Idemberg 0 Denunciar post Postado Abril 22, 2009 nao consigo instalar nenhum antivirus! nem executar o ccleaner que ele como outras programas tambem fecham sozinhos apos uns 3 segundos!!! Segue aqui um log do Hijack Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:27:29, on 22/4/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe C:\Arquivos de programas\Messenger\msmsgs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\wscntfy.exe C:\Arquivos de programas\MSN Messenger\usnsvc.exe C:\DOCUME~1\Idemberg\CONFIG~1\Temp\winrywat.exe C:\DOCUME~1\Idemberg\CONFIG~1\Temp\winhpkoeq.exe C:\DOCUME~1\Idemberg\CONFIG~1\Temp\ulwvq.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Hijack\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1046 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 4599 bytes Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Abril 22, 2009 :thumbsup: Olá Idemberg! :seta: Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet: - Faça o download do FindyKill e salve-o no desktop (área de trabalho): http://sd-1.archive-host.com/membres/up/11...8/FindyKill.exe - Dê um duplo clique sobre o ícone do instalador do FindyKill que estará no desktop. - Clique no botão Next > - marque a opção: I agree with the above terms and conditions; - Clique no botão Next > - Escolha o local de seu computador onde você deseja instalar o FindyKill e clique no botão Next >; - Se aparecer uma mensagem de confirmação em inglês para a criação deste novo diretório clique no botão Sim; - Clique no botão Start; - Clique no botão Exit. - Dê um duplo clique no ícone que será criado no desktop; - Será aberta uma tela onde você deve escolher a linguagem de mais fácil entendimento para você. Caso seja o inglês que você tenha mais facilidade, digite E e tecle a tecla Enter. - Na tela que abrir, pressione a tecla 2 + Enter para remover as infecções; - Se aparecer uma mensagem de confirmação para a remoção dos virus clique no botão Ok. - O PC poderá reiniciar 2 vezes durante o processo; - Um relatório será criado em C:\FindyKill.txt. Poste o relatório dele que estará em C:\FindyKill.txt juntamente com um novo log do Hijackthis em sua próxima resposta e nos diga como está o PC depois deste procedimento. Ficamos no aguardo. - Retorne ao programa FindyKill e tecle 3 + ENTER para desinstalá-lo. Compartilhar este post Link para o post Compartilhar em outros sites
Idemberg 0 Denunciar post Postado Abril 23, 2009 Esta aqui amigo o log do FindyKill e do Hijack!!! ah ainda continuo com os mesmos problemas no computador ! ############################## [ FindyKill V4.726 ] # User : Idemberg (Administradores) # IDEMBERG-D061B0 # Update on 22/04/09 by Chiquitine29 # Start at: 21:41:02 | 22/4/2009 # Website : http://pagesperso-orange.fr/FindyKill.Ad.Remover/ # Intel® Pentium® Dual CPU E2180 @ 2.00GHz # Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3 # Internet Explorer 6.0.2900.5512 # Windows Firewall Status : Disabled # C:\ # Disco fixo local # 117,19 Go (69,54 Go free) # NTFS # D:\ # Disco fixo local # 31,85 Go (6,14 Go free) # NTFS # E:\ # Disco CD-ROM ############################## [ Active Processes ] C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\LogonUI.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\userinit.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wbem\wmiprvse.exe ################## [ Infected Files \ Folders ] Deleted ! C:\WINDOWS\Prefetch\WINUPGRO.EXE-17681AA8.pf ################## [ Infected Temp Files ] ################## [ Registry / Infected keys ] Deleted ! HKEY_USERS\S-1-5-21-1957994488-1844823847-1417001333-1003\Software\Ubisoft ################## [ Cleaning Removable drives ] # Deleting Files : Deleted ! C:\autorun.inf ################## [ Registry / Mountpoint2 ] # -> Not found ! ################## [ States / Restarting of services ] # Services : [ Auto=2 / Request=3 / Disable=4 ] # Ndisuio -> # Type of startup =3 # EapHost -> # Type of startup =2 # Ip6Fw -> # Type of startup =2 # SharedAccess -> # Type of startup =2 # wuauserv -> # Type of startup =2 # wscsvc -> # Type of startup =2 # Safe boot mode restored ! ################## [ Searching Other Infections ] # -> Nothing found. ################## [ ! End of Report # FindyKill V4.726 ! ] ------------------------------------------------------------------------------------------------------------------------------------- Hijack Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:47:24, on 22/4/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\wuauclt.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\DOCUME~1\Idemberg\CONFIG~1\Temp\winvnoycl.exe C:\DOCUME~1\Idemberg\CONFIG~1\Temp\wincmyl.exe C:\Hijack\HiJackThis.exe C:\DOCUME~1\Idemberg\CONFIG~1\Temp\winohpg.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1046 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [DXDllRegExe] C:\WINDOWS\system32\dxdllreg.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 4390 bytes Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Abril 23, 2009 :thumbsup: Foram removidos alguns problemas pelo FindyKill. :seta: Faça o download do Elibagla no endereço abaixo: http://www.zonavirus.com/datos/descargas/95/elibagla.asp No final da página clique no botão Descargar Elibagla. Será aberta uma nova página, clique novamente no botão Descargar Elibagla. Após o download, rode a ferramenta, clique no botão Explorar e aguarde, pois o scan é um pouco demorado. Ao final será gerado um log que estará em C:\infoSat.txt ______________________________________________________________________________ Faça também o seguinte: :seta: Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet: Faça o download do SDFix: http://downloads.andymanchesta.com/RemovalTools/SDFix.exe Salve-o em sua Área de Trabalho (desktop). Dê um duplo clique no SDFix.exe e a Ferramenta será instalada geralmente em C:\SDFix Reinicie o computador em Modo Seguro (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização) e selecione a opção de Modo Seguro ou Modo de Segurança; Entre na pasta SDFix que foi instalada no seu computador e dê um duplo clique no arquivo RunThis.bat Tecle Y para que a Ferramenta inicie o processo de remoção. Quando tudo terminar, você verá um aviso dizendo para apertar qualquer tecla para continuar. Ao pressionar qualquer tecla, o computador será reiniciado automaticamente. Após reiniciar, a Ferramenta ainda será executada novamente e irá terminar o seu trabalho, e ao surgir "The FixTool has finished", pressione qualquer tecla, uma janela com o Relatório do SDFix irá aparecer. Caso você tenha fechado a janela, uma cópia do Relatório estará na pasta SDFix com o nome Report.txt. Poste este relatório do SDFix na sua próxima resposta juntamente com o log do Elibagla que estará em C:\infoSat.txt e um novo log do Hijackthis e nos diga como está o seu computador depois de seguir estes procedimentos. Ficamos no aguardo. Depois de usar o SDFix, delete a ferramenta SDFix e a pasta C:\SDFix. Compartilhar este post Link para o post Compartilhar em outros sites
