir, desabilite a proteção do seu anti vírus. Extraia os arquivos do SmitFraudFix para o seu desktop.

 

Reinicie o PC e aperte F8 intermitentemente. No menu que vai aparecer, escolha: modo seguro.

 

Dê um duplo-clique em smitfraudfix.cmd.

Escolha a opção 2.

Quando perguntar Do you want to clean the registry? , escolha o sim (y).

 

Reinicie em modo normal, habilite novamente o seu anti vírus, faça um scan com o HijackThis e salve/poste o log, mais o log do SmitFraudFix (rapport.txt ), que encontrará em C:\

[pteixeira 0]

Oi antes de + obrigado pela ferramenta SmitfraudFix é muito bacana.

 

Rapport

 

SmitFraudFix v2.81

 

Scan done at 9:17:49,51, 28-08-2006

Run from C:\Documents and Settings\pedro_teixeira\Ambiente de trabalho

OS: Microsoft Windows XP [VersÆo 5.1.2600] - Windows_NT

Fix ran in safe mode

 

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"bestreak"="{874443fe-aa33-4ebf-a6ac-73208787e62d}"

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

 

GenericRenosFix by S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

 

C:\uniq Deleted

C:\Documents and Settings\pedro_teixeira\Application Data\Install.dat Deleted

C:\DOCUME~1\PEDRO_~1\MENUIN~1\PROGRA~1\SpySheriff Deleted

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

 

Registry Cleaning done.

 

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End

 

Tb anexo o relatório do Panda Active Scan

Incidência Estado Localização

 

Adware:adware/intcodec Não desinfectado Registo do Windows

Adware:Adware/SuperSpider Não desinfectado C:\Documents and Settings\pedro_teixeira\Ambiente de trabalho\CyberLink PowerDVD 7.0.rar[patch.exe]

Adware:Adware/DollarRevenue Não desinfectado C:\Documents and Settings\pedro_teixeira\Ambiente de trabalho\CyberLink PowerDVD 7.0.rar[crack.exe]

Ferramenta potencialmente indesejada:Application/Processor Não desinfectado C:\Documents and Settings\pedro_teixeira\Ambiente de trabalho\Process.exe

Ferramenta potencialmente indesejada:Application/Processor Não desinfectado C:\Documents and Settings\pedro_teixeira\Ambiente de trabalho\SmitfraudFix\Process.exe

Ferramenta potencialmente indesejada:Application/Processor Não desinfectado C:\Documents and Settings\pedro_teixeira\Ambiente de trabalho\SmitfraudFix.zip[smitfraudFix/Process.exe]

Spyware:Cookie/YieldManager Não desinfectado C:\Documents and Settings\pedro_teixeira\Application Data\Mozilla\Firefox\Profiles\d85hc6by.default\cookies.txt[ad.yieldmanager.com/]

Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\pedro_teixeira\Application Data\Mozilla\Firefox\Profiles\d85hc6by.default\cookies.txt[.uol.com.br/]

Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\pedro_teixeira\Application Data\Mozilla\Firefox\Profiles\d85hc6by.default\cookies.txt[de.uol.com.br/]

Spyware:Cookie/Tribalfusion Não desinfectado C:\Documents and Settings\pedro_teixeira\Application Data\Mozilla\Firefox\Profiles\d85hc6by.default\cookies.txt[.tribalfusion.com/]

Spyware:Cookie/Advertising Não desinfectado C:\Documents and Settings\pedro_teixeira\Application Data\Mozilla\Firefox\Profiles\d85hc6by.default\cookies.txt[.advertising.com/]

Spyware:Cookie/Server.iad.Liveperson Não desinfectado C:\Documents and Settings\pedro_teixeira\Application Data\Mozilla\Firefox\Profiles\d85hc6by.default\cookies.txt[server.iad.liveperson.net/hc/58873067]

Spyware:Cookie/Server.iad.Liveperson Não desinfectado C:\Documents and Settings\pedro_teixeira\Application Data\Mozilla\Firefox\Profiles\d85hc6by.default\cookies.txt[server.iad.liveperson.net/]

