[Resolvido!]Spysheriff

[flavio junior 0]

fui enfequitado...

meu log...

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

F:\Arquivos de programas\Sygate\SPF\smc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

f:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

f:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

d:\ewido\guard.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\slserv.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\ups.exe

f:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

f:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Messenger\msnmsgr.exe

C:\WINDOWS\fonts\taskmgr.exe

C:\WINDOWS\system32\RUNDLL32.EXE

F:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\winpos.exe

C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

C:\Arquivos de programas\VIA\RAID\raid_tool.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :8080

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [avast!] f:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [DAEMON Tools] "f:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [KAZAA] "C:\Arquivos de programas\K-Lite2006\kpp.exe" "C:\Arquivos de programas\K-Lite2006\kazaalite.kpp" /SYSTRAY

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [i downloaded pirated Software I post my Hijack Log] C:\WINDOWS\system32\_.gof

O4 - HKLM\..\Run: [system service79] C:\WINDOWS\etb\pokapoka79.exe

O4 - HKLM\..\Run: [PWRISOVM.EXE] f:\Arquivos de programas\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] F:\Arquivos de programas\Corel\Corel Graphics 12\Languages\BR\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=090606 serial=dr12wex-1504397-kty lang=BP

O4 - HKLM\..\Run: [winpos] C:\WINDOWS\winpos.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "F:\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [!ewido] "D:\ewido\ewido.exe" /minimized

O4 - HKLM\..\Run: [smcService] F:\ARQUIV~1\Sygate\SPF\smc.exe -startgui

O4 - HKLM\..\RunOnce: [msnmsgrs] C:\WINDOWS\fonts\msnmsgr.exe

O4 - HKCU\..\Run: [TraduzU.exe] F:\ARQUIV~1\Kounen\TRADUZ~1\2.0p\bin\TraduzU.exe

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [µTorrent] "F:\Arquivos de programas\uTorrent\utorrent.exe"

O4 - HKCU\..\Run: [shell] "C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Folders\ibm00001.exe"

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: VIA RAID TOOL.lnk = C:\Arquivos de programas\VIA\RAID\raid_tool.exe

O8 - Extra context menu item: &Clean Traces - f:\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - F:\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - F:\DAP\dapextie2.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Tradu&zir - file://F:\Arquivos de programas\Kounen\TraduzWeb\2.0p\bin\tw.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .pdf: C:\Arquivos de programas\Internet Explorer\PLUGINS\nppdf32.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: http://www.orkut.com

O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://200.212.184.212/g_bin/eng/boards_2_0_0_22.cab

O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://200.212.184.212/g_bin/eng/poker_2_0_0_38.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab

O16 - DPF: {DCB16E44-D6DB-473E-A251-F6FBB381C1C3} (GameDesire Chess) - http://200.212.184.212/g_bin/eng/chess_2_0_0_16.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://200.212.184.212/g_bin/eng/billard8_2_0_0_23.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - f:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - f:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - f:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - f:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Boonty Games - BOONTY - C:\Arquivos de programas\Arquivos comuns\BOONTY Shared\Service\Boonty.exe

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - d:\ewido\guard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - F:\Arquivos de programas\Sygate\SPF\smc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

 

se alguem puder me ajudar!!!

vlw

[Sam Spade 2]

Olá flavio junior! O log está incompleto. Há muitas infecções no PC. Para o SpySheriff, acesse este link e baixe o SmitfraudFix.zip.

 

Antes de prosseguir, desabilite a proteção do seu anti vírus. Extraia os arquivos do SmitFraudFix para o seu desktop.

 

Reinicie o PC e aperte F8 intermitentemente. No menu que vai aparecer, escolha: modo seguro.

 

Dê um duplo-clique em smitfraudfix.cmd.

Escolha a opção 2.

Quando perguntar Do you want to clean the registry? , escolha o sim (y).