Idemberg 0 Denunciar post Postado Abril 24, 2009 Amigo ainda continuo com os mesmos problemas!!! esta aqui o log dos programas!! SDFix SDFix: Version 1.240 Run by Idemberg on --- 24/04/2009 at 00:34 Microsoft Windows XP [versÆo 5.1.2600] Running From: C:\SDFix Checking Services : Restoring Default Security Values Restoring Default Hosts File Rebooting Checking Files : No Trojan Files Found Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-24 00:42:39 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove" "C:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote" "D:\\DVD-RW\\Programas\\Cleaners\\ccsetup214.exe"="D:\\DVD-RW\\Programas\\Cleaners\\ccsetup214.exe:*:Enabled:ipsec" "C:\\WINDOWS\\Explorer.EXE"="C:\\WINDOWS\\Explorer.EXE:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winvjaib.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winvjaib.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\paqqli.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\paqqli.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winpsut.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winpsut.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\uxhdsl.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\uxhdsl.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\alkdrp.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\alkdrp.exe:*:Enabled:ipsec" "C:\\WINDOWS\\SkyTel.EXE"="C:\\WINDOWS\\SkyTel.EXE:*:Enabled:ipsec" "C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"="C:\\Arquivos de programas\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winebrjk.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winebrjk.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\wingmro.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\wingmro.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winlfycck.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winlfycck.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\wlbqsp.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\wlbqsp.exe:*:Enabled:ipsec" "C:\\WINDOWS\\system32\\nwiz.exe"="C:\\WINDOWS\\system32\\nwiz.exe:*:Enabled:ipsec" "C:\\WINDOWS\\system32\\userinit.exe"="C:\\WINDOWS\\system32\\userinit.exe:*:Enabled:ipsec" "C:\\WINDOWS\\system32\\ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winrxmwr.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winrxmwr.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winxdig.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winxdig.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winfsjx.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winfsjx.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\wingsfqx.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\wingsfqx.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\windjpd.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\windjpd.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\aexel.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\aexel.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\timbk.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\timbk.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\eiowey.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\eiowey.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winqqjs.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winqqjs.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\qhcqw.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\qhcqw.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winmhnmi.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winmhnmi.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winhijyg.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winhijyg.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\qgiuw.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\qgiuw.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\avyk.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\avyk.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winkjnnd.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winkjnnd.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\qdiy.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\qdiy.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winyojijm.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winyojijm.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winoqtae.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winoqtae.exe:*:Enabled:ipsec" "C:\\WINDOWS\\system32\\wscntfy.exe"="C:\\WINDOWS\\system32\\wscntfy.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\wintnvxl.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\wintnvxl.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winjoeuw.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winjoeuw.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winufex.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winufex.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winsfmgt.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winsfmgt.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\gkygiq.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\gkygiq.exe:*:Enabled:ipsec" "C:\\Arquivos de programas\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe"="C:\\Arquivos de programas\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winrywat.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winrywat.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winhpkoeq.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winhpkoeq.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\ulwvq.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\ulwvq.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winbgdbgm.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winbgdbgm.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winsxcfxq.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winsxcfxq.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winqgqn.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winqgqn.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\wincpvxjs.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\wincpvxjs.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winhjbpkc.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winhjbpkc.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winghlwac.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winghlwac.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\vqjws.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\vqjws.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winwloq.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winwloq.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\hpove.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\hpove.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winglqrdv.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winglqrdv.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\qnhrdr.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\qnhrdr.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winejqqy.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winejqqy.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\krqbhd.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\krqbhd.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winsjsex.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winsjsex.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winjwnps.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winjwnps.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winivjwd.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winivjwd.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winvbnnv.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winvbnnv.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\owxei.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\owxei.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\rsdmqr.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\rsdmqr.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winkhhjyk.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winkhhjyk.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\alywa.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\alywa.