Spyware:Cookie/RealMedia Não desinfectado C:\Documents and Settings\pedro_teixeira\Application Data\Mozilla\Firefox\Profiles\d85hc6by.default\cookies.txt[.realmedia.com/]

Spyware:Cookie/Server.iad.Liveperson Não desinfectado C:\Documents and Settings\pedro_teixeira\Application Data\Mozilla\Firefox\Profiles\d85hc6by.default\cookies.txt[server.iad.liveperson.net/]

Spyware:Cookie/WUpd Não desinfectado C:\Documents and Settings\pedro_teixeira\Application Data\Mozilla\Firefox\Profiles\d85hc6by.default\cookies.txt[.revenue.net/]

Spyware:Cookie/Atwola Não desinfectado C:\Documents and Settings\pedro_teixeira\Application Data\Mozilla\Firefox\Profiles\d85hc6by.default\cookies.txt[.atwola.com/]

Spyware:Cookie/Doubleclick Não desinfectado C:\Documents and Settings\pedro_teixeira\Application Data\Mozilla\Firefox\Profiles\d85hc6by.default\cookies.txt[.doubleclick.net/]

Spyware:Cookie/Atlas DMT Não desinfectado C:\Documents and Settings\pedro_teixeira\Application Data\Mozilla\Firefox\Profiles\d85hc6by.default\cookies.txt[.atdmt.com/]

Spyware:Cookie/Zedo Não desinfectado C:\Documents and Settings\pedro_teixeira\Application Data\Mozilla\Firefox\Profiles\d85hc6by.default\cookies.txt[.zedo.com/]

Spyware:Cookie/GoStats Não desinfectado C:\Documents and Settings\pedro_teixeira\Application Data\Mozilla\Firefox\Profiles\d85hc6by.default\cookies.txt[.gostats.com/]

Spyware:Cookie/Falkag Não desinfectado C:\Documents and Settings\pedro_teixeira\Application Data\Mozilla\Firefox\Profiles\d85hc6by.default\cookies.txt[as1.falkag.de/]

Spyware:Cookie/Weborama Não desinfectado C:\Documents and Settings\pedro_teixeira\Application Data\Mozilla\Firefox\Profiles\d85hc6by.default\cookies.txt[.weborama.fr/]

Spyware:Cookie/Falkag Não desinfectado C:\Documents and Settings\pedro_teixeira\Application Data\Mozilla\Firefox\Profiles\d85hc6by.default\cookies.txt[as1.falkag.de/]

Spyware:Cookie/FastClick Não desinfectado C:\Documents and Settings\pedro_teixeira\Application Data\Mozilla\Firefox\Profiles\d85hc6by.default\cookies.txt[.fastclick.net/]

Spyware:Cookie/BurstNet Não desinfectado C:\Documents and Settings\pedro_teixeira\Application Data\Mozilla\Firefox\Profiles\d85hc6by.default\cookies.txt[.burstnet.com/]

Spyware:Cookie/Xiti Não desinfectado C:\Documents and Settings\pedro_teixeira\Application Data\Mozilla\Firefox\Profiles\d85hc6by.default\cookies.txt[.xiti.com/]

Spyware:Cookie/Server.iad.Liveperson Não desinfectado C:\Documents and Settings\pedro_teixeira\Application Data\Mozilla\Firefox\Profiles\d85hc6by.default\cookies.txt[server.iad.liveperson.net/hc/48171559]

Spyware:Cookie/Adtech Não desinfectado C:\Documents and Settings\pedro_teixeira\Application Data\Mozilla\Firefox\Profiles\d85hc6by.default\cookies.txt[.adtech.de/]

Spyware:Cookie/Statcounter Não desinfectado C:\Documents and Settings\pedro_teixeira\Application Data\Mozilla\Firefox\Profiles\d85hc6by.default\cookies.txt[.statcounter.com/]

Spyware:Cookie/Server.iad.Liveperson Não desinfectado C:\Documents and Settings\pedro_teixeira\Application Data\Mozilla\Firefox\Profiles\d85hc6by.default\cookies.txt[server.iad.liveperson.net/hc/66651418]

