Ir ao conteúdo
  • Cadastre-se

North Side

Membros Plenos
  • Total de itens

    12
  • Registro em

  • Última visita

  • Qualificações

    0%

Reputação

0

Informações gerais

  • Cidade e Estado
    São Paulo
  1. Olá! Meu antivírus detectou a presença do vírus Win32/Autorun.worm.bz.gen no sistema, mas ele não elimina os arquivos infectados, pois eles ficam escondidos: awfjzz.au3 AWFJZZ.EXE SUPERHIDDEN Advanced|SUPERHIDDEN HIDDEN Advanced|HIDDEN HIDEFILEEXT Advanced|HIDEFILEEXT dagtfl.au3 DAGTFL.EXE Abaixo, o log do Hijack this.Poderia analisá-lo, por favor? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:16:17, on 13/3/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Arquivos de programas\Bonjour\mDNSResponder.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\Arquivos de programas\McAfee\Common Framework\FrameworkService.exe C:\Arquivos de programas\McAfee\VirusScan Enterprise\Mcshield.exe C:\Arquivos de programas\McAfee\VirusScan Enterprise\VsTskMgr.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Arquivos de programas\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Java\jre6\bin\jusched.exe C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Arquivos de programas\iTunes\iTunesHelper.exe C:\Arquivos de programas\McAfee\Common Framework\UdaterUI.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Arquivos de programas\McAfee\Common Framework\McTray.exe C:\Arquivos de programas\Microsoft Office Communicator\Communicator.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Messenger\msmsgs.exe C:\Documents and Settings\fabcosta\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe C:\WINDOWS\system32\rundll32.exe C:\Arquivos de programas\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Arquivos de programas\Microsoft Firewall Client 2004\FwcMgmt.exe C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe C:\Arquivos de programas\iPod\bin\iPodService.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.EXE C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\Arquivos de programas\Corel\CorelDRAW Graphics Suite 13\PROGRAMS\CORELDRW.EXE C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.totvs.com.br R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.totvs.com.br R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.totvs.com.br R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.totvs.com.br R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com.br/ig/dell?hl=pt-BR&client=dell-row&channel=br&ibd=5061003 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://poseidon:8080/array.dll?Get.Routing.Script R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = poseidon:8080 R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Arquivos de programas\McAfee\VirusScan Enterprise\scriptcl.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Arquivos de programas\BAE\BAE.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [shStatEXE] "C:\Arquivos de programas\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Arquivos de programas\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [Communicator] "C:\Arquivos de programas\Microsoft Office Communicator\Communicator.exe" /silentRetrials O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\fabcosta\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10a.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [Communicator] "C:\Arquivos de programas\Microsoft Office Communicator\Communicator.exe" (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Gerenciador de serviços.lnk = C:\Arquivos de programas\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O4 - Global Startup: Microsoft Firewall Client Management.lnk = C:\Arquivos de programas\Microsoft Firewall Client 2004\FwcMgmt.exe O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Windows Desktop Search.lnk = C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: &Pesquisa do Google - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Traduzir palavra em inglês - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Append to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Instantâneo da página em cache - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Links para esta página - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Páginas semelhantes - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmsimilar.html O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Arquivos de programas\Bonjour\ExplorerPlugin.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O14 - IERESET.INF: START_PAGE_URL=http://www.totvs.com.br O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = sp01.local O17 - HKLM\Software\..\Telephony: DomainName = sp01.local O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = sp01.local O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Arquivos de programas\McAfee\Common Framework\FrameworkService.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Arquivos de programas\McAfee\VirusScan Enterprise\Mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Arquivos de programas\McAfee\VirusScan Enterprise\VsTskMgr.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 13735 bytes