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winxvjwdk.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winxvjwdk.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\wincahal.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\wincahal.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\wintbvlok.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\wintbvlok.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\qkbop.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\qkbop.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\windbfoch.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\windbfoch.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winycrxai.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winycrxai.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\nokwn.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\nokwn.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\pwgki.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\pwgki.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winqghmen.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winqghmen.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winvfavb.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winvfavb.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\fkidy.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\fkidy.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\nflcis.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\nflcis.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winsmwujo.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winsmwujo.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\wineldgj.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\wineldgj.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winyxqqc.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winyxqqc.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\qdgp.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\qdgp.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winwrnh.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winwrnh.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winvftth.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winvftth.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\wintqiqsh.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\wintqiqsh.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winodayk.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winodayk.exe:*:Enabled:ipsec" "C:\\Arquivos de programas\\Activision\\Quantum of Solace\\JB_LiveEngine_s.exe"="C:\\Arquivos de programas\\Activision\\Quantum of Solace\\JB_LiveEngine_s.exe:*:Enabled:Quantum of Solace" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winkmkmu.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winkmkmu.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\axgkyg.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\axgkyg.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\gpcl.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\gpcl.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winuvcw.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winuvcw.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\windgfccy.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\windgfccy.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winwcdim.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winwcdim.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\xnrl.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\xnrl.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winajik.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winajik.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winfdaced.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winfdaced.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winbhvr.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winbhvr.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\sbxne.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\sbxne.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\isulr.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\isulr.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winskou.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winskou.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\windrksp.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\windrksp.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winowhdx.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winowhdx.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\ubhim.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\ubhim.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winftsf.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winftsf.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\ygqtw.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\ygqtw.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\wintkywqk.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\wintkywqk.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winjeyj.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winjeyj.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winuxos.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winuxos.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winqvuc.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winqvuc.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\fxtr.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\fxtr.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winntrwl.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winntrwl.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\windsoitv.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\windsoitv.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\mgil.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\mgil.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\gtuix.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\gtuix.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winhepg.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winhepg.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\hgobgj.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\hgobgj.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winncnowj.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winncnowj.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winsstk.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winsstk.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\mknsd.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\mknsd.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winjusbf.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winjusbf.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winxwcu.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winxwcu.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\dhpg.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\dhpg.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winqfbf.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winqfbf.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winetms.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winetms.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winhixl.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winhixl.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winvwthj.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winvwthj.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winrloa.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winrloa.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\uxkd.