0

Hello there.
I've already installed hijackthis, and the log that i got is this:

Logfile of HijackThis v1.99.1
Scan saved at 09:25:47, on 24/10/2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\ARQUIVOS DE PROGRAMAS\TREND MICRO\OFFICESCAN CLIENT\PCCWIN97.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\ARQUIVOS DE PROGRAMAS\MESSENGERPLUS! 3\MSGPLUS.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\ARQUIVOS DE PROGRAMAS\TREND MICRO\OFFICESCAN CLIENT\OFCDOG.EXE
C:\WINDOWS\winpopup.exe
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\TEMP\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 193.137.229.188:3128
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\ARQUIVOS DE PROGRAMAS\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Arquivos de programas\GetRight\xx2gr.dll
O2 - BHO: SpoofBHO Class - {a62d2213-2d9b-4d25-b52d-0bc282501d5b} - C:\WINDOWS\SE_SPOOF.DLL
O2 - BHO: Clicker Class - {A97B5EF1-CA64-466F-AC40-F770ED52DB92} - C:\WINDOWS\SYSTEM32\MSCORIEZZ.DLL
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\GBIEH.DLL
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\WINDOWS\SYSTEM\SCPSSSH2.DLL
O2 - BHO: (no name) - {397D7D63-816E-4ECF-8761-775C932C5CF1} - C:\WINDOWS\IDONATE.DLL
O3 - Toolbar: &RĂ¡dio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [OfficeScan95] "C:\ARQUIVOS DE PROGRAMAS\TREND MICRO\OFFICESCAN CLIENT\pccwin97.exe" -HideWindow
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [GbPluginBb] RunDll32.exe C:\WINDOWS\DOWNLO~1\GBIEH.DLL,Gbieh
O4 - HKLM\..\RunServices: [OfficeScan95] "C:\ARQUIVOS DE PROGRAMAS\TREND MICRO\OFFICESCAN CLIENT\pccwin97.exe"
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [Trust Cleaner] "C:\Arquivos de programas\Trust Cleaner\Trust Cleaner.exe"
O4 - Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download with GetRight - C:\Arquivos de programas\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Arquivos de programas\GetRight\GRbrowse.htm
O16 - DPF: {2E3C3651-B19C-4DD9-A979-901EC3E930AF} (ssh2 Class) - https://cpib.bradesco.com.br/scpsssh2.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://alighieri.spaces.live.com//PhotoUpload/MsnPUpld.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = omil
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 200.176.2.10,200.177.250.10

Can someone please help me???
What i need to do, to get rid of this annoying "information stealer and pc slowering" thing?

I'll be very thankful if someone could help me...

2
Contributors
1
Reply
2
Views
10 Years
Discussion Span
Last Post by rpggamergirl
0

Hi,
You have smitfraud infection there!

You may want to print out or make a copy of these instructions before starting, because you will not be able to connect to the internet during most of this fix.

Download smitRem.exe and save the file to your desktop.
Double click on the file to extract it to it's own folder on the desktop.

Next, please reboot your computer in Safe Mode by doing the following:

  1. Restart your computer
  2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  3. Instead of Windows loading as normal, a menu should appear
  4. Select the first option, to run Windows in Safe Mode.

Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen. Your desktop and icons will disappear and then reappear again --- this is normal.
Wait for the tool to complete and Disk Cleanup to finish --- this may take a while; please be patient.

Restart your computer in normal mode.
Please post a new HijackThis log as well as the log from the smitRem tool, which will be located at C:\smitfiles.txt.
Let us know if any problems persist.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.