Ir ao conteúdo
  • Comunicados

    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.

Falbala

Membros Juniores
  • Total de itens

    19
  • Registro em

  • Última visita

  • Qualificações

    0%
  1. Infecção inesperada

    :palmas: :palmas: Muito obrigada! Vou dar uma lida no texto que você recomendou! Abraço!
  2. Infecção inesperada

    Novo log: Logfile of HijackThis v1.99.1 Scan saved at 09:42:35, on 11/3/2006 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\Antispyware\security suite\ewidoctrl.exe C:\WINDOWS\system32\regsvc.exe C:\WINDOWS\system32\MSTask.exe C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\stisvc.exe C:\WINDOWS\System32\WBEM\WinMgmt.exe C:\WINDOWS\system32\mspmspsv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Alcatel\SpeedTouch USB\Dragdiag.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe C:\Arquivos de programas\D-Link\AirPlus G\AirGCFG.exe C:\Arquivos de programas\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Arquivos de programas\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\WINDOWS\system32\internat.exe C:\Arquivos de programas\Skype\Phone\Skype.exe C:\WINDOWS\system32\wuauclt.exe C:\Arquivos de programas\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = &http://home.microsoft.com/intl/br/access/allinone.asp R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornecido por UOL R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Arquivos de programas\ICQToolbar\toolbaru.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Arquivos de programas\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Arquivos de programas\D-Link\AirPlus G\AirGCFG.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Arquivos de programas\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKCU\..\Run: [internat.exe] internat.exe O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Startup: SPEEDY.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Arquivos de programas\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Arquivos de programas\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Arquivos de programas\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Arquivos de programas\MSN Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Arquivos de programas\MSN Messenger\MSMSGS.EXE O9 - Extra button: ComVC - {18B74600-6545-11D4-9DC7-904350C10000} - http://www.uol.com.br/comvc/ (file missing) (HKCU) O9 - Extra button: Dell Home - {32345EA0-615E-11D4-9DC7-F01450C10000} - http://www.dell.com/intl/la/brazil/index.htm (file missing) (HKCU) O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://cs8.chat.sc5.yahoo.com/v43/yacscom.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1124324812033 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {73020B72-CDD6-4F80-8098-1B2ECD9CA4CA} (HearMe VoiceCREATOR) - http://vp.hearme.com/products/vp/embedded/plugins/evp.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {9C486152-776C-4D09-BC43-CB06259E9FDF} (GbpInstObj Class) - http://www.ssitecnologia.com.br/GbpInst.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmg...,20/mcgdmgr.cab O16 - DPF: {CD941590-6424-11D2-A82F-00104B7AF15C} (ManagerActiveXBKB Class) - https://www.bankboston.com.br/download/ActiveXBKBCab.cab O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Arquivos de programas\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: Serviço administrativo do gerenciador de disco lógico (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe O23 - Service: ewido security suite control - ewido networks - C:\Antispyware\security suite\ewidoctrl.exe
  3. Infecção inesperada

    Opa....mandando o log.... Logfile of HijackThis v1.99.1 Scan saved at 09:03:32, on 11/3/2006 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\Antispyware\security suite\ewidoctrl.exe C:\WINDOWS\system32\regsvc.exe C:\WINDOWS\system32\MSTask.exe C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\stisvc.exe C:\WINDOWS\System32\WBEM\WinMgmt.exe C:\WINDOWS\system32\mspmspsv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Alcatel\SpeedTouch USB\Dragdiag.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe C:\Arquivos de programas\D-Link\AirPlus G\AirGCFG.exe C:\Arquivos de programas\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\WINDOWS\system32\internat.exe C:\Arquivos de programas\Skype\Phone\Skype.exe C:\WINDOWS\system32\wuauclt.exe C:\Arquivos de programas\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = &http://home.microsoft.com/intl/br/access/allinone.asp R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornecido por UOL R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Arquivos de programas\ICQToolbar\toolbaru.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Arquivos de programas\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Arquivos de programas\D-Link\AirPlus G\AirGCFG.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Arquivos de programas\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [gator] C:\WINDOWS\fsg_4203.exe O4 - HKLM\..\Run: [Cydoor] C:\WINDOWS\system32\iedriver.exexplore.exe O4 - HKLM\..\Run: [AdwareAdmess] C:\WINDOWS\system32\wstart.dll O4 - HKCU\..\Run: [internat.exe] internat.exe O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Startup: SPEEDY.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Arquivos de programas\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Arquivos de programas\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Arquivos de programas\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Arquivos de programas\MSN Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Arquivos de programas\MSN Messenger\MSMSGS.EXE O9 - Extra button: ComVC - {18B74600-6545-11D4-9DC7-904350C10000} - http://www.uol.com.br/comvc/ (file missing) (HKCU) O9 - Extra button: Dell Home - {32345EA0-615E-11D4-9DC7-F01450C10000} - http://www.dell.com/intl/la/brazil/index.htm (file missing) (HKCU) O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://cs8.chat.sc5.yahoo.com/v43/yacscom.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1124324812033 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {73020B72-CDD6-4F80-8098-1B2ECD9CA4CA} (HearMe VoiceCREATOR) - http://vp.hearme.com/products/vp/embedded/plugins/evp.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {9C486152-776C-4D09-BC43-CB06259E9FDF} (GbpInstObj Class) - http://www.ssitecnologia.com.br/GbpInst.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmg...,20/mcgdmgr.cab O16 - DPF: {CD941590-6424-11D2-A82F-00104B7AF15C} (ManagerActiveXBKB Class) - https://www.bankboston.com.br/download/ActiveXBKBCab.cab O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Arquivos de programas\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: Serviço administrativo do gerenciador de disco lógico (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe O23 - Service: ewido security suite control - ewido networks - C:\Antispyware\security suite\ewidoctrl.exe Valeu!
  4. Infecção inesperada

