Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Idemberg

[Arquivado] Nao consigo Instalar nenhum antivirus !

Recommended Posts

nao consigo instalar nenhum antivirus! nem executar o ccleaner que ele como outras programas tambem fecham sozinhos apos uns 3 segundos!!!

Segue aqui um log do Hijack

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 09:27:29, on 22/4/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\DOCUME~1\Idemberg\CONFIG~1\Temp\winrywat.exe

C:\DOCUME~1\Idemberg\CONFIG~1\Temp\winhpkoeq.exe

C:\DOCUME~1\Idemberg\CONFIG~1\Temp\ulwvq.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Hijack\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1046

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 4599 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

:thumbsup: Olá Idemberg!

 

:seta: Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet:

 

- Faça o download do FindyKill e salve-o no desktop (área de trabalho):

http://sd-1.archive-host.com/membres/up/11...8/FindyKill.exe

 

- Dê um duplo clique sobre o ícone do instalador do FindyKill que estará no desktop.

- Clique no botão Next >

- marque a opção: I agree with the above terms and conditions;

- Clique no botão Next >

- Escolha o local de seu computador onde você deseja instalar o FindyKill e clique no botão Next >;

- Se aparecer uma mensagem de confirmação em inglês para a criação deste novo diretório clique no botão Sim;

- Clique no botão Start;

- Clique no botão Exit.

- Dê um duplo clique no ícone que será criado no desktop;

- Será aberta uma tela onde você deve escolher a linguagem de mais fácil entendimento para você. Caso seja o inglês que você tenha mais facilidade, digite E e tecle a tecla Enter.

- Na tela que abrir, pressione a tecla 2 + Enter para remover as infecções;

- Se aparecer uma mensagem de confirmação para a remoção dos virus clique no botão Ok.

- O PC poderá reiniciar 2 vezes durante o processo;

- Um relatório será criado em C:\FindyKill.txt.

 

Poste o relatório dele que estará em C:\FindyKill.txt juntamente com um novo log do Hijackthis em sua próxima resposta e nos diga como está o PC depois deste procedimento. Ficamos no aguardo.

 

- Retorne ao programa FindyKill e tecle 3 + ENTER para desinstalá-lo.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Esta aqui amigo o log do FindyKill e do Hijack!!!

ah ainda continuo com os mesmos problemas no computador !

 

############################## [ FindyKill V4.726 ]

 

# User : Idemberg (Administradores) # IDEMBERG-D061B0

# Update on 22/04/09 by Chiquitine29

# Start at: 21:41:02 | 22/4/2009

# Website : http://pagesperso-orange.fr/FindyKill.Ad.Remover/

 

# Intel® Pentium® Dual CPU E2180 @ 2.00GHz

# Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3

# Internet Explorer 6.0.2900.5512

# Windows Firewall Status : Disabled

 

# C:\ # Disco fixo local # 117,19 Go (69,54 Go free) # NTFS

# D:\ # Disco fixo local # 31,85 Go (6,14 Go free) # NTFS

# E:\ # Disco CD-ROM

 

############################## [ Active Processes ]

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\LogonUI.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\userinit.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

################## [ Infected Files \ Folders ]

 

Deleted ! C:\WINDOWS\Prefetch\WINUPGRO.EXE-17681AA8.pf

 

################## [ Infected Temp Files ]

 

 

################## [ Registry / Infected keys ]

 

Deleted ! HKEY_USERS\S-1-5-21-1957994488-1844823847-1417001333-1003\Software\Ubisoft

 

################## [ Cleaning Removable drives ]

 

# Deleting Files :

 

 

Deleted ! C:\autorun.inf

 

################## [ Registry / Mountpoint2 ]

 

# -> Not found !

 

################## [ States / Restarting of services ]

 

# Services : [ Auto=2 / Request=3 / Disable=4 ]

 

# Ndisuio -> # Type of startup =3

# EapHost -> # Type of startup =2

# Ip6Fw -> # Type of startup =2

# SharedAccess -> # Type of startup =2

# wuauserv -> # Type of startup =2

# wscsvc -> # Type of startup =2

# Safe boot mode restored !

 

################## [ Searching Other Infections ]

 

# -> Nothing found.

 

################## [ ! End of Report # FindyKill V4.726 ! ]

 

 

 

-------------------------------------------------------------------------------------------------------------------------------------

Hijack

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:47:24, on 22/4/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\DOCUME~1\Idemberg\CONFIG~1\Temp\winvnoycl.exe

C:\DOCUME~1\Idemberg\CONFIG~1\Temp\wincmyl.exe

C:\Hijack\HiJackThis.exe

C:\DOCUME~1\Idemberg\CONFIG~1\Temp\winohpg.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1046

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [DXDllRegExe] C:\WINDOWS\system32\dxdllreg.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 4390 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

:thumbsup: Foram removidos alguns problemas pelo FindyKill.

 

:seta: Faça o download do Elibagla no endereço abaixo:

http://www.zonavirus.com/datos/descargas/95/elibagla.asp

 

No final da página clique no botão Descargar Elibagla.

 

Será aberta uma nova página, clique novamente no botão Descargar Elibagla.

 

Após o download, rode a ferramenta, clique no botão Explorar e aguarde, pois o scan é um pouco demorado.

 

Ao final será gerado um log que estará em C:\infoSat.txt

______________________________________________________________________________

 

Faça também o seguinte:

 

:seta: Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet:

 

Faça o download do SDFix:

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

 

Salve-o em sua Área de Trabalho (desktop).

 

Dê um duplo clique no SDFix.exe e a Ferramenta será instalada geralmente em C:\SDFix

 

Reinicie o computador em Modo Seguro (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização) e selecione a opção de Modo Seguro ou Modo de Segurança;

 

Entre na pasta SDFix que foi instalada no seu computador e dê um duplo clique no arquivo RunThis.bat

 

Tecle Y para que a Ferramenta inicie o processo de remoção.

 

Quando tudo terminar, você verá um aviso dizendo para apertar qualquer tecla para continuar.

 

Ao pressionar qualquer tecla, o computador será reiniciado automaticamente.

 

Após reiniciar, a Ferramenta ainda será executada novamente e irá terminar o seu trabalho, e ao surgir "The FixTool has finished", pressione qualquer tecla, uma janela com o Relatório do SDFix irá aparecer.

 

Caso você tenha fechado a janela, uma cópia do Relatório estará na pasta SDFix com o nome Report.txt.

