[caroleella]

iexplore.exe popping mantém-se no meu Gerenciador de tarefas, apesar do fato de que eu não uso o IE. Está fazendo o meu computador lento, não é pop ups, por vezes, não há pop-up, apenas uma voz dizendo: "Parabéns, você ganhou ____" (tão louca), ou soa como uma janela de erro que aparece ou clicando em alguma coisa quando eu estou não fazer nada e nada está aparecendo na tela (na verdade, isso está fazendo meu computador som assombrado! Haha anyway)

Logfile da Trend Micro HijackThis v2.0.2
Scan saved at 9:12:42, em 9/27/2008
Plataforma: Windows XP SP2 (WinNT 5/01/2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Executando processos:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ Program Files \ Windows Defender \ MsMpEng.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ Intel \ Wireless \ Bin \ EvtEng.exe
C: \ Program Files \ Intel \ Wireless \ Bin \ S24EvMon.exe
C: \ Program Files \ Intel \ Wireless \ Bin \ WLKeeper.exe
C: \ WINDOWS \ system32 \ LEXBCES.EXE
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ WINDOWS \ system32 \ LEXPPS.EXE
C: \ Program Files \ Common Files \ AOL \ ACS \ AOLAcsd.exe
C: \ Program Files \ Common Files \ AOL \ TopSpeed \ 2.0 \ aoltsmon.exe
C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ Program Files \ PrevxCSI \ prevxcsi.exe
C: \ WINDOWS \ system32 \ dlcxcoms.exe
C: \ Program Files \ PrevxCSI \ prevxcsi.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ Common Files \ Microsoft Shared \ VS7DEBUG \ Mdm.exe
C: \ Program Files \ Dell \ cerca viva \ NICCONFIGSVC.exe
C: \ WINDOWS \ system32 \ nvsvc32.exe
C: \ Program Files \ Intel \ Wireless \ Bin \ RegSrvc.exe
C: \ WINDOWS \ system32 \ rpcnet.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ Program Files \ Viewpoint \ Common \ ViewpointService.exe
C: \ Program Files \ Webroot \ Enterprise \ Spy Sweeper \ spysweeper.exe
C: \ Program Files \ Webroot \ Enterprise \ Spy Sweeper \ commagent.exe
C: \ WINDOWS \ Explorer.EXE
C: \ WINDOWS \ system32 \ wscntfy.exe
C: \ Program Files \ Dell \ cerca viva \ quickset.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ WINDOWS \ system32 \ spool \ drivers \ w32x86 \ 3 \ hpztsb0 3.exe
C: \ Program Files \ iTunes \ iTunesHelper.exe
C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe
C: \ Program Files \ Windows Defender \ MSASCui.exe
C: \ WINDOWS \ system32 \ ctfmon.exe
C: \ Program Files \ Cisco Systems \ Limpeza Access Agent \ CCAAgent.exe
C: \ Program Files \ iPod \ bin \ iPodService.exe
C: \ Program Files \ Viewpoint \ Viewpoint Manager \ ViewMgr.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ WINDOWS \ system32 \ SJv56bM4.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ WINDOWS \ system32 \ ctfmon.exe
C: \ Arquivos de Programas \ ErrorSmart \ ErrorSmart.exe
C: \ Program Files \ Common Files \ AOL \ 1155864818 \ ee \ jusched.exe
C: \ Arquivos de Programas \ Adobe \ Acrobat 7.0 \ Reader \ AcroRd32.exe
C: \ Program Files \ America Online 9.0 \ shellmon.exe
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ Program Files \ Trend Micro \ HijackThis \ HijackThis.exe