    Oi, José, obrigada pela sua resposta! Aqui vai o log gerado após a execução das suas instruções: Logfile of HijackThis v1.99.1 Scan saved at 20:20:26, on 10/3/2006 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\Antispyware\security suite\ewidoctrl.exe C:\WINDOWS\system32\regsvc.exe C:\WINDOWS\system32\MSTask.exe C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\stisvc.exe C:\WINDOWS\System32\WBEM\WinMgmt.exe C:\WINDOWS\system32\mspmspsv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\SERVICES.EXE C:\WINDOWS\Explorer.exe C:\WINDOWS\SERVICES.EXE C:\Arquivos de programas\Alcatel\SpeedTouch USB\Dragdiag.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe C:\Arquivos de programas\D-Link\AirPlus G\AirGCFG.exe C:\Arquivos de programas\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Arquivos de programas\Winco\Winconnection4\vpn_tray.exe C:\WINDOWS\system32\internat.exe C:\Arquivos de programas\Skype\Phone\Skype.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\shell386.exe C:\Arquivos de programas\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://magic-search.info/search.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://magic-search.info R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = &http://home.microsoft.com/intl/br/access/allinone.asp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://magic-search.info/search.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://magic-search.info R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornecido por UOL R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Arquivos de programas\ICQToolbar\toolbaru.dll F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\SERVICES.EXE F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,C:\WINDOWS\SERVICES.EXE O2 - BHO: (no name) - {1e1b2879-88ff-11d3-8d96-d7acac95951a} - (no file) O2 - BHO: (no name) - {2bc43670-c0bd-4794-bb11-f60f3e001dc5} - (no file) O2 - BHO: winapi32.MyBHO - {86A0607D-6126-45AE-8A29-46C181AFF4D6} - C:\WINDOWS\system32\winapi32.dll O2 - BHO: (no name) - {8702d9e1-890b-4bf2-a233-fa44e582b2de} - (no file) O2 - BHO: (no name) - {9819c369-5f62-4d37-9a42-44043a742c1e} - (no file) O2 - BHO: (no name) - {9EAC0102-5E61-2312-BC2D-000000000000} - (no file) O2 - BHO: (no name) - {9EAC0102-5E61-2312-BC2D-4D54434D5443} - (no file) O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-716d74632608} - (no file) O2 - BHO: (no name) - {d53b810f-6219-11d4-95b6-0040950375e7} - (no file) O2 - BHO: (no name) - {dd6f50c0-9f8f-a41c-291e-7b3fb818ef18} - (no file) O2 - BHO: (no name) - {f21bd77e-0cce-c6cd-4f85-aa3b7895988e} - (no file) O2 - BHO: (no name) - {ff731508-cd28-e0b0-3e85-0cf55fde9fba} - (no file) O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Arquivos de programas\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe O4 - HKLM\..\Run: [sERVICES.EXE] C:\WINDOWS\SERVICES.EXE O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\ARQUIV~1\MYWEBS~1\bar\2.bin\mwsoemon.exe O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Arquivos de programas\D-Link\AirPlus G\AirGCFG.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Arquivos de programas\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [Winconnection4] C:\Arquivos de programas\Winco\Winconnection4\vpn_tray.exe O4 - HKLM\..\Run: [MSConfig] C:\Documents and Settings\Administrador\Desktop\MSCONFIG.EXE /auto O4 - HKLM\..\Run: [cme] C:\WINDOWS\system32\cme.exe O4 - HKLM\..\Run: [cmesys] C:\WINDOWS\system32\cmesys.exe O4 - HKLM\..\Run: [cmeupd] C:\WINDOWS\system32\cmeupd.exe O4 - HKLM\..\Run: [gator] C:\WINDOWS\system32\gator.exe O4 - HKLM\..\Run: [gmt] C:\WINDOWS\system32\gmt.exe O4 - HKLM\..\Run: [Cydoor] C:\WINDOWS\system32\cd_load.exe O4 - HKLM\..\Run: [Dynamic Desktop Media] C:\WINDOWS\system32\sysu.exe O4 - HKLM\..\Run: [CWS HiJacker] C:\WINDOWS\msxmlfilt.dll O4 - HKCU\..\Run: [internat.exe] internat.exe O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\ARQUIV~1\MYWEBS~1\bar\2.bin\mwsoemon.exe O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Startup: SPEEDY.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Arquivos de programas\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZNfox000 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Arquivos de programas\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Arquivos de programas\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Arquivos de programas\MSN Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Arquivos de programas\MSN Messenger\MSMSGS.EXE O9 - Extra button: ComVC - {18B74600-6545-11D4-9DC7-904350C10000} - http://www.uol.com.br/comvc/ (file missing) (HKCU) O9 - Extra button: Dell Home - {32345EA0-615E-11D4-9DC7-F01450C10000} - http://www.dell.com/intl/la/brazil/index.htm (file missing) (HKCU) O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://cs8.chat.sc5.yahoo.com/v43/yacscom.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1124324812033 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {73020B72-CDD6-4F80-8098-1B2ECD9CA4CA} (HearMe VoiceCREATOR) - http://vp.hearme.com/products/vp/embedded/plugins/evp.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {9C486152-776C-4D09-BC43-CB06259E9FDF} (GbpInstObj Class) - http://www.ssitecnologia.com.br/GbpInst.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmg...,20/mcgdmgr.cab O16 - DPF: {CD941590-6424-11D2-A82F-00104B7AF15C} (ManagerActiveXBKB Class) - https://www.bankboston.com.br/download/ActiveXBKBCab.cab O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Arquivos de programas\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: Serviço administrativo do gerenciador de disco lógico (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe O23 - Service: ewido security suite control - ewido networks - C:\Antispyware\security suite\ewidoctrl.exe Muito obrigada mais um vez!
  5. Infecção inesperada

