Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Entre para seguir isso  
Falbala

Infecção inesperada

Recommended Posts

Boa tarde, pessoal, como vão?

Estou aqui de novo pra pedir a ajuda de vocês com o meu log. Apareceu tanta coisa que o Hijackthis até disparou uma mensagem de advertência.

Rodei o programa porque, de repente, meu fundo de tela foi alterado para um grande aviso de segurança e dois ícones foram criados na minha barra de ferramentas (lado direito inferior), os quais disparam mensagens do tipo "Spyware infection detected!". Ao reiniciar o PC telas de DOS disparam. Já rodei o Ewido.

Alguém pode me dar uma forcinha? Aqui vai o log:

Logfile of HijackThis v1.99.1

Scan saved at 08:00:50, on 10/3/2006

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\svchost.exe

C:\Antispyware\security suite\ewidoctrl.exe

C:\WINDOWS\system32\regsvc.exe

C:\WINDOWS\system32\MSTask.exe

C:\WINDOWS\system32\tcpsvcs.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\system32\stisvc.exe

C:\WINDOWS\System32\WBEM\WinMgmt.exe

C:\WINDOWS\system32\mspmspsv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\SERVICES.EXE

C:\WINDOWS\Explorer.exe

C:\WINDOWS\SERVICES.EXE

C:\Arquivos de programas\Alcatel\SpeedTouch USB\Dragdiag.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\D-Link\AirPlus G\AirGCFG.exe

C:\Arquivos de programas\ANI\ANIWZCS2 Service\WZCSLDR2.exe

C:\Arquivos de programas\Winco\Winconnection4\vpn_tray.exe

C:\WINDOWS\system32\internat.exe

C:\Arquivos de programas\Skype\Phone\Skype.exe

C:\WINDOWS\osaupd.exe

C:\WINDOWS\wupdmgr.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\shell386.exe

C:\Arquivos de programas\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://magic-search.info/search.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://magic-search.info

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://magic-search.info/search.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://magic-search.info

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornecido por UOL

R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Arquivos de programas\ICQToolbar\toolbaru.dll