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.bridgew.edu/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU \ Software \ Microsoft \ Internet Connection Wizard, ShellNext = http://www.bridgew.edu/
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Arquivos de Programas \ Adobe \ Acrobat 7.0 \ ActiveX \ AcroIEHelper.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O2 - BHO: Class solução - (99C6D1BB-7555-474C-91DA-D8FB62A9CC75) - C: \ WINDOWS \ system32 \ 58VayB0u.dll
O2 - BHO: Viewpoint Toolbar BHO - (A7327C09-B521-4EDB-8509-7D2660C9EC98) - C: \ Program Files \ Viewpoint \ Viewpoint Toolbar \ 3.8.0 \ ViewBarBHO.dll
O3 - Toolbar: AOL Toolbar - (4982D40A-C53B-4615-B15B-B5B5E98D167C) - C: \ Program Files \ AOL Toolbar \ toolbar.dll
O3 - Toolbar: Viewpoint Toolbar - (F8AD5AA5-D966-4667-9DAF-2561D68B2012) - C: \ Program Files \ Common Files \ Viewpoint \ Toolbar Runtime \ 3.8.0 \ IEViewBar.dll
O4 - HKLM \ .. \ Run: [NvCplDaemon] RUNDLL32.EXE C: \ WINDOWS \ system32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [Dell cerca viva] C: \ Program Files \ Dell \ cerca viva \ quickset.exe
O4 - HKLM \ .. \ Run: [NvMediaCenter] Rundll32.exe NvMCTray.dll, NvTaskbarInit
O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ WINDOWS \ system32 \ spool \ drivers \ w32x86 \ 3 \ hpztsb0 3.exe
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe"
O4 - HKLM \ .. \ Run: [DLCXCATS] rundll32 C: \ WINDOWS \ system32 \ spool \ DRIVERS \ W32X86 \ 3 e.dll \ DLCXtim, NvStartup 16
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [Windows Defender] "C: \ Program Files \ Windows Defender \ MSASCui.exe"-hide
O4 - HKLM \ .. \ Run: [ErrorSmart] C: \ Arquivos de Programas \ ErrorSmart \ ErrorSmart.exe
O4 - HKCU \ .. \ Run: [ctfmon.exe] C: \ WINDOWS \ system32 \ ctfmon.exe
O4 - HKCU \ .. \ Run: [AOL Fast Start] "C: \ Program Files \ America Online 9.0 \ AOL.EXE"-b
O4 - HKUS \ S-1-5-18 \ .. \ RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 -. DEFAULT User Startup: Limpeza Access Agent.lnk = C: \ Program Files \ Cisco Systems \ Limpeza Access Agent \ CCAAgent.exe (User 'Default user')
O4 - Startup: Limpeza Access Agent.lnk = C: \ Program Files \ Cisco Systems \ Limpeza Access Agent \ CCAAgent.exe
O6 - HKCU \ Software \ Policies \ Microsoft \ Internet Explorer \ Painel de Controle presentes
O8 - Extra context menu item: & AOL Toolbar search - res: / / C: \ Program Files \ AOL Toolbar \ toolbar.dll / SEARCH.HTML
O8 - Extra context menu item: E & xportar para o Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ MICROS ~ 2 \ OFFICE11 \ EXCEL.EXE/3000
O8 - Extra context menu item: Subscrever no leitor de RSS padrão - C: \ Documents and Settings \ Administrador \ Application Data \ RssBandit \ iecontext_subscribefeed.htm
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O9 - Extra button: AOL Toolbar - (4982D40A-C53B-4615-B15B-B5B5E98D167C) - C: \ Program Files \ AOL Toolbar \ toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - (4982D40A-C53B-4615-B15B-B5B5E98D167C) - C: \ Program Files \ AOL Toolbar \ toolbar.dll
O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ MICROS ~ 2 \ OFFICE11 \ REFIEBAR.DLL
O9 - Extra button: Real.com - (CD67F990-D8E9-11d2-98FE-00C0F0318AFE) - C: \ WINDOWS \ system32 \ Shdocvw.dll
O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @ Xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra button: PokerStars.net - (FA9B9510-9FCB-4ca0-818C-5D0987B47C4D) - C: \ Program Files \ PokerStars.NET \ PokerStarsUpdate.exe
O9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O15 - Trusted Zone: *. bridgew.edu
O16 - DPF: (01A88BB1-1174-41EC-ACCB-963509EAE56B) (SysProWmi Classe) -- http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: (17492023-C23A-453E-A040-C7C580BBF700) (Windows Genuine Advantage Validation Tool) -- http://go.microsoft.com/fwlink/?link...67&clcid=0x409
O16 - DPF: (5e2a3510-4371-11d6-b64c-00c04faedb18) (Oracle JInitiator 1.1.8.18) -- http://frmserv.bridgew.edu/jinitiator/jinit.exe
O16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl Class) -- http://update.microsoft.com/windowsu...?1121111428606
O16 - DPF: (6E32070A-766D-4EE6-879C-DC1FA91D2FC3) (MUWebControl Class) -- http://update.microsoft.com/microsof...?1121873156643
O16 - DPF: (BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19) (CPlayFirstddfotgControl Object) -- http://aolsvc.aol.com/onlinegames/fr...g.1.0.0.33.cab
O20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C: \ Program Files \ Common Files \ Adobe Systems Shared \ Service \ Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C: \ Program Files \ Common Files \ AOL \ ACS \ AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - A America Online, Inc - C: \ Program Files \ Common Files \ AOL \ TopSpeed \ 2.0 \ aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C: \ WINDOWS \ System32 \ Ati2evxx.exe
O23 - Service: CSIScanner - Prevx - C: \ Program Files \ PrevxCSI \ prevxcsi.exe
O23 - Service: dlcx_device - - C: \ WINDOWS \ system32 \ dlcxcoms.exe
O23 - Service: Intel (R) PROSet / Wireless Event Log (EvtEng) - Intel Corporation - C: \ Program Files \ Intel \ Wireless \ Bin \ EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C: \ Program Files \ iPod \ bin \ iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C: \ WINDOWS \ system32 \ LEXBCES.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C: \ Program Files \ Dell \ cerca viva \ NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C: \ WINDOWS \ system32 \ nvsvc32.exe
O23 - Service: Intel (R) PROSet / Wireless Registry Service (RegSrvc) - Intel Corporation - C: \ Program Files \ Intel \ Wireless \ Bin \ RegSrvc.exe
O23 - Service: Chamada de procedimento remoto (RPC) Net (Rpcnet) - Unknown owner - C: \ WINDOWS \ system32 \ rpcnet.exe
O23 - Service: Intel (R) PROSet / Wireless Service (S24EventMonitor) - Intel Corporation - C: \ Program Files \ Intel \ Wireless \ Bin \ S24EvMon.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C: \ Program Files \ Viewpoint \ Common \ ViewpointService.exe
O23 - Service: Webroot CommAgent Service (WebrootCommAgentService) - Webroot Software, Inc. - C: \ Program Files \ Webroot \ Enterprise \ Spy Sweeper \ commagent.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C: \ Program Files \ Webroot \ Enterprise \ Spy Sweeper \ spysweeper.exe
O23 - Service: Intel (R) PROSet / Wireless SSO Service (WLANKEEPER) - Intel (R) Corporation - C: \ Program Files \ Intel \ Wireless \ Bin \ WLKeeper.exe