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\uxkd.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winxvxnf.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winxvxnf.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winfiyf.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winfiyf.exe:*:Enabled:ipsec" "C:\\Arquivos de programas\\Microsoft Office\\Office12\\WINWORD.EXE"="C:\\Arquivos de programas\\Microsoft Office\\Office12\\WINWORD.EXE:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winvnoycl.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winvnoycl.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\wincmyl.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\wincmyl.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winohpg.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winohpg.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\kqpb.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\kqpb.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\ytrqf.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\ytrqf.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winirvsl.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winirvsl.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\qthi.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\qthi.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\ukhdo.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\ukhdo.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\lrifh.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\lrifh.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winkkmn.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winkkmn.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\windfyqcn.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\windfyqcn.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winwqyjr.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winwqyjr.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winiutfy.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winiutfy.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winiyeugr.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winiyeugr.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winqgjnme.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winqgjnme.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\urrx.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\urrx.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\xdwk.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\xdwk.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winvupxa.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winvupxa.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\bptojx.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\bptojx.exe:*:Enabled:ipsec" "C:\\WINDOWS\\system32\\dxdllreg.exe"="C:\\WINDOWS\\system32\\dxdllreg.exe:*:Enabled:ipsec" "C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winvxvrxt.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winvxvrxt.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\qhmcq.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\qhmcq.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winchpk.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winchpk.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\igam.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\igam.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\fxrutb.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\fxrutb.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\wintqmi.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\wintqmi.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\wtixkx.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\wtixkx.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winqhich.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winqhich.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winquik.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winquik.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winwvslrk.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winwvslrk.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\hhjmtm.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\hhjmtm.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winrrkpt.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winrrkpt.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winpesxee.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winpesxee.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winvnrxen.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winvnrxen.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\sqtgt.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\sqtgt.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\xxyt.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\xxyt.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winpotsd.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winpotsd.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\caew.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\caew.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winswbd.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winswbd.exe:*:Enabled:ipsec" "C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\imncj.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\imncj.exe:*:Enabled:ipsec" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"="C:\\Arquivos de programas\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" Remaining Files : Files with Hidden Attributes : Tue 21 Apr 2009 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Fri 24 Apr 2009 36,394,872 A..H. --- "C:\Documents and Settings\Idemberg\Configura‡äes locais\Temp\BIT1.tmp" Fri 24 Apr 2009 36,394,872 A..H. --- "C:\Documents and Settings\Idemberg\Configura‡äes locais\Temp\BIT9A.tmp" Fri 24 Apr 2009 36,394,872 A..H. --- "C:\Documents and Settings\Idemberg\Configura‡äes locais\Temp\BITB.tmp" Tue 21 Apr 2009 664,104 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\015ceb8059ea2d22a57ef7b0f6a350eb\BITB.tmp" Fri 24 Apr 2009 9,924,040 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\1323c87e2eec76b34ba4d9b0e0d63c4f\BITD.tmp" Tue 21 Apr 2009 823,848 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\224450d3625a59e855ff59703e1232d2\BIT16.tmp" Tue 21 Apr 2009 7,719,312 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\23627a9c12312c2f994f09e21c726dd9\BIT12.tmp" Tue 21 Apr 2009 556,096 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\26b467e24ea867913aa0a4bd56c13a49\BITD.tmp" Tue 21 Apr 2009 611,696 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2b7b5710b3647247599b4eb3eb612a6e\BIT10.tmp" Tue 21 Apr 2009 654,192 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\30dfdd8768b1abb69d27f98811ffe767\BITF.tmp" Tue 21 Apr 2009 664,432 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\484c431c1724e615839a90696fac1087\BIT21.tmp" Fri 24 Apr 2009 14,734,880 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\503143a6366f19c8faa8272b8f67c9a0\BIT1.tmp" Tue 21 Apr 2009 611,368 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\571867b7c43bc6489fcbeeba6935b901\BITF.tmp" Tue 21 Apr 2009 731,504 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\57f4282c94e273902cc9d39d7799f264\BIT23.tmp" Tue 21 Apr 2009 933,416 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\70a87929d0d0d6fe587c15b30220752f\BITE.tmp" Tue 21 Apr 2009 1,133,608 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a41ef6de8cd68f36abc55978dc596583\BIT29.tmp" Tue 21 Apr 2009 1,314,672 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b1ee5525e400a46397151867842822b9\BIT25.tmp" Tue 