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\SERVICES.EXE

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,C:\WINDOWS\SERVICES.EXE

O1 - Hosts: 127.0.0.3 www.onedayoffer.biz

O1 - Hosts: 127.0.0.3 onedayoffer.biz

O1 - Hosts: 127.0.0.3 callmachine.net

O1 - Hosts: 127.0.0.3 www.callmachine.net

O1 - Hosts: 127.0.0.3 reportbucks.com

O1 - Hosts: 127.0.0.3 www.reportbucks.com

O1 - Hosts: 127.0.0.3 isuckall.com

O1 - Hosts: 127.0.0.3 www.isuckall.com

O1 - Hosts: 127.0.0.3 wbdialer.biz

O1 - Hosts: 127.0.0.3 www.wbdialer.biz

O1 - Hosts: 127.0.0.3 alphadialer.com

O1 - Hosts: 127.0.0.3 www.alphadialer.com

O1 - Hosts: 127.0.0.3 it.online-more.com

O1 - Hosts: 127.0.0.3 www.it.online-more.com

O1 - Hosts: 127.0.0.3 statscash.net

O1 - Hosts: 127.0.0.3 www.statscash.net

O1 - Hosts: 127.0.0.3 85.255.113.242

O1 - Hosts: 127.0.0.3 takeyourbucks.com

O1 - Hosts: 127.0.0.3 www.takeyourbucks.com

O1 - Hosts: 127.0.0.3 195.225.176.25

O1 - Hosts: 127.0.0.3 iframebiz.biz

O1 - Hosts: 127.0.0.3 iframeurl.biz

O1 - Hosts: 127.0.0.3 iframesite.biz

O1 - Hosts: 127.0.0.3 toolbarbiz.biz

O1 - Hosts: 127.0.0.3 toolbarsite.biz

O1 - Hosts: 127.0.0.3 toolbarurl.biz

O1 - Hosts: 127.0.0.3 toolbartraff.biz

O1 - Hosts: 127.0.0.3 buytoolbar.biz

O1 - Hosts: 127.0.0.3 www.iframebiz.biz

O1 - Hosts: 127.0.0.3 www.iframeurl.biz

O1 - Hosts: 127.0.0.3 www.iframesite.biz

O1 - Hosts: 127.0.0.3 www.toolbarbiz.biz

O1 - Hosts: 127.0.0.3 www.toolbarsite.biz

O1 - Hosts: 127.0.0.3 www.toolbarurl.biz

O1 - Hosts: 127.0.0.3 www.toolbartraff.biz

O1 - Hosts: 127.0.0.3 www.buytoolbar.biz

O1 - Hosts: 127.0.0.3 81.9.5.9

O1 - Hosts: 127.0.0.3 n-glx.s-redirect.com

O1 - Hosts: 127.0.0.3 www.sexfiles.nu

O1 - Hosts: 127.0.0.3 awmdabest.com

O1 - Hosts: 127.0.0.3 sexfiles.nu

O1 - Hosts: 127.0.0.3 allforadult.com

O1 - Hosts: 127.0.0.3 www.allforadult.com

O1 - Hosts: 127.0.0.3 www.iframe.biz

O1 - Hosts: 127.0.0.3 iframe.biz

O1 - Hosts: 127.0.0.3 procounter.biz

O1 - Hosts: 127.0.0.3 www.procounter.biz

O1 - Hosts: 127.0.0.3 advadmin.biz

O1 - Hosts: 127.0.0.3 www.advadmin.biz

O1 - Hosts: 127.0.0.3 trafficbest.net

O1 - Hosts: 127.0.0.3 www.trafficbest.net

O1 - Hosts: 127.0.0.3 www.newiframe.biz

O1 - Hosts: 127.0.0.3 newiframe.biz

O1 - Hosts: 127.0.0.3 www.vesbiz.biz

O1 - Hosts: 127.0.0.3 vesbiz.biz

O1 - Hosts: 127.0.0.3 www.pizdato.biz

O1 - Hosts: 127.0.0.3 pizdato.biz

O1 - Hosts: 127.0.0.3 www.aaasexypics.com

O1 - Hosts: 127.0.0.3 aaasexypics.com

O1 - Hosts: 127.0.0.3 www.virgin-tgp.net

O1 - Hosts: 127.0.0.3 vparivalka.com

O1 - Hosts: 127.0.0.3 www.vparivalka.com

O1 - Hosts: 127.0.0.3 iframeprofit.com

O1 - Hosts: 127.0.0.3 www.iframeprofit.com

O1 - Hosts: 127.0.0.3 virgin-tgp.net

O1 - Hosts: 127.0.0.3 www.awmcash.biz

O1 - Hosts: 127.0.0.3 awmcash.biz

O1 - Hosts: 127.0.0.3 buldog-stats.com

O1 - Hosts: 127.0.0.3 www.buldog-stats.com

O1 - Hosts: 127.0.0.3 fregat.drocherway.com

O1 - Hosts: 127.0.0.3 slutmania.biz

O1 - Hosts: 127.0.0.3 www.slutmania.biz

O1 - Hosts: 127.0.0.3 toolbarpartner.com

O1 - Hosts: 127.0.0.3 www.toolbarpartner.com

O1 - Hosts: 127.0.0.3 www.megapornix.com

O1 - Hosts: 127.0.0.3 megapornix.com

O1 - Hosts: 127.0.0.3 www.sp2fucked.biz

O1 - Hosts: 127.0.0.3 sp2fucked.biz

O1 - Hosts: 127.0.0.3 greg-tut.com

O1 - Hosts: 127.0.0.3 www.greg-tut.com

O1 - Hosts: 127.0.0.3 nylonsexy.com

O1 - Hosts: 127.0.0.3 www.nylonsexy.com

O1 - Hosts: 127.0.0.3 topsearch10.com

O1 - Hosts: 127.0.0.3 www.topsearch10.com

O1 - Hosts: 127.0.0.3 statscash.biz

O1 - Hosts: 127.0.0.3 www.statscash.biz

O1 - Hosts: 127.0.0.3 vxiframe.biz

O1 - Hosts: 127.0.0.3 www.vxiframe.biz

O1 - Hosts: 127.0.0.3 crazy-toolbar.com