 

Reinicie em modo normal, habilite novamente o seu anti vírus, faça um scan com o HijackThis e salve/poste o log, mais o log do SmitFraudFix (rapport.txt ), que encontrará em C:\

 

 

OBS: Veremos os outros malwares quando postar este novo log do HijackThis completo, pois faltou a parte que identifica o seu Windows, a versão do seu HijackThis e do IE. É só selecionar e copiar todo o conteúdo do log. Então cole na resposta.

[flavio junior 0]

pronto tai meu log...

agora completo...

aguardo resposta...

 

Logfile of HijackThis v1.99.1

Scan saved at 23:26:15, on 3/9/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

F:\Arquivos de programas\Sygate\SPF\smc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

f:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

f:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

d:\ewido\guard.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\slserv.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\ups.exe

f:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

f:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\system32\RUNDLL32.EXE

F:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

F:\Arquivos de programas\DAEMON Tools\daemon.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe

F:\Arquivos de programas\PowerISO\PWRISOVM.EXE

C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

D:\ewido\ewido.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\VIA\RAID\raid_tool.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :8080

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [avast!] f:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [DAEMON Tools] "f:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [KAZAA] "C:\Arquivos de programas\K-Lite2006\kpp.exe" "C:\Arquivos de programas\K-Lite2006\kazaalite.kpp" /SYSTRAY

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [PWRISOVM.EXE] f:\Arquivos de programas\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] F:\Arquivos de programas\Corel\Corel Graphics 12\Languages\BR\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=090606 serial=dr12wex-1504397-kty lang=BP

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [!ewido] "D:\ewido\ewido.exe" /minimized

O4 - HKLM\..\Run: [smcService] F:\ARQUIV~1\Sygate\SPF\smc.exe -startgui

O4 - HKLM\..\Run: [DAEMON Tools-1033] "F:\Arquivos de programas\D-Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [TraduzU.exe] F:\ARQUIV~1\Kounen\TRADUZ~1\2.0p\bin\TraduzU.exe

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [µTorrent] "F:\Arquivos de programas\uTorrent\utorrent.exe"

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: VIA RAID TOOL.lnk = C:\Arquivos de programas\VIA\RAID\raid_tool.exe

O8 - Extra context menu item: &Clean Traces - f:\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - F:\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - F:\DAP\dapextie2.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Tradu&zir - file://F:\Arquivos de programas\Kounen\TraduzWeb\2.0p\bin\tw.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .pdf: C:\Arquivos de programas\Internet Explorer\PLUGINS\nppdf32.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: http://www.orkut.com

O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://200.212.184.212/g_bin/eng/boards_2_0_0_22.cab

O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://200.212.184.212/g_bin/eng/poker_2_0_0_38.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab

O16 - DPF: {DCB16E44-D6DB-473E-A251-F6FBB381C1C3} (GameDesire Chess) - http://200.212.184.212/g_bin/eng/chess_2_0_0_16.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://200.212.184.212/g_bin/eng/billard8_2_0_0_23.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - f:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - f:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - f:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - f:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - d:\ewido\guard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - F:\Arquivos de programas\Sygate\SPF\smc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

 

SmitFraudFix v2.83

 

Scan done at 23:18:34,03, dom 03/09/2006

Run from C:\Documents and Settings\FLAVIO-REIS\Desktop\SmitfraudFix

OS: Microsoft Windows XP [versÆo 5.1.2600] - Windows_NT

Fix ran in safe mode

 

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

 

GenericRenosFix by S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

 

Registry Cleaning done.

 

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End

[Sam Spade 2]

O log está limpo. Você deletou entradas e arquivos, além de ter usado o SmitFraudFix?

[flavio junior 0]

cara eu ja fiz de tudo pra tirar esse virus...

segui alguns topicos de como tirar ele...

e deletei sim algumas entradas...

so que meu pc ainda esta com aparencia de win98

na parte aparencia em propriedades de video so aparece a opcao de colacar como estilo tema classico do windows...

e meus jogos estao lentos para carregar...talvez ele tenha afetado minha placa de video...

sera que você pode me ajudar???