--
End of file - 10609 bytes

[evilfantasy]

Bem-vindo ao CJ.

Imprima estas instruções, pois serão necessários mais tarde, quando o acesso à Internet não está disponível.

Baixar SDFix por AndyManchesta e salvá-lo em seu desktop.

Ao utilizar esta ferramenta, você deve usar o Administrador da conta ou uma conta com Direitos administrativos

• Dê um clique duplo SDFix.exe e ele irá extrair os arquivos para% systemdrive%
• (esta é a unidade que contém o diretório do Windows, normalmente C: \ SDFix).
• NÃO usá-lo apenas ainda.

Reinicie o computador no Safe Mode utilizando o F8 método. Para fazer isso, reinicie o seu computador e depois de ouvido o computador apitar uma vez durante a inicialização (mas antes de o ícone do Windows) pressione a tecla F8 repetidamente. Um menu irá aparecer com várias opções. Use as setas para navegar e seleccionar a opção para executar o Windows no "Modo Seguro".

Abra a pasta SDFix e clique duas vezes RunThis.bat para iniciar o script.

• Tipo Y para iniciar o processo de limpeza.
• Ela irá remover qualquer Tróia ou Serviços Secretaria entradas encontradas, em seguida, pedir-lhe para pressione qualquer tecla para reiniciar.
• Pressione qualquer tecla e ele irá reiniciar o PC.
• Quando o PC reinicia, o Fixtool irá correr novamente e concluir o processo de remoção em seguida, apresentar Finished, Pressione qualquer tecla para terminar o script e carregar seu desktop ícones.
• Após carregar os ícones do desktop SDFix relatório será aberta na tela e também em salvar a pasta SDFix como Report.txt.
• Copie e cole o conteúdo do arquivo resultados Report.txt na sua próxima resposta, juntamente com um novo HijackThis log.

[caroleella]

SDFix: Version 1,229
Run by Administrador on Sat 09/27/2008 at 10:50

Microsoft Windows XP [Versão 5/1/2600]
Running From: C: \ SDFix

Verificando Serviços :


Restaurar Padrão de Segurança Valores
Restaurar Predefinição Arquivo Hosts

Reinicializar


Verificar Arquivos :

Não Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

CatchMe 0.3.1361.2 W2K/XP/Vista - rootkit / stealth malware detector por Gmer, http://www.gmer.net
Rootkit scan 2008-09-27 23:14:36
5/1/2600 Windows Service Pack 2 NTFS

digitalizar processos escondidos ...

varredura serviços ocultos e sistema colmeia ...

varredura escondida Registro entradas ...

digitalizar os arquivos ocultos ...

varredura foi concluída com êxito
processos ocultos: 0
serviços ocultos: 0
ficheiros ocultos: 0