    Boa tarde, pessoal, como vão? Estou aqui de novo pra pedir a ajuda de vocês com o meu log. Apareceu tanta coisa que o Hijackthis até disparou uma mensagem de advertência. Rodei o programa porque, de repente, meu fundo de tela foi alterado para um grande aviso de segurança e dois ícones foram criados na minha barra de ferramentas (lado direito inferior), os quais disparam mensagens do tipo "Spyware infection detected!". Ao reiniciar o PC telas de DOS disparam. Já rodei o Ewido. Alguém pode me dar uma forcinha? Aqui vai o log: Logfile of HijackThis v1.99.1 Scan saved at 08:00:50, on 10/3/2006 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\Antispyware\security suite\ewidoctrl.exe C:\WINDOWS\system32\regsvc.exe C:\WINDOWS\system32\MSTask.exe C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\stisvc.exe C:\WINDOWS\System32\WBEM\WinMgmt.exe C:\WINDOWS\system32\mspmspsv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\SERVICES.EXE C:\WINDOWS\Explorer.exe C:\WINDOWS\SERVICES.EXE C:\Arquivos de programas\Alcatel\SpeedTouch USB\Dragdiag.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe C:\Arquivos de programas\D-Link\AirPlus G\AirGCFG.exe C:\Arquivos de programas\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Arquivos de programas\Winco\Winconnection4\vpn_tray.exe C:\WINDOWS\system32\internat.exe C:\Arquivos de programas\Skype\Phone\Skype.exe C:\WINDOWS\osaupd.exe C:\WINDOWS\wupdmgr.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\shell386.exe C:\Arquivos de programas\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://magic-search.info/search.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://magic-search.info R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = &http://home.microsoft.com/intl/br/access/allinone.asp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://magic-search.info/search.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://magic-search.info R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornecido por UOL R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Arquivos de programas\ICQToolbar\toolbaru.dll F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\SERVICES.EXE F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,C:\WINDOWS\SERVICES.EXE O1 - Hosts: 127.0.0.3 www.onedayoffer.biz O1 - Hosts: 127.0.0.3 onedayoffer.biz O1 - Hosts: 127.0.0.3 callmachine.net O1 - Hosts: 127.0.0.3 www.callmachine.net O1 - Hosts: 127.0.0.3 reportbucks.com O1 - Hosts: 127.0.0.3 www.reportbucks.com O1 - Hosts: 127.0.0.3 isuckall.com O1 - Hosts: 127.0.0.3 www.isuckall.com O1 - Hosts: 127.0.0.3 wbdialer.biz O1 - Hosts: 127.0.0.3 www.wbdialer.biz O1 - Hosts: 127.0.0.3 alphadialer.com O1 - Hosts: 127.0.0.3 www.alphadialer.com O1 - Hosts: 127.0.0.3 it.online-more.com O1 - Hosts: 127.0.0.3 www.it.online-more.com O1 - Hosts: 127.0.0.3 statscash.net O1 - Hosts: 127.0.0.3 www.statscash.net O1 - Hosts: 127.0.0.3 85.255.113.242 O1 - Hosts: 127.0.0.3 takeyourbucks.com O1 - Hosts: 127.0.0.3 www.takeyourbucks.com O1 - Hosts: 127.0.0.3 195.225.176.25 O1 - Hosts: 127.0.0.3 iframebiz.biz O1 - Hosts: 127.0.0.3 iframeurl.biz O1 - Hosts: 127.0.0.3 iframesite.biz O1 - Hosts: 127.0.0.3 toolbarbiz.biz O1 - Hosts: 127.0.0.3 toolbarsite.biz O1 - Hosts: 127.0.0.3 toolbarurl.biz O1 - Hosts: 127.0.0.3 toolbartraff.biz O1 - Hosts: 127.0.0.3 buytoolbar.biz O1 - Hosts: 127.0.0.3 www.iframebiz.biz O1 - Hosts: 127.0.0.3 www.iframeurl.biz O1 - Hosts: 127.0.0.3 www.iframesite.biz O1 - Hosts: 127.0.0.3 www.toolbarbiz.biz O1 - Hosts: 127.0.0.3 www.toolbarsite.biz O1 - Hosts: 127.0.0.3 www.toolbarurl.biz O1 - Hosts: 127.0.0.3 www.toolbartraff.biz O1 - Hosts: 127.0.0.3 www.buytoolbar.biz O1 - Hosts: 127.0.0.3 81.9.5.9 O1 - Hosts: 127.0.0.3 n-glx.s-redirect.com O1 - Hosts: 127.0.0.3 www.sexfiles.nu O1 - Hosts: 127.0.0.3 awmdabest.com O1 - Hosts: 127.0.0.3 sexfiles.nu O1 - Hosts: 127.0.0.3 allforadult.com O1 - Hosts: 127.0.0.3 www.allforadult.com O1 - Hosts: 127.0.0.3 www.iframe.biz O1 - Hosts: 127.0.0.3 iframe.biz O1 - Hosts: 127.0.0.3 procounter.biz O1 - Hosts: 127.0.0.3 www.procounter.biz O1 - Hosts: 127.0.0.3 advadmin.biz O1 - Hosts: 127.0.0.3 www.advadmin.biz O1 - Hosts: 127.0.0.3 trafficbest.net O1 - Hosts: 127.0.0.3 www.trafficbest.net O1 - Hosts: 127.0.0.3 www.newiframe.biz O1 - Hosts: 127.0.0.3 newiframe.biz O1 - Hosts: 127.0.0.3 www.vesbiz.biz O1 - Hosts: 127.0.0.3 vesbiz.biz O1 - Hosts: 127.0.0.3 www.pizdato.biz O1 - Hosts: 127.0.0.3 pizdato.biz O1 - Hosts: 127.0.0.3 www.aaasexypics.com O1 - Hosts: 127.0.0.3 aaasexypics.com O1 - Hosts: 127.0.0.3 www.virgin-tgp.net O1 - Hosts: 127.0.0.3 vparivalka.com O1 - Hosts: 127.0.0.3 www.vparivalka.com O1 - Hosts: 127.0.0.3 iframeprofit.com O1 - Hosts: 127.0.0.3 www.iframeprofit.com O1 - Hosts: 127.0.0.3 virgin-tgp.net O1 - Hosts: 127.0.0.3 www.awmcash.biz O1 - Hosts: 127.0.0.3 awmcash.biz O1 - Hosts: 127.0.0.3 buldog-stats.com O1 - Hosts: 