  2. Olá Renato, Consegui acessar o Kaspersky (na verdade não fui eu, por isso não tenho o log). Foi feito o scan e, aparentemente, os vírus foram removidos, pois os sinais de infecção desapareceram. Dá uma olhada no novo log do Hijack This: Logfile of HijackThis v1.99.1 Scan saved at 15:04:25, on 27/10/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Intel\Wireless\Bin\EvtEng.exe C:\Arquivos de programas\Intel\Wireless\Bin\S24EvMon.exe C:\Arquivos de programas\Intel\Wireless\Bin\WLKeeper.exe C:\Arquivos de programas\GbPlugin\GbpSv.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Arquivos de programas\Dell\OpenManage\Client\Iap.exe C:\Arquivos de programas\McAfee\Common Framework\FrameworkService.exe C:\Arquivos de programas\McAfee\VirusScan Enterprise\Mcshield.exe C:\Arquivos de programas\McAfee\VirusScan Enterprise\VsTskMgr.exe C:\Arquivos de programas\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\Arquivos de programas\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\tcpsvcs.exe C:\Arquivos de programas\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Microsoft Office Communicator\Communicator.exe C:\Arquivos de programas\Microsoft Firewall Client 2004\FwcMgmt.exe C:\WINDOWS\system32\ctfmon.exe C:\ARQUIV~1\MICROS~2\OFFICE11\OUTLOOK.EXE C:\Arquivos de programas\Microsoft Office\OFFICE11\WINWORD.EXE C:\Arquivos de programas\MSN Messenger\msnmsgr.exe C:\Arquivos de programas\MSN Messenger\usnsvc.exe C:\Arquivos de programas\WinRAR\WinRAR.exe C:\DOCUME~1\janaina\CONFIG~1\Temp\Rar$EX00.141\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.totvs.com.br R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.totvs.com.br R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.totvs.com.br R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.totvs.com.br R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.microsiga.com.br/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://poseidon:8080/array.dll?Get.Routing.Script R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = poseidon:8080 R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O1 - Hosts: 172.16.90.19 apolo.sp01.local O1 - Hosts: 172.16.90.130 poseidon.sp01.local O1 - Hosts: 172.16.90.130 poseidon O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: ssh2 Class - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\WINDOWS\system32\scpsssh2.dll O2 - BHO: ssh Class - {3F888695-9B41-4B29-9F44-6B560E464A16} - C:\WINDOWS\system32\scpseg.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Arquivos de programas\McAfee\VirusScan Enterprise\Scriptcl.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Arquivos de programas\GbPlugin\gbiehabn.dll O4 - HKCU\..\Run: [COMMUNICATOR] "C:\Arquivos de programas\Microsoft Office Communicator\Communicator.exe" /silentRetrials O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: Microsoft Firewall Client Management.lnk = C:\Arquivos de programas\Microsoft Firewall Client 2004\FwcMgmt.exe O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\arquivos de programas\microsoft firewall client 2004\fwcwsp.dll O10 - Unknown file in Winsock LSP: c:\arquivos de programas\microsoft firewall client 2004\fwcwsp.dll O10 - Unknown file in Winsock LSP: c:\arquivos de programas\microsoft firewall client 2004\fwcwsp.dll O10 - Unknown file in Winsock LSP: c:\arquivos de programas\microsoft firewall client 2004\fwcwsp.dll O10 - Unknown file in Winsock LSP: c:\arquivos de programas\microsoft firewall client 2004\fwcwsp.dll O11 - Options group: [iNTERNATIONAL] International* O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {2311DF65-9D1A-4DDA-94AA-90568D989633} (MonitorView Class) - http://gil.logocenter.com.br:6398/fjs/activex/gdc.cab O16 - DPF: {2E3C3651-B19C-4DD9-A979-901EC3E930AF} (ssh2 Class) - https://cpib.bradesco.com.br/scpsssh2.cab O16 - DPF: {3F888695-9B41-4B29-9F44-6B560E464A16} (ssh Class) - https://cpne.bradesco.com.br/scpseg.cab O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft Terminal Services Client Control (redist)) - http://bsp.logocenter.com.br/tsweb/msrdp.cab O16 - DPF: {9EC30204-384D-11D3-9CA3-00A024F0AF03} (ValidaUsuario Class) - https://cpne.bradesco.com.br/certifexp.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = sp01.local O17 - HKLM\Software\..\Telephony: DomainName = sp01.local O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = sp01.local O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: IntelWireless - C:\Arquivos de programas\Intel\Wireless\Bin\LgNotify.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: EvtEng - Intel Corporation - C:\Arquivos de programas\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe O23 - Service: Iap - Dell Inc - C:\Arquivos de programas\Dell\OpenManage\Client\Iap.exe O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Arquivos de programas\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing) O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Arquivos de programas\McAfee\VirusScan Enterprise\Mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Arquivos de programas\McAfee\VirusScan Enterprise\VsTskMgr.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Arquivos de programas\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: RegSrvc - Intel Corporation - C:\Arquivos de programas\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Arquivos de programas\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: WLANKEEPER - Intel® Corporation - C:\Arquivos de programas\Intel\Wireless\Bin\WLKeeper.exe
  3. Olá Renato, Por incrível que pareça, o computador infectado não está permitindo o acesso ao site da Kaspersky. Não acho que é coincidência, pois mesmo ao tentar procurar a palavra "Kaspersky" no Google, o browser fica carregando e nada aparece na página. Outros sites de anti-vírus estão carregando (como o AVG e o Avast). Se você tiver alguma outra ideia...