 

ai vai meu log denovo

 

Logfile of HijackThis v1.99.1

Scan saved at 13:11:47, on 4/9/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

F:\Arquivos de programas\Sygate\SPF\smc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

f:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

f:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\slserv.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\ups.exe

f:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

f:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\system32\RUNDLL32.EXE

F:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

C:\Arquivos de programas\VIA\RAID\raid_tool.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :8080

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [avast!] f:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [KAZAA] "C:\Arquivos de programas\K-Lite2006\kpp.exe" "C:\Arquivos de programas\K-Lite2006\kazaalite.kpp" /SYSTRAY

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] F:\Arquivos de programas\Corel\Corel Graphics 12\Languages\BR\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=090606 serial=dr12wex-1504397-kty lang=BP

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [smcService] F:\ARQUIV~1\Sygate\SPF\smc.exe -startgui

O4 - HKCU\..\Run: [TraduzU.exe] F:\ARQUIV~1\Kounen\TRADUZ~1\2.0p\bin\TraduzU.exe

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [µTorrent] "F:\Arquivos de programas\uTorrent\utorrent.exe"

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: VIA RAID TOOL.lnk = C:\Arquivos de programas\VIA\RAID\raid_tool.exe

O8 - Extra context menu item: &Clean Traces - f:\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - F:\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - F:\DAP\dapextie2.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Tradu&zir - file://F:\Arquivos de programas\Kounen\TraduzWeb\2.0p\bin\tw.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .pdf: C:\Arquivos de programas\Internet Explorer\PLUGINS\nppdf32.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: http://www.orkut.com

O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://200.212.184.212/g_bin/eng/boards_2_0_0_22.cab

O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://200.212.184.212/g_bin/eng/poker_2_0_0_38.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab

O16 - DPF: {DCB16E44-D6DB-473E-A251-F6FBB381C1C3} (GameDesire Chess) - http://200.212.184.212/g_bin/eng/chess_2_0_0_16.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://200.212.184.212/g_bin/eng/billard8_2_0_0_23.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - f:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - f:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - f:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - f:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - F:\Arquivos de programas\Sygate\SPF\smc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

 

vlw abracos

[Sam Spade 2]

O malware não afeta a placa de vídeo. Baixe estes arquivos, procedendo assim em cada um:

 

Escolha Salvar destino como > Salvar com o tipo: todos os arquivos. Salve na área de trabalho.

 

smitfraud.reg

Desk-Fix

restorethemes.reg

 

Dê um duplo-clique em cima do smitfraud.reg e dê o Sim. Reinicie o PC e veja se resolveu o problema do desktop.

 

Caso contrário, faça o mesmo com o Desk-Fix e se ainda não resolver, use o restorethemes.reg da mesma forma também.

[flavio junior 0]

cara nem um dos 3 deu certo...e quando eu abri o restorethemes.reg e reiniciei,a unica coisa que mudou foi que na parte aparencia/janelas e botoes, ficou bloqueada...o win continua com aparencia de win 98...porem os jogos e os programas estao rodando perfeitamente!!!vlwse ainda tiver alguma dica de como ageitar a aparencia fico agradecido...eu cheguei a usar o ewido no pc e acho que foi ele que deixou com essa aparençia, mas ja o desistalei...valeu!!

[Sam Spade 2]

Foi o malware que instalou o SpySheriff, quem provocou essa mudança. É o smitfraud, também conhecido como desktop hijacker. As ferramentas de remoção como o SmitFraudFix e o smitRem consertavam as alterações no desktop provocadas pelo smitfraud, mas parece que não estão conseguindo fazer isso com esta nova variante.

 

Tente com esta agora > http://www.kellys-korner-xp.com/regs_edits/Resources.zip

 

Extraia os arquivos para a pasta C:\Windows\Resources\Themes

 

Veja se agora resolveu.

[flavio junior 0]

nada...ta do mesmo geito...na parte aparencia/janelas e botoes, esta bloqueado..

[Sam Spade 2]

Vamos ver se há algum arquivo do malware bloqueando os botões.