127.0.0.3 www.buldog-stats.com O1 - Hosts: 127.0.0.3 fregat.drocherway.com O1 - Hosts: 127.0.0.3 slutmania.biz O1 - Hosts: 127.0.0.3 www.slutmania.biz O1 - Hosts: 127.0.0.3 toolbarpartner.com O1 - Hosts: 127.0.0.3 www.toolbarpartner.com O1 - Hosts: 127.0.0.3 www.megapornix.com O1 - Hosts: 127.0.0.3 megapornix.com O1 - Hosts: 127.0.0.3 www.sp2fucked.biz O1 - Hosts: 127.0.0.3 sp2fucked.biz O1 - Hosts: 127.0.0.3 greg-tut.com O1 - Hosts: 127.0.0.3 www.greg-tut.com O1 - Hosts: 127.0.0.3 nylonsexy.com O1 - Hosts: 127.0.0.3 www.nylonsexy.com O1 - Hosts: 127.0.0.3 topsearch10.com O1 - Hosts: 127.0.0.3 www.topsearch10.com O1 - Hosts: 127.0.0.3 statscash.biz O1 - Hosts: 127.0.0.3 www.statscash.biz O1 - Hosts: 127.0.0.3 vxiframe.biz O1 - Hosts: 127.0.0.3 www.vxiframe.biz O1 - Hosts: 127.0.0.3 crazy-toolbar.com O1 - Hosts: 127.0.0.3 www.crazy-toolbar.com O1 - Hosts: 127.0.0.3 topcash.biz O1 - Hosts: 127.0.0.3 www.topcash.biz O1 - Hosts: 127.0.0.3 loadcash.biz O1 - Hosts: 127.0.0.3 www.loadcash.biz O1 - Hosts: 127.0.0.3 txiframe.biz O1 - Hosts: 127.0.0.3 www.txiframe.biz O1 - Hosts: 127.0.0.3 besthvac.com O1 - Hosts: 127.0.0.3 www.besthvac.com O1 - Hosts: 127.0.0.3 traff4.com O1 - Hosts: 127.0.0.3 www.traff4.com O1 - Hosts: 127.0.0.3 porn-host.org O2 - BHO: winapi32.MyBHO - {86A0607D-6126-45AE-8A29-46C181AFF4D6} - C:\WINDOWS\system32\winapi32.dll O2 - BHO: (no name) - {9EAC0102-5E61-2312-BC2D-000000000000} - (no file) O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll O2 - BHO: (no name) - {dd6f50c0-9f8f-a41c-291e-7b3fb818ef18} - (no file) O2 - BHO: (no name) - {f21bd77e-0cce-c6cd-4f85-aa3b7895988e} - (no file) O2 - BHO: (no name) - {ff731508-cd28-e0b0-3e85-0cf55fde9fba} - (no file) O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Arquivos de programas\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe O4 - HKLM\..\Run: [sERVICES.EXE] C:\WINDOWS\SERVICES.EXE O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\ARQUIV~1\MYWEBS~1\bar\2.bin\mwsoemon.exe O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Arquivos de programas\D-Link\AirPlus G\AirGCFG.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Arquivos de programas\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [Winconnection4] C:\Arquivos de programas\Winco\Winconnection4\vpn_tray.exe O4 - HKLM\..\Run: [MSConfig] C:\Documents and Settings\Administrador\Desktop\MSCONFIG.EXE /auto O4 - HKLM\..\Run: [cme] C:\WINDOWS\system32\cme.exe O4 - HKLM\..\Run: [cmesys] C:\WINDOWS\system32\cmesys.exe O4 - HKLM\..\Run: [cmeupd] C:\WINDOWS\system32\cmeupd.exe O4 - HKLM\..\Run: [gator] C:\WINDOWS\system32\cme.exe O4 - HKLM\..\Run: [gmt] C:\WINDOWS\system32\gmt.exe O4 - HKLM\..\Run: [Cydoor] C:\WINDOWS\system32\cd_load.exe O4 - HKLM\..\Run: [Dynamic Desktop Media] C:\WINDOWS\system32\sysu.exe O4 - HKLM\..\Run: [CWS HiJacker] C:\WINDOWS\msxmlfilt.dll O4 - HKCU\..\Run: [internat.exe] internat.exe O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\ARQUIV~1\MYWEBS~1\bar\2.bin\mwsoemon.exe O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Startup: SPEEDY.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Arquivos de programas\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZNfox000 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Arquivos de programas\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Arquivos de programas\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Arquivos de programas\MSN Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Arquivos de programas\MSN Messenger\MSMSGS.EXE O9 - Extra button: ComVC - {18B74600-6545-11D4-9DC7-904350C10000} - http://www.uol.com.br/comvc/ (file missing) (HKCU) O9 - Extra button: Dell Home - {32345EA0-615E-11D4-9DC7-F01450C10000} - http://www.dell.com/intl/la/brazil/index.htm (file missing) (HKCU) O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://cs8.chat.sc5.yahoo.com/v43/yacscom.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1124324812033 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {73020B72-CDD6-4F80-8098-1B2ECD9CA4CA} (HearMe VoiceCREATOR) - http://vp.hearme.com/products/vp/embedded/plugins/evp.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {9C486152-776C-4D09-BC43-CB06259E9FDF} (GbpInstObj Class) - http://www.ssitecnologia.com.br/GbpInst.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmg...,20/mcgdmgr.cab O16 - DPF: {CD941590-6424-11D2-A82F-00104B7AF15C} (ManagerActiveXBKB Class) - https://www.bankboston.com.br/download/ActiveXBKBCab.cab O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Arquivos de programas\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: Serviço administrativo do gerenciador de disco lógico (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe O23 - Service: ewido security suite control - ewido networks - C:\Antispyware\security suite\ewidoctrl.exe Muito obrigada pela atenção!
  6. Mais um vítima do MSN...