Restantes serviços :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ serviços es \ SharedAccess \ Parameters \ firewallpolicy \ standard profile \ authorizedapplications \ list]
"% windir% \ \ system32 \ \ Sessmgr.exe" = "% windir% \ \ siste M32 \ \ Sessmgr.exe: *: Enabled: @ Xpsp2res.dll, -22019"
"C: \ Program Files \ \ RssBandit \ \ RSSBandit.exe" = "C: \ Program Files \ \ RssBandit \ \ RSSBandit.exe: *: Enabled: RSS Bandit"
"E: \ \ CtmWeb27155-48482 \ \ ctmweb.exe" = "E: \ \ CtmWeb27155-48482 \ ctmweb.exe \: *: Enabled: ctmweb.exe"
"C: \ \ Program Files \ \ Common Files \ AOL \ \ Loader \ \ aolload.exe" = "C: \ \ Program Files \ \ Common Files \ AOL \ \ Loader \ \ aolload.exe: *: Enabled : AOL Application Loader "
"C: \ \ Program Files \ \ Common Files \ AOL \ \ ACS \ \ AOLDial.exe" = "C: \ \ Program Files \ \ Common Files \ AOL \ \ ACS \ \ AOLDial.exe: *: Enabled : AOL "
"C: \ \ Program Files \ \ Common Files \ AOL \ \ ACS \ \ AOLacsd.exe" = "C: \ \ Program Files \ \ Common Files \ AOL \ \ ACS \ \ AOLacsd.exe: *: Enabled : AOL "
"C: \ \ Arquivos de Programas \ \ America Online 9.0 \ \ waol.exe" = "C: \ \ Arquivos de Programas \ \ America Online 9.0 \ \ waol.exe: *: Enabled: AOL"
"C: \ \ Program Files \ \ Common Files \ AOL \ \ TopSpeed \ \ 2.0 \ \ aoltsmon.exe" = "C: \ \ Prog ram Files \ \ Common Files \ AOL \ \ TopSpeed \ \ 2.0 \ \ aoltsmon.exe: *: Enabled: AOLTsMon "
"C: \ \ Program Files \ \ Common Files \ AOL \ \ TopSpeed \ \ 2.0 \ \ aoltpspd.exe" = "C: \ \ Prog ram Files \ \ Common Files \ AOL \ \ TopSpeed \ \ 2.0 \ \ aoltpspd.exe: *: Enabled: AOLTopSpeed "
"C: \ Program Files \ \ Common Files \ AOL \ 1155864818 \ ee \ \ \ AOLServiceHost.exe" = "C: \ Program Files \ \ Common Files \ AOL \ 1155864818 \ ee \ \ \ AOLServiceHost . exe: *: E nabled: AOL "
"C: \ \ Program Files \ \ Common Files \ AOL \ \ System \ \ sinf.exe" = "C: \ \ Program Files \ \ Common Files \ AOL \ \ System \ \ sinf.exe: * : Enabled: AOL "
"C: \ \ Program Files \ \ Common Files \ AOL \ \ AOL Spyware Protecção \ \ AOLSP Scheduler.exe" = "C: \ \ Program Files \ \ Common Files \ AOL \ \ AOL Spyware Protecção \ \ AOLSP Agendador . exe: *: Enabled: AOL "
"C: \ \ Program Files \ \ Common Files \ AOL \ \ AOL Spyware Protecção \ \ Asp.exe" = "C: \ \ Program Files \ \ Common Files \ AOL \ \ AOL Spyware Protecção \ \ Asp.exe : *: Enabled: AOL "
"C: \ \ Program Files \ \ Common Files \ \ AolCoach \ \ en_en \ \ player \ \ AOLNySEV.exe" = "C: \ \ Program Files \ \ Common Files \ \ AolCoach \ \ en_en \ \ player \ \ AOLNySEV . exe: *: Ena sangrados: AOL "
"C: \ Program Files \ \ FTP Commander Pro \ \ cftp.exe" = "C: \ Program Files \ \ FTP Commander Pro \ cftp.exe \: *: Enabled: cftp"
"C: \ Program Files \ \ FTP Commander \ \ ftpcomm.exe" = "C: \ Program Files \ \ FTP Commander \ ftpcomm.exe \: *: Enabled: ftpcomm"
"C: \ \ Arquivos de Programas \ \ Real \ \ RealPlayer \ \ realplay.exe" = "C: \ \ Progra m Files \ \ Real \ \ RealPlayer \ \ realplay.exe: *: Enabled: Re alPlayer"
"C: \ \ StubInstaller.exe" = "C: \ \ StubInstaller.exe: *: E nabled: LimeWire swarmed instalador"
"C: \ \ Arquivos de Programas \ \ LimeWire \ \ LimeWire.exe" = "C: \ \ Arquivos de Programas \ \ LimeWire \ \ LimeWire.exe: *: Enabled: LimeWire"
"C: \ Program Files \ \ SmartFTP Client 2.0 \ \ SmartFTP.exe" = "C: \ Program Files \ \ SmartFTP Client 2.0 \ \ SmartFTP.exe: *: Enabled: SmartFTP Client 2.0"
"C: \ \ Arquivos de Programas \ \ Bittornado \ \ btdownloadgui.exe" = "C: \ \ Arquivos de Programas \ \ Bittornado \ \ btdownloadgui.exe: *: Enabled: btd ownloadgui"
"C: \ Program Files \ \ Common Files \ AOL \ 1155864818 \ ee \ \ \ jusched.exe" = "C: \ Program Files \ \ Common Files \ AOL \ 1155864818 \ \ ee \ aolsoftware \ . exe: *: Enab levou: AOL Services "
"C: \ \ Arquivos de Programas \ \ Mozilla Firefox \ \ firefox.exe" = "C: \ \ Arquivos de Programas \ \ Mozilla Firefox \ \ firefox.exe: *: Enabled: Firefox"
"C: \ Program Files \ \ Get-Torrent \ \ Get-Torrent.exe" = "C: \ Program Files \ \ Get-Torrent \ \ Get-Torrent.exe: *: Enabled: aplicação P2P Torrent"
"C: \ Program Files \ \ Restaurant Empire \ \ re.exe" = "C: \ Program Files \ \ Restaurant Empire \ re.exe \: *: Enabled:" re
"C: \ Program Files \ \ BitZip \ \ bitzip.exe" = "C: \ Program Files \ \ BitZip \ bitzip.exe \: *: Enabled: BitZip"
"C: \ \ Arquivos de Programas \ \ uTorrent \ \ uTorrent.exe" = "C: \ \ Arquivos de Programas \ \ uTorrent \ \ uTorrent.exe: *: Enabled: æTorrent"
"C: \ \ Arquivos de Programas \ \ iTunes \ \ iTunes.exe" = "C: \ \ Arquivos de Programas \ \ iTunes \ \ iTunes.exe: *: Enabled: iTunes"
"% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" = "% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe: *: Enabled: @ Xpsp3res.dll, -20000"
"C: \ WINDOWS \ \ system32 \ \ dlcxcoms.exe" = "C: \ WINDOWS \ \ system32 \ dlcxcoms.exe \: *: Enabled: Dell 926 Server"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ serviços es \ SharedAccess \ Parameters \ firewallpolicy \ domainpr ofile \ authorizedapplications \ list]
"% windir% \ \ system32 \ \ Sessmgr.exe" = "% windir% \ \ siste M32 \ \ Sessmgr.exe: *: Enabled: @ Xpsp2res.dll, -22019"
"E: \ \ CtmWeb27155-48482 \ \ ctmweb.exe" = "E: \ \ CtmWeb27155-48482 \ ctmweb.exe \: *: Enabled: Instalação Computrace ctmweb / Application Management"
"% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" = "% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe: *: Enabled: @ Xpsp3res.dll, -20000"