O1 - Hosts: 127.0.0.3 www.crazy-toolbar.com

O1 - Hosts: 127.0.0.3 topcash.biz

O1 - Hosts: 127.0.0.3 www.topcash.biz

O1 - Hosts: 127.0.0.3 loadcash.biz

O1 - Hosts: 127.0.0.3 www.loadcash.biz

O1 - Hosts: 127.0.0.3 txiframe.biz

O1 - Hosts: 127.0.0.3 www.txiframe.biz

O1 - Hosts: 127.0.0.3 besthvac.com

O1 - Hosts: 127.0.0.3 www.besthvac.com

O1 - Hosts: 127.0.0.3 traff4.com

O1 - Hosts: 127.0.0.3 www.traff4.com

O1 - Hosts: 127.0.0.3 porn-host.org

O2 - BHO: winapi32.MyBHO - {86A0607D-6126-45AE-8A29-46C181AFF4D6} - C:\WINDOWS\system32\winapi32.dll

O2 - BHO: (no name) - {9EAC0102-5E61-2312-BC2D-000000000000} - (no file)

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll

O2 - BHO: (no name) - {dd6f50c0-9f8f-a41c-291e-7b3fb818ef18} - (no file)

O2 - BHO: (no name) - {f21bd77e-0cce-c6cd-4f85-aa3b7895988e} - (no file)

O2 - BHO: (no name) - {ff731508-cd28-e0b0-3e85-0cf55fde9fba} - (no file)

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Arquivos de programas\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe

O4 - HKLM\..\Run: [sERVICES.EXE] C:\WINDOWS\SERVICES.EXE

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\ARQUIV~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Arquivos de programas\D-Link\AirPlus G\AirGCFG.exe

O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Arquivos de programas\ANI\ANIWZCS2 Service\WZCSLDR2.exe

O4 - HKLM\..\Run: [Winconnection4] C:\Arquivos de programas\Winco\Winconnection4\vpn_tray.exe

O4 - HKLM\..\Run: [MSConfig] C:\Documents and Settings\Administrador\Desktop\MSCONFIG.EXE /auto

O4 - HKLM\..\Run: [cme] C:\WINDOWS\system32\cme.exe

O4 - HKLM\..\Run: [cmesys] C:\WINDOWS\system32\cmesys.exe

O4 - HKLM\..\Run: [cmeupd] C:\WINDOWS\system32\cmeupd.exe

O4 - HKLM\..\Run: [gator] C:\WINDOWS\system32\cme.exe

O4 - HKLM\..\Run: [gmt] C:\WINDOWS\system32\gmt.exe

O4 - HKLM\..\Run: [Cydoor] C:\WINDOWS\system32\cd_load.exe

O4 - HKLM\..\Run: [Dynamic Desktop Media] C:\WINDOWS\system32\sysu.exe

O4 - HKLM\..\Run: [CWS HiJacker] C:\WINDOWS\msxmlfilt.dll

O4 - HKCU\..\Run: [internat.exe] internat.exe

O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\ARQUIV~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - Startup: SPEEDY.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Arquivos de programas\ICQToolbar\toolbaru.dll/SEARCH.HTML

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZNfox000

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Arquivos de programas\ICQLite\ICQLite.exe

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Arquivos de programas\ICQLite\ICQLite.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Arquivos de programas\MSN Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Arquivos de programas\MSN Messenger\MSMSGS.EXE

O9 - Extra button: ComVC - {18B74600-6545-11D4-9DC7-904350C10000} - http://www.uol.com.br/comvc/ (file missing) (HKCU)

O9 - Extra button: Dell Home - {32345EA0-615E-11D4-9DC7-F01450C10000} - http://www.dell.com/intl/la/brazil/index.htm (file missing) (HKCU)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab

O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://cs8.chat.sc5.yahoo.com/v43/yacscom.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1124324812033

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {73020B72-CDD6-4F80-8098-1B2ECD9CA4CA} (HearMe VoiceCREATOR) - http://vp.hearme.com/products/vp/embedded/plugins/evp.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab

O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {9C486152-776C-4D09-BC43-CB06259E9FDF} (GbpInstObj Class) - http://www.ssitecnologia.com.br/GbpInst.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmg...,20/mcgdmgr.cab