Spyware:Cookie/Coremetrics Não desinfectado C:\Documents and Settings\pedro_teixeira\Application Data\Mozilla\Firefox\Profiles\d85hc6by.default\cookies.txt[data.coremetrics.com/]

Spyware:Cookie/Toplist Não desinfectado C:\Documents and Settings\pedro_teixeira\Application Data\Mozilla\Firefox\Profiles\d85hc6by.default\cookies.txt[.toplist.cz/]

Adware:Adware/SuperSpider Não desinfectado C:\Documents and Settings\pedro_teixeira\Definições locais\Application Data\Mozilla\Firefox\Profiles\d85hc6by.default\Cache\69F38BA2d01[patch.exe]

Adware:Adware/DollarRevenue Não desinfectado C:\Documents and Settings\pedro_teixeira\Definições locais\Application Data\Mozilla\Firefox\Profiles\d85hc6by.default\Cache\69F38BA2d01[crack.exe]

Adware:Adware/SuperSpider Não desinfectado C:\Documents and Settings\pedro_teixeira\Definições locais\Application Data\Mozilla\Firefox\Profiles\d85hc6by.default\Cache\69F38BB2d01[patch.exe]

Adware:Adware/DollarRevenue Não desinfectado C:\Documents and Settings\pedro_teixeira\Definições locais\Application Data\Mozilla\Firefox\Profiles\d85hc6by.default\Cache\69F38BB2d01[crack.exe]

Ferramenta potencialmente indesejada:Application/KillApp.A Não desinfectado C:\klyxc.exe

Adware:Adware/SpySheriff Não desinfectado C:\Program Files\SpySheriff\heur000.dll

Adware:Adware/SpySheriff Não desinfectado C:\Program Files\SpySheriff\heur002.dll

Adware:Adware/BraveSentry Não desinfectado C:\Program Files\SpySheriff\heur003.dll

Adware:Adware/SpySheriff Não desinfectado C:\Program Files\SpySheriff\SpySheriff.exe

Adware:Adware/SpySheriff Não desinfectado C:\Program Files\SpySheriff\Uninstall.exe

Adware:Adware/SpySheriff Não desinfectado C:\shiovvy.exe

Ferramenta potencialmente indesejada:Application/KillApp.A Não desinfectado C:\soduioao.exe

Ferramenta potencialmente indesejada:Application/KillApp.A Não desinfectado C:\sorf.exe

 

Obrigado

[pteixeira 0]

Oi olha como eu sou um gajo q não gosta muito de estar parado, fui fazendo algumas coisas que voces já me ensinaram, reiniciei o PC coloquei o Killbox no C: e executei para os seguinrtes ficheiros q estavam na raiz do Disco q \ foram criados pelo Sheriff

 

klyxc.exe

soduioao.exe

rsbjv.exe

sorf.exe

e em Program FIles\Sheriff\Uninstall.exe

 

no fim reiniciei a maquina e corri o CleanUp!

 

o problema é q ainda tenho um Adware no registry e não sei como o tirar.

 

Relatório Panda ActiveScan

Adware:adware/intcodec Não desinfectado Registo do Windows

 

Sendo assim anexo Log do Hijack

Logfile of HijackThis v1.99.1

Scan saved at 16:08:41, on 28-08-2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programas\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\explorer.exe

C:\Programas\HP\HP Software Update\HPWuSchd2.exe

C:\Programas\Java\jre1.5.0_06\bin\jusched.exe

C:\Programas\BitTorrent\bittorrent.exe

C:\Programas\Skype\Phone\Skype.exe

C:\Programas\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

C:\WINDOWS\System32\svchost.exe

C:\Programas\Internet Explorer\IEXPLORE.EXE

C:\Programas\SiteAdvisor\SiteAdv.exe

C:\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.imasters.com.br/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

F2 - REG:system.ini: Shell=explorer.exe "C:\Programas\Ficheiros comuns\Microsoft Shared\Web Folders\ibm00001.exe"