  4. Olá Renato, O DrWeb não funcionou muito bem: ao abrí-lo, eu cliquei no botão iniciar e, ao solicitar o scan expresso, eu cliquei em OK. Ele fez a varredura e aparentemente não achou nada mas não tive como salvar o log pois o programa fechou sozinho logo após o scan e mostrou uma janela com um link para a compra do software com desconto. Tentei várias vezes e aconteceu o mesmo. De qualquer forma, após esse scan eu salvei mais um log do HijackThis: Logfile of HijackThis v1.99.1 Scan saved at 18:15:50, on 21/10/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Intel\Wireless\Bin\EvtEng.exe C:\Arquivos de programas\Intel\Wireless\Bin\S24EvMon.exe C:\Arquivos de programas\Intel\Wireless\Bin\WLKeeper.exe C:\Arquivos de programas\GbPlugin\GbpSv.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe C:\Arquivos de programas\Dell\OpenManage\Client\Iap.exe C:\Arquivos de programas\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\Arquivos de programas\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Apoint\Apoint.exe C:\WINDOWS\system32\hkcmd.exe C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe C:\Arquivos de programas\Intel\Wireless\Bin\ifrmewrk.exe C:\Arquivos de programas\Dell\QuickSet\quickset.exe C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe C:\Arquivos de programas\iTunes\iTunesHelper.exe C:\Arquivos de programas\McAfee\Common Framework\UdaterUI.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Arquivos de programas\Software WIDCOMM\Bluetooth\BTTray.exe C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Arquivos de programas\Apoint\Apntex.exe C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe C:\Arquivos de programas\iPod\bin\iPodService.exe C:\Arquivos de programas\WinRAR\WinRAR.exe C:\WINDOWS\system32\wuauclt.exe C:\Arquivos de programas\WinRAR\WinRAR.exe C:\DOCUME~1\janaina\CONFIG~1\Temp\Rar$EX00.484\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.totvs.com.br R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.totvs.com.br R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.totvs.com.br R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.microsiga.com.br/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = poseidon:8080 O1 - Hosts: 172.16.90.19 apolo.sp01.local O1 - Hosts: 172.16.90.130 poseidon.sp01.local O1 - Hosts: 172.16.90.130 poseidon O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\WINDOWS\system32\scpsssh2.dll O2 - BHO: CompSegNE - {3F888695-9B41-4B29-9F44-6B560E464A16} - C:\WINDOWS\system32\scpseg.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Arquivos de programas\McAfee\VirusScan Enterprise\scriptcl.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Arquivos de programas\GbPlugin\gbiehabn.dll O4 - HKLM\..\Run: [Apoint] C:\Arquivos de programas\Apoint\Apoint.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [intelWireless] C:\Arquivos de programas\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [Dell QuickSet] C:\Arquivos de programas\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [updateManager] "C:\Arquivos de programas\Arquivos comuns\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [shStatEXE] "C:\Arquivos de programas\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Arquivos de programas\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [COMMUNICATOR] "C:\Arquivos de programas\Microsoft Office Communicator\Communicator.exe" /silentRetrials O4 - HKCU\..\Run: [updateMgr] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Microsoft Firewall Client Management.lnk = C:\Arquivos de programas\Microsoft Firewall Client 2004\FwcMgmt.exe O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\arquivos de programas\microsoft firewall client 2004\fwcwsp.dll O10 - Unknown file in Winsock LSP: c:\arquivos de programas\microsoft firewall client 2004\fwcwsp.dll O10 - Unknown file in Winsock LSP: c:\arquivos de programas\microsoft firewall client 2004\fwcwsp.dll O10 - Unknown file in Winsock LSP: c:\arquivos de programas\microsoft firewall client 2004\fwcwsp.dll O10 - Unknown file in Winsock LSP: c:\arquivos de programas\microsoft firewall client 2004\fwcwsp.dll O11 - Options group: [iNTERNATIONAL] International* O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {2311DF65-9D1A-4DDA-94AA-90568D989633} (MonitorView Class) - http://gil.logocenter.com.br:6398/fjs/activex/gdc.cab O16 - DPF: {2E3C3651-B19C-4DD9-A979-901EC3E930AF} (ssh2 Class) - https://cpib.bradesco.com.br/scpsssh2.cab O16 - DPF: {3F888695-9B41-4B29-9F44-6B560E464A16} (ssh Class) - https://cpne.bradesco.com.br/scpseg.cab O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft Terminal Services Client Control (redist)) - http://bsp.logocenter.com.br/tsweb/msrdp.cab O16 - DPF: {9EC30204-384D-11D3-9CA3-00A024F0AF03} (ValidaUsuario Class) - https://cpne.bradesco.com.br/certifexp.