    Poxa vida!!!!! Já estava até me habituando a sempre vir aqui e pegar as suas novas recomendações! Mas, que ótimo que recuperei meu pc sem apelar para a tão temida formatação que tantas pessoa me recomendaram...Muito obrigada, Lídia!! Impressionante a competência de vocês! Bom, de estratégias de informática eu não entendo nada (como você já deve ter notado), mas se precisar de algo na área das Ciências Biológicas, quem sabe eu não possa retribuir?? :palmas: :palmas: :palmas: :palmas: :palmas: :palmas: :palmas: :palmas: Obrigadinha!!!!!!! Já sei o lugar certo pra onde correr no caso de emergência! Abraços!
  7. Mais um vítima do MSN...

    OPA OPA! Estou na área! Com um pequeno atraso porque ontem não consegui me logar aqui no fórum! Lídia, parece que as coisas voltaram ao normal!!!!!! A última coisa que estava me incomodando e que eu sobre a qual eu já havia falado diversas vezes era a relação arquivos enviados e arquivos recebidos pelo speedy....e depois das suas últimas recomendações aparentemente tudo estaó OK! Mal posso acreditar! Bom, aqui vão os logs que você pediu: Finds_It Microsoft Windows 2000 [VersÆo 5.00.2195] PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, THERE MIGHT BE LEGIT FILES LISTED AND PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE. »»»»»»»»»»»»»»»»»»»»»»»» Todo Files found »»»»»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»»»»»»»»»»»» Suspect's »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Dont delete file's in the section without guidance If any doubt back them up first »»»»»»»»»»»»»»»»»»»»»»»» SAHAgent Files found »»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»»»»»»»»»»»» Misc checks »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» »»»»» Check for Windows\SYSTEM32\cache32_rtneg* folder. O volume na unidade C nÆo tem nome. O n£mero de s‚rie do volume ‚ 07D0-0718 Pasta de C:\WINDOWS\SYSTEM32 »»»»» Checking for SAHAgent ico files. O volume na unidade C nÆo tem nome. O n£mero de s‚rie do volume ‚ 07D0-0718 Pasta de C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»». HIJACKTHIS Logfile of HijackThis v1.99.1 Scan saved at 21:07:37, on 22/8/2005 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\Antispyware\security suite\ewidoctrl.exe C:\Antispyware\security suite\ewidoguard.exe C:\WINDOWS\system32\regsvc.exe C:\WINDOWS\system32\MSTask.exe C:\WINDOWS\system32\stisvc.exe C:\WINDOWS\System32\WBEM\WinMgmt.exe C:\WINDOWS\system32\mspmspsv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Alcatel\SpeedTouch USB\Dragdiag.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe C:\WINDOWS\system32\internat.exe C:\Arquivos de programas\Skype\Phone\Skype.exe C:\WINDOWS\system32\wuauclt.exe C:\Arquivos de programas\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.unicamp.br/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = &http://home.microsoft.com/intl/br/access/allinone.asp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornecido por UOL R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Arquivos de programas\ICQToolbar\toolbaru.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll O2 - BHO: G-Buster Browser Defense Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Arquivos de programas\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe O4 - HKCU\..\Run: [internat.exe] internat.exe O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Arquivos de programas\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Arquivos de programas\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Arquivos de programas\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Arquivos de programas\MSN Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Arquivos de programas\MSN Messenger\MSMSGS.EXE O9 - Extra button: ComVC - {18B74600-6545-11D4-9DC7-904350C10000} - http://www.uol.com.br/comvc/ (file missing) (HKCU) O9 - Extra button: Dell Home - {32345EA0-615E-11D4-9DC7-F01450C10000} - http://www.dell.com/intl/la/brazil/index.htm (file missing) (HKCU) O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O14 - IERESET.INF: START_PAGE_URL=http://www.msn.com.br O14 - IERESET.INF: MS_START_PAGE_URL=http://www.msn.com.br O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://cs8.chat.sc5.yahoo.com/v43/yacscom.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1124324812033 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {73020B72-CDD6-4F80-8098-1B2ECD9CA4CA} (HearMe VoiceCREATOR) - http://vp.hearme.com/products/vp/embedded/plugins/evp.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {9C486152-776C-4D09-BC43-CB06259E9FDF} (GbpInstObj Class) - http://www.ssitecnologia.com.br/GbpInst.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmg...,20/mcgdmgr.cab O16 - DPF: {CD941590-6424-11D2-A82F-00104B7AF15C} (ManagerActiveXBKB Class) - https://www.bankboston.com.br/download/ActiveXBKBCab.cab O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab O23 - Service: Serviço administrativo do gerenciador de disco lógico (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe O23 - Service: ewido security suite control - ewido networks - C:\Antispyware\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Antispyware\security suite\ewidoguard.exe É isso aí! Ah! Na busca no virus total, tudo normal, o arquivo não estava contaminado. Sobrou algum procedimento aí na sua bolsa mágica? Acho que eu esgotei todas as suas possibilidades de tão infectadinho que meu micrinho estava! Abraços e MUITÍSSIMO OBRIGADA!
  8. Mais um vítima do MSN...