Remaining Files :



Arquivos com Hidden Attributes :

Tue 12 de julho de 2005 54,872 A.. H. --- "C: \ Program Files \ America Online 9.0 \ AOLphx.exe"
Tue 12 de julho de 2005 31,832 A.. H. --- "C: \ Program Files \ America Online 9.0 \ rbm.exe"
Wed 13 de outubro de 2004 1694208 A.. H. --- "C: \ Program Files \ Messenger \ MsnMsgr.Exe"
Wed 17 Sep 2008 162 A.. H. --- "C: \ Documents and Settings \ Administrador \ Meus documentos \ ~ $ RL3917.tmp"
Sex 23 Nov 2007 4.840.960 ... H. --- "C: \ Documents and Settings \ Administrator \ My Documents \ ~ WRL3917.tmp"
Dom 1 abr 2007 247 A.. H. --- "C: \ Program Files \ InterActual Player \ InterActual \ itiC9F.tmp"
Dom 1 Jul 2007 0 A.SH. --- "C: \ Documents and Settings \ All Users \ DRM \ Cache \ Indiv01.tmp"
Seg 14 Jan 2008 3,459 ... HR --- "C: \ Documents and Settings \ Administrador \ Dados de aplicativos \ SecuROM \ UserData \ securom_v7_01.bak"
Sáb 27 Set 2008 4,750 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS00643642-9444-46D7-A0F8-98BCEC733FED.tmp"
Sáb 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS02319C6A-A321-4C8D-9995-820B7395AC0C.tmp"
Sáb 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS025EABA1-CC11-4560-8E12-630DDF3DA7B2.tmp"
Sáb 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS045F4367-E293-4856-99b6-A55965765747.tmp"
Sáb 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS068F3C9C-D92F-41E5-AF3C-3917DFD07FFB.tmp"
Sáb 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS0ABE791D-AAB6-45AE-94C0-81FF065FB64C.tmp"
Sáb 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS0B798094-B44A-427A-B9DC-654E158521EB.tmp"
Sáb 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS0C1801B8-619C-45EF-A0A9-6FDF58378626.tmp"
Sáb 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS0DC230DD-648D-4C7A-a46f-125E3BBCACF0.tmp"
Sáb 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS0FD1D4A0-7A3B-4426-BF06-CBE8A10161D9.tmp"
Sáb 27 Set 2008 12,540 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS12E3E01D-D993-4077-84CD-270FC7998D10.tmp"
Sáb 27 Set 2008 5,616 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS1558A464-A8A5-4699-8AD4-1FD636BA73F0.tmp"
Sáb 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS16C4CA8E-b45e-4C74-A16A-C6547AC6862A.tmp"
Sáb 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS171F971D-9918-4BF8-934E-9F971CE3A62E.tmp"
Sáb 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS18482343-5AA4-4A75-B35E-1DE367BE8DF8.tmp"
Sáb 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS1F408231-9AD4-4F3A-8F71-E4D1A885E2D9.tmp"
Sáb 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS22C553D7-9E17-42E7-9BAC-FD08E49F2DA7.tmp"
Sáb 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS29899F67-1A0A-49C1-BF8C-969C56BFE72D.tmp"
Sáb 27 Set 2008 40,408 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS2CE2DD8D-1B89-4236-8CEB-8AE2092F011D.tmp"
Sáb 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS2DE8E664-10D0-4bc0-B385-C28929E5600F.tmp"
Sáb 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS35CD56A6-869F-4E8D-9744-F5243F94B4B1.tmp"
Sáb 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS3A52BAF2-C6D8-48c5-A517-8F08AFB8035A.tmp"
Sáb 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS3EC9B69D-3F89-4FC5-B941-1463F3BD2234.tmp"
Sáb 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS3EADD09D-E99C-4EDA-87E8-14DD31C5A1CA.tmp"
Sáb 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS3EDF6917-B0B7-4164-BAA8-7013E06D5FCA.tmp"
Sáb 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS3FF4AFC6-0025-4047-AEFB-7C34313D972F.tmp"
Sáb 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS4031D191-1F75-49F0-8272-A12ACD39C269.tmp"
Sáb 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS416C7484-2AC6-4BFE-8364-B3DC9640EB90.tmp"
Sáb 27 Set 2008 27,677 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS42B72C22-0C5B-4053-87A4-D8EB671C2029.tmp"
Sáb 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS4C83367A-C322-4725-A861-182E13107846.tmp"
Sáb 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS4DB48154-31C5-424F-B7EB-6337D7279415.tmp"