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = sp01.local O17 - HKLM\Software\..\Telephony: DomainName = sp01.local O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = sp01.local O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: IntelWireless - C:\Arquivos de programas\Intel\Wireless\Bin\LgNotify.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe O23 - Service: EvtEng - Intel Corporation - C:\Arquivos de programas\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe O23 - Service: Iap - Dell Inc - C:\Arquivos de programas\Dell\OpenManage\Client\Iap.exe O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Arquivos de programas\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: RegSrvc - Intel Corporation - C:\Arquivos de programas\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Arquivos de programas\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: WLANKEEPER - Intel® Corporation - C:\Arquivos de programas\Intel\Wireless\Bin\WLKeeper.exe
  5. Oi Renato, houve uma complicação. Ao tentar acessar o modo seguro, o Windows mostra a tela azul com a seguinte mensagem: Foi detectado um problema e o Windows foi desligado para evitar danos ao computador. Se esta foi a primeira vez que você vê esta tela de erro de parada, reinicie o computador. Se a tela for exibida normalmente, siga estas etapas: Verifique se há vírus no computador. Remova qualquer disco rígido ou controlador de disco rígido instalado recentemente. Verifique o disco rígido para certificar-se de que ele está configurado e ligado corretamente. Execute CHKDSK/F para verificar se o disco rígido foi corrompido e reinicie o computador. Informações técnicas: ***STOP: 0x0000007B (0xF8AE0528, 0xC0000034, 0x00000000, 0x00000000) Tentei reiniciar várias vezes, mas a tela sempre aparece quando tento entrar no modo seguro. Ah! Não sei se é importante, mas o computador dela é um laptop.
  6. Obrigado, Renato! Abaixo, o log: Logfile of HijackThis v1.99.1 Scan saved at 08:56:53, on 20/10/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Intel\Wireless\Bin\EvtEng.exe C:\Arquivos de programas\Intel\Wireless\Bin\S24EvMon.exe C:\Arquivos de programas\Intel\Wireless\Bin\WLKeeper.exe C:\Arquivos de programas\GbPlugin\GbpSv.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe C:\Arquivos de programas\Dell\OpenManage\Client\Iap.exe C:\Arquivos de programas\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\Arquivos de programas\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\tcpsvcs.exe C:\Arquivos de programas\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Apoint\Apoint.exe C:\WINDOWS\system32\hkcmd.exe C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe C:\Arquivos de programas\Intel\Wireless\Bin\ifrmewrk.exe C:\Arquivos de programas\Dell\QuickSet\quickset.exe C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe C:\Arquivos de programas\iTunes\iTunesHelper.exe C:\Arquivos de programas\McAfee\Common Framework\UdaterUI.exe C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Microsoft Office Communicator\Communicator.exe C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Arquivos de programas\Software WIDCOMM\Bluetooth\BTTray.exe C:\Arquivos de programas\Microsoft Firewall Client 2004\FwcMgmt.exe C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Arquivos de programas\Apoint\Apntex.exe C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\Arquivos de programas\iPod\bin\iPodService.exe C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe C:\DOCUME~1\janaina\CONFIG~1\Temp\xclyk.exe C:\ARQUIV~1\MICROS~2\OFFICE11\OUTLOOK.EXE C:\Arquivos de programas\Microsoft Office\OFFICE11\WINWORD.EXE C:\Arquivos de programas\WinRAR\WinRAR.exe C:\DOCUME~1\janaina\CONFIG~1\Temp\Rar$EX00.813\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.totvs.com.br