21 Apr 2009 4,654,992 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\bb9f1dafa928affd5fb8b74002929836\BIT26.tmp" Tue 21 Apr 2009 504,176 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c23aef1147c932d50b7bf7feef16ae35\BIT22.tmp" Tue 21 Apr 2009 1,275,792 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c6b1431bad17d0b82db129f52943e21d\BITB.tmp" Tue 21 Apr 2009 503,336 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cecacfcd592aaae9947f29a557cff54a\BIT19.tmp" Tue 21 Apr 2009 534,568 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d10bc6556c709623dedb355769e1b04d\BIT2E.tmp" Tue 21 Apr 2009 564,776 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d88adbcb9044458d3ec83190f4cfabd4\BITC.tmp" Tue 21 Apr 2009 576,552 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\dd530e3e5fcfd628a386e12da7254e90\BIT2D.tmp" Tue 21 Apr 2009 925,566 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\1be89291acfa15b2dc21f62977b2b25f\download\BIT2E.tmp" Tue 21 Apr 2009 1,107,316 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\48088cd52d335c9954aaf588d3411491\download\BIT9.tmp" Tue 21 Apr 2009 459,348 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\638b7667d9e38af52795c79ae6304102\download\BIT38.tmp" Tue 21 Apr 2009 467,042 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c1744b4041cfda806bb305c7f6fc7e14\download\BIT35.tmp" Tue 21 Apr 2009 71,180 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f234e41131e764a91d8e8a91d6feffb6\download\BITC.tmp" Tue 21 Apr 2009 195,980 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f924f4565549df199b1f15588da24dd0\download\BITA.tmp" Sun 18 Feb 2007 25,534 A..H. --- "C:\Documents and Settings\Idemberg\Meus documentos\DVD-RW\Programas\Folder lock\Lock Folder XP 3.6 [Loader].exe" Sun 18 Feb 2007 1,454,671 A..H. --- "C:\Documents and Settings\Idemberg\Meus documentos\DVD-RW\Programas\Folder lock\Lock Folder XP 3.6 [setup].exe" Finished! --------------------------------------------------------------------------------------------------------------------------------------- Elibagla (24-4-2009 3:27:22) EliBagle v12.48 ©2009 S.G.H. / Satinfo S.L. (Actualizado el 22 de Abril del 2009) ---------------------------------------------- Lista de Acciones (por Acción Directa): Restaurada Clave: "SafeBoot\Minimal y Network" (24-4-2009 3:27:23) EliBagle v12.48 ©2009 S.G.H. / Satinfo S.L. (Actualizado el 22 de Abril del 2009) ---------------------------------------------- Lista de Acciones (por Exploración): Explorando "C:\" Nº Total de Directorios: 2366 Nº Total de Ficheros: 30472 Nº de Ficheros Analizados: 6590 Nº de Ficheros Infectados: 0 Nº de Ficheros Limpiados: 0 --------------------------------------------------------------------------------------------------------------------------------------- Hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:45:47, on 24/4/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\DOCUME~1\Idemberg\CONFIG~1\Temp\winpotsd.exe C:\DOCUME~1\Idemberg\CONFIG~1\Temp\caew.exe C:\DOCUME~1\Idemberg\CONFIG~1\Temp\winswbd.exe C:\WINDOWS\RTHDCPL.EXE C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe C:\Arquivos de programas\Messenger\msmsgs.exe C:\WINDOWS\system32\wuauclt.exe C:\Hijack\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1046 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 4588 bytes ah amigo ainda percebi que quando eu ligo o firewall do windows , ele volta a se desligar sozinho de 2 em 2 minutos se eu ficar ligando! e desculpe se estiver incomodando mas ja tentei de todo modo, mas nao consigui resolver esse problema! desde ja Obrigado! Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Abril 25, 2009 :seta: Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet: - Faça o download do Malwarebytes Anti-Malware. * Faça a instalação dando um duplo clique em "mbam-setup.exe"; *Selecione a linguagem Português (Brasil) *Selecione apenas a caixa: "Atualizar MalwareBytes'Anti-Malware" *Se alguma atualização existir, o download será automático *Não faça ainda scan!!! *Reinicie o PC em Modo de Segurança (apertando a tecla F8 (ou a tecla F5 em alguns computadores) repetidas vezes quando o computador estiver reiniciando e escolhendo a opção Modo Seguro ou Modo de Segurança). * Se não possível executar o computador em Modo Seguro, faça o escaneamento no modo normal *Execute o programa MalwareBytes'Anti-Malware e clique na aba: "Verificação", selecione a opção "Verificação completa" *Clique no botão: "Verificar" * Marque todas as partes do computador que você deseja escanear e clique no botão: “Iniciar verificação” *Ao término do scan, clique em "OK" > "Mostrar Resultados" *Selecione todas as entradas e clique em "Remover Selecionados" *Após a remoção poderá ser interrogado se deseja remover objetos da memória. Clique "SIM" *Um log será apresentado com o resultado das ações *Alguns malwares são rebeldes e necessitam de uma reinicialização para a remoção. Caso isto seja solicitado, clique para reiniciar o PC. *Ao término do processo, reinicie o PC em Modo Normal. * Depois de alguns dias, se o seu computador estiver funcionando normalmente sem estes arquivos que foram excluidos pelo Malwarebytes Anti-malware, abra (execute) o Malwarebytes Anti-malware, clique na aba: Quarentena e clique no botão: Remover tudo. *Execute novamente o programa Malwarebytes Anti-malware e clique na aba “Logs”, dê um duplo clique com o mouse sobre o log mais recente, selecione o log completo e copie-o. Poste este log gerado pelo Malwarebytes Anti-Malware juntamente com um novo log do Hijackthis na sua próxima resposta e nos diga como está o seu computador depois de seguir este procedimento acima. Ficamos no aguardo de sua resposta. Compartilhar este post Link para o post Compartilhar em outros sites
Idemberg 0 Denunciar post Postado Abril 25, 2009 Ta aqui Amigo o Log do Hijack e do Malwarebytes e ainda continuo com os mesmos problemas! ah e nao consigui entrar no modo seguro para fazer a verificacao do mawarbytes pois reiniciava quando tentava entrar tive que entrar pelo modo normal! Hijack Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 04:11:44, on 25/4/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe C:\Arquivos de programas\Messenger\msmsgs.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\Hijack\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1046 R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [shareaza] "C:\Arquivos de programas\Shareaza\Shareaza.exe" -tray O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 5215 bytes ----------------------------------------------------------------------------------------------------------------------------------------- Malwarebytes Malwarebytes' Anti-Malware 1.36 Versão do banco de dados: 2039 Windows 5.1.2600 Service Pack 3 25/4/2009 04:06:05 mbam-log-2009-04-25 (04-06-05).txt Tipo de Verificação: Completa (C:\|D:\|) Objetos verificados: 113214 Tempo decorrido: 14 minute(s), 24 second(s) Processos da Memória infectados: 0 Módulos de Memória Infectados: 1 Chaves do Registro infectadas: 0 Valores do Registro infectados: 1 Ítens do Registro infectados: 3 Pastas infectadas: 0 Arquivos infectados: 8 Processos da Memória infectados: (Nenhum ítem malicioso foi detectado) Módulos de Memória Infectados: C:\WINDOWS\system32\nmdfgds0.dll (Spyware.OnlineGames) -> Delete on reboot. Chaves do Registro infectadas: (Nenhum ítem malicioso foi detectado) Valores do Registro infectados: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cdoosoft (Spyware.OnlineGames) -> Quarantined and deleted successfully. Ítens do Registro infectados: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Pastas infectadas: (Nenhum ítem malicioso foi detectado) Arquivos infectados: C:\WINDOWS\system32\nmdfgds0.dll (Spyware.OnlineGames) -> Delete on reboot. C:\WINDOWS\system32\olhrwef.