Sáb 27 Set 2008 3,393 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS4EAE423C-33F9-4d19-AD00-4127948E7F39.tmp"
Sáb 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS4FE7BDE5-631A-4BEE-BA59-2A86CECDA9DA.tmp"
Sáb 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS50B44EC6-2F2E-4D16-áÇ0Ç-376383467A7C.tmp"
Sáb 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS56CA220B-41A4-4EBA-B217-FF3A496AA590.tmp"
Sáb 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS5AF7C2DD-39F4-4b22-8F5A-11FC428681E1.tmp"
Sáb 27 Set 2008 101,080 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS5DCC2C2E-7275-4CC4-9192-B113F353FB5F.tmp"
Sáb 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS5D528DF5-B79E-4EE1-9D6C-1EC565BBBC62.tmp"
Sáb 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS6011FD6D-D50D-43A0-AE81-A050DD789327.tmp"
Sáb 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS62CC7F66-91d7-40E6-9C86-9E1A90363BBD.tmp"
Sáb 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS6548601C-9bb6-472C-AA53-447B881C2428.tmp"
Sáb 27 Set 2008 6.247.755 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS6946DC39-11B6-4B93-A005-7F3C9D123F87.tmp"
Sáb 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS69A2BD78-4F53-4EBE-A0E3-D640854156D9.tmp"
Sáb 27 Set 2008 198,358 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS6927849A-B300-4980-AAEB-7DBA1C6E4164.tmp"
Sáb 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS6945CE07-04BF-439f-987F-028637985DF0.tmp"
Sáb 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS6FE21A12-C11B-4E43-99E2-FA8F960870E1.tmp"
Sáb 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS700D83FE-2571-4AE3-89BC-6DD584F68699.tmp"
Sáb 27 Set 2008 3.195.852 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS713A2772-B7C7-4A87-BÆb-E92C67ED4580.tmp"
Sáb 27 Set 2008 143,110 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS71EC4FAD-E45A-4E20-AE13-D864D8CA24A1.tmp"
Sáb 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS716E87B1-65B4-4487-B09B-19A89B9F5C97.tmp"
Sáb 27 Set 2008 1.909.332 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS7366E027-AE32-4bc8-9360-699C2C95BEB0.tmp"
Sáb 27 Set 2008 270,314 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS75371617-A509-4e33-9f16-118AA8AC2918.tmp"
Sáb 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS767A458F-F431-46EB-A2DA-88FB1A7E3E7D.tmp"
Sáb 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS7A70C6B2-5850-4473-9585-E0C43F090F27.tmp"
Sáb 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS7B30F8F2-8A4F-42B9-B9F8-625709173611.tmp"
Sáb 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS7C1354E8-D74C-4AC8-BE8F-7167A5076F4A.tmp"
Sáb 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS7CBB22C6-4E66-4720-995F-1C2ADC632A9B.tmp"
Sáb 27 Set 2008 642 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS7E1AA5E0-4CF4-2F18-B64E-8EB8F378DF31.tmp"
Sáb 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS7FEECAB9-C6A6-4302-9AA6-F69FA542ED3D.tmp"
Sáb 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS840E4E3A-C733-4DC5-A8F3-B248CC83075B.tmp"
Sáb 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS8716D8FB-A364-4288-8B00-55605E1EF6C0.tmp"
Sáb 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS89FE094B-45FA-4923-87F1-139238C4F97B.tmp"
Sáb 27 Set 2008 610 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS8A4D2B50-2BB9-4DC6-9E5E-3CB11929C3D2.tmp"
Sáb 27 Set 2008 4,532 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS8E7D97AA-E673-4952-AA06-A468A9C52A7C.tmp"
Sáb 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS8FB3E905-99ba-4D9E-9C2A-B17FB19F5132.tmp"
Sáb 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS92FF4DE9-51A7-4FEA-9F94-4984E35FDB14.tmp"
Sáb 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS94946861-C52C-4360-B5D7-0BAA075D88BB.tmp"
Sáb 27 Set 2008 674 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS9766DA24-0126-49B8-821D-0BBD42716F70.tmp"
Sáb 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS9CF76AA8-C8DD-426D-8974-7952EA0782D3.tmp"
Sáb 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS9DE19017-8F84-45F0-8707-3157A64B6CEA.tmp"