R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.totvs.com.br R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.totvs.com.br R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.microsiga.com.br/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://poseidon:8080/array.dll?Get.Routing.Script R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = poseidon:8080 O1 - Hosts: 172.16.90.19 apolo.sp01.local O1 - Hosts: 172.16.90.130 poseidon.sp01.local O1 - Hosts: 172.16.90.130 poseidon O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\WINDOWS\system32\scpsssh2.dll O2 - BHO: CompSegNE - {3F888695-9B41-4B29-9F44-6B560E464A16} - C:\WINDOWS\system32\scpseg.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Arquivos de programas\McAfee\VirusScan Enterprise\scriptcl.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Arquivos de programas\GbPlugin\gbiehabn.dll O4 - HKLM\..\Run: [Apoint] C:\Arquivos de programas\Apoint\Apoint.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [intelWireless] C:\Arquivos de programas\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [Dell QuickSet] C:\Arquivos de programas\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [updateManager] "C:\Arquivos de programas\Arquivos comuns\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [shStatEXE] "C:\Arquivos de programas\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Arquivos de programas\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [COMMUNICATOR] "C:\Arquivos de programas\Microsoft Office Communicator\Communicator.exe" /silentRetrials O4 - HKCU\..\Run: [updateMgr] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Microsoft Firewall Client Management.lnk = C:\Arquivos de programas\Microsoft Firewall Client 2004\FwcMgmt.exe O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\arquivos de programas\microsoft firewall client 2004\fwcwsp.dll O10 - Unknown file in Winsock LSP: c:\arquivos de programas\microsoft firewall client 2004\fwcwsp.dll O10 - Unknown file in Winsock LSP: c:\arquivos de programas\microsoft firewall client 2004\fwcwsp.dll O10 - Unknown file in Winsock LSP: c:\arquivos de programas\microsoft firewall client 2004\fwcwsp.dll O10 - Unknown file in Winsock LSP: c:\arquivos de programas\microsoft firewall client 2004\fwcwsp.dll O11 - Options group: [iNTERNATIONAL] International* O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {2311DF65-9D1A-4DDA-94AA-90568D989633} (MonitorView Class) - http://gil.logocenter.com.br:6398/fjs/activex/gdc.cab O16 - DPF: {2E3C3651-B19C-4DD9-A979-901EC3E930AF} (ssh2 Class) - https://cpib.bradesco.com.br/scpsssh2.cab O16 - DPF: {3F888695-9B41-4B29-9F44-6B560E464A16} (ssh Class) - https://cpne.bradesco.com.br/scpseg.cab O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft Terminal Services Client Control (redist)) - http://bsp.logocenter.com.br/tsweb/msrdp.cab O16 - DPF: {9EC30204-384D-11D3-9CA3-00A024F0AF03} (ValidaUsuario Class) - https://cpne.bradesco.com.br/certifexp.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = sp01.local O17 - HKLM\Software\..\Telephony: DomainName = sp01.local O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = sp01.local O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: IntelWireless - C:\Arquivos de programas\Intel\Wireless\Bin\LgNotify.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe O23 - Service: EvtEng - Intel Corporation - C:\Arquivos de programas\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe O23 - Service: Iap - Dell Inc - C:\Arquivos de programas\Dell\OpenManage\Client\Iap.exe O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Arquivos de programas\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: RegSrvc - Intel Corporation - C:\Arquivos de programas\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Arquivos de programas\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: WLANKEEPER - Intel® Corporation - C:\Arquivos de programas\Intel\Wireless\Bin\WLKeeper.exe
  7. Somente pra finalizar este tópico, para utilizar os dois monitores eu acabei tendo de comprar um adaptador DVI para VGA (R$ 20, mais ou menos). Conectando-o à conexão DVI da placa de vídeo NVidia, é só plugar o monitor e alterar as configurações de vídeo do Windows (que disponibiliza, então, a versão para dois monitores). Espero que tenha sido útil!