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\qwtb.com (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\autorun.inf (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\vwewav8.com (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\WINDOWS\system32\nmdfgds1.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully. D:\qwtb.com (Spyware.OnlineGames) -> Quarantined and deleted successfully. D:\vwewav8.com (Spyware.OnlineGames) -> Quarantined and deleted successfully. Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Abril 25, 2009 :thumbsup: Vários outros problemas foram removidos pelo Malwarebytes. :seta: Desabilite o seu Antivírus, AntiSpyware e Firewall temporariamente para não haver conflitos. Mantenha-os desativados até terminar as instruções. Faça o download do ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe Salve-o no seu Desktop (área de trabalho). Se tiver um Pendrive ou um drive de MP3 ou MP4, conecte no PC (se tiver mais de um, tem de conectar todos). Não os tire até completar todas as instruções. Feche todas as janelas e programas. Dê um duplo-clique no combofix.exe, tecle 1 e em seguida Enter para prosseguir o Fix. Aguarde, pois é um pouco demorado. OBS: Caso não queira que seja instalado o Console de Recuperação do Windows, clique em "Não" e depois concorde para que a verificação prossiga. Se você optar por instalar este Console, na Inicialização do Sistema será apresentada a tela para Seleção dos Sistemas Operacionais. Mais informações sobre o Console: http://support.microsoft.com/kb/307654/pt-br O ComboFix reiniciará o PC automaticamente para completar o processo de remoção. Caso isso não aconteça, reinicie manualmente. Quando acabar, será gerado um Log, que estará em C:\ComboFix.txt. IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando. Para parar ou sair do ComboFix, tecle "N". Selecione, copie e cole o conteúdo do ComboFix.txt na sua próxima resposta + um novo Log do HijackThis e nos diga como está o seu PC após este procedimento. OBS 2: Não execute o ComboFix mais do que uma vez. Isso irá sobreescrever o Log e dificultará a remoção do(s) malware(s). OBS.1: Caso apareça uma mensagem avisando que ESTE NÃO É UM APLICATIVO WIN 32 VÁLIDO baixe o ComboFix novamente, mas salve-o em seu Desktop como KomboFix. Caso ocorra algum erro, reinicie o computador em Modo Seguro (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização) e repita o procedimento. Compartilhar este post Link para o post Compartilhar em outros sites
Idemberg 0 Denunciar post Postado Abril 26, 2009 Aqui Amigo mas ainda continuo com os problemas ate agora! ComboFix ComboFix 09-04-25.A3 - Idemberg 26/04/2009 18:48.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1023.625 [GMT -3:00] Executando de: c:\documents and settings\Idemberg\Desktop\ComboFix.exe * Criado um novo ponto de restauro . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . C:\InfoSat.txt D:\Autorun.inf . ((((((((((((((((((((((((((((((((((((((( Drivers/Serviços ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ASC3360PR -------\Service_asc3360pr (((((((((((((((( Arquivos/Ficheiros criados de 2009-05-26 to 2009-4-26 )))))))))))))))))))))))))))) . 2009-04-26 17:24 . 2009-04-26 17:24 -------- d-----w c:\arquivos de programas\EA GAMES 2009-04-26 17:17 . 2003-12-21 20:24 140800 ----a-w c:\windows\system32\drivers\xmasbus.sys 2009-04-26 17:17 . 2003-12-20 23:03 5504 ----a-w c:\windows\system32\drivers\xmasscsi.sys 2009-04-26 17:17 . 2009-04-26 17:17 -------- d-----w c:\arquivos de programas\Alcohol Soft 2009-04-26 17:09 . 2009-04-26 17:09 717296 ----a-w c:\windows\system32\drivers\sptd.sys 2009-04-26 17:09 . 2009-04-26 17:09 -------- d-----w c:\documents and settings\Idemberg\Dados de aplicativos\DAEMON Tools Lite 2009-04-26 16:33 . 2009-04-26 16:33 -------- d-----w c:\documents and settings\Idemberg\Dados de aplicativos\Nero 2009-04-26 16:21 . 2009-04-26 16:21 4767 ----a-w c:\windows\Irremote.ini 2009-04-26 16:19 . 2009-04-26 16:19 -------- d-----w c:\arquivos de programas\Windows Sidebar 2009-04-26 16:09 . 2009-04-26 16:20 -------- d-----w c:\arquivos de programas\Nero 2009-04-26 16:08 . 2009-04-26 16:21 -------- d-----w c:\arquivos de programas\Arquivos comuns\Nero 2009-04-26 16:08 . 2009-04-26 16:15 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Nero 2009-04-26 05:11 . 2009-04-26 05:11 -------- d-----w c:\arquivos de programas\Shareaza 2009-04-26 05:11 . 2009-04-26 05:11 -------- d-----w c:\documents and settings\Idemberg\Dados de aplicativos\Shareaza 2009-04-26 05:11 . 2009-04-26 05:11 -------- d-----w c:\documents and settings\Idemberg\Configurações locais\Dados de aplicativos\Shareaza 2009-04-26 05:11 . 2009-04-26 05:11 -------- d-----w c:\documents and settings\Idemberg\Configurações locais\Dados de aplicativos\Shareaza 2009-04-26 05:11 . 2009-04-26 05:11 -------- d-----w c:\documents and settings\Idemberg\Configurações locais\Dados de aplicativos\Shareaza 2009-04-25 06:44 . 2009-04-25 06:44 -------- d-----w c:\documents and settings\Idemberg\Dados de aplicativos\Malwarebytes 2009-04-25 06:44 . 2009-04-06 18:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-04-25 06:44 . 2009-04-06 18:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-04-25 06:44 . 2009-04-25 06:44 -------- d-----w c:\arquivos de programas\Malwarebytes' Anti-Malware 2009-04-25 06:44 . 2009-04-25 06:44 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes 2009-04-25 06:18 . 2009-04-25 06:18 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Yahoo! Companion 2009-04-24 15:57 . 2008-07-09 08:05 421888 ----a-w c:\windows\system32\ac3filter.acm 2009-04-24 15:57 . 2009-04-24 15:57 -------- d-----w c:\arquivos de programas\XP Codec Pack 2009-04-24 12:54 . 2008-04-13 14:45 10368 -c--a-w c:\windows\system32\dllcache\hidusb.sys 2009-04-24 12:54 . 2008-04-13 14:45 10368 ----a-w c:\windows\system32\drivers\hidusb.sys 2009-04-24 12:53 . 2009-04-26 17:32 -------- d-----w c:\arquivos de programas\GameVicio 2009-04-24 12:38 . 2009-04-24 12:38 -------- d-----w c:\arquivos de programas\EA SPORTS 2009-04-24 12:24 . 2009-04-25 06:51 -------- d-----w C:\PC 2009-04-24 03:52 . 2009-04-24 03:52 -------- d-----w c:\arquivos de programas\Yahoo! 2009-04-24 03:52 . 2009-04-24 03:52 -------- d-----w c:\arquivos de programas\CCleaner 2009-04-24 03:33 . 2009-04-24 03:33 -------- d-----w c:\windows\ERUNT 2009-04-24 03:30 . 2009-04-24 03:43 -------- d-----w C:\SDFix 2009-04-23 02:44 . 2009-04-23 02:44 -------- d-----w c:\documents and settings\Idemberg\Dados de aplicativos\Desktopicon 2009-04-23 02:44 . 2004-03-09 02:00 124688 ----a-w c:\windows\system32\MSWINSCK.OCX 2009-04-23 02:44 . 2009-04-23 02:44 -------- d-----w c:\arquivos de programas\DsNET Corp 2009-04-23 01:29 . 2008-04-13 14:45 26368 -c--a-w c:\windows\system32\dllcache\usbstor.sys 2009-04-23 00:38 . 2009-04-23 00:48 -------- d-----w C:\FindyKill 2009-04-22 23:55 . 2009-04-22 23:55 -------- d-----w c:\documents and settings\Idemberg\Dados de aplicativos\Gearbox Software 2009-04-22 23:43 . 2009-04-22 23:43 -------- d-----w c:\arquivos de programas\MSXML 4.0 2009-04-22 23:41 . 2009-04-22 23:41 -------- d-----w c:\arquivos de programas\Microsoft Games 2009-04-22 18:19 . 2009-04-22 18:19 -------- d-----w c:\arquivos de programas\City Interactive 2009-04-22 18:00 . 2009-04-22 18:00 -------- d-----w c:\documents and settings\Idemberg\Dados de aplicativos\Activision 2009-04-22 18:00 . 