[Arquivado]VirusBurst - Como tirar essa porcaria?

[MedSA 0]

Olá

 

Eu acabei sendo infectando por este VirusBurst. Li alguns tópicos sobre este mesmo assunto aqui e já fiz alguns passos para retirar tal programa do meu computador. Baixei o Hijackthis e o log que adquiri foi este.

 

Logfile of HijackThis v1.99.1

Scan saved at 17:16:11, on 4/11/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\WINDOWS\explorer.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\iVideoCodec\isamonitor.exe

C:\Arquivos de programas\iVideoCodec\pmsngr.exe

C:\Arquivos de programas\Thomson\SpeedTouch USB\Dragdiag.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\Arquivos de programas\3dfx Interactive\3dfx Tools\Apps\3dfxMan.exe

C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\iVideoCodec\isamini.exe

C:\Arquivos de programas\iVideoCodec\pmmon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe

C:\HijackThis.exe

 

F2 - REG:system.ini: Shell=explorer.exe "C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Folders\ibm00003.exe"

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {274c0420-ebe0-4f1d-b473-edd1aa9b85dd} - C:\Arquivos de programas\iVideoCodec\isaddon.dll

O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Arquivos de programas\GetRight\xx2gr.dll

O2 - BHO: SafeGuard Protect PCShield - {564FFB73-9EEF-4969-92FA-5FC4A92E2C2A} - C:\WINDOWS\system32\sfg_2fd1.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O3 - Toolbar: Protection Bar - {1a29a79a-b9c8-44a9-bedf-7fadde3cf33f} - C:\Arquivos de programas\iVideoCodec\iesplugin.dll

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Arquivos de programas\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [Kazaa Download Accelerator Updater] regsvr32 /s C:\WINDOWS\system32\kdpupd.dll

O4 - HKLM\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\system32\sfg_2fd1.dll"

O4 - HKLM\..\Run: [iTunesHelper] C:\Arquivos de programas\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [iSUSPM Startup] C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [3dfx Tools] rundll32.exe 3dfxCmn.dll,CMNUpdateOnBoot

O4 - HKLM\..\Run: [3dfx Task Manager] "C:\Arquivos de programas\3dfx Interactive\3dfx Tools\Apps\3dfxMan.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKLM\..\Run: [spyHunter] C:\Arquivos de programas\Enigma Software Group\SpyHunter\SpyHunter.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\system32\sfg_2fd1.dll"

O4 - Startup: PowerReg Scheduler.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: Download with GetRight - C:\Arquivos de programas\GetRight\GRdownload.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Open with GetRight Browser - C:\Arquivos de programas\GetRight\GRbrowse.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\npjpi150_06.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\npjpi150_06.dll

O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\ARQUIV~1\ICQ\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\ARQUIV~1\ICQ\ICQ.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php...35c336c858f6465

O16 - DPF: {26111423-D30F-11D3-8A34-00A0CC3BAA9C} (Mission Connector 4.1) - http://www.mightygames.com/ActiveX/MC4110/MC.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab32846.cab

O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{5DBAD313-EA78-48B6-B5DF-8EBAB8FCFEC7}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: bw+0 - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

O18 - Protocol: offline-8876480 - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O21 - SSODL: bonspells - {11853d5f-f894-4cc7-bbc3-fc7a9dcfd896} - C:\WINDOWS\system32\okkmtv.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

 

 

 

Agora acredito que este deve ser analisado. Gostaria de saber então o que fazer apartir daí. Não tenho uma experiência muito grande com computador mas sei o básico então se pudesse ser passo a passo eu agradeceria.

Desde já muito obrigado!

[Sam Spade 2]

Olá MedSA! Baixe > SmitFraudFix

 

Antes de prosseguir, desabilite a proteção do seu anti vírus. Extraia os arquivos do SmitFraudFix para o seu desktop.

 

Reinicie o PC e aperte F8 intermitentemente. No menu que vai aparecer, escolha: modo seguro.