Sáb 27 Set 2008 1.190.410 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS9F48133A-1109-42eb-93AA-A3CB3CACBCBF.tmp"
Sáb 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCSABDB0578-02AF-4BA8-A501-9A8992ED7BDB.tmp"
Sáb 27 Set 2008 2,736 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCSAD28D6FF-3940-4F08-A657-2E61F69B5449.tmp"
Sáb 27 Set 2008 75,790 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCSB18333D4-60E0-438D-B085-7DB36F72F77D.tmp"
Sáb 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCSB74C069F-C392-4F81-8670-212FC280E95D.tmp"
Sáb 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCSB76C1894-7B69-4834-97D3-B402FE20935A.tmp"
Sáb 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCSB73D6FFC-0e8c-41B9-84d3-8810EC6D9228.tmp"
Sáb 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCSB9036DEB-8242-4521-A54E-139AF6A9A190.tmp"
Sáb 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCSBAE9F5F5-FA44-4E05-9A1D-A462CE8AF520.tmp"
Sáb 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCSBBCD6D72-A069-40FF-9AF2-916180E0A88E.tmp"
Sáb 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCSBBCBA3E5-E607-436E-B3EE-A1DEAC925872.tmp"
Sáb 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCSBEC0CEEC-C42B-4B06-A604-EAAD26CE6255.tmp"
Sáb 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCSC5D01365-2009-400C-A9A3-5F990CF4A80D.tmp"
Sáb 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCSC9E0B767-5A0A-47B9-A439-227E2B94F887.tmp"
Sáb 27 Set 2008 134,148 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCSD2617AFF-BC61-4BFE-b8E6-6CC988A0F275.tmp"
Sáb 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCSD21BE94F-9EE4-475B-B0A2-24C81FFF173F.tmp"
Sáb 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCSD4AA62E4-9d9e-4B7B-9CD0-686A2C05AEF7.tmp"
Sáb 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCSD729F3FB-EE09-459B-A678-BD9132629FDF.tmp"
Sáb 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCSD8157780-DB4C-464E-B192-D31296C412A8.tmp"
Sáb 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCSD97D795A-5F39-4fdd-A7EF-691DEBB65005.tmp"
Sáb 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCSDA1F438F-BCAF-4452-A79A-167408950654.tmp"
Sáb 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCSDA218F7C-D867-4690-96E2-789F80A7D3E0.tmp"
Sáb 27 Set 2008 20,968 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCSDBBDCE8F-1CB9-456D-9A48-B332BFDD4DA3.tmp"
Sáb 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCSDC4DE87E-7FB7-4AAF-9341-074C383E5277.tmp"
Sáb 27 Set 2008 2.168.120 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCSDC4805C4-09F4-44df-953F-40714AC7B32D.tmp"
Sáb 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCSDC54187B-23EE-4C63-A3C1-F95DD71DC749.tmp"
Sáb 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCSE542CE01-559A-4B52-B46E-3ABA034CB806.tmp"
Sáb 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCSE76031B3-69B7-40CD-98AA-1FBADCFD80F9.tmp"
Sáb 27 Set 2008 538 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCSE89A2A1E-7243-491E-8713-779584114914.tmp"
Sáb 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCSE9F327DF-50B6-42E2-B361-B1279BCFE655.tmp"
Sáb 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCSEAF8FCDA-0414-40ED-8AC7-F6E8BA990710.tmp"
Sáb 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCSEC43267D-076B-42D7-838C-4A46B1619D44.tmp"
Sáb 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCSED7CFB5E-591ç-4B3A-BB59-99AC6B355CE9.tmp"
Sáb 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCSF03658AA-EBC4-437C-8F4E-338B053BBCC5.tmp"
Sáb 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCSF1EE7C84-96F2-4922-8549-E4F727B9B3A5.tmp"
Sáb 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCSF5708FAD-F162-475A-BBD8-590D8EED1563.tmp"
Sáb 27 Set 2008 1.609.542 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCSF60C8606-1E32-4C46-9DD9-9591141A47D3.tmp"
Sáb 27 Set 2008 29,084 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCSF7DCFFB4-3037-49B4-8FAF-FB62C2892816.tmp"
Sáb 27 Set 2008 16,965 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCSFABFD6CE-CC5D-4B27-9BE0-5CE94D2BE9C9.tmp"