 

Poste este relatório do SDFix na sua próxima resposta juntamente com o log do Elibagla que estará em C:\infoSat.txt e um novo log do Hijackthis e nos diga como está o seu computador depois de seguir estes procedimentos. Ficamos no aguardo.

 

Depois de usar o SDFix, delete a ferramenta SDFix e a pasta C:\SDFix.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Amigo ainda continuo com os mesmos problemas!!!

esta aqui o log dos programas!!

 

 

SDFix

 

SDFix: Version 1.240

Run by Idemberg on --- 24/04/2009 at 00:34

 

Microsoft Windows XP [versÆo 5.1.2600]

Running From: C:\SDFix

 

Checking Services :

 

 

Restoring Default Security Values

Restoring Default Hosts File

 

Rebooting

 

 

Checking Files :

 

No Trojan Files Found

 

 

 

 

 

 

Removing Temp Files

 

ADS Check :

 

 

 

Final Check :

 

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-24 00:42:39

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden services & system hive ...

 

scanning hidden registry entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

 

 

Remaining Services :

 

 

 

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"

"D:\\DVD-RW\\Programas\\Cleaners\\ccsetup214.exe"="D:\\DVD-RW\\Programas\\Cleaners\\ccsetup214.exe:*:Enabled:ipsec"

"C:\\WINDOWS\\Explorer.EXE"="C:\\WINDOWS\\Explorer.EXE:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winvjaib.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winvjaib.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\paqqli.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\paqqli.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winpsut.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winpsut.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\uxhdsl.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\uxhdsl.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\alkdrp.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\alkdrp.exe:*:Enabled:ipsec"

"C:\\WINDOWS\\SkyTel.EXE"="C:\\WINDOWS\\SkyTel.EXE:*:Enabled:ipsec"

"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"="C:\\Arquivos de programas\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winebrjk.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winebrjk.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\wingmro.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\wingmro.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winlfycck.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winlfycck.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\wlbqsp.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\wlbqsp.exe:*:Enabled:ipsec"

"C:\\WINDOWS\\system32\\nwiz.exe"="C:\\WINDOWS\\system32\\nwiz.exe:*:Enabled:ipsec"

"C:\\WINDOWS\\system32\\userinit.exe"="C:\\WINDOWS\\system32\\userinit.exe:*:Enabled:ipsec"

"C:\\WINDOWS\\system32\\ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winrxmwr.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winrxmwr.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winxdig.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winxdig.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winfsjx.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winfsjx.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\wingsfqx.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\wingsfqx.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\windjpd.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\windjpd.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\aexel.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\aexel.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\timbk.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\timbk.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\eiowey.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\eiowey.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winqqjs.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winqqjs.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\qhcqw.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\qhcqw.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winmhnmi.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winmhnmi.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winhijyg.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winhijyg.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\qgiuw.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\qgiuw.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\avyk.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\avyk.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winkjnnd.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winkjnnd.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\qdiy.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\qdiy.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winyojijm.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winyojijm.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winoqtae.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winoqtae.exe:*:Enabled:ipsec"

"C:\\WINDOWS\\system32\\wscntfy.exe"="C:\\WINDOWS\\system32\\wscntfy.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\wintnvxl.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\wintnvxl.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winjoeuw.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winjoeuw.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winufex.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winufex.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winsfmgt.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winsfmgt.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\gkygiq.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\gkygiq.exe:*:Enabled:ipsec"

"C:\\Arquivos de programas\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe"="C:\\Arquivos de programas\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winrywat.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winrywat.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winhpkoeq.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winhpkoeq.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\ulwvq.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\ulwvq.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winbgdbgm.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winbgdbgm.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winsxcfxq.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winsxcfxq.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winqgqn.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winqgqn.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\wincpvxjs.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\wincpvxjs.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winhjbpkc.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winhjbpkc.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winghlwac.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winghlwac.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\vqjws.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\vqjws.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winwloq.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winwloq.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\hpove.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\hpove.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winglqrdv.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winglqrdv.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\qnhrdr.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\qnhrdr.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winejqqy.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winejqqy.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\krqbhd.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\krqbhd.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winsjsex.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winsjsex.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winjwnps.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winjwnps.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winivjwd.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winivjwd.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winvbnnv.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winvbnnv.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\owxei.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\owxei.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\rsdmqr.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\rsdmqr.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winkhhjyk.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winkhhjyk.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\alywa.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\alywa.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winxvjwdk.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winxvjwdk.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\wincahal.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\wincahal.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\wintbvlok.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\wintbvlok.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\qkbop.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\qkbop.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\windbfoch.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\windbfoch.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winycrxai.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winycrxai.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\nokwn.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\nokwn.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\pwgki.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\pwgki.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winqghmen.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winqghmen.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winvfavb.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winvfavb.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\fkidy.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\fkidy.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\nflcis.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\nflcis.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winsmwujo.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winsmwujo.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\wineldgj.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\wineldgj.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winyxqqc.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winyxqqc.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\qdgp.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\qdgp.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winwrnh.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winwrnh.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winvftth.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winvftth.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\wintqiqsh.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\wintqiqsh.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winodayk.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winodayk.exe:*:Enabled:ipsec"

"C:\\Arquivos de programas\\Activision\\Quantum of Solace\\JB_LiveEngine_s.exe"="C:\\Arquivos de programas\\Activision\\Quantum of Solace\\JB_LiveEngine_s.exe:*:Enabled:Quantum of Solace"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winkmkmu.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winkmkmu.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\axgkyg.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\axgkyg.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\gpcl.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\gpcl.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winuvcw.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winuvcw.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\windgfccy.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\windgfccy.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winwcdim.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winwcdim.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\xnrl.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\xnrl.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winajik.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winajik.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winfdaced.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winfdaced.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winbhvr.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winbhvr.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\sbxne.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\sbxne.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\isulr.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\isulr.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winskou.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winskou.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\windrksp.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\windrksp.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winowhdx.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winowhdx.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\ubhim.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\ubhim.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winftsf.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winftsf.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\ygqtw.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\ygqtw.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\wintkywqk.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\wintkywqk.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winjeyj.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winjeyj.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winuxos.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winuxos.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winqvuc.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winqvuc.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\fxtr.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\fxtr.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winntrwl.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winntrwl.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\windsoitv.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\windsoitv.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\mgil.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\mgil.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\gtuix.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\gtuix.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winhepg.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winhepg.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\hgobgj.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\hgobgj.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winncnowj.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winncnowj.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winsstk.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winsstk.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\mknsd.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\mknsd.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winjusbf.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winjusbf.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winxwcu.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winxwcu.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\dhpg.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\dhpg.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winqfbf.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winqfbf.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winetms.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winetms.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winhixl.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winhixl.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winvwthj.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winvwthj.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winrloa.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winrloa.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\uxkd.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\uxkd.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winxvxnf.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winxvxnf.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winfiyf.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winfiyf.exe:*:Enabled:ipsec"