 

Baixe: smitRem > Salve na área de trabalho.

 

Dê um duplo-clique em smitRem.exe e clique em Start. A pasta smitRem será criada no desktop.

 

Reinicie o PC, aperte F8 intermitentemente e depois escolha no menu: modo seguro.

 

Vá na pasta smitRem. Dê um duplo-clique em RunThis.bat.

É normal o desktop e os ícones desaparecer/reaparecer. Espere o exame ser concluído.

 

Poste o smitfiles.txt > está em em C:\

[flavio junior 0]

pronto ai vai!!! smitRem © log file version 3.2 by noahdfearMicrosoft Windows XP [versÆo 5.1.2600]"IE"="6.0000"Running fromC:\Documents and Settings\FLAVIO-REIS\Desktop\smitRem~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Pre-run SharedTask Export(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)Copyright© 2006 BleepingComputer.comRegistry Pseudo-Format Mode (Not a valid reg file):[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-carregador Browseui""{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Daemon de cache de categorias de componente"[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]@="%SystemRoot%\system32\browseui.dll"[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]@="%SystemRoot%\system32\browseui.dll"~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Appinitdll check ........ Thank you Grinler!dumphive.exe ©2000-2004 Markus StephanyREGEDIT4[Windows]"AppInit_DLLs"="""DeviceNotSelectedTimeout"="15""GDIProcessHandleQuota"=dword:00002710"Spooler"="yes""swapdisk"="""TransmissionRetryTimeout"="90""USERProcessHandleQuota"=dword:00002710~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ checking for ShudderLTD keyShudderLTD key not present! checking for PSGuard.com keyPSGuard.com key not present! checking for WinHound.com keyWinHound.com key not present! checking for drsmartload2 keydrsmartload2 key not present!spyaxe uninstaller NOT presentWinhound uninstaller NOT presentSpywareStrike uninstaller NOT presentAlfaCleaner uninstaller NOT presentSpyFalcon uninstaller NOT presentSpywareQuake uninstaller NOT presentSpywareSheriff uninstaller NOT presentTrust Cleaner uninstaller NOT presentSpyHeal uninstaller NOT presentVirusBurst uninstaller NOT present~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Existing Pre-run Files ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ ~~~ Favorites ~~~ ~~~ system32 folder ~~~amcompat.tlbnscompat.tlblogfiles ~~~ Icons in System32 ~~~ ~~~ Windows directory ~~~ ~~~ Drive root ~~~ ~~~ Miscellaneous Files/folders ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03Copyright© 2002-2003 Craig.Peacock@beyondlogic.orgKilling PID 868 'explorer.exe'Starting registry repairsRegistry repairs complete~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~SharedTask Export after registry fix(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)Copyright© 2006 BleepingComputer.comRegistry Pseudo-Format Mode (Not a valid reg file):[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-carregador Browseui""{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Daemon de cache de categorias de componente"[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]@="%SystemRoot%\system32\browseui.dll"[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]@="%SystemRoot%\system32\browseui.dll"~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Deleting files~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Remaining Post-run Files ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ ~~~ Favorites ~~~ ~~~ system32 folder ~~~ ~~~ Icons in System32 ~~~ ~~~ Windows directory ~~~ ~~~ Drive root ~~~ ~~~ Miscellaneous Files/folders ~~~ ~~~ Wininet.dll ~~~ CLEAN! :)

[Sam Spade 2]

Ok, a área de trabalho ainda está com problemas?

[flavio junior 0]

pronto tudo beleza!!parabens pelo trabalho abracofui

[Sam Spade 2]

Ok, para finalizar, vá no Painel de Controle > Sistema > Restauração do Sistema > marque Desativar a restauração do sistema > Aplicar > OK.

Depois desmarque novamente.

 

Abraço.

[flavio junior 0]

pronto tudo belezaabraco fui

[Sam Spade 2]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto é necessário enviar uma Mensagem Privada para um Moderador com um link para o tópico.