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Programas\SiteAdvisor\SiteAdv.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Programas\SiteAdvisor\SiteAdv.dll

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programas\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [HP Software Update] C:\Programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programas\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKCU\..\Run: [updateMgr] "C:\Programas\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_7 -reboot 1

O4 - HKCU\..\Run: [bitTorrent] "C:\Programas\BitTorrent\bittorrent.exe" --force_start_minimized

O4 - HKCU\..\Run: [skype] "C:\Programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [shell] "C:\Programas\Ficheiros comuns\Microsoft Shared\Web Folders\ibm00001.exe"

O4 - HKCU\..\Run: [eMuleAutoStart] C:\Programas\eMule\emule.exe -AutoStart

O4 - Startup: Adobe Gamma.lnk = C:\Programas\Ficheiros comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Acrobat Assistant.lnk = C:\Programas\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programas\Ficheiros comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: Converter destino de link em Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter destino de link em PDF existente - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Converter em PDF existente - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Converter links selecionados em PDF existente - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Programas\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O21 - SSODL: SysTray.Exbr - {6368D1FC-6F5C-4f1b-B164-E67214F678E9} - (no file)

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programas\Ficheiros comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: MySQL - Unknown owner - C:\Programas\MySQL\MySQL.exe (file missing)

 

Obrigado a todos.

[pteixeira 0]

Posteriormente corri o Ewido em Modo Segurança, junto anexo report

 

---------------------------------------------------------

ewido anti-spyware - Scan Report

---------------------------------------------------------

 

+ Created at: 9:16:28 29-08-2006

 

+ Scan result:

 

 

 

C:\!KillBox\Uninstall.exe -> Adware.Spysheriff : No action taken.

:mozilla.43:C:\Documents and Settings\pedro_teixeira\Application Data\Mozilla\Firefox\Profiles\d85hc6by.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.

:mozilla.44:C:\Documents and Settings\pedro_teixeira\Application Data\Mozilla\Firefox\Profiles\d85hc6by.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.

:mozilla.45:C:\Documents and Settings\pedro_teixeira\Application Data\Mozilla\Firefox\Profiles\d85hc6by.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.

:mozilla.41:C:\Documents and Settings\pedro_teixeira\Application Data\Mozilla\Firefox\Profiles\d85hc6by.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.

:mozilla.42:C:\Documents and Settings\pedro_teixeira\Application Data\Mozilla\Firefox\Profiles\d85hc6by.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.

:mozilla.46:C:\Documents and Settings\pedro_teixeira\Application Data\Mozilla\Firefox\Profiles\d85hc6by.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.

:mozilla.36:C:\Documents and Settings\pedro_teixeira\Application Data\Mozilla\Firefox\Profiles\d85hc6by.default\cookies.txt -> TrackingCookie.Revenue : No action taken.

:mozilla.11:C:\Documents and Settings\pedro_teixeira\Application Data\Mozilla\Firefox\Profiles\d85hc6by.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.

:mozilla.29:C:\Documents and Settings\pedro_teixeira\Application Data\Mozilla\Firefox\Profiles\d85hc6by.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.

:mozilla.30:C:\Documents and Settings\pedro_teixeira\Application Data\Mozilla\Firefox\Profiles\d85hc6by.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.

:mozilla.31:C:\Documents and Settings\pedro_teixeira\Application Data\Mozilla\Firefox\Profiles\d85hc6by.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.

:mozilla.32:C:\Documents and Settings\pedro_teixeira\Application Data\Mozilla\Firefox\Profiles\d85hc6by.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.

:mozilla.33:C:\Documents and Settings\pedro_teixeira\Application Data\Mozilla\Firefox\Profiles\d85hc6by.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.

:mozilla.34:C:\Documents and Settings\pedro_teixeira\Application Data\Mozilla\Firefox\Profiles\d85hc6by.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.

:mozilla.35:C:\Documents and Settings\pedro_teixeira\Application Data\Mozilla\Firefox\Profiles\d85hc6by.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.

C:\!KillBox\klyxc.exe -> Trojan.ProcKill.DJ : No action taken.