Pronto!






Logfile da Trend Micro HijackThis v2.0.2
Scan saved at 11:22:30, on 9/27/2008
Plataforma: Windows XP SP2 (WinNT 5/01/2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Executando processos:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ Program Files \ Windows Defender \ MsMpEng.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ Intel \ Wireless \ Bin \ EvtEng.exe
C: \ Program Files \ Intel \ Wireless \ Bin \ S24EvMon.exe
C: \ Program Files \ Intel \ Wireless \ Bin \ WLKeeper.exe
C: \ WINDOWS \ system32 \ LEXBCES.EXE
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ WINDOWS \ system32 \ LEXPPS.EXE
C: \ Program Files \ Common Files \ AOL \ ACS \ AOLAcsd.exe
C: \ Program Files \ Common Files \ AOL \ TopSpeed \ 2.0 \ aoltsmon.exe
C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ Program Files \ PrevxCSI \ prevxcsi.exe
C: \ Program Files \ PrevxCSI \ prevxcsi.exe
C: \ WINDOWS \ system32 \ dlcxcoms.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ Common Files \ Microsoft Shared \ VS7DEBUG \ Mdm.exe
C: \ Program Files \ Dell \ cerca viva \ NICCONFIGSVC.exe
C: \ WINDOWS \ system32 \ nvsvc32.exe
C: \ Program Files \ Intel \ Wireless \ Bin \ RegSrvc.exe
C: \ WINDOWS \ system32 \ rpcnet.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ Program Files \ Viewpoint \ Common \ ViewpointService.exe
C: \ Program Files \ Webroot \ Enterprise \ Spy Sweeper \ spysweeper.exe
C: \ WINDOWS \ Explorer.EXE
C: \ Program Files \ Webroot \ Enterprise \ Spy Sweeper \ commagent.exe
C: \ WINDOWS \ system32 \ wscntfy.exe
C: \ Program Files \ Viewpoint \ Viewpoint Manager \ ViewMgr.exe
C: \ WINDOWS \ system32 \ notepad.exe
C: \ Program Files \ Dell \ cerca viva \ quickset.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ WINDOWS \ system32 \ spool \ drivers \ w32x86 \ 3 \ hpztsb0 3.exe
C: \ Program Files \ iTunes \ iTunesHelper.exe
C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe
C: \ Program Files \ Windows Defender \ MSASCui.exe
C: \ Arquivos de Programas \ ErrorSmart \ ErrorSmart.exe
C: \ WINDOWS \ system32 \ ctfmon.exe
C: \ Program Files \ America Online 9.0 \ waol.exe
C: \ Program Files \ Cisco Systems \ Limpeza Access Agent \ CCAAgent.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Program Files \ iPod \ bin \ iPodService.exe
C: \ Program Files \ America Online 9.0 \ shellmon.exe
C: \ Program Files \ Trend Micro \ HijackThis \ HijackThis.exe

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.bridgew.edu/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU \ Software \ Microsoft \ Internet Connection Wizard, ShellNext = http://www.bridgew.edu/
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Arquivos de Programas \ Adobe \ Acrobat 7.0 \ ActiveX \ AcroIEHelper.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O2 - BHO: Viewpoint Toolbar BHO - (A7327C09-B521-4EDB-8509-7D2660C9EC98) - C: \ Program Files \ Viewpoint \ Viewpoint Toolbar \ 3.8.0 \ ViewBarBHO.dll
O3 - Toolbar: AOL Toolbar - (4982D40A-C53B-4615-B15B-B5B5E98D167C) - C: \ Program Files \ AOL Toolbar \ toolbar.dll
O3 - Toolbar: Viewpoint Toolbar - (F8AD5AA5-D966-4667-9DAF-2561D68B2012) - C: \ Program Files \ Common Files \ Viewpoint \ Toolbar Runtime \ 3.8.0 \ IEViewBar.dll
O4 - HKLM \ .. \ Run: [NvCplDaemon] RUNDLL32.EXE C: \ WINDOWS \ system32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [Dell cerca viva] C: \ Program Files \ Dell \ cerca viva \ quickset.exe
O4 - HKLM \ .. \ Run: [NvMediaCenter] Rundll32.exe NvMCTray.dll, NvTaskbarInit
O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ WINDOWS \ system32 \ spool \ drivers \ w32x86 \ 3 \ hpztsb0 3.exe
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe"
O4 - HKLM \ .. \ Run: [DLCXCATS] rundll32 C: \ WINDOWS \ system32 \ spool \ DRIVERS \ W32X86 \ 3 e.dll \ DLCXtim, NvStartup 16
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [Windows Defender] "C: \ Program Files \ Windows Defender \ MSASCui.exe"-hide
O4 - HKLM \ .. \ Run: [ErrorSmart] C: \ Arquivos de Programas \ ErrorSmart \ ErrorSmart.exe
O4 - HKCU \ .. \ Run: [ctfmon.exe] C: \ WINDOWS \ system32 \ ctfmon.exe
O4 - HKCU \ .. \ Run: [AOL Fast Start] "C: \ Program Files \ America Online 9.0 \ AOL.EXE"-b
O4 - HKUS \ S-1-5-18 \ .. \ RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 -. DEFAULT User Startup: Limpeza Access Agent.lnk = C: \ Program Files \ Cisco Systems \ Limpeza Access Agent \ CCAAgent.exe (User 'Default user')
O4 - Startup: Limpeza Access Agent.lnk = C: \ Program Files \ Cisco Systems \ Limpeza Access Agent \ CCAAgent.exe
O6 - HKCU \ Software \ Policies \ Microsoft \ Internet