 

Dê um duplo-clique em smitfraudfix.cmd.

Escolha a opção 2.

Quando perguntar Do you want to clean the registry? , escolha o sim (y).

 

Vé em Iniciar > Executar > digite msconfig

Na aba Geral marque: Inicialização normal - Carregar todos os drivers de dispositivo e serviços.

Aplicar > Ok

 

Reinicie em modo normal, habilite novamente o seu anti vírus, faça um scan com o HijackThis e salve/poste o log, juntamente com o log do SmitFraudFix (rapport.txt), que encontrará em C:\

[MedSA 0]

Realizei todos os passos e aparentemente sumiu o virusburst.

 

Aqui esta o log do hijack

 

Logfile of HijackThis v1.99.1

Scan saved at 11:21:03, on 5/11/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\Arquivos de programas\TGTSoft\StyleXP\StyleXPService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\explorer.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\Arquivos de programas\Thomson\SpeedTouch USB\Dragdiag.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\Arquivos de programas\3dfx Interactive\3dfx Tools\Apps\3dfxMan.exe

C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\WINDOWS\system32\pctspk.exe

C:\Arquivos de programas\Logitech\Video\LogiTray.exe

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\Arquivos de programas\DAEMON Tools\daemon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Arquivos de programas\GetRight\getright.exe

C:\Arquivos de programas\GetRight\getright.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\WINDOWS\system32\LVComS.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\System32\svchost.exe

C:\HijackThis.exe

 

F2 - REG:system.ini: Shell=explorer.exe "C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Folders\ibm00003.exe"

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {274c0420-ebe0-4f1d-b473-edd1aa9b85dd} - C:\Arquivos de programas\iVideoCodec\isaddon.dll (file missing)

O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Arquivos de programas\GetRight\xx2gr.dll

O2 - BHO: SafeGuard Protect PCShield - {564FFB73-9EEF-4969-92FA-5FC4A92E2C2A} - C:\WINDOWS\system32\sfg_2fd1.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Arquivos de programas\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [Kazaa Download Accelerator Updater] regsvr32 /s C:\WINDOWS\system32\kdpupd.dll

O4 - HKLM\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\system32\sfg_2fd1.dll"

O4 - HKLM\..\Run: [iTunesHelper] C:\Arquivos de programas\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [iSUSPM Startup] C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [3dfx Tools] rundll32.exe 3dfxCmn.dll,CMNUpdateOnBoot

O4 - HKLM\..\Run: [3dfx Task Manager] "C:\Arquivos de programas\3dfx Interactive\3dfx Tools\Apps\3dfxMan.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [spyHunter] C:\Arquivos de programas\Enigma Software Group\SpyHunter\SpyHunter.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Arquivos de programas\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Arquivos de programas\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\system32\sfg_2fd1.dll"

O4 - HKCU\..\Run: [sTYLEXP] C:\Arquivos de programas\TGTSoft\StyleXP\StyleXP.exe -Hide

O4 - HKCU\..\Run: [steam] "c:\arquivos de programas\valve\steam\steam.exe" -silent

O4 - HKCU\..\Run: [shell] "C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Folders\ibm00003.exe"

O4 - HKCU\..\Run: [LDM] C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - Startup: BitTorrent.lnk = C:\Arquivos de programas\BitTorrent\bittorrent.exe

O4 - Startup: PowerReg Scheduler.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Arquivos de programas\GetRight\getright.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: Download with GetRight - C:\Arquivos de programas\GetRight\GRdownload.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Open with GetRight Browser - C:\Arquivos de programas\GetRight\GRbrowse.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\npjpi150_06.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\npjpi150_06.dll

O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\ARQUIV~1\ICQ\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\ARQUIV~1\ICQ\ICQ.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php...35c336c858f6465

O16 - DPF: {26111423-D30F-11D3-8A34-00A0CC3BAA9C} (Mission Connector 4.1) - http://www.mightygames.com/ActiveX/MC4110/MC.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab32846.cab