C:\!KillBox\soduioao.exe -> Trojan.ProcKill.DJ : No action taken.

C:\!KillBox\sorf.exe -> Trojan.ProcKill.DJ : No action taken.

C:\!KillBox\rsbjv.exe -> Trojan.Sinowal.aq : No action taken.

C:\Programas\Ficheiros comuns\Microsoft Shared\Web Folders\ibm00001.exe -> Trojan.Sinowal.aq : No action taken.

C:\WINDOWS\system32\mjpmgqke.exe -> Trojan.Small : No action taken.

 

 

::Report end

 

Finalmente anexo o report do Hijack para me ajudarem a ver se ainda existe algum problema

Logfile of HijackThis v1.99.1

Scan saved at 9:26:49, on 29-08-2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programas\ewido anti-spyware 4.0\guard.exe

C:\Programas\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Programas\HP\HP Software Update\HPWuSchd2.exe

C:\Programas\Java\jre1.5.0_06\bin\jusched.exe

C:\Programas\ewido anti-spyware 4.0\ewido.exe

C:\WINDOWS\System32\svchost.exe

C:\Programas\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

C:\Programas\Internet Explorer\IEXPLORE.EXE

C:\Programas\SiteAdvisor\SiteAdv.exe

C:\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.imasters.com.br/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Programas\SiteAdvisor\SiteAdv.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Programas\SiteAdvisor\SiteAdv.dll

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programas\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [HP Software Update] C:\Programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programas\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [!ewido] "C:\Programas\ewido anti-spyware 4.0\ewido.exe" /minimized

O4 - HKCU\..\Run: [updateMgr] "C:\Programas\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_7 -reboot 1

O4 - HKCU\..\Run: [bitTorrent] "C:\Programas\BitTorrent\bittorrent.exe" --force_start_minimized

O4 - HKCU\..\Run: [skype] "C:\Programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [shell] "C:\Programas\Ficheiros comuns\Microsoft Shared\Web Folders\ibm00001.exe"

O4 - HKCU\..\Run: [eMuleAutoStart] C:\Programas\eMule\emule.exe -AutoStart

O4 - Startup: Adobe Gamma.lnk = C:\Programas\Ficheiros comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Acrobat Assistant.lnk = C:\Programas\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programas\Ficheiros comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: Converter destino de link em Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter destino de link em PDF existente - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Converter em PDF existente - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Converter links selecionados em PDF existente - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Programas\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O21 - SSODL: SysTray.Exbr - {6368D1FC-6F5C-4f1b-B164-E67214F678E9} - (no file)

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programas\ewido anti-spyware 4.0\guard.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programas\Ficheiros comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: MySQL - Unknown owner - C:\Programas\MySQL\MySQL.exe (file missing)

 

Outra coisa coisa caso o Log esteja limpo gostaria de saber como colocar a mascara do Windows XP.

Já tentei o FixSF.reg mas nao deu nada.

 

Abraços

[Sam Spade 2]

Ok, baixe > Desk-Fix

 

Delete a pasta !KillBox que está em C:\ (o KillBox criará outra se for usado novamente. Em modo de segurança rode o Ewido e remova todos os itens detectados. Salve o relatório.

 

Dê um duplo-clique no Desk-Fix e dê o Sim.

 

Reinicie o PC em modo normal, faça um scan com o HijackThis e salve/poste o log, junto com o relatório do Ewido.

[pteixeira 0]

OI Sam.

 

A coisa parece estar preta.

 

Fiz o q disse reiniciei e corri o Ewido, na qual anexo o log nada + dq uns cookies, mas apos ter entrado em modo normal corri o Pd Active Scan e ele continua a encontrar um Spyware no Registry

 

Log Ewido

---------------------------------------------------------

ewido anti-spyware - Scan Report

---------------------------------------------------------

 

+ Created at: 10:18:20 30-08-2006

 

+ Scan result:

 

 

 

C:\Documents and Settings\pedro_teixeira\Cookies\pedro_teixeira@as1.falkag[1].txt -> TrackingCookie.Falkag : No action taken.