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\WINWORD.EXE"="C:\\Arquivos de programas\\Microsoft Office\\Office12\\WINWORD.EXE:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winvnoycl.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winvnoycl.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\wincmyl.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\wincmyl.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winohpg.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winohpg.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\kqpb.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\kqpb.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\ytrqf.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\ytrqf.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winirvsl.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winirvsl.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\qthi.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\qthi.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\ukhdo.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\ukhdo.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\lrifh.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\lrifh.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winkkmn.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winkkmn.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\windfyqcn.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\windfyqcn.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winwqyjr.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winwqyjr.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winiutfy.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winiutfy.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winiyeugr.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winiyeugr.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winqgjnme.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winqgjnme.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\urrx.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\urrx.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\xdwk.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\xdwk.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winvupxa.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winvupxa.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\bptojx.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\bptojx.exe:*:Enabled:ipsec"

"C:\\WINDOWS\\system32\\dxdllreg.exe"="C:\\WINDOWS\\system32\\dxdllreg.exe:*:Enabled:ipsec"

"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winvxvrxt.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winvxvrxt.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\qhmcq.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\qhmcq.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winchpk.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winchpk.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\igam.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\igam.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\fxrutb.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\fxrutb.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\wintqmi.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\wintqmi.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\wtixkx.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\wtixkx.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winqhich.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winqhich.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winquik.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winquik.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winwvslrk.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winwvslrk.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\hhjmtm.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\hhjmtm.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winrrkpt.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winrrkpt.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winpesxee.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winpesxee.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winvnrxen.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winvnrxen.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\sqtgt.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\sqtgt.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\xxyt.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\xxyt.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winpotsd.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winpotsd.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\caew.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\caew.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winswbd.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\winswbd.exe:*:Enabled:ipsec"

"C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\imncj.exe"="C:\\DOCUME~1\\Idemberg\\CONFIG~1\\Temp\\imncj.exe:*:Enabled:ipsec"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"="C:\\Arquivos de programas\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

 

Remaining Files :

 

 

 

Files with Hidden Attributes :

 

Tue 21 Apr 2009 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

Fri 24 Apr 2009 36,394,872 A..H. --- "C:\Documents and Settings\Idemberg\Configura‡äes locais\Temp\BIT1.tmp"

Fri 24 Apr 2009 36,394,872 A..H. --- "C:\Documents and Settings\Idemberg\Configura‡äes locais\Temp\BIT9A.tmp"

Fri 24 Apr 2009 36,394,872 A..H. --- "C:\Documents and Settings\Idemberg\Configura‡äes locais\Temp\BITB.tmp"

Tue 21 Apr 2009 664,104 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\015ceb8059ea2d22a57ef7b0f6a350eb\BITB.tmp"

Fri 24 Apr 2009 9,924,040 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\1323c87e2eec76b34ba4d9b0e0d63c4f\BITD.tmp"

Tue 21 Apr 2009 823,848 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\224450d3625a59e855ff59703e1232d2\BIT16.tmp"

Tue 21 Apr 2009 7,719,312 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\23627a9c12312c2f994f09e21c726dd9\BIT12.tmp"

Tue 21 Apr 2009 556,096 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\26b467e24ea867913aa0a4bd56c13a49\BITD.tmp"

Tue 21 Apr 2009 611,696 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2b7b5710b3647247599b4eb3eb612a6e\BIT10.tmp"

Tue 21 Apr 2009 654,192 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\30dfdd8768b1abb69d27f98811ffe767\BITF.tmp"

Tue 21 Apr 2009 664,432 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\484c431c1724e615839a90696fac1087\BIT21.tmp"

Fri 24 Apr 2009 14,734,880 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\503143a6366f19c8faa8272b8f67c9a0\BIT1.tmp"

Tue 21 Apr 2009 611,368 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\571867b7c43bc6489fcbeeba6935b901\BITF.tmp"

Tue 21 Apr 2009 731,504 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\57f4282c94e273902cc9d39d7799f264\BIT23.tmp"

Tue 21 Apr 2009 933,416 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\70a87929d0d0d6fe587c15b30220752f\BITE.tmp"

Tue 21 Apr 2009 1,133,608 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a41ef6de8cd68f36abc55978dc596583\BIT29.tmp"

Tue 21 Apr 2009 1,314,672 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b1ee5525e400a46397151867842822b9\BIT25.tmp"

Tue 21 Apr 2009 4,654,992 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\bb9f1dafa928affd5fb8b74002929836\BIT26.tmp"

Tue 21 Apr 2009 504,176 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c23aef1147c932d50b7bf7feef16ae35\BIT22.tmp"

Tue 21 Apr 2009 1,275,792 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c6b1431bad17d0b82db129f52943e21d\BITB.tmp"

Tue 21 Apr 2009 503,336 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cecacfcd592aaae9947f29a557cff54a\BIT19.tmp"

Tue 21 Apr 2009 534,568 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d10bc6556c709623dedb355769e1b04d\BIT2E.tmp"

Tue 21 Apr 2009 564,776 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d88adbcb9044458d3ec83190f4cfabd4\BITC.tmp"

Tue 21 Apr 2009 576,552 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\dd530e3e5fcfd628a386e12da7254e90\BIT2D.tmp"

Tue 21 Apr 2009 925,566 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\1be89291acfa15b2dc21f62977b2b25f\download\BIT2E.tmp"

Tue 21 Apr 2009 1,107,316 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\48088cd52d335c9954aaf588d3411491\download\BIT9.tmp"

Tue 21 Apr 2009 459,348 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\638b7667d9e38af52795c79ae6304102\download\BIT38.tmp"

Tue 21 Apr 2009 467,042 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c1744b4041cfda806bb305c7f6fc7e14\download\BIT35.tmp"

Tue 21 Apr 2009 71,180 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f234e41131e764a91d8e8a91d6feffb6\download\BITC.tmp"

Tue 21 Apr 2009 195,980 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f924f4565549df199b1f15588da24dd0\download\BITA.tmp"

Sun 18 Feb 2007 25,534 A..H. --- "C:\Documents and Settings\Idemberg\Meus documentos\DVD-RW\Programas\Folder lock\Lock Folder XP 3.6 [Loader].exe"

Sun 18 Feb 2007 1,454,671 A..H. --- "C:\Documents and Settings\Idemberg\Meus documentos\DVD-RW\Programas\Folder lock\Lock Folder XP 3.6 [setup].exe"

 

Finished!