  8. Olá! O computador de uma amiga foi infectado. O anti-vírus acusa o Win32/Sality e não limpa de jeito nenhum. Vocês poderiam me ajudar analisando o log abaixo e apontando uma solução, por favor? ----------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 14:33:33, on 13/10/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Intel\Wireless\Bin\EvtEng.exe C:\Arquivos de programas\Intel\Wireless\Bin\S24EvMon.exe C:\Arquivos de programas\Intel\Wireless\Bin\WLKeeper.exe C:\Arquivos de programas\GbPlugin\GbpSv.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe C:\Arquivos de programas\Dell\OpenManage\Client\Iap.exe C:\Arquivos de programas\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\Arquivos de programas\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Apoint\Apoint.exe C:\WINDOWS\system32\hkcmd.exe C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe C:\Arquivos de programas\Intel\Wireless\Bin\ifrmewrk.exe C:\Arquivos de programas\Dell\QuickSet\quickset.exe C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe C:\Arquivos de programas\McAfee\Common Framework\UdaterUI.exe C:\Arquivos de programas\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Microsoft Office Communicator\Communicator.exe C:\Arquivos de programas\McAfee\Common Framework\McTray.exe C:\Arquivos de programas\Software WIDCOMM\Bluetooth\BTTray.exe C:\Arquivos de programas\Microsoft Firewall Client 2004\FwcMgmt.exe C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Arquivos de programas\Apoint\Apntex.exe C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\Arquivos de programas\iPod\bin\iPodService.exe C:\Arquivos de programas\McAfee\VirusScan Enterprise\ScnCfg32.Exe C:\ARQUIV~1\MICROS~2\OFFICE11\OUTLOOK.EXE C:\Arquivos de programas\Microsoft Office\OFFICE11\WINWORD.EXE C:\WINDOWS\system32\WINMINE.EXE C:\WINDOWS\system32\WINMINE.EXE C:\Arquivos de programas\McAfee\VirusScan Enterprise\ScnCfg32.Exe C:\Arquivos de programas\WinRAR\WinRAR.exe C:\DOCUME~1\janaina\CONFIG~1\Temp\Rar$EX01.891\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.totvs.com.br R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.totvs.com.br R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.totvs.com.br R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.microsiga.com.br/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://poseidon:8080/array.dll?Get.Routing.Script R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = poseidon:8080 O1 - Hosts: 172.16.90.19 apolo.sp01.local O1 - Hosts: 172.16.90.130 poseidon.sp01.local O1 - Hosts: 172.16.90.130 poseidon O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\WINDOWS\system32\scpsssh2.dll O2 - BHO: CompSegNE - {3F888695-9B41-4B29-9F44-6B560E464A16} - C:\WINDOWS\system32\scpseg.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Arquivos de programas\McAfee\VirusScan Enterprise\scriptcl.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Arquivos de programas\GbPlugin\gbiehabn.dll O4 - HKLM\..\Run: [Apoint] C:\Arquivos de programas\Apoint\Apoint.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [intelWireless] C:\Arquivos de programas\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [Dell QuickSet] C:\Arquivos de programas\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [updateManager] "C:\Arquivos de programas\Arquivos comuns\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [shStatEXE] "C:\Arquivos de programas\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Arquivos de programas\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [COMMUNICATOR] "C:\Arquivos de programas\Microsoft Office Communicator\Communicator.exe" /silentRetrials O4 - HKCU\..\Run: [updateMgr] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Microsoft Firewall Client Management.lnk = C:\Arquivos de programas\Microsoft Firewall Client 2004\FwcMgmt.exe O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\arquivos de programas\microsoft firewall client 2004\fwcwsp.dll O10 - Unknown file in Winsock LSP: c:\arquivos de programas\microsoft firewall client 2004\fwcwsp.dll O10 - Unknown file in Winsock LSP: c:\arquivos de programas\microsoft firewall client 2004\fwcwsp.dll O10 - Unknown file in Winsock LSP: c:\arquivos de programas\microsoft firewall client 2004\fwcwsp.dll O10 - Unknown file in Winsock LSP: c:\arquivos de programas\microsoft firewall client 2004\fwcwsp.dll O11 - Options group: [iNTERNATIONAL] International* O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {2311DF65-9D1A-4DDA-94AA-90568D989633} (MonitorView Class) - http://gil.logocenter.com.br:6398/fjs/activex/gdc.cab O16 - DPF: {2E3C3651-B19C-4DD9-A979-901EC3E930AF} (ssh2 Class) - https://cpib.bradesco.com.br/scpsssh2.cab O16 - DPF: {3F888695-9B41-4B29-9F44-6B560E464A16} (ssh Class) - https://cpne.bradesco.com.br/scpseg.cab O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft Terminal Services Client Control (redist)) - http://bsp.logocenter.com.br/tsweb/msrdp.cab O16 - DPF: {9EC30204-384D-11D3-9CA3-00A024F0AF03} (ValidaUsuario Class) - https://cpne.bradesco.com.br/certifexp.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = sp01.local O17 - HKLM\Software\..\Telephony: DomainName = sp01.local O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = sp01.local O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: IntelWireless - C:\Arquivos de programas\Intel\Wireless\Bin\LgNotify.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe O23 - Service: EvtEng - Intel Corporation - C:\Arquivos de programas\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe O23 - Service: Iap - Dell Inc - C:\Arquivos de programas\Dell\OpenManage\Client\Iap.exe O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Arquivos de programas\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: RegSrvc - Intel Corporation - C:\Arquivos de programas\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Arquivos de programas\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: WLANKEEPER - Intel® Corporation - C:\Arquivos de programas\Intel\Wireless\Bin\WLKeeper.exe