    Oi, Lidia! Tudo bem? Desculpe a demora! Eu não recebi aviso no email de que havia novas mensagens por aqui e acabei vendo só ontem as suas novas recomendações. Bom aqui vão os dois logs. Meu computador tem melhorado MUITO. EWIDO --------------------------------------------------------- ewido security suite - Relatório de verificação --------------------------------------------------------- + Criado em: 04:41:28, 22/8/2005 + Relatório-Checksum: 4085F10C + Resultado da verificação: C:\Documents and Settings\Administrador\Cookies\administrador@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Limpo com backup C:\Documents and Settings\Administrador\Cookies\administrador@atdmt[2].txt -> Spyware.Cookie.Atdmt : Limpo com backup ::Fim do Relatório HIJACKTHIS Logfile of HijackThis v1.99.1 Scan saved at 04:56:04, on 22/8/2005 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\Antispyware\security suite\ewidoctrl.exe C:\Antispyware\security suite\ewidoguard.exe C:\WINDOWS\system32\regsvc.exe C:\WINDOWS\system32\MSTask.exe C:\WINDOWS\system32\stisvc.exe C:\WINDOWS\System32\WBEM\WinMgmt.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\mspmspsv.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Alcatel\SpeedTouch USB\Dragdiag.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe C:\WINDOWS\system32\steam.exe C:\WINDOWS\system32\internat.exe C:\Arquivos de programas\Skype\Phone\Skype.exe C:\WINDOWS\system32\wuauclt.exe C:\Arquivos de programas\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.unicamp.br/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = &http://home.microsoft.com/intl/br/access/allinone.asp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornecido por UOL R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Arquivos de programas\ICQToolbar\toolbaru.dll O1 - Hosts: 70.84.252.218 onlineaccounts2.abbeynational.co.uk O1 - Hosts: 70.84.252.218 www3.aibgbonline.co.uk O1 - Hosts: 70.84.252.218 www.bank.alliance-leicester.co.uk O1 - Hosts: 70.84.252.218 login.iblogin.com O1 - Hosts: 70.84.252.218 ww2.bankofscotlandhalifax-online.co.uk O1 - Hosts: 70.84.252.218 inet.barclays.co.uk O1 - Hosts: 70.84.252.218 iibank.barclays.co.uk O1 - Hosts: 70.84.252.218 iibank.cahoot.com O1 - Hosts: 70.84.252.218 www3.coventrybuildingsociety.co.uk O1 - Hosts: 70.84.252.218 ww.hsbc.co.uk O1 - Hosts: 70.84.252.218 login.ebank.offshore.hsbc.co.je O1 - Hosts: 70.84.252.218 ww3.online-offshore.lloydstsb.com O1 - Hosts: 70.84.252.218 ww3.online-business.lloydstsb.co.uk O1 - Hosts: 70.84.252.218 ww3.online.lloydstsb.co.uk O1 - Hosts: 70.84.252.218 ww3.online.lloydstsb.co.uk O1 - Hosts: 70.84.252.218 ww3.online-business.lloydstsb.co.uk O1 - Hosts: 70.84.252.218 ob2.nationet.com O1 - Hosts: 70.84.252.218 ww3.onlinebanking.natwestoffshore.com O1 - Hosts: 70.84.252.218 ww1.nwolb.com O1 - Hosts: 70.84.252.218 ww1.onlinebanking.iombank.com O1 - Hosts: 70.84.252.218 ww1.www.rbsdigital.com O1 - Hosts: 70.84.252.218 welcome.smile.co.uk O1 - Hosts: 70.84.252.218 login.365online.com O1 - Hosts: 70.84.252.218 wvw.citizensbankonline.com O1 - Hosts: 70.84.252.218 esecure.regionsnet.com O1 - Hosts: 70.84.252.218 rollb.associatedbank.com O1 - Hosts: 70.84.252.218 upb.unionplanters.com O1 - Hosts: 70.84.252.218 www.onlinebanking.huntington.com O1 - Hosts: 70.84.252.218 inet.southtrustonlinebanking.com O1 - Hosts: 70.84.252.218 logon.personal.wamu.com O1 - Hosts: 70.84.252.218 login.compassweb.com O1 - Hosts: 70.84.252.218 logon.firstmeritib.com O1 - Hosts: 70.84.252.218 login.ccfcuonline.org O1 - Hosts: 70.84.252.218 ww3.etimebanker.bankofthewest.com O1 - Hosts: 70.84.252.218 ww2.onlinebanking.lasallebank.com O1 - Hosts: 70.84.252.218 wvw.totallyfreebanking.com O1 - Hosts: 70.84.252.218 www.online.wellsfargo.com O1 - Hosts: 70.84.252.218 www.onlinebanking.bankofoklahoma.com O1 - Hosts: 70.84.252.218 accounts4.keybank.com O1 - Hosts: 70.84.252.218 logon.bankone.com O1 - Hosts: 70.84.252.218 www.secure.tdbanknorth.com O1 - Hosts: 70.84.252.218 www.secure.mvnt4.com O1 - Hosts: 70.84.252.218 ww.mynfbonline.com O1 - Hosts: 70.84.252.218 login.forumcuonline.com O1 - Hosts: 70.84.252.218 www.eds.usersonlnet.com O1 - Hosts: 70.84.252.218 www.onlineid.bankofamerica.com O1 - Hosts: 70.84.252.218 wvw.e-gold.com O1 - Hosts: 70.84.252.218 pcbs.peoples.com O1 - Hosts: 70.84.252.218 www.global1.onlinebank.com O1 - Hosts: 70.84.252.218 ww2.mybranch.lafcu.com O1 - Hosts: 70.84.252.218 login.webbanking.comerica.com O1 - Hosts: 70.84.252.218 web.banking.firsttennessee.com O1 - Hosts: 70.84.252.218 logon.members1st.org O1 - Hosts: 70.84.252.218 www.cib.ibanking-services.com O1 - Hosts: 70.84.252.218 www.miwebbusbank.ebanking-services.com O1 - Hosts: 70.84.252.218 wvw.paypal.com O1 - Hosts: 70.84.252.218 www.signin.ebay.com O1 - Hosts: 70.84.252.218 wvw.etrade.com O1 - Hosts: 70.84.252.218 ww4.fleethomelink.fleet.com O1 - Hosts: 70.84.252.218 ww3.connect.skyfi.com O1 - Hosts: 70.84.252.218 www6.usbank.com O1 - Hosts: 70.84.252.218 www.bvi.bancodevalencia.es O1 - Hosts: 70.84.252.218 extrant.banesto.es O1 - Hosts: 70.84.252.218 banesnt.banesto.es O1 - Hosts: 70.84.252.218 activia.caixagalicia.es O1 - Hosts: 70.84.252.218 www.bancae.caixapenedes.com O1 - Hosts: 70.84.252.218 login.caixasabadell.net O1 - Hosts: 70.84.252.218 oii.cajamadrid.es O1 - Hosts: 70.84.252.218 login.cajamar.es O1 - Hosts: 70.84.252.218 login.ccm.es O1 - Hosts: 70.84.252.218 ww.unicaja.es O1 - Hosts: 70.84.252.218 www5.bancopopular.es O1 - Hosts: 70.84.252.218 ww3.bbvanet.com O1 - Hosts: 70.84.252.218 ww.bayernlb.de O1 - Hosts: 70.84.252.218 ww2.berliner-volksbank.de O1 - Hosts: 70.84.252.218 ww7.homebanking-berlin.de O1 - Hosts: 70.84.252.218 portal09.commerzbanking.de O1 - Hosts: 70.84.252.218 www.meine.deutsche-bank.de O1 - Hosts: 70.84.252.218 ww2.dresdner-privat.de O1 - Hosts: 70.84.252.218 ww.e-banking.helaba.de O1 - Hosts: 70.84.252.218 ww.hsh-nordbank.de O1 - Hosts: 70.84.252.218 www.my.hypovereinsbank.de O1 - Hosts: 70.84.252.218 ww3.homebanking-berlin.de O1 - Hosts: 70.84.252.218 ww3.homebanking-berlin.de O1 - Hosts: 70.84.252.218 www.banking.lbbw.de O1 - Hosts: 70.84.252.218 lrp.sparkasse-banking.de O1 - Hosts: 70.84.252.218 ww3.homebanking-niedersachsen.de O1 - Hosts: 70.84.252.218 www.onlinebanking.norisbank.de O1 - Hosts: 70.84.252.218 www.banking.postbank.de O1 - Hosts: 70.84.252.218 wvw.internetbanking.gad.de O1 - Hosts: 70.84.252.218 ww1.portal.izb.de O1 - Hosts: 70.84.252.218 wvw.kunden-service.lbs.de O1 - Hosts: 70.84.252.218 ibanking.seb.de O1 - Hosts: 70.84.252.218 bw7.sparkasse-banking.de O1 - Hosts: 70.84.252.218 ww2.homebanking-sparkasse.de O1 - Hosts: 70.84.252.218 ww2.vr-networld-ebanking.de O1 - Hosts: 70.84.252.218 ww.bics.fr O1 - Hosts: 70.84.252.218 www.co.caixabank.fr O1 - Hosts: 70.84.252.218 ww.creditmutuel.fr O1 - Hosts: 70.84.252.218 internetbank.intesabci.it O1 - Hosts: 70.84.252.218 ww.extensive.bancalombarda.it O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll O2 - BHO: G-Buster Browser Defense Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Arquivos de programas\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe O4 - HKLM\..\Run: [jouqlhx] c:\windows\system32\eihlun.exe r O4 - HKLM\..\Run: [steam] steam.exe O4 - HKLM\..\RunServices: [steam] steam.exe O4 - HKCU\..\Run: [internat.exe] internat.exe O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Arquivos de programas\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Arquivos de programas\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Arquivos de programas\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Arquivos de programas\MSN Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Arquivos de programas\MSN Messenger\MSMSGS.EXE O9 - Extra button: ComVC - {18B74600-6545-11D4-9DC7-904350C10000} - http://www.uol.com.br/comvc/ (file missing) (HKCU) O9 - Extra button: Dell Home - {32345EA0-615E-11D4-9DC7-F01450C10000} - http://www.dell.com/intl/la/brazil/index.htm (file missing) (HKCU) O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O14 - IERESET.INF: START_PAGE_URL=http://www.msn.com.br O14 - IERESET.INF: MS_START_PAGE_URL=http://www.msn.com.br O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://cs8.chat.sc5.yahoo.com/v43/yacscom.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1124324812033 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {73020B72-CDD6-4F80-8098-1B2ECD9CA4CA} (HearMe VoiceCREATOR) - http://vp.hearme.com/products/vp/embedded/plugins/evp.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {9C486152-776C-4D09-BC43-CB06259E9FDF} (GbpInstObj Class) - http://www.ssitecnologia.com.br/GbpInst.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmg...,20/mcgdmgr.cab O16 - DPF: {CD941590-6424-11D2-A82F-00104B7AF15C} (ManagerActiveXBKB Class) - https://www.bankboston.com.br/download/ActiveXBKBCab.cab O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab O23 - Service: Serviço administrativo do gerenciador de disco lógico (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe O23 - Service: ewido security suite control - ewido networks - C:\Antispyware\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Antispyware\security suite\ewidoguard.exe O que aconteceu de diferente nessa vez foi esse monte de "Hosts" no Log do Hijack. Eu já havia vistos esses endereços em um site sobre virus....Num dos inumeros scans que fiz nos últimos dias, um dos virus encontrados (que supostamente não constam no scans mais recentes) fazia seus serviços monitorando o acesso a esses sites.... Eu elimino esses hosts? Muito obrigada! Falbala.
  9. Mais um vítima do MSN...