2009-04-22 18:00 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Activision 2009-04-22 17:57 . 2009-04-22 17:57 -------- d-----w c:\windows\system32\xlive 2009-04-22 17:25 . 2009-04-22 17:25 -------- d-----w c:\arquivos de programas\Activision 2009-04-22 17:24 . 2009-04-22 17:24 -------- d-sh--w c:\windows\ftpcache 2009-04-22 12:25 . 2009-04-22 12:25 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Ubisoft 2009-04-22 12:24 . 2009-04-25 07:11 -------- d-----w C:\Hijack 2009-04-22 11:59 . 2009-04-22 23:27 -------- d-----w c:\arquivos de programas\Ubisoft 2009-04-22 02:25 . 2008-04-14 12:00 219648 ----a-w c:\windows\system32\uxtheme.backup 2009-04-22 02:25 . 2009-04-22 02:25 8294454 ----a-w c:\windows\startup.bmp 2009-04-22 02:22 . 2009-04-22 02:25 -------- d-----w c:\windows\VistaMizer 2009-04-22 01:15 . 2009-04-22 01:15 -------- d-s---w c:\documents and settings\Idemberg\UserData 2009-04-22 00:21 . 2009-04-22 11:20 69392 ----a-w c:\documents and settings\Idemberg\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT 2009-04-22 00:21 . 2009-04-22 11:20 69392 ----a-w c:\documents and settings\Idemberg\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT 2009-04-22 00:21 . 2009-04-22 11:20 69392 ----a-w c:\documents and settings\Idemberg\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT 2009-04-22 00:17 . 2009-04-26 20:54 -------- d-----w c:\documents and settings\Idemberg\Contacts 2009-04-22 00:16 . 2009-04-22 00:16 -------- d-----w c:\arquivos de programas\MSN Messenger 2009-04-22 00:14 . 2009-04-22 02:22 -------- d--h--w c:\windows\$hf_mig$ 2009-04-22 00:13 . 2009-04-22 00:13 0 ----a-w c:\windows\msicpl.ini 2009-04-22 00:05 . 2009-04-22 00:05 -------- d-----w c:\arquivos de programas\Windows Media Connect 2 2009-04-22 00:03 . 2009-04-22 00:03 -------- d-----w c:\arquivos de programas\Arquivos comuns\Adobe 2009-04-22 00:03 . 2007-12-05 05:53 356352 ----a-w c:\windows\system32\NVUNINST.EXE 2009-04-22 00:03 . 2009-04-22 00:03 0 ----a-w c:\windows\nsreg.dat 2009-04-22 00:02 . 2009-04-22 00:02 -------- d-----w c:\documents and settings\Idemberg\Configurações locais\Dados de aplicativos\Mozilla 2009-04-22 00:02 . 2009-04-22 00:02 -------- d-----w c:\documents and settings\Idemberg\Configurações locais\Dados de aplicativos\Mozilla 2009-04-22 00:02 . 2009-04-22 00:02 -------- d-----w c:\documents and settings\Idemberg\Configurações locais\Dados de aplicativos\Mozilla 2009-04-21 23:51 . 2006-10-26 22:56 32592 ----a-w c:\windows\system32\msonpmon.dll 2009-04-21 23:50 . 2009-04-21 23:50 -------- d-----w c:\arquivos de programas\Microsoft Works 2009-04-21 23:50 . 2009-04-21 23:50 -------- d-----w c:\arquivos de programas\MSBuild 2009-04-21 23:47 . 2009-04-21 23:47 -------- d-----w c:\windows\SHELLNEW 2009-04-21 23:47 . 2009-04-21 23:47 -------- d-----w c:\documents and settings\Idemberg\Configurações locais\Dados de aplicativos\Microsoft Help 2009-04-21 23:47 . 2009-04-21 23:47 -------- d-----w c:\documents and settings\Idemberg\Configurações locais\Dados de aplicativos\Microsoft Help 2009-04-21 23:47 . 2009-04-21 23:47 -------- d-----w c:\documents and settings\Idemberg\Configurações locais\Dados de aplicativos\Microsoft Help 2009-04-21 23:47 . 2009-04-21 23:51 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help 2009-04-21 23:47 . 2009-04-21 23:47 -------- d--h--r C:\MSOCache 2009-04-21 23:43 . 2009-04-21 23:43 940794 ----a-w c:\windows\system32\LoopyMusic.wav 2009-04-21 23:43 . 2009-04-21 23:43 146650 ----a-w c:\windows\system32\BuzzingBee.wav 2009-04-21 23:43 . 2009-04-21 23:43 -------- d-----w c:\windows\system32\Lang 2009-04-21 23:40 . 2009-04-21 23:40 -------- d-----w c:\arquivos de programas\Realtek 2009-04-21 23:40 . 2006-05-04 19:26 2808832 ----a-w c:\windows\alcwzrd.exe 2009-04-21 23:40 . 2005-09-21 13:25 299008 ----a-w c:\windows\system32\ALSndMgr.cpl 2009-04-21 23:40 . 2005-05-03 21:43 143360 ----a-w c:\windows\Alcmtr.exe 2009-04-21 23:40 . 2009-04-21 23:40 315392 ----a-w c:\windows\HideWin.exe 2009-04-21 23:40 . 2007-07-26 20:09 520192 ----a-w c:\windows\RtlExUpd.dll . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-24 18:13 . 2009-04-21 22:32 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-04-23 00:44 . 2008-04-14 12:00 48846 ----a-w c:\windows\system32\perfc016.dat 2009-04-23 00:44 . 2008-04-14 12:00 344734 ----a-w c:\windows\system32\perfh016.dat 2009-04-22 17:57 . 2009-04-21 22:40 -------- d--h--w c:\arquivos de programas\InstallShield Installation Information 2009-04-22 02:25 . 2008-04-14 12:00 219648 ----a-w c:\windows\system32\uxtheme.dll 2009-04-21 23:41 . 2009-04-21 23:40 530 ----a-w C:\RHDSetup.log 2009-04-21 22:39 . 2009-04-21 22:39 -------- d-----w c:\arquivos de programas\Arquivos comuns\InstallShield 2009-04-21 22:39 . 2009-04-21 22:39 -------- d-----w c:\arquivos de programas\Intel 2009-04-21 22:33 . 2009-04-21 22:33 -------- d-----w c:\arquivos de programas\microsoft frontpage 2009-04-21 22:31 . 2009-04-21 22:31 -------- d-----w c:\arquivos de programas\Serviços on-line 2009-04-21 22:31 . 2009-04-21 22:31 -------- d-----w c:\arquivos de programas\Arquivos comuns\Serviços 2009-04-21 22:30 . 2009-04-21 22:30 21844 ----a-w c:\windows\system32\emptyregdb.dat 2009-02-09 14:06 . 2008-04-14 12:00 1846912 ----a-w c:\windows\system32\win32k.sys 2009-02-03 19:58 . 2008-04-14 12:00 56832 ----a-w c:\windows\system32\secur32.dll . ------- Sigcheck ------- [-] 2008-04-14 12:00 588288 7C0E5D593730414B5994A15A6D10C201 c:\windows\system32\user32.dll [-] 2008-04-14 12:00 588288 7C0E5D593730414B5994A15A6D10C201 c:\windows\system32\dllcache\user32.dll [7] 2008-04-14 12:00 579072 54907DB28872A7A6D3EE2B4747A23828 c:\windows\VistaMizer\old\user32.dll [7] 2008-04-14 12:00 668160 DF6D0F37A71883BE3505DD517EB8AD83 c:\windows\SoftwareDistribution\Download\1be89291acfa15b2dc21f62977b2b25f\backup\sp3gdr\wininet.dll [7] 2008-04-14 12:00 668160 DF6D0F37A71883BE3505DD517EB8AD83 c:\windows\SoftwareDistribution\Download\1be89291acfa15b2dc21f62977b2b25f\backup\sp3qfe\wininet.dll [-] 2008-04-14 12:00 813056 C52A23D26034DC3529D861704C45BD66 c:\windows\system32\wininet.dll [-] 2008-04-14 12:00 813056 C52A23D26034DC3529D861704C45BD66 c:\windows\system32\dllcache\wininet.dll [7] 2008-04-14 12:00 668160 DF6D0F37A71883BE3505DD517EB8AD83 c:\windows\VistaMizer\old\wininet.dll [-] 2008-04-14 12:00 549376 B0C0BF2504B830BFC1E93CA39F3C75FE c:\windows\system32\winlogon.exe [-] 2008-04-14 12:00 549376 B0C0BF2504B830BFC1E93CA39F3C75FE c:\windows\system32\dllcache\winlogon.exe [7] 2008-04-14 12:00 509952 71D440F79B711627B12B567FB2EADB42 c:\windows\VistaMizer\old\winlogon.exe [-] 2008-04-14 12:00 2285056 708C5ED2EA45BD5BC39823E1EA8006A5 c:\windows\system32\ntkrnlpa.exe [7] 2008-04-14 12:00 2028032 763EE1C250EC83EFD11FBF51AC4A6D82 c:\windows\VistaMizer\old\ntkrnlpa.exe [-] 2008-04-14 12:00 2406400 AB8D5375B151999AB31E2C0AB512EF75 c:\windows\system32\ntoskrnl.exe [7] 2008-04-14 12:00 2149376 0ED0AB8E279126064A46A73A5ED59069 c:\windows\VistaMizer\old\ntoskrnl.exe [-] 2008-04-14 12:00 1554432 F1A3E95588DB92660C8C6DAA9101D49B c:\windows\explorer.exe [-] 2008-04-14 12:00 1554432 F1A3E95588DB92660C8C6DAA9101D49B c:\windows\system32\dllcache\explorer.exe [7] 2008-04-14 12:00 1035776 064EC7FF5F58B928C3E119402977FA6D c:\windows\VistaMizer\old\explorer.exe [-] 2008-04-14 12:00 25088 D67945A2290E98BB54D7792F09E7504E c:\windows\system32\ctfmon.exe [-] 2008-04-14 12:00 25088 D67945A2290E98BB54D7792F09E7504E c:\windows\system32\dllcache\ctfmon.exe [7] 2008-04-14 12:00 15360 4E486ADFE3A0B9ED0EB0639902E9F64F c:\windows\VistaMizer\old\ctfmon.exe . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableTaskMgr"= 1 (0x1) "DisableRegistryTools"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"= "d:\\DVD-RW\\Programas\\Cleaners\\ccsetup214.exe"= "c:\\WINDOWS\\SkyTel.EXE"= "c:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"= c:\\Arquivos de programas\\MSN Messenger\\MsnMsgr.Exe "c:\\Arquivos de programas\\MSN Messenger\\livecall.exe"= "c:\\WINDOWS\\system32\\nwiz.exe"= "c:\\WINDOWS\\system32\\userinit.exe"= "c:\\WINDOWS\\system32\\wscntfy.exe"= "c:\\Arquivos de programas\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe"= "c:\\Arquivos de programas\\Activision\\Quantum of Solace\\JB_LiveEngine_s.exe"= "c:\\Arquivos de programas\\Microsoft Office\\Office12\\WINWORD.EXE"= "c:\\WINDOWS\\system32\\dxdllreg.exe"= "c:\\Arquivos de programas\\Windows Media Player\\wmplayer.exe"= "c:\\Arquivos de programas\\Messenger\\msmsgs.exe"= "c:\\Arquivos de programas\\Microsoft Office\\Office12\\GrooveMonitor.exe"= "c:\\Arquivos de programas\\Shareaza\\Shareaza.exe"= "c:\\WINDOWS\\RTHDCPL.EXE"= S0 xmasbus;xmasbus;c:\windows\system32\DRIVERS\xmasbus.sys [2003-12-21 140800] S0 xmasscsi;xmasscsi;c:\windows\System32\Drivers\xmasscsi.sys [2003-12-20 5504] S1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2005-03-16 13696] S3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\system32\DRIVERS\l251x86.sys [2007-07-03 29696] --- --- *NewlyCreated* - ASC3360PR [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0858cf78-2ff9-11de-967c-00e04d7e0e55}] \Shell\AutoRun\command - F:\qwtb.com \Shell\open\Command - F:\qwtb.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{147a05a4-31d4-11de-9688-00e04d7e0e55}] \sHELL\AuToPlay\CoMmand - F:\otojba.cmd \sHELL\AutoRun\command - F:\otojba.cmd \sHELL\eXpLORe\cOmmand - F:\otojba.cmd \sHELL\oPEn\COmmaNd - F:\otojba.cmd [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1c2e5ae3-3286-11de-968a-00e04d7e0e55}] \Shell\AutoRun\command - F:\Autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1da0671f-3287-11de-968c-00e04d7e0e55}] \Shell\AutoRun\command - H:\RunGame.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bff86b98-31d4-11de-9689-00e04d7e0e55}] \Shell\AutoRun\command - F:\qwtb.com \Shell\open\Command - F:\qwtb.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cf771716-2f9f-11de-967b-00e04d7e0e55}] \SHEll\AUtOplay\comMand - F:\cvun.pif \SHEll\AutoRun\command - F:\cvun.pif \SHEll\EXPLorE\COmManD - F:\cvun.pif \SHEll\OPeN\CoMMand - F:\cvun.pif . . ------- Scan Suplementar ------- . uInternet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1046 IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Idemberg\Dados de aplicativos\Mozilla\Firefox\Profiles\g9je5nca.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/ ---- FIREFOX POLICIES ---- c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-26 18:50 Windows 5.1.2600 Service Pack 3 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- - - - - - - - > 'winlogon.exe'(728) c:\windows\system32\SETUPAPI.dll c:\windows\system32\sfc_os.dll c:\windows\system32\cscui.dll - - - - - - - > 'lsass.exe'(784) c:\windows\system32\setupapi.dll c:\windows\system32\psbase.dll - - - - - - - > 'explorer.exe'(2732) c:\windows\system32\SHDOCVW.dll c:\windows\system32\COMRes.dll c:\windows\System32\cscui.dll c:\windows\system32\SETUPAPI.dll c:\windows\system32\LINKINFO.dll c:\windows\system32\ntshrui.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\NETSHELL.dll c:\windows\system32\credui.dll c:\windows\system32\MSVCP60.dll . ------------------------ Outros Processos em Execução ------------------------ . c:\arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe c:\windows\RTHDCPL.exe c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe c:\arquivos de programas\Adobe\Reader 9.0\Reader\reader_sl.exe c:\windows\system32\rundll32.exe c:\arquivos de programas\MSN Messenger\msnmsgr.exe c:\arquivos de programas\Messenger\msmsgs.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\wscntfy.exe c:\arquivos de programas\Microsoft Office\Office12\WINWORD.EXE . ************************************************************************** . Tempo para conclusão: 2009-04-26 18:54 - Máquina reiniciou ComboFix-quarantined-files.txt 2009-04-26 21:53 Pré-execução: 14 pasta(s) 63.976.706.048 bytes disponíveis Pós execução: 13 pasta(s) 65.869.271.040 bytes disponíveis WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 274 --- E O F --- 2009-04-22 03:29 hijack Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:59:15, on 26/4/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe C:\WINDOWS\RTHDCPL.EXE C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe C:\Arquivos de programas\Messenger\msmsgs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\DOCUME~1\Idemberg\CONFIG~1\Temp\winaadwd.exe C:\DOCUME~1\Idemberg\CONFIG~1\Temp\winvtlpsr.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\DOCUME~1\Idemberg\CONFIG~1\Temp\ailpu.exe C:\Hijack\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1046 R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [shareaza] "C:\Arquivos de programas\Shareaza\Shareaza.exe" -tray O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 5500 bytes Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Abril 26, 2009 :thumbsup: Outros problemas foram removidos pelo Combofix. :seta: Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet: - Faça o download do USBFix e salve-o no desktop (área de trabalho): http://rapidshare.com/files/186762158/UsbFix.exe Obs: Quando acessar o site acima, clique no botão Free user > aguarde a contagem regressiva > Clique no botão Download. ● Desative temporariamente seu antivírus; ● Dê um duplo clique no ícone do programa e instale-o clicando em (Suivant > Aceite o contrato > Suivant > Suivant > Démarrer > Quitter); ● Dê um duplo clique no ícone do USBFix criado no desktop para executá-lo; ● Insira o pen drive, MP3, MP4, ou outra mídia removível que você suspeite que possa estar infectada na porta USB do PC; ● Tecle 1, pressione Enter e siga as instruções que aparecer. Seu computador será reiniciado, aguarde e espere-o reiniciar; ● O PC será reiniciado. Mantenha o pen drive no local. Não remova! ● Quando estiver reiniciando aparecerá uma tela azul lhe dizendo que as unidades estão sendo verificadas; ● Após reiniciar, a ferramenta será executada automaticamente. Apenas aguarde sem mover o mouse ou usar o teclado; ● Ao receber a mensagem "Nettoyage effectue!", tecle ENTER ● Será aberto o log no bloco de notas automaticamente. O log também estará em C:\UsbFix.txt. OBS: Se após reiniciar o seu desktop sumir, tecle Ctrl + Alt + Delete para rodar o gerenciador de tarefas. Clique em Arquivo > Executar nova tarefa, digite: explorer.exe e dê um OK. _______________________________________________________________________________ :seta: Siga também, por gentileza, as dicas deste tutorial para fazer um escaneamento de seu PC pelo Nod32 Online: Tutorial do antivirus Nod32 Online Após o término do escaneamento será gerado um relatório (log) que estará no seguinte local do seu computador: C:\Arquivos de programas\EsetOnlineScanner\log Na sua próxima resposta poste este log do Nod32 Online juntamente com um novo log do Hijackthis e com o log do Usbfix que estará em C:\UsbFix.txt e nos diga, por gentileza, como está o seu PC após seguir estes procedimentos. Ficamos no aguardo. Compartilhar este post Link para o post Compartilhar em outros sites
Mário Monteiro 179 Denunciar post Postado Maio 27, 2009 Tópico Arquivado Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado. Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura. Compartilhar este post Link para o post Compartilhar em outros sites