  9. E ai galera, beleza?! alguem pode me dar um help?! comprei uma placa da Nvidia (GeForce 7300 SE/7200GS - 256mb) e não consigo utilizar um monitor na sua saída VGA junto com outro VGA na saída de video da placa mãe. Eles não funcionam juntos. Existe algum segredo para habilitar o uso da saída de video on-board junto com a placa de vídeo? Apenas plugando os monitores, o segundo não é reconhecido. Obrigado
  10. Obrigado, José! Suas informações foram extremamente úteis e salvaram meu PC de uma formatação. Eu procedi com a limpeza e também vou prestar mais atenção na segurança do meu computador. Ah! Vou divulgar esse fórum para todos. Vocês fazem um excelente trabalho aqui. De novo agradeço sua ajuda! Abraços
  11. Olá José, muito obrigado pelo retorno! Felizmente, os sintomas que descrevi no primeiro post sumiram (até o momento). Seguem os logs que você solicitou (após efetuar seu passo-a-passo no modo de segurança), primeiro o do HijackThis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:42:15, on 11/9/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Network Associates\Common Framework\FrameworkService.exe C:\Arquivos de programas\McAfee\VirusScan Enterprise\Mcshield.exe C:\Arquivos de programas\McAfee\VirusScan Enterprise\VsTskMgr.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Arquivos de programas\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe C:\Arquivos de programas\Network Associates\Common Framework\UdaterUI.exe C:\Arquivos de programas\Network Associates\Common Framework\McTray.exe C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe C:\Arquivos de programas\Microsoft Office Communicator\Communicator.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Messenger\msmsgs.exe C:\Arquivos de programas\Microsoft Firewall Client\ISATRAY.EXE C:\Arquivos de programas\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe C:\WINDOWS\system32\userinit.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\WINDOWS\system32\wuauclt.exe C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com.br/ig/dell?hl=pt-BR&client=dell-row&channel=br&ibd=5061003 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com.br/ig/dell?hl=pt-BR&client=dell-row&channel=br&ibd=5061003 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = hermes:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.microsiga.com.br;*.totvs.com.br;<local> O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Arquivos de programas\McAfee\VirusScan Enterprise\scriptcl.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Arquivos de programas\BAE\BAE.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Arquivos de programas\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [shStatEXE] "C:\Arquivos de programas\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [Communicator] "C:\Arquivos de programas\Microsoft Office Communicator\Communicator.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [Communicator] "C:\Arquivos de programas\Microsoft Office Communicator\Communicator.exe" (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Firewall Client Connectivity Monitor.LNK = C:\Arquivos de programas\Microsoft Firewall Client\ISATRAY.EXE O4 - Global Startup: Gerenciador de serviços.lnk = C:\Arquivos de programas\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Windows Desktop Search.lnk = C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: &Pesquisa do Google - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Traduzir palavra em inglês - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Instantâneo da página em cache - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Links para esta página - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Páginas semelhantes - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmsimilar.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O14 - IERESET.INF: START_PAGE_URL=http://www.microsiga.com.br O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = sp01.local O17 - HKLM\Software\..\Telephony: DomainName = sp01.local O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = sp01.local O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Arquivos de programas\Network Associates\Common Framework\FrameworkService.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Arquivos de programas\McAfee\VirusScan Enterprise\Mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Arquivos de programas\McAfee\VirusScan Enterprise\VsTskMgr.exe -- End of file - 8045 bytes -------------------------------- Agora o do SmitFraudfix. Para que pudesse enviar a mensagem eu retirei a lista de "hosts" (era gigantesca. Eu marquei o espaço editado com "(...)"). Caso você precise dela, me avise e eu postarei em mensagens separadas: SmitFraudFix v2.222 Scan done at 12:36:27,59, ter 11/09/2007 Run from C:\Documents and Settings\Administrador\Desktop\SmitfraudFix OS: Microsoft Windows XP [versÆo 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost 127.0.0.1 babe.the-killer.bz (...) 