O16 - DPF: {CD941590-6424-11D2-A82F-00104B7AF15C} (ManagerActiveXBKB Class) - https://www.bankboston.com.br/download/ActiveXBKBCab.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Arquivos de programas\ANI\ANIWZCS2 Service\ANIWZCSdS.exe

O23 - Service: Serviço administrativo do gerenciador de disco lógico (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe

O23 - Service: ewido security suite control - ewido networks - C:\Antispyware\security suite\ewidoctrl.exe

Muito obrigada pela atenção!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Vamos por etapas:

- Faça o download do Hoster e execute-o clicando em Restore Original Hosts e clique em Ok;

- Execute a ferramenta abaixo:

http://linhadefensiva.uol.com.br/files/beta/osaupd.reg

  • Dê um duplo clique no arquivo e clique em Sim;
  • Reinicie o computador rapidamente;
  • Após reiniciar, aguarde 5 minutos, gere novo log e cole na sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • Oi, José, obrigada pela sua resposta! Aqui vai o log gerado após a execução das suas instruções:

    Logfile of HijackThis v1.99.1

    Scan saved at 20:20:26, on 10/3/2006

    Platform: Windows 2000 SP4 (WinNT 5.00.2195)

    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\csrss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Antispyware\security suite\ewidoctrl.exe

    C:\WINDOWS\system32\regsvc.exe

    C:\WINDOWS\system32\MSTask.exe

    C:\WINDOWS\system32\tcpsvcs.exe

    C:\WINDOWS\System32\snmp.exe

    C:\WINDOWS\system32\stisvc.exe

    C:\WINDOWS\System32\WBEM\WinMgmt.exe

    C:\WINDOWS\system32\mspmspsv.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\SERVICES.EXE

    C:\WINDOWS\Explorer.exe

    C:\WINDOWS\SERVICES.EXE

    C:\Arquivos de programas\Alcatel\SpeedTouch USB\Dragdiag.exe

    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe

    C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

    C:\Arquivos de programas\D-Link\AirPlus G\AirGCFG.exe

    C:\Arquivos de programas\ANI\ANIWZCS2 Service\WZCSLDR2.exe

    C:\Arquivos de programas\Winco\Winconnection4\vpn_tray.exe

    C:\WINDOWS\system32\internat.exe

    C:\Arquivos de programas\Skype\Phone\Skype.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\WINDOWS\system32\shell386.exe

    C:\Arquivos de programas\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://magic-search.info/search.htm

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://magic-search.info

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = &http://home.microsoft.com/intl/br/access/allinone.asp

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://magic-search.info/search.htm

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://magic-search.info

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornecido por UOL

    R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Arquivos de programas\ICQToolbar\toolbaru.dll

    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\SERVICES.EXE

    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,C:\WINDOWS\SERVICES.EXE

    O2 - BHO: (no name) - {1e1b2879-88ff-11d3-8d96-d7acac95951a} - (no file)

    O2 - BHO: (no name) - {2bc43670-c0bd-4794-bb11-f60f3e001dc5} - (no file)

    O2 - BHO: winapi32.MyBHO - {86A0607D-6126-45AE-8A29-46C181AFF4D6} - C:\WINDOWS\system32\winapi32.dll

    O2 - BHO: (no name) - {8702d9e1-890b-4bf2-a233-fa44e582b2de} - (no file)

    O2 - BHO: (no name) - {9819c369-5f62-4d37-9a42-44043a742c1e} - (no file)

    O2 - BHO: (no name) - {9EAC0102-5E61-2312-BC2D-000000000000} - (no file)

    O2 - BHO: (no name) - {9EAC0102-5E61-2312-BC2D-4D54434D5443} - (no file)

    O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

    O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll

    O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-716d74632608} - (no file)

    O2 - BHO: (no name) - {d53b810f-6219-11d4-95b6-0040950375e7} - (no file)

    O2 - BHO: (no name) - {dd6f50c0-9f8f-a41c-291e-7b3fb818ef18} - (no file)

    O2 - BHO: (no name) - {f21bd77e-0cce-c6cd-4f85-aa3b7895988e} - (no file)

    O2 - BHO: (no name) - {ff731508-cd28-e0b0-3e85-0cf55fde9fba} - (no file)

    O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

    O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Arquivos de programas\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon

    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

    O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe

    O4 - HKLM\..\Run: [sERVICES.EXE] C:\WINDOWS\SERVICES.EXE

    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\ARQUIV~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

    O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Arquivos de programas\D-Link\AirPlus G\AirGCFG.exe

    O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Arquivos de programas\ANI\ANIWZCS2 Service\WZCSLDR2.exe

    O4 - HKLM\..\Run: [Winconnection4] C:\Arquivos de programas\Winco\Winconnection4\vpn_tray.exe

    O4 - HKLM\..\Run: [MSConfig] C:\Documents and Settings\Administrador\Desktop\MSCONFIG.EXE /auto

    O4 - HKLM\..\Run: [cme] C:\WINDOWS\system32\cme.exe

    O4 - HKLM\..\Run: [cmesys] C:\WINDOWS\system32\cmesys.exe

    O4 - HKLM\..\Run: [cmeupd] C:\WINDOWS\system32\cmeupd.exe

    O4 - HKLM\..\Run: [gator] C:\WINDOWS\system32\gator.exe

    O4 - HKLM\..\Run: [gmt] C:\WINDOWS\system32\gmt.exe

    O4 - HKLM\..\Run: [Cydoor] C:\WINDOWS\system32\cd_load.exe

    O4 - HKLM\..\Run: [Dynamic Desktop Media] C:\WINDOWS\system32\sysu.exe

    O4 - HKLM\..\Run: [CWS HiJacker] C:\WINDOWS\msxmlfilt.dll

    O4 - HKCU\..\Run: [internat.exe] internat.exe

    O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\ARQUIV~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

    O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

    O4 - Startup: SPEEDY.lnk = ?

    O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Arquivos de programas\ICQToolbar\toolbaru.dll/SEARCH.HTML

    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZNfox000

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_04\bin\npjpi150_04.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_04\bin\npjpi150_04.dll

    O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Arquivos de programas\ICQLite\ICQLite.exe

    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Arquivos de programas\ICQLite\ICQLite.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Arquivos de programas\MSN Messenger\MSMSGS.EXE

    O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Arquivos de programas\MSN Messenger\MSMSGS.EXE

    O9 - Extra button: ComVC - {18B74600-6545-11D4-9DC7-904350C10000} - http://www.uol.com.br/comvc/ (file missing) (HKCU)

    O9 - Extra button: Dell Home - {32345EA0-615E-11D4-9DC7-F01450C10000} - http://www.dell.com/intl/la/brazil/index.htm (file missing) (HKCU)

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab

    O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab

    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab

    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://cs8.chat.sc5.yahoo.com/v43/yacscom.cab

    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1124324812033

    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

    O16 - DPF: {73020B72-CDD6-4F80-8098-1B2ECD9CA4CA} (HearMe VoiceCREATOR) - http://vp.hearme.com/products/vp/embedded/plugins/evp.cab

    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab

    O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab

    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

    O16 - DPF: {9C486152-776C-4D09-BC43-CB06259E9FDF} (GbpInstObj Class) - http://www.ssitecnologia.com.br/GbpInst.cab

    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmg...,20/mcgdmgr.cab

    O16 - DPF: {CD941590-6424-11D2-A82F-00104B7AF15C} (ManagerActiveXBKB Class) - https://www.bankboston.com.br/download/ActiveXBKBCab.cab

    O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

    O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

    O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Arquivos de programas\ANI\ANIWZCS2 Service\ANIWZCSdS.exe

    O23 - Service: Serviço administrativo do gerenciador de disco lógico (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe

    O23 - Service: ewido security suite control - ewido networks - C:\Antispyware\security suite\ewidoctrl.exe

    Muito obrigada mais um vez!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    - Faça o download do Killbox e execute-o.

    • Marque a opção Delete on Reboot. Copie a lista abaixo para área de transferência (selecione e clique em Editar > Copiar ou pressione Ctrl + C).