C:\Documents and Settings\pedro_teixeira\Cookies\pedro_teixeira@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : No action taken.

C:\Documents and Settings\pedro_teixeira\Cookies\pedro_teixeira@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.

C:\Documents and Settings\pedro_teixeira\Cookies\pedro_teixeira@weborama[1].txt -> TrackingCookie.Weborama : No action taken.

 

 

::Report end

 

Panda Active Scan Log

Incidência Estado Localização

 

Adware:adware/intcodec Não desinfectado Registo do Windows

Spyware:Cookie/Falkag Não desinfectado C:\Documents and Settings\pedro_teixeira\Cookies\pedro_teixeira@as1.falkag[1].txt

Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\pedro_teixeira\Cookies\pedro_teixeira@de.uol.com[1].txt

Spyware:Cookie/Mediaplex Não desinfectado C:\Documents and Settings\pedro_teixeira\Cookies\pedro_teixeira@mediaplex[1].txt

Spyware:Cookie/Server.iad.Liveperson Não desinfectado C:\Documents and Settings\pedro_teixeira\Cookies\pedro_teixeira@server.iad.liveperson[2].txt

Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\pedro_teixeira\Cookies\pedro_teixeira@uol.com[2].txt

Spyware:Cookie/Weborama Não desinfectado C:\Documents and Settings\pedro_teixeira\Cookies\pedro_teixeira@weborama[1].txt

Ferramenta potencialmente indesejada:Application/Processor Não desinfectado C:\Documents and Settings\pedro_teixeira\Definições locais\Temporary Internet Files\Content.IE5\816VCL2N\smitRem[1].exe[smitRem/Process.exe]

 

Anexo tb logo Hijack

Logfile of HijackThis v1.99.1

Scan saved at 10:38:09, on 30-08-2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programas\ewido anti-spyware 4.0\guard.exe

C:\Programas\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Programas\HP\HP Software Update\HPWuSchd2.exe

C:\Programas\Java\jre1.5.0_06\bin\jusched.exe

C:\Programas\ewido anti-spyware 4.0\ewido.exe

C:\Programas\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

C:\WINDOWS\System32\svchost.exe

C:\Programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\rundll32.exe

C:\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.imasters.com.br/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Programas\SiteAdvisor\SiteAdv.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Programas\SiteAdvisor\SiteAdv.dll

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programas\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [HP Software Update] C:\Programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programas\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [!ewido] "C:\Programas\ewido anti-spyware 4.0\ewido.exe" /minimized

O4 - HKCU\..\Run: [updateMgr] "C:\Programas\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_7 -reboot 1

O4 - HKCU\..\Run: [bitTorrent] "C:\Programas\BitTorrent\bittorrent.exe" --force_start_minimized

O4 - HKCU\..\Run: [skype] "C:\Programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [eMuleAutoStart] C:\Programas\eMule\emule.exe -AutoStart

O4 - Startup: Adobe Gamma.lnk = C:\Programas\Ficheiros comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Acrobat Assistant.lnk = C:\Programas\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programas\Ficheiros comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: Converter destino de link em Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter destino de link em PDF existente - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Converter em PDF existente - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Converter links selecionados em PDF existente - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Programas\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O21 - SSODL: SysTray.Exbr - {6368D1FC-6F5C-4f1b-B164-E67214F678E9} - (no file)

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programas\ewido anti-spyware 4.0\guard.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programas\Ficheiros comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: MySQL - Unknown owner - C:\Programas\MySQL\MySQL.exe (file missing)

 

 

Abraço.

[Sam Spade 2]

Ok, essa detecção do IntCodec no Registro, são entradas inativas que não trazem mais prejuízo ao PC. Mas darei instruções para ver se localizamos estas entradas. As outras detecções do Panda são cookies e um arquivo do smitRem, ferramenta que deve ter usado e é um falso positivo, pois não é malicioso:

 

Ferramenta potencialmente indesejada:Application/Processor Não desinfectado C:\Documents and Settings\pedro_teixeira\Definições locais\Temporary Internet Files\Content.IE5\816VCL2N\smitRem[1].exe[smitRem/Process.exe]

 

Salve ou imprima estas instruções:

 

1 - Reinicie o PC, aperte F8 intermitentemente e depois escolha no menu: modo seguro.