 

 

---------------------------------------------------------------------------------------------------------------------------------------

Elibagla

 

 

(24-4-2009 3:27:22)

EliBagle v12.48 ©2009 S.G.H. / Satinfo S.L. (Actualizado el 22 de Abril del 2009)

----------------------------------------------

Lista de Acciones (por Acción Directa):

Restaurada Clave: "SafeBoot\Minimal y Network"

 

(24-4-2009 3:27:23)

EliBagle v12.48 ©2009 S.G.H. / Satinfo S.L. (Actualizado el 22 de Abril del 2009)

----------------------------------------------

Lista de Acciones (por Exploración):

Explorando "C:\"

 

Nº Total de Directorios: 2366

Nº Total de Ficheros: 30472

Nº de Ficheros Analizados: 6590

Nº de Ficheros Infectados: 0

Nº de Ficheros Limpiados: 0

 

---------------------------------------------------------------------------------------------------------------------------------------

Hijackthis

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:45:47, on 24/4/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\DOCUME~1\Idemberg\CONFIG~1\Temp\winpotsd.exe

C:\DOCUME~1\Idemberg\CONFIG~1\Temp\caew.exe

C:\DOCUME~1\Idemberg\CONFIG~1\Temp\winswbd.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Hijack\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1046

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 4588 bytes

 

 

 

ah amigo ainda percebi que quando eu ligo o firewall do windows , ele volta a se desligar sozinho de 2 em 2 minutos se eu ficar ligando!

 

e desculpe se estiver incomodando mas ja tentei de todo modo, mas nao consigui resolver esse problema!

desde ja Obrigado!

Compartilhar este post


Link para o post
Compartilhar em outros sites

:seta: Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet:

 

- Faça o download do Malwarebytes Anti-Malware.

* Faça a instalação dando um duplo clique em "mbam-setup.exe";

*Selecione a linguagem Português (Brasil)

*Selecione apenas a caixa: "Atualizar MalwareBytes'Anti-Malware"

*Se alguma atualização existir, o download será automático

*Não faça ainda scan!!!

*Reinicie o PC em Modo de Segurança (apertando a tecla F8 (ou a tecla F5 em alguns computadores) repetidas vezes quando o computador estiver reiniciando e escolhendo a opção Modo Seguro ou Modo de Segurança).

* Se não possível executar o computador em Modo Seguro, faça o escaneamento no modo normal

*Execute o programa MalwareBytes'Anti-Malware e clique na aba: "Verificação", selecione a opção "Verificação completa"

*Clique no botão: "Verificar"

* Marque todas as partes do computador que você deseja escanear e clique no botão: “Iniciar verificação”

*Ao término do scan, clique em "OK" > "Mostrar Resultados"

*Selecione todas as entradas e clique em "Remover Selecionados"

*Após a remoção poderá ser interrogado se deseja remover objetos da memória. Clique "SIM"

*Um log será apresentado com o resultado das ações

*Alguns malwares são rebeldes e necessitam de uma reinicialização para a remoção. Caso isto seja solicitado, clique para reiniciar o PC.

*Ao término do processo, reinicie o PC em Modo Normal.

* Depois de alguns dias, se o seu computador estiver funcionando normalmente sem estes arquivos que foram excluidos pelo Malwarebytes Anti-malware, abra (execute) o Malwarebytes Anti-malware, clique na aba: Quarentena e clique no botão: Remover tudo.

*Execute novamente o programa Malwarebytes Anti-malware e clique na aba “Logs”, dê um duplo clique com o mouse sobre o log mais recente, selecione o log completo e copie-o.

 

Poste este log gerado pelo Malwarebytes Anti-Malware juntamente com um novo log do Hijackthis na sua próxima resposta e nos diga como está o seu computador depois de seguir este procedimento acima.

 

Ficamos no aguardo de sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ta aqui Amigo o Log do Hijack e do Malwarebytes

e ainda continuo com os mesmos problemas!

ah e nao consigui entrar no modo seguro para fazer a verificacao do mawarbytes pois reiniciava quando tentava entrar

tive que entrar pelo modo normal!

 

Hijack

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 04:11:44, on 25/4/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Hijack\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1046

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [shareaza] "C:\Arquivos de programas\Shareaza\Shareaza.exe" -tray

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 5215 bytes

 

 

-----------------------------------------------------------------------------------------------------------------------------------------

Malwarebytes

 

 

Malwarebytes' Anti-Malware 1.36

Versão do banco de dados: 2039

Windows 5.1.2600 Service Pack 3

 

25/4/2009 04:06:05

mbam-log-2009-04-25 (04-06-05).txt

 

Tipo de Verificação: Completa (C:\|D:\|)

Objetos verificados: 113214

Tempo decorrido: 14 minute(s), 24 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 1

Chaves do Registro infectadas: 0

Valores do Registro infectados: 1

Ítens do Registro infectados: 3

Pastas infectadas: 0

Arquivos infectados: 8

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

C:\WINDOWS\system32\nmdfgds0.dll (Spyware.OnlineGames) -> Delete on reboot.

 

Chaves do Registro infectadas:

(Nenhum ítem malicioso foi detectado)

 

Valores do Registro infectados:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cdoosoft (Spyware.OnlineGames) -> Quarantined and deleted successfully.

 

Ítens do Registro infectados:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

 

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

 

Arquivos infectados:

C:\WINDOWS\system32\nmdfgds0.dll (Spyware.OnlineGames) -> Delete on reboot.

C:\WINDOWS\system32\olhrwef.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\qwtb.com (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\autorun.inf (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\vwewav8.com (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\nmdfgds1.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

D:\qwtb.com (Spyware.OnlineGames) -> Quarantined and deleted successfully.

D:\vwewav8.com (Spyware.OnlineGames) -> Quarantined and deleted successfully.

Compartilhar este post


Link para o post
Compartilhar em outros sites

:thumbsup: Vários outros problemas foram removidos pelo Malwarebytes.