      • C:\WINDOWS\SERVICES.EXE
        C:\Documents and Settings\Administrador\Desktop\MSCONFIG.EXE
        C:\WINDOWS\system32\cme.exe
        C:\WINDOWS\system32\cmesys.exe
        :\WINDOWS\system32\winapi32.dll
        C:\WINDOWS\system32\cmeupd.exe
        C:\WINDOWS\system32\gator.exe
        C:\WINDOWS\system32\gmt.exe
        C:\WINDOWS\system32\cd_load.exe
        C:\WINDOWS\system32\sysu.exe
        C:\WINDOWS\msxmlfilt.dll

    • Volte ao KillBox. Clique em File > Paste from clipboard. Clique no botão All Files.
    • Clique no X e responda Não à pergunta.

    - Reinicie o computador em modo seguro (pressione F8 durante a inicialização);

    - Abra o HijackThis, clique em Do a system scan only, marque as entradas abaixo e clique em Fix checked:

    • R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
    http://magic-search.info/search.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://magic-search.info
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://magic-search.info/search.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://magic-search.info
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\SERVICES.EXE
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,C:\WINDOWS\SERVICES.EXE
    O2 - BHO: (no name) - {1e1b2879-88ff-11d3-8d96-d7acac95951a} - (no file)
    O2 - BHO: (no name) - {2bc43670-c0bd-4794-bb11-f60f3e001dc5} - (no file)
    O2 - BHO: winapi32.MyBHO - {86A0607D-6126-45AE-8A29-46C181AFF4D6} - C:\WINDOWS\system32\winapi32.dll
    O2 - BHO: (no name) - {8702d9e1-890b-4bf2-a233-fa44e582b2de} - (no file)
    O2 - BHO: (no name) - {9819c369-5f62-4d37-9a42-44043a742c1e} - (no file)
    O2 - BHO: (no name) - {9EAC0102-5E61-2312-BC2D-000000000000} - (no file)
    O2 - BHO: (no name) - {9EAC0102-5E61-2312-BC2D-4D54434D5443} - (no file)
    O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-716d74632608} - (no file)
    O2 - BHO: (no name) - {d53b810f-6219-11d4-95b6-0040950375e7} - (no file)
    O2 - BHO: (no name) - {dd6f50c0-9f8f-a41c-291e-7b3fb818ef18} - (no file)
    O2 - BHO: (no name) - {f21bd77e-0cce-c6cd-4f85-aa3b7895988e} - (no file)
    O2 - BHO: (no name) - {ff731508-cd28-e0b0-3e85-0cf55fde9fba} - (no file)
    O4 - HKLM\..\Run: [sERVICES.EXE] C:\WINDOWS\SERVICES.EXE
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\ARQUIV~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
    O4 - HKLM\..\Run: [MSConfig] C:\Documents and Settings\Administrador\Desktop\MSCONFIG.EXE /auto
    O4 - HKLM\..\Run: [cme] C:\WINDOWS\system32\cme.exe
    O4 - HKLM\..\Run: [cmesys] C:\WINDOWS\system32\cmesys.exe
    O4 - HKLM\..\Run: [cmeupd] C:\WINDOWS\system32\cmeupd.exe
    O4 - HKLM\..\Run: [gator] C:\WINDOWS\system32\gator.exe
    O4 - HKLM\..\Run: [gmt] C:\WINDOWS\system32\gmt.exe
    O4 - HKLM\..\Run: [Cydoor] C:\WINDOWS\system32\cd_load.exe
    O4 - HKLM\..\Run: [Dynamic Desktop Media] C:\WINDOWS\system32\sysu.exe
    O4 - HKLM\..\Run: [CWS HiJacker] C:\WINDOWS\msxmlfilt.dll
    O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\ARQUIV~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZNfox000

    - Reinicie em modo normal, gere novo log e cole na sua resposta.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Opa....mandando o log....

    Logfile of HijackThis v1.99.1

    Scan saved at 09:03:32, on 11/3/2006

    Platform: Windows 2000 SP4 (WinNT 5.00.2195)

    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\csrss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Antispyware\security suite\ewidoctrl.exe

    C:\WINDOWS\system32\regsvc.exe

    C:\WINDOWS\system32\MSTask.exe

    C:\WINDOWS\system32\tcpsvcs.exe

    C:\WINDOWS\System32\snmp.exe

    C:\WINDOWS\system32\stisvc.exe

    C:\WINDOWS\System32\WBEM\WinMgmt.exe

    C:\WINDOWS\system32\mspmspsv.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\Explorer.EXE