 

2 - Faça um scan com o HijackThis, marque esta entrada abaixo e clique em Fix checked:

 

O21 - SSODL: SysTray.Exbr - {6368D1FC-6F5C-4f1b-B164-E67214F678E9} - (no file)

 

3 - Faça uma busca por prováveis entradas do IntCodec no Registro.

 

Vá em Iniciar > Executar > digite: regedit > OK

 

Navegue pelo Editor do Registro, como faz no Windows Explorer.

 

* Vá até esta sub-chave (em negrito):

 

HKEY_CLASSES_ROOT\AVZipEnchancer.Chl\CLSID

 

No lado direito do Editor, delete este valor:

 

"(Default)" = "{6BF52A52-394A-11D3-B153-00C04F79FAA6}"

 

 

** Vá até esta sub-chave (em negrito):

 

HKEY_CLASSES_ROOT\VSEnchancer.Chl\CLSID

 

No lado direito do Editor, delete este valor:

 

"(Default)" = "{6BF52A52-394A-11D3-B153-00C04F79FAA6}"

 

 

*** Vá até esta sub-chave (em negrito):

 

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\zcodec.exe

 

No lado direito do Editor, delete este valor:

 

"(Default)" = "%ProgramFiles%\IntCodec\zcodec.exe"

 

 

**** Vá até esta sub-chave (em negrito):

 

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\IntCodec

 

No lado direito do Editor, delete estes valores:

 

"DisplayName" = "IntCodec 6.0"

"DisplayVersion" = "6.0"

"ProductionEnvironment" = "1"

"Publisher" = "IntCodec Software"

"URLInfoAbout" = "www.intcodec.com"

"UninstallString" = "%\ProgramFiles%\IntCodec\uninst.exe"

 

Saia do Editor.

 

4 - Reinicie normalmente, faça um novo scan no Panda e poste o resultado, juntamente com um novo log do HijackThis.

[pteixeira 0]

Sam Spade, obrigado pela ajuda.Mas não foi necessário fazer o procedimento q recomendaste, pq resolvi a questão com o Spy Sweeper em Modo de Segurança corrigiu esses erros.Outra pergunta é q apos ter efectuado todos os softwares de limpeza fiquei sem o Skin do Windows XP, já corri o Desk-Fix mas está na mesma, o aspecto do Windows é a mascara do Windows 98, 2000 e NT.Não existe outra ferramenta?Obrigado.

[Sam Spade 2]

Tente com o restorethemes.reg.

 

Escolha Salvar destino como > nome do arquivo: restorethemes.reg > Salvar com o tipo: todos os arquivos. Salve na área de trabalho.

 

 

Dê um duplo-clique em cima e dê o Sim. Reinicie o PC e veja se resolveu.

[pteixeira 0]

Sam olha já experimentei todas as soluções e tal como o FLAVIO JUNIOR estou sem as mascaras do windows.

 

http://forum.imasters.com.br/index.php?showtopic=192414

[Sam Spade 2]

Ok, veja com o mesmo arquivo que pedi para o Flavio Junior usar:

 

http://www.kellys-korner-xp.com/regs_edits/Resources.zip

 

Extraia os arquivos para a pasta C:\Windows\Resources\Themes

[pteixeira 0]

Boa.Agora sim, ficou resolvido.Fala-se sempre tao mal do WINXP mas quando nos tiram as coisas ficamos irritados.Obrigado SAM, foste impecável.RESOLVIDO.

[Sam Spade 2]

Ok, para finalizar, vá no Painel de Controle > Sistema > Restauração do Sistema > marque Desativar a restauração do sistema > Aplicar > OK.

Depois desmarque novamente.

 

Abraço.

[Shine 0]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto é necessário enviar uma Mensagem Privada para um Moderador com um link para o tópico.