 

:seta: Desabilite o seu Antivírus, AntiSpyware e Firewall temporariamente para não haver conflitos. Mantenha-os desativados até terminar as instruções.

 

Faça o download do ComboFix:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

Salve-o no seu Desktop (área de trabalho).

 

Se tiver um Pendrive ou um drive de MP3 ou MP4, conecte no PC (se tiver mais de um, tem de conectar todos). Não os tire até completar todas as instruções.

 

Feche todas as janelas e programas.

 

Dê um duplo-clique no combofix.exe, tecle 1 e em seguida Enter para prosseguir o Fix. Aguarde, pois é um pouco demorado.

 

OBS: Caso não queira que seja instalado o Console de Recuperação do Windows, clique em "Não" e depois concorde para que a verificação prossiga.

Se você optar por instalar este Console, na Inicialização do Sistema será apresentada a tela para Seleção dos Sistemas Operacionais.

Mais informações sobre o Console: http://support.microsoft.com/kb/307654/pt-br

 

O ComboFix reiniciará o PC automaticamente para completar o processo de remoção. Caso isso não aconteça, reinicie manualmente.

 

Quando acabar, será gerado um Log, que estará em C:\ComboFix.txt.

 

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando. Para parar ou sair do ComboFix, tecle "N".

 

Selecione, copie e cole o conteúdo do ComboFix.txt na sua próxima resposta + um novo Log do HijackThis e nos diga como está o seu PC após este procedimento.

 

OBS 2: Não execute o ComboFix mais do que uma vez. Isso irá sobreescrever o Log e dificultará a remoção do(s) malware(s).

 

OBS.1: Caso apareça uma mensagem avisando que ESTE NÃO É UM APLICATIVO WIN 32 VÁLIDO baixe o ComboFix novamente, mas salve-o em seu Desktop como KomboFix.

 

Caso ocorra algum erro, reinicie o computador em Modo Seguro (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização) e repita o procedimento.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Aqui Amigo

mas ainda continuo com os problemas ate agora!

 

ComboFix

 

 

ComboFix 09-04-25.A3 - Idemberg 26/04/2009 18:48.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1023.625 [GMT -3:00]

Executando de: c:\documents and settings\Idemberg\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\InfoSat.txt

D:\Autorun.inf

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_ASC3360PR

-------\Service_asc3360pr

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-05-26 to 2009-4-26 ))))))))))))))))))))))))))))

.

 

2009-04-26 17:24 . 2009-04-26 17:24 -------- d-----w c:\arquivos de programas\EA GAMES

2009-04-26 17:17 . 2003-12-21 20:24 140800 ----a-w c:\windows\system32\drivers\xmasbus.sys

2009-04-26 17:17 . 2003-12-20 23:03 5504 ----a-w c:\windows\system32\drivers\xmasscsi.sys

2009-04-26 17:17 . 2009-04-26 17:17 -------- d-----w c:\arquivos de programas\Alcohol Soft

2009-04-26 17:09 . 2009-04-26 17:09 717296 ----a-w c:\windows\system32\drivers\sptd.sys

2009-04-26 17:09 . 2009-04-26 17:09 -------- d-----w c:\documents and settings\Idemberg\Dados de aplicativos\DAEMON Tools Lite

2009-04-26 16:33 . 2009-04-26 16:33 -------- d-----w c:\documents and settings\Idemberg\Dados de aplicativos\Nero

2009-04-26 16:21 . 2009-04-26 16:21 4767 ----a-w c:\windows\Irremote.ini

2009-04-26 16:19 . 2009-04-26 16:19 -------- d-----w c:\arquivos de programas\Windows Sidebar

2009-04-26 16:09 . 2009-04-26 16:20 -------- d-----w c:\arquivos de programas\Nero

2009-04-26 16:08 . 2009-04-26 16:21 -------- d-----w c:\arquivos de programas\Arquivos comuns\Nero

2009-04-26 16:08 . 2009-04-26 16:15 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Nero

2009-04-26 05:11 . 2009-04-26 05:11 -------- d-----w c:\arquivos de programas\Shareaza

2009-04-26 05:11 . 2009-04-26 05:11 -------- d-----w c:\documents and settings\Idemberg\Dados de aplicativos\Shareaza

2009-04-26 05:11 . 2009-04-26 05:11 -------- d-----w c:\documents and settings\Idemberg\Configurações locais\Dados de aplicativos\Shareaza

2009-04-26 05:11 . 2009-04-26 05:11 -------- d-----w c:\documents and settings\Idemberg\Configurações locais\Dados de aplicativos\Shareaza

2009-04-26 05:11 . 2009-04-26 05:11 -------- d-----w c:\documents and settings\Idemberg\Configurações locais\Dados de aplicativos\Shareaza

2009-04-25 06:44 . 2009-04-25 06:44 -------- d-----w c:\documents and settings\Idemberg\Dados de aplicativos\Malwarebytes

2009-04-25 06:44 . 2009-04-06 18:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys

2009-04-25 06:44 . 2009-04-06 18:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-04-25 06:44 . 2009-04-25 06:44 -------- d-----w c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-04-25 06:44 . 2009-04-25 06:44 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2009-04-25 06:18 . 2009-04-25 06:18 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Yahoo! Companion

2009-04-24 15:57 . 2008-07-09 08:05 421888 ----a-w c:\windows\system32\ac3filter.acm

2009-04-24 15:57 . 2009-04-24 15:57 -------- d-----w c:\arquivos de programas\XP Codec Pack

2009-04-24 12:54 . 2008-04-13 14:45 10368 -c--a-w c:\windows\system32\dllcache\hidusb.sys

2009-04-24 12:54 . 2008-04-13 14:45 10368 ----a-w c:\windows\system32\drivers\hidusb.sys

2009-04-24 12:53 . 2009-04-26 17:32 -------- d-----w c:\arquivos de programas\GameVicio

2009-04-24 12:38 . 2009-04-24 12:38 -------- d-----w c:\arquivos de programas\EA SPORTS

2009-04-24 12:24 . 2009-04-25 06:51 -------- d-----w C:\PC

2009-04-24 03:52 . 2009-04-24 03:52 -------- d-----w c:\arquivos de programas\Yahoo!