    C:\Arquivos de programas\Alcatel\SpeedTouch USB\Dragdiag.exe

    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe

    C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

    C:\Arquivos de programas\D-Link\AirPlus G\AirGCFG.exe

    C:\Arquivos de programas\ANI\ANIWZCS2 Service\WZCSLDR2.exe

    C:\WINDOWS\system32\internat.exe

    C:\Arquivos de programas\Skype\Phone\Skype.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\Arquivos de programas\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = &http://home.microsoft.com/intl/br/access/allinone.asp

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornecido por UOL

    R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Arquivos de programas\ICQToolbar\toolbaru.dll

    O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

    O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll

    O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

    O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Arquivos de programas\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon

    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

    O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe

    O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Arquivos de programas\D-Link\AirPlus G\AirGCFG.exe

    O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Arquivos de programas\ANI\ANIWZCS2 Service\WZCSLDR2.exe

    O4 - HKLM\..\Run: [gator] C:\WINDOWS\fsg_4203.exe

    O4 - HKLM\..\Run: [Cydoor] C:\WINDOWS\system32\iedriver.exexplore.exe

    O4 - HKLM\..\Run: [AdwareAdmess] C:\WINDOWS\system32\wstart.dll

    O4 - HKCU\..\Run: [internat.exe] internat.exe

    O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

    O4 - Startup: SPEEDY.lnk = ?

    O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Arquivos de programas\ICQToolbar\toolbaru.dll/SEARCH.HTML

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_04\bin\npjpi150_04.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_04\bin\npjpi150_04.dll

    O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Arquivos de programas\ICQLite\ICQLite.exe

    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Arquivos de programas\ICQLite\ICQLite.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Arquivos de programas\MSN Messenger\MSMSGS.EXE

    O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Arquivos de programas\MSN Messenger\MSMSGS.EXE

    O9 - Extra button: ComVC - {18B74600-6545-11D4-9DC7-904350C10000} - http://www.uol.com.br/comvc/ (file missing) (HKCU)

    O9 - Extra button: Dell Home - {32345EA0-615E-11D4-9DC7-F01450C10000} - http://www.dell.com/intl/la/brazil/index.htm (file missing) (HKCU)

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab

    O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab

    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab

    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://cs8.chat.sc5.yahoo.com/v43/yacscom.cab

    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1124324812033

    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

    O16 - DPF: {73020B72-CDD6-4F80-8098-1B2ECD9CA4CA} (HearMe VoiceCREATOR) - http://vp.hearme.com/products/vp/embedded/plugins/evp.cab

    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab

    O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab

    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

    O16 - DPF: {9C486152-776C-4D09-BC43-CB06259E9FDF} (GbpInstObj Class) - http://www.ssitecnologia.com.br/GbpInst.cab

    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmg...,20/mcgdmgr.cab

    O16 - DPF: {CD941590-6424-11D2-A82F-00104B7AF15C} (ManagerActiveXBKB Class) - https://www.bankboston.com.br/download/ActiveXBKBCab.cab

    O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

    O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

    O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Arquivos de programas\ANI\ANIWZCS2 Service\ANIWZCSdS.exe

    O23 - Service: Serviço administrativo do gerenciador de disco lógico (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe

    O23 - Service: ewido security suite control - ewido networks - C:\Antispyware\security suite\ewidoctrl.exe

    Valeu!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    - Reinicie o computador em modo seguro (pressione F8 durante a inicialização);

    - Abra o HijackThis, clique em Do a system scan only, marque as entradas abaixo e clique em Fix checked:

    • O4 - HKLM\..\Run: [gator] C:\WINDOWS\fsg_4203.exe
      O4 - HKLM\..\Run: [Cydoor] C:\WINDOWS\system32\iedriver.exexplore.exe
      O4 - HKLM\..\Run: [AdwareAdmess] C:\WINDOWS\system32\wstart.dll

    - Localize e delete os arquivos em destaque:

    • C:\WINDOWS\fsg_4203.exe
      C:\WINDOWS\system32\iedriver.exexplore.exe
      C:\WINDOWS\system32\wstart.dll

    - Reinicie em modo normal, gere novo log e cole na sua resposta.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Novo log:

    Logfile of HijackThis v1.99.1

    Scan saved at 09:42:35, on 11/3/2006

    Platform: Windows 2000 SP4 (WinNT 5.00.2195)

    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\csrss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Antispyware\security suite\ewidoctrl.exe

    C:\WINDOWS\system32\regsvc.exe

    C:\WINDOWS\system32\MSTask.exe

    C:\WINDOWS\system32\tcpsvcs.exe

    C:\WINDOWS\System32\snmp.exe

    C:\WINDOWS\system32\stisvc.exe

    C:\WINDOWS\System32\WBEM\WinMgmt.exe

    C:\WINDOWS\system32\mspmspsv.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\Explorer.EXE

    C:\Arquivos de programas\Alcatel\SpeedTouch USB\Dragdiag.exe

    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe

    C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

    C:\Arquivos de programas\D-Link\AirPlus G\AirGCFG.exe

    C:\Arquivos de programas\ANI\ANIWZCS2 Service\WZCSLDR2.exe

    C:\Arquivos de programas\ANI\ANIWZCS2 Service\WZCSLDR2.exe

    C:\WINDOWS\system32\internat.exe

    C:\Arquivos de programas\Skype\Phone\Skype.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\Arquivos de programas\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = &http://home.microsoft.com/intl/br/access/allinone.asp

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornecido por UOL

    R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Arquivos de programas\ICQToolbar\toolbaru.dll

    O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

    O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll

    O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

    O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Arquivos de programas\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon

    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

    O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe

    O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Arquivos de programas\D-Link\AirPlus G\AirGCFG.exe

    O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Arquivos de programas\ANI\ANIWZCS2 Service\WZCSLDR2.exe

    O4 - HKCU\..\Run: [internat.exe] internat.exe

    O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

    O4 - Startup: SPEEDY.lnk = ?

    O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Arquivos de programas\ICQToolbar\toolbaru.dll/SEARCH.HTML

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_04\bin\npjpi150_04.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_04\bin\npjpi150_04.dll

    O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Arquivos de programas\ICQLite\ICQLite.exe

    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Arquivos de programas\ICQLite\ICQLite.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Arquivos de programas\MSN Messenger\MSMSGS.EXE

    O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Arquivos de programas\MSN Messenger\MSMSGS.EXE

    O9 - Extra button: ComVC - {18B74600-6545-11D4-9DC7-904350C10000} - http://www.uol.com.br/comvc/ (file missing) (HKCU)

    O9 - Extra button: Dell Home - {32345EA0-615E-11D4-9DC7-F01450C10000} - http://www.dell.com/intl/la/brazil/index.htm (file missing) (HKCU)

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab

    O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab

    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab

    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://cs8.chat.sc5.yahoo.com/v43/yacscom.cab

    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1124324812033

    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

    O16 - DPF: {73020B72-CDD6-4F80-8098-1B2ECD9CA4CA} (HearMe VoiceCREATOR) - http://vp.hearme.com/products/vp/embedded/plugins/evp.cab

    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab

    O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab

    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

    O16 - DPF: {9C486152-776C-4D09-BC43-CB06259E9FDF} (GbpInstObj Class) - http://www.ssitecnologia.com.br/GbpInst.cab

    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmg...,20/mcgdmgr.cab

    O16 - DPF: {CD941590-6424-11D2-A82F-00104B7AF15C} (ManagerActiveXBKB Class) - https://www.bankboston.com.br/download/ActiveXBKBCab.cab

    O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

    O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

    O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Arquivos de programas\ANI\ANIWZCS2 Service\ANIWZCSdS.exe

    O23 - Service: Serviço administrativo do gerenciador de disco lógico (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe

    O23 - Service: ewido security suite control - ewido networks - C:\Antispyware\security suite\ewidoctrl.exe

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • :palmas: :palmas:

    Muito obrigada! Vou dar uma lida no texto que você recomendou!

    Abraço!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    CASO RESOLVIDO!

    Caso o autor do tópico necessite, o mesmo será reaberto, para isso o mesmo deverá procurar um Moderador da área e solicitar o desbloqueio!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Visitante
    Este tópico está impedido de receber novos posts.
    Entre para seguir isso  





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×