    Eu sei que sou um caso quase perdido, mas será que alguém ainda pode me dar uma forcinha?
  10. Olá, pessoal, boa tarde! Há algum tempinho venho notando que a quantidade de arquivos enviados (pelo Speedy) é muito superior àquela dos arquivos recebidos. Tive alguns probleminhas com spywares (que a propósito ainda não foram completamente sanados) e, depois disso, a Interent ficou muito lenta, não permite que eu acesse mais do que duas pagininhas e ainda tem o já mencionado sintoma de "muitos arquivos enviados". Alguém de vocês poderia me ajudar a descobrir o que acontece? Eu fico me sentindo roubada toda vez que conecto, além de não conseguir fazer quase nada on-line. Muito obrigada!
  11. Mais um vítima do MSN...

    Oi Lidia, há quanto tempo! Desculpe a demora para voltar o log, mas a Internet lá em casa está praticamente inoperante... O pc está muito lento e quando me conecto à rede, parece que é só pra alguém puxar arquivos do meu computador, porque acessar uma pagininha qualquer está quase impossível!!!1 Bom, aqui vai o último log. Obrigada por "ouvir" minhas lamentações! Logfile of HijackThis v1.99.1 Scan saved at 14:53:38, on 8/8/2005 Platform: Windows 2000 (WinNT 5.00.2195) MSIE: Internet Explorer v5.00 (5.00.2920.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\WBEM\WinMgmt.exe C:\WINDOWS\Explorer.exe C:\Arquivos de programas\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.unicamp.br/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = &http://home.microsoft.com/intl/br/access/allinone.asp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornecido por UOL R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Arquivos de programas\ICQToolbar\toolbaru.dll F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe O2 - BHO: Microsoft Update Proxy Class - {6E28339B-7A2A-47B6-AEB2-46BA53782375} - C:\WINDOWS\System32\dllcache\msupdprx.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll O2 - BHO: G-Buster Browser Defense Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Arquivos de programas\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe O4 - HKLM\..\Run: [File System] taskmqr.exe O4 - HKLM\..\Run: [microsft Updates] msupdate32.exe O4 - HKLM\..\Run: [autostart] svchosta.exe O4 - HKLM\..\Run: [lvciyz] c:\windows\system32\xqqspce.exe r O4 - HKLM\..\RunServices: [File System] taskmqr.exe O4 - HKLM\..\RunServices: [microsft Updates] msupdate32.exe O4 - HKLM\..\RunServices: [autostart] svchosta.exe O4 - HKCU\..\Run: [internat.exe] internat.exe O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [File System] taskmqr.exe O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Arquivos de programas\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Arquivos de programas\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Arquivos de programas\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Arquivos de programas\MSN Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Arquivos de programas\MSN Messenger\MSMSGS.EXE O9 - Extra button: ComVC - {18B74600-6545-11D4-9DC7-904350C10000} - http://www.uol.com.br/comvc/ (file missing) (HKCU) O9 - Extra button: Dell Home - {32345EA0-615E-11D4-9DC7-F01450C10000} - http://www.dell.com/intl/la/brazil/index.htm (file missing) (HKCU) O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O14 - IERESET.INF: START_PAGE_URL=http://www.msn.com.br O14 - IERESET.INF: MS_START_PAGE_URL=http://www.msn.com.br O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://cs8.chat.sc5.yahoo.com/v43/yacscom.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {73020B72-CDD6-4F80-8098-1B2ECD9CA4CA} (HearMe VoiceCREATOR) - http://vp.hearme.com/products/vp/embedded/plugins/evp.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {9C486152-776C-4D09-BC43-CB06259E9FDF} (GbpInstObj Class) - http://www.ssitecnologia.com.br/GbpInst.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmg...,20/mcgdmgr.cab O16 - DPF: {CD941590-6424-11D2-A82F-00104B7AF15C} (ManagerActiveXBKB Class) - https://www.bankboston.com.br/download/ActiveXBKBCab.cab O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab O23 - Service: autostart - Unknown owner - C:\WINDOWS\System32\svchosta.exe" -service (file missing) O23 - Service: Serviço administrativo do gerenciador de disco lógico (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
  12. Mais um vítima do MSN...

    Oi, de novo! Bom, ainda não consegui fazer o scan no Ewido, mas já vou te mandar os logs.... Incialmente, eu havia me esquecido de eliminar o ntsf.exe e portanto resolvi executar todo o procedimento novamente. Tenho dois logs do Find Its (prévio a esse último scan que você recomendou). A proposito, sempre que rodou esse programinha, aparecem milhares de mensagens "o arq já está sendo usado em outro processo" e o log para não conter nada....mas chega de meter o bedelho em áreas que eu não domino! Vou deixar para a sua expertise! LOG HIJACTHIS Logfile of HijackThis v1.99.1 Scan saved at 01:15:30, on 7/8/2005 Platform: Windows 2000 (WinNT 5.00.2195) MSIE: Internet Explorer v5.00 (5.00.2920.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\Netmon.exe C:\WINDOWS\System32\WBEM\WinMgmt.exe C:\WINDOWS\Explorer.exe C:\Arquivos de programas\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.unicamp.br/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = &http://home.microsoft.com/intl/br/access/allinone.asp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornecido por UOL R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Arquivos de programas\ICQToolbar\toolbaru.dll O1 - Hosts: 170.66.1.60 www14.bancobrasil.com.br # GbPlugin O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll O2 - BHO: G-Buster Browser Defense Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Arquivos de programas\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe O4 - HKLM\..\Run: [File System] taskmqr.exe O4 - HKLM\..\Run: [ubyxdo] c:\windows\system32\zpproh.exe r O4 - HKLM\..\RunServices: [NTSF MICROSOFT SYSTEM] ntsf.exe O4 - HKLM\..\RunServices: [File System] taskmqr.exe O4 - HKCU\..\Run: [internat.exe] internat.exe O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [File System] taskmqr.exe O4 - HKCU\..\Run: [NTSF MICROSOFT SYSTEM] ntsf.exe O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Arquivos de programas\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Arquivos de programas\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Arquivos de programas\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Arquivos de programas\MSN Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Arquivos de programas\MSN Messenger\MSMSGS.EXE O9 - Extra button: ComVC - {18B74600-6545-11D4-9DC7-904350C10000} - http://www.uol.com.br/comvc/ (file missing) (HKCU) O9 - Extra button: Dell Home - {32345EA0-615E-11D4-9DC7-F01450C10000} - http://www.dell.com/intl/la/brazil/index.htm (file missing) (HKCU) O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O14 - IERESET.INF: START_PAGE_URL=http://www.msn.com.br O14 - IERESET.INF: MS_START_PAGE_URL=http://www.msn.com.br O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://cs8.chat.sc5.yahoo.com/v43/yacscom.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_EN.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/2920653b91b9a3...RdxIE601_br.cab O16 - DPF: {5C3A9EA6-4068-46B8-8B5A-692FB10607B1} (IntDialerData Class) - http://www.grupomarineda.net/auto/DialerData.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {73020B72-CDD6-4F80-8098-1B2ECD9CA4CA} (HearMe VoiceCREATOR) - http://vp.hearme.com/products/vp/embedded/plugins/evp.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {9C486152-776C-4D09-BC43-CB06259E9FDF} (GbpInstObj Class) - http://www.ssitecnologia.com.br/GbpInst.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmg...,20/mcgdmgr.cab O16 - DPF: {CD941590-6424-11D2-A82F-00104B7AF15C} (ManagerActiveXBKB Class) - https://www.bankboston.com.br/download/ActiveXBKBCab.cab O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab O23 - Service: Serviço administrativo do gerenciador de disco lógico (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Net Functions Monitoring (Netmon) - Unknown owner - C:\WINDOWS\System32\Netmon.exe =======LOG1 FIND_ITS Microsoft Windows 2000 [VersÆo 5.00.2195] PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, THERE MIGHT BE LEGIT FILES LISTED AND PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE. »»»»»»»»»»»»»»»»»»»»»»»» Todo Files found »»»»»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»»»»»»»»»»»» aurora Files found »»»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»»»»»»»»»»»» Suspect's »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Dont delete file's in the section without guidance If any doubt back them up first »»»»» lagitamate file's can/will show in this section. »»»»» Check for Windows\SYSTEM32\cache32_rtneg* folder. O volume na unidade C nÆo tem nome. O n£mero de s‚rie do volume ‚ 07D0-0718 Pasta de C:\WINDOWS\SYSTEM32 »»»»» Checking for SAHAgent ico files. O volume na unidade C nÆo tem nome. O n£mero de s‚rie do volume ‚ 07D0-0718 Pasta de C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»». =======LOG2 FIND_ITS Microsoft Windows 2000 [VersÆo 5.00.2195] PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, THERE MIGHT BE LEGIT FILES LISTED AND PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE. »»»»»»»»»»»»»»»»»»»»»»»» Todo Files found »»»»»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»»»»»»»»»»»» Suspect's »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Dont delete file's in the section without guidance If any doubt back them up first »»»»» Check for Windows\SYSTEM32\cache32_rtneg* folder. O volume na unidade C nÆo tem nome. O n£mero de s‚rie do volume ‚ 07D0-0718 Pasta de C:\WINDOWS\SYSTEM32 »»»»» Checking for SAHAgent ico files. O volume na unidade C nÆo tem nome. O n£mero de s‚rie do volume ‚ 07D0-0718 Pasta de C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»». AINDA EM TEMPO: é normal não encontrar todos os arquivos indicados pra deleção no KillBox e no Hijacthis? você é um anjo cibernético!! Ah e pode ficar tranquila que estou super fora do MSN por enquanto! Abraço!
  13. Mais um vítima do MSN...