2009-04-24 03:52 . 2009-04-24 03:52 -------- d-----w c:\arquivos de programas\CCleaner

2009-04-24 03:33 . 2009-04-24 03:33 -------- d-----w c:\windows\ERUNT

2009-04-24 03:30 . 2009-04-24 03:43 -------- d-----w C:\SDFix

2009-04-23 02:44 . 2009-04-23 02:44 -------- d-----w c:\documents and settings\Idemberg\Dados de aplicativos\Desktopicon

2009-04-23 02:44 . 2004-03-09 02:00 124688 ----a-w c:\windows\system32\MSWINSCK.OCX

2009-04-23 02:44 . 2009-04-23 02:44 -------- d-----w c:\arquivos de programas\DsNET Corp

2009-04-23 01:29 . 2008-04-13 14:45 26368 -c--a-w c:\windows\system32\dllcache\usbstor.sys

2009-04-23 00:38 . 2009-04-23 00:48 -------- d-----w C:\FindyKill

2009-04-22 23:55 . 2009-04-22 23:55 -------- d-----w c:\documents and settings\Idemberg\Dados de aplicativos\Gearbox Software

2009-04-22 23:43 . 2009-04-22 23:43 -------- d-----w c:\arquivos de programas\MSXML 4.0

2009-04-22 23:41 . 2009-04-22 23:41 -------- d-----w c:\arquivos de programas\Microsoft Games

2009-04-22 18:19 . 2009-04-22 18:19 -------- d-----w c:\arquivos de programas\City Interactive

2009-04-22 18:00 . 2009-04-22 18:00 -------- d-----w c:\documents and settings\Idemberg\Dados de aplicativos\Activision

2009-04-22 18:00 . 2009-04-22 18:00 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Activision

2009-04-22 17:57 . 2009-04-22 17:57 -------- d-----w c:\windows\system32\xlive

2009-04-22 17:25 . 2009-04-22 17:25 -------- d-----w c:\arquivos de programas\Activision

2009-04-22 17:24 . 2009-04-22 17:24 -------- d-sh--w c:\windows\ftpcache

2009-04-22 12:25 . 2009-04-22 12:25 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Ubisoft

2009-04-22 12:24 . 2009-04-25 07:11 -------- d-----w C:\Hijack

2009-04-22 11:59 . 2009-04-22 23:27 -------- d-----w c:\arquivos de programas\Ubisoft

2009-04-22 02:25 . 2008-04-14 12:00 219648 ----a-w c:\windows\system32\uxtheme.backup

2009-04-22 02:25 . 2009-04-22 02:25 8294454 ----a-w c:\windows\startup.bmp

2009-04-22 02:22 . 2009-04-22 02:25 -------- d-----w c:\windows\VistaMizer

2009-04-22 01:15 . 2009-04-22 01:15 -------- d-s---w c:\documents and settings\Idemberg\UserData

2009-04-22 00:21 . 2009-04-22 11:20 69392 ----a-w c:\documents and settings\Idemberg\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT

2009-04-22 00:21 . 2009-04-22 11:20 69392 ----a-w c:\documents and settings\Idemberg\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT

2009-04-22 00:21 . 2009-04-22 11:20 69392 ----a-w c:\documents and settings\Idemberg\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT

2009-04-22 00:17 . 2009-04-26 20:54 -------- d-----w c:\documents and settings\Idemberg\Contacts

2009-04-22 00:16 . 2009-04-22 00:16 -------- d-----w c:\arquivos de programas\MSN Messenger

2009-04-22 00:14 . 2009-04-22 02:22 -------- d--h--w c:\windows\$hf_mig$

2009-04-22 00:13 . 2009-04-22 00:13 0 ----a-w c:\windows\msicpl.ini

2009-04-22 00:05 . 2009-04-22 00:05 -------- d-----w c:\arquivos de programas\Windows Media Connect 2

2009-04-22 00:03 . 2009-04-22 00:03 -------- d-----w c:\arquivos de programas\Arquivos comuns\Adobe

2009-04-22 00:03 . 2007-12-05 05:53 356352 ----a-w c:\windows\system32\NVUNINST.EXE

2009-04-22 00:03 . 2009-04-22 00:03 0 ----a-w c:\windows\nsreg.dat

2009-04-22 00:02 . 2009-04-22 00:02 -------- d-----w c:\documents and settings\Idemberg\Configurações locais\Dados de aplicativos\Mozilla

2009-04-22 00:02 . 2009-04-22 00:02 -------- d-----w c:\documents and settings\Idemberg\Configurações locais\Dados de aplicativos\Mozilla

2009-04-22 00:02 . 2009-04-22 00:02 -------- d-----w c:\documents and settings\Idemberg\Configurações locais\Dados de aplicativos\Mozilla

2009-04-21 23:51 . 2006-10-26 22:56 32592 ----a-w c:\windows\system32\msonpmon.dll

2009-04-21 23:50 . 2009-04-21 23:50 -------- d-----w c:\arquivos de programas\Microsoft Works

2009-04-21 23:50 . 2009-04-21 23:50 -------- d-----w c:\arquivos de programas\MSBuild

2009-04-21 23:47 . 2009-04-21 23:47 -------- d-----w c:\windows\SHELLNEW

2009-04-21 23:47 . 2009-04-21 23:47 -------- d-----w c:\documents and settings\Idemberg\Configurações locais\Dados de aplicativos\Microsoft Help

2009-04-21 23:47 . 2009-04-21 23:47 -------- d-----w c:\documents and settings\Idemberg\Configurações locais\Dados de aplicativos\Microsoft Help

2009-04-21 23:47 . 2009-04-21 23:47 -------- d-----w c:\documents and settings\Idemberg\Configurações locais\Dados de aplicativos\Microsoft Help

2009-04-21 23:47 . 2009-04-21 23:51 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

2009-04-21 23:47 . 2009-04-21 23:47 -------- d--h--r C:\MSOCache

2009-04-21 23:43 . 2009-04-21 23:43 940794 ----a-w c:\windows\system32\LoopyMusic.wav

2009-04-21 23:43 . 2009-04-21 23:43 146650 ----a-w c:\windows\system32\BuzzingBee.wav

2009-04-21 23:43 . 2009-04-21 23:43 -------- d-----w c:\windows\system32\Lang

2009-04-21 23:40 . 2009-04-21 23:40 -------- d-----w c:\arquivos de programas\Realtek

2009-04-21 23:40 . 2006-05-04 19:26 2808832 ----a-w c:\windows\alcwzrd.exe

2009-04-21 23:40 . 2005-09-21 13:25 299008 ----a-w c:\windows\system32\ALSndMgr.cpl