127.0.0.1 searchinmates.org 127.0.0.1 www.searchinmates.org 127.0.0.1 idolikemovies.com 127.0.0.1 www.idolikemovies.com »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C:\WINDOWS\main_uninstaller.exe Deleted C:\WINDOWS\mxduo.dll Deleted C:\WINDOWS\privacy_danger\ Deleted C:\WINDOWS\wmpdev.dll Deleted Deleting [HKEY_CLASSES_ROOT\CLSID\{BE0114D5-A296-40C3-AE5F-52A8D5639F5F}] C:\WINDOWS\wmphost.dll Deleted Deleting [HKEY_CLASSES_ROOT\CLSID\{2D3784F4-7AA2-4BD1-8C82-B318E4EF01BB}] C:\DOCUME~1\ADMINI~1\FAVORI~1\Error Cleaner.url Deleted C:\DOCUME~1\ADMINI~1\FAVORI~1\Privacy Protector.url Deleted »»»»»»»»»»»»»»»»»»»»»»»» DNS »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End
  12. Olá! Tudo bem com todos? Alguém poderia me auxiliar, por favor? Meu computador está com mensagens de vírus, páginas da internet que se abrem sozinhas, ícones na área de trabalho que retornam após deletados...o Spybot acusou a presença de "Smitfraud-C." e "DeepDive". Eu peço para ele corrigir os problemas, mas eles sempre voltam. Abaixo o log do HijackThis (após eu pedir para o Spybot corrigir os problemas): ------------------------ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:01:24, on 10/9/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Network Associates\Common Framework\FrameworkService.exe C:\Arquivos de programas\McAfee\VirusScan Enterprise\Mcshield.exe C:\Arquivos de programas\McAfee\VirusScan Enterprise\VsTskMgr.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Arquivos de programas\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe C:\Arquivos de programas\Network Associates\Common Framework\UdaterUI.exe C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe C:\Arquivos de programas\Microsoft Office Communicator\Communicator.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe C:\Arquivos de programas\Microsoft Firewall Client\ISATRAY.EXE C:\Arquivos de programas\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe C:\Arquivos de programas\Network Associates\Common Framework\McTray.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE C:\Arquivos de programas\Spybot - Search & Destroy\SpybotSD.exe C:\WINDOWS\system32\wuauclt.exe C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com.br/ig/dell?hl=pt-BR&client=dell-row&channel=br&ibd=5061003 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gestaodeperformance.totvs.com.br R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gestaodeperformance.totvs.com.br R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com.br/ig/dell?hl=pt-BR&client=dell-row&channel=br&ibd=5061003 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = hermes:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.microsiga.com.br;*.totvs.com.br;<local> O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Arquivos de programas\McAfee\VirusScan Enterprise\scriptcl.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Arquivos de programas\BAE\BAE.dll O2 - BHO: MSVPS System - {F4CF814F-970F-405D-A42C-0CE06EB97373} - C:\WINDOWS\mxduo.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Arquivos de programas\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [shStatEXE] "C:\Arquivos de programas\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [Communicator] "C:\Arquivos de programas\Microsoft Office Communicator\Communicator.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [Communicator] "C:\Arquivos de programas\Microsoft Office Communicator\Communicator.exe" (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Firewall Client Connectivity Monitor.LNK = C:\Arquivos de programas\Microsoft Firewall Client\ISATRAY.EXE O4 - Global Startup: Gerenciador de serviços.lnk = C:\Arquivos de programas\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Windows Desktop Search.lnk = C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: &Pesquisa do Google - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Traduzir palavra em inglês - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Instantâneo da página em cache - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Links para esta página - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Páginas semelhantes - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmsimilar.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O14 - IERESET.INF: START_PAGE_URL=http://www.microsiga.com.br O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = sp01.local O17 - HKLM\Software\..\Telephony: DomainName = sp01.local O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = sp01.local O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL O21 - SSODL: wmphost - {2D3784F4-7AA2-4BD1-8C82-B318E4EF01BB} - C:\WINDOWS\wmphost.dll O21 - SSODL: wmpdev - {BE0114D5-A296-40C3-AE5F-52A8D5639F5F} - C:\WINDOWS\wmpdev.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Arquivos de programas\Network Associates\Common Framework\FrameworkService.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Arquivos de programas\McAfee\VirusScan Enterprise\Mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Arquivos de programas\McAfee\VirusScan Enterprise\VsTskMgr.exe O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm -- End of file - 9460 bytes Agradeço a todos de antemão!

Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×
×
  • Criar novo...