    Hummmm, parece-me que um dos arquivos que nós havíamos "matado" no killbox está de volta aos processos.....sifmprhu.exe....É esse o responsável pelo ABI Network? Na minha última conexão, uma janelinha deles foi disparada.....
  14. Mais um vítima do MSN...

    Oi, Lídia! Legal! Já vou providenciar a desativação desses pop-ups do serviço mensageiro....Toda hora é uma mensagem dizendo que meu registro foi afetado, que o Windows tem falhas de segurança! Posso perguntar mais algumas coisinhas? A minha conexão ainda está um pouco instável.....as vezes, me conecto e não consigo acessar uma página sequer, como se eu não estivesse logada...Toda a infecção que me atacou responde por isso? E sobre o MSN? você acha que eu posso voltar a acessá-lo novamente? Eu costumo deixar o pc ligado o dia todo (e também conectado à internet), mas agora estou super insegura! Queria uma opinião sua. Olha, já estou até sem graça de tanto que agradeço....mas pra não perder o hábito...VALEU!
  15. Mais um vítima do MSN...

    Oi, Lidia, tudo certo? Acho que consegui executar todas as tarefas recomendadas por você. MUITO OBRIGADA! A velocidade do computador melhorou muito. Abaixo está o meu último log do Hijackthis. Mas eu ainda gostaria de fazer umas perguntinhas sobre algumas coisas que ainda me incomodam: (1) A quantidade de arquivos enviados com relação à quantidade de arquvios recebidos pela internet está muito grande, e nunca foi assim....Fico com a sensaão de que estão puxando info do meu micro... (2) Eu ainda estou recebendo uns "alertas" de um tal "Serviço Mensageiro", que eu achava que eram parte dos malwares...Como posso me livrar deles? Logfile of HijackThis v1.99.1 Scan saved at 22:37:32, on 6/8/2005 Platform: Windows 2000 (WinNT 5.00.2195) MSIE: Internet Explorer v5.00 (5.00.2920.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\WBEM\WinMgmt.exe C:\WINDOWS\Explorer.exe C:\Arquivos de programas\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.unicamp.br/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = &http://home.microsoft.com/intl/br/access/allinone.asp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornecido por UOL R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Arquivos de programas\ICQToolbar\toolbaru.dll F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll O2 - BHO: G-Buster Browser Defense Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Arquivos de programas\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe O4 - HKLM\..\Run: [File System] taskmqr.exe O4 - HKLM\..\Run: [NTSF MICROSOFT SYSTEM] ntsf.exe O4 - HKLM\..\Run: [cgobrq] c:\windows\system32\hbsvajn.exe r O4 - HKLM\..\RunServices: [NTSF MICROSOFT SYSTEM] ntsf.exe O4 - HKCU\..\Run: [internat.exe] internat.exe O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [File System] taskmqr.exe O4 - HKCU\..\Run: [NTSF MICROSOFT SYSTEM] ntsf.exe O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Arquivos de programas\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Arquivos de programas\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Arquivos de programas\ICQLite\ICQLite.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Arquivos de programas\MSN Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Arquivos de programas\MSN Messenger\MSMSGS.EXE O9 - Extra button: ComVC - {18B74600-6545-11D4-9DC7-904350C10000} - http://www.uol.com.br/comvc/ (file missing) (HKCU) O9 - Extra button: Dell Home - {32345EA0-615E-11D4-9DC7-F01450C10000} - http://www.dell.com/intl/la/brazil/index.htm (file missing) (HKCU) O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O14 - IERESET.INF: START_PAGE_URL=http://www.msn.com.br O14 - IERESET.INF: MS_START_PAGE_URL=http://www.msn.com.br O15 - Trusted Zone: http://ny.contentmatch.net (HKLM) O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://cs8.chat.sc5.yahoo.com/v43/yacscom.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_EN.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/2920653b91b9a3...RdxIE601_br.cab O16 - DPF: {5C3A9EA6-4068-46B8-8B5A-692FB10607B1} (IntDialerData Class) - http://www.grupomarineda.net/auto/DialerData.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {73020B72-CDD6-4F80-8098-1B2ECD9CA4CA} (HearMe VoiceCREATOR) - http://vp.hearme.com/products/vp/embedded/plugins/evp.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {9C486152-776C-4D09-BC43-CB06259E9FDF} (GbpInstObj Class) - http://www.ssitecnologia.com.br/GbpInst.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmg...,20/mcgdmgr.cab O16 - DPF: {CD941590-6424-11D2-A82F-00104B7AF15C} (ManagerActiveXBKB Class) - https://www.bankboston.com.br/download/ActiveXBKBCab.cab O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab O23 - Service: Serviço administrativo do gerenciador de disco lógico (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe O23 - Service: System Startup Service (SvcProc) - Unknown owner - c:\windows\SvcProc.exe MAIS UMA VEZ OBRIGADA! Abraço!

Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×