2009-04-21 23:40 . 2005-05-03 21:43 143360 ----a-w c:\windows\Alcmtr.exe

2009-04-21 23:40 . 2009-04-21 23:40 315392 ----a-w c:\windows\HideWin.exe

2009-04-21 23:40 . 2007-07-26 20:09 520192 ----a-w c:\windows\RtlExUpd.dll

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-24 18:13 . 2009-04-21 22:32 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat

2009-04-23 00:44 . 2008-04-14 12:00 48846 ----a-w c:\windows\system32\perfc016.dat

2009-04-23 00:44 . 2008-04-14 12:00 344734 ----a-w c:\windows\system32\perfh016.dat

2009-04-22 17:57 . 2009-04-21 22:40 -------- d--h--w c:\arquivos de programas\InstallShield Installation Information

2009-04-22 02:25 . 2008-04-14 12:00 219648 ----a-w c:\windows\system32\uxtheme.dll

2009-04-21 23:41 . 2009-04-21 23:40 530 ----a-w C:\RHDSetup.log

2009-04-21 22:39 . 2009-04-21 22:39 -------- d-----w c:\arquivos de programas\Arquivos comuns\InstallShield

2009-04-21 22:39 . 2009-04-21 22:39 -------- d-----w c:\arquivos de programas\Intel

2009-04-21 22:33 . 2009-04-21 22:33 -------- d-----w c:\arquivos de programas\microsoft frontpage

2009-04-21 22:31 . 2009-04-21 22:31 -------- d-----w c:\arquivos de programas\Serviços on-line

2009-04-21 22:31 . 2009-04-21 22:31 -------- d-----w c:\arquivos de programas\Arquivos comuns\Serviços

2009-04-21 22:30 . 2009-04-21 22:30 21844 ----a-w c:\windows\system32\emptyregdb.dat

2009-02-09 14:06 . 2008-04-14 12:00 1846912 ----a-w c:\windows\system32\win32k.sys

2009-02-03 19:58 . 2008-04-14 12:00 56832 ----a-w c:\windows\system32\secur32.dll

.

 

------- Sigcheck -------

 

[-] 2008-04-14 12:00 588288 7C0E5D593730414B5994A15A6D10C201 c:\windows\system32\user32.dll

[-] 2008-04-14 12:00 588288 7C0E5D593730414B5994A15A6D10C201 c:\windows\system32\dllcache\user32.dll

[7] 2008-04-14 12:00 579072 54907DB28872A7A6D3EE2B4747A23828 c:\windows\VistaMizer\old\user32.dll

 

[7] 2008-04-14 12:00 668160 DF6D0F37A71883BE3505DD517EB8AD83 c:\windows\SoftwareDistribution\Download\1be89291acfa15b2dc21f62977b2b25f\backup\sp3gdr\wininet.dll

[7] 2008-04-14 12:00 668160 DF6D0F37A71883BE3505DD517EB8AD83 c:\windows\SoftwareDistribution\Download\1be89291acfa15b2dc21f62977b2b25f\backup\sp3qfe\wininet.dll

[-] 2008-04-14 12:00 813056 C52A23D26034DC3529D861704C45BD66 c:\windows\system32\wininet.dll

[-] 2008-04-14 12:00 813056 C52A23D26034DC3529D861704C45BD66 c:\windows\system32\dllcache\wininet.dll

[7] 2008-04-14 12:00 668160 DF6D0F37A71883BE3505DD517EB8AD83 c:\windows\VistaMizer\old\wininet.dll

 

[-] 2008-04-14 12:00 549376 B0C0BF2504B830BFC1E93CA39F3C75FE c:\windows\system32\winlogon.exe

[-] 2008-04-14 12:00 549376 B0C0BF2504B830BFC1E93CA39F3C75FE c:\windows\system32\dllcache\winlogon.exe

[7] 2008-04-14 12:00 509952 71D440F79B711627B12B567FB2EADB42 c:\windows\VistaMizer\old\winlogon.exe

 

[-] 2008-04-14 12:00 2285056 708C5ED2EA45BD5BC39823E1EA8006A5 c:\windows\system32\ntkrnlpa.exe

[7] 2008-04-14 12:00 2028032 763EE1C250EC83EFD11FBF51AC4A6D82 c:\windows\VistaMizer\old\ntkrnlpa.exe

 

[-] 2008-04-14 12:00 2406400 AB8D5375B151999AB31E2C0AB512EF75 c:\windows\system32\ntoskrnl.exe

[7] 2008-04-14 12:00 2149376 0ED0AB8E279126064A46A73A5ED59069 c:\windows\VistaMizer\old\ntoskrnl.exe

 

[-] 2008-04-14 12:00 1554432 F1A3E95588DB92660C8C6DAA9101D49B c:\windows\explorer.exe

[-] 2008-04-14 12:00 1554432 F1A3E95588DB92660C8C6DAA9101D49B c:\windows\system32\dllcache\explorer.exe

[7] 2008-04-14 12:00 1035776 064EC7FF5F58B928C3E119402977FA6D c:\windows\VistaMizer\old\explorer.exe

 

[-] 2008-04-14 12:00 25088 D67945A2290E98BB54D7792F09E7504E c:\windows\system32\ctfmon.exe

[-] 2008-04-14 12:00 25088 D67945A2290E98BB54D7792F09E7504E c:\windows\system32\dllcache\ctfmon.exe

[7] 2008-04-14 12:00 15360 4E486ADFE3A0B9ED0EB0639902E9F64F c:\windows\VistaMizer\old\ctfmon.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableTaskMgr"= 1 (0x1)

"DisableRegistryTools"= 1 (0x1)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"d:\\DVD-RW\\Programas\\Cleaners\\ccsetup214.exe"=

"c:\\WINDOWS\\SkyTel.EXE"=

"c:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"= c:\\Arquivos de programas\\MSN Messenger\\MsnMsgr.Exe

"c:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"c:\\WINDOWS\\system32\\nwiz.exe"=

"c:\\WINDOWS\\system32\\userinit.exe"=

"c:\\WINDOWS\\system32\\wscntfy.exe"=

"c:\\Arquivos de programas\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe"=

"c:\\Arquivos de programas\\Activision\\Quantum of Solace\\JB_LiveEngine_s.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\WINWORD.EXE"=

"c:\\WINDOWS\\system32\\dxdllreg.exe"=

"c:\\Arquivos de programas\\Windows Media Player\\wmplayer.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GrooveMonitor.exe"=