O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{5DBAD313-EA78-48B6-B5DF-8EBAB8FCFEC7}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: bw+0 - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

O18 - Protocol: offline-8876480 - {F15E5B8C-432E-42D2-B5B0-5F121CF2737F} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: StyleXPService - Unknown owner - C:\Arquivos de programas\TGTSoft\StyleXP\StyleXPService.exe

 

 

E aqui vai o outro

 

SmitFraudFix v2.119

 

Scan done at 11:08:51,12, dom 05/11/2006

Run from C:\Documents and Settings\Fe\Desktop\SmitfraudFix

OS: Microsoft Windows XP [versÆo 5.1.2600] - Windows_NT

Fix run in safe mode

 

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"{11853d5f-f894-4cc7-bbc3-fc7a9dcfd896}"="bonspells"

 

[HKEY_CLASSES_ROOT\CLSID\{11853d5f-f894-4cc7-bbc3-fc7a9dcfd896}\InProcServer32]

@="C:\WINDOWS\system32\okkmtv.dll"

 

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{11853d5f-f894-4cc7-bbc3-fc7a9dcfd896}\InProcServer32]

@="C:\WINDOWS\system32\okkmtv.dll"

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

 

GenericRenosFix by S!Ri

 

C:\WINDOWS\system32\okkmtv.dll -> Hoax.Win32.Renos.gen.i

C:\WINDOWS\system32\okkmtv.dll -> Deleted

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

 

C:\Arquivos de programas\iVideoCodec\ Deleted

C:\Arquivos de programas\VirusBursters\ Deleted

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

 

Registry Cleaning done.

 

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End

 

Espero que esteja tudo certo. Agradeço muito mesmo a sua colaboração!

Valeu!

[Sam Spade 2]

Ok, ainda restam algumas infecções no PC. Baixe > KillBox

 

Copie e salve no Bloco de notas este texto em azul:

 

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Folders\ibm00003.exe

C:\WINDOWS\system32\sfg_2fd1.dll

C:\WINDOWS\system32\kdpupd.dll

 

Salve ou imprima estas instruções:

 

1 - Fica ao seu critério continuar usando o SpyHunter. Não é muito confiável:

 

http://www.spywarewarrior.com/rogue_anti-spyware.htm#sh_note

 

2 - Copie o texto que salvou no bloco de notas. Rode o KillBox e marque Delete on Reboot, no menu File clique em Paste from Clipboard.

Depois clique no botão All Files.

 

Clique no botão com o X. Responda Sim à pergunta.

 

Ao reiniciar o PC, aperte F8 intermitentemente. No menu escolha: modo seguro.

 

3 - Faça um scan com o HijackThis, marque as entradas abaixo, que ainda encontrar e clique em Fix checked:

 

F2 - REG:system.ini: Shell=explorer.exe "C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Folders\ibm00003.exe"

 

O2 - BHO: (no name) - {274c0420-ebe0-4f1d-b473-edd1aa9b85dd} - C:\Arquivos de programas\iVideoCodec\isaddon.dll (file missing)

 

O2 - BHO: SafeGuard Protect PCShield - {564FFB73-9EEF-4969-92FA-5FC4A92E2C2A} - C:\WINDOWS\system32\sfg_2fd1.dll

 

O4 - HKLM\..\Run: [Kazaa Download Accelerator Updater] regsvr32 /s C:\WINDOWS\system32\kdpupd.dll

 

O4 - HKLM\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\system32\sfg_2fd1.dll"

 

O4 - HKCU\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\system32\sfg_2fd1.dll"

 

O4 - HKCU\..\Run: [shell] "C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Folders\ibm00003.exe"

 

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php...35c336c858f6465

 

4 - Reinicie em modo normal, faça um scan com o HijackThis e salve/poste o log.

[Sam Spade 2]

Tópico Arquivado

 

Como o autor não respondeu por mais de 20 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.