"c:\\Arquivos de programas\\Shareaza\\Shareaza.exe"=

"c:\\WINDOWS\\RTHDCPL.EXE"=

 

S0 xmasbus;xmasbus;c:\windows\system32\DRIVERS\xmasbus.sys [2003-12-21 140800]

S0 xmasscsi;xmasscsi;c:\windows\System32\Drivers\xmasscsi.sys [2003-12-20 5504]

S1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2005-03-16 13696]

S3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\system32\DRIVERS\l251x86.sys [2007-07-03 29696]

 

 

--- ---

 

*NewlyCreated* - ASC3360PR

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0858cf78-2ff9-11de-967c-00e04d7e0e55}]

\Shell\AutoRun\command - F:\qwtb.com

\Shell\open\Command - F:\qwtb.com

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{147a05a4-31d4-11de-9688-00e04d7e0e55}]

\sHELL\AuToPlay\CoMmand - F:\otojba.cmd

\sHELL\AutoRun\command - F:\otojba.cmd

\sHELL\eXpLORe\cOmmand - F:\otojba.cmd

\sHELL\oPEn\COmmaNd - F:\otojba.cmd

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1c2e5ae3-3286-11de-968a-00e04d7e0e55}]

\Shell\AutoRun\command - F:\Autorun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1da0671f-3287-11de-968c-00e04d7e0e55}]

\Shell\AutoRun\command - H:\RunGame.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bff86b98-31d4-11de-9689-00e04d7e0e55}]

\Shell\AutoRun\command - F:\qwtb.com

\Shell\open\Command - F:\qwtb.com

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cf771716-2f9f-11de-967b-00e04d7e0e55}]

\SHEll\AUtOplay\comMand - F:\cvun.pif

\SHEll\AutoRun\command - F:\cvun.pif

\SHEll\EXPLorE\COmManD - F:\cvun.pif

\SHEll\OPeN\CoMMand - F:\cvun.pif

.

.

------- Scan Suplementar -------

.

uInternet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1046

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\Idemberg\Dados de aplicativos\Mozilla\Firefox\Profiles\g9je5nca.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-26 18:50

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(728)

c:\windows\system32\SETUPAPI.dll

c:\windows\system32\sfc_os.dll

c:\windows\system32\cscui.dll

 

- - - - - - - > 'lsass.exe'(784)

c:\windows\system32\setupapi.dll

c:\windows\system32\psbase.dll

 

- - - - - - - > 'explorer.exe'(2732)

c:\windows\system32\SHDOCVW.dll

c:\windows\system32\COMRes.dll

c:\windows\System32\cscui.dll

c:\windows\system32\SETUPAPI.dll

c:\windows\system32\LINKINFO.dll

c:\windows\system32\ntshrui.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\windows\system32\NETSHELL.dll

c:\windows\system32\credui.dll

c:\windows\system32\MSVCP60.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe

c:\windows\RTHDCPL.exe

c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

c:\arquivos de programas\Adobe\Reader 9.0\Reader\reader_sl.exe

c:\windows\system32\rundll32.exe

c:\arquivos de programas\MSN Messenger\msnmsgr.exe

c:\arquivos de programas\Messenger\msmsgs.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\wscntfy.exe

c:\arquivos de programas\Microsoft Office\Office12\WINWORD.EXE

.

**************************************************************************

.

Tempo para conclusão: 2009-04-26 18:54 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-04-26 21:53

 

Pré-execução: 14 pasta(s) 63.976.706.048 bytes disponíveis

Pós execução: 13 pasta(s) 65.869.271.040 bytes disponíveis

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

274 --- E O F --- 2009-04-22 03:29

 

 

hijack

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:59:15, on 26/4/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\DOCUME~1\Idemberg\CONFIG~1\Temp\winaadwd.exe

C:\DOCUME~1\Idemberg\CONFIG~1\Temp\winvtlpsr.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\DOCUME~1\Idemberg\CONFIG~1\Temp\ailpu.exe

C:\Hijack\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1046

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [shareaza] "C:\Arquivos de programas\Shareaza\Shareaza.exe" -tray

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 5500 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

:thumbsup: Outros problemas foram removidos pelo Combofix.

 

:seta: Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet:

 

- Faça o download do USBFix e salve-o no desktop (área de trabalho):

http://rapidshare.com/files/186762158/UsbFix.exe

Obs: Quando acessar o site acima, clique no botão Free user > aguarde a contagem regressiva > Clique no botão Download.

 

● Desative temporariamente seu antivírus;

● Dê um duplo clique no ícone do programa e instale-o clicando em (Suivant > Aceite o contrato > Suivant > Suivant > Démarrer > Quitter);

● Dê um duplo clique no ícone do USBFix criado no desktop para executá-lo;

● Insira o pen drive, MP3, MP4, ou outra mídia removível que você suspeite que possa estar infectada na porta USB do PC;

● Tecle 1, pressione Enter e siga as instruções que aparecer. Seu computador será reiniciado, aguarde e espere-o reiniciar;

● O PC será reiniciado. Mantenha o pen drive no local. Não remova!

● Quando estiver reiniciando aparecerá uma tela azul lhe dizendo que as unidades estão sendo verificadas;

● Após reiniciar, a ferramenta será executada automaticamente. Apenas aguarde sem mover o mouse ou usar o teclado;

● Ao receber a mensagem "Nettoyage effectue!", tecle ENTER

● Será aberto o log no bloco de notas automaticamente. O log também estará em C:\UsbFix.txt.

 

OBS: Se após reiniciar o seu desktop sumir, tecle Ctrl + Alt + Delete para rodar o gerenciador de tarefas. Clique em Arquivo > Executar nova tarefa, digite: explorer.exe e dê um OK.

_______________________________________________________________________________

 

:seta: Siga também, por gentileza, as dicas deste tutorial para fazer um escaneamento de seu PC pelo Nod32 Online:

 

Tutorial do antivirus Nod32 Online

 

Após o término do escaneamento será gerado um relatório (log) que estará no seguinte local do seu computador:

C:\Arquivos de programas\EsetOnlineScanner\log

 

Na sua próxima resposta poste este log do Nod32 Online juntamente com um novo log do Hijackthis e com o log do Usbfix que estará em C:\UsbFix.txt e nos diga, por gentileza, como está o seu PC após seguir estes procedimentos.

 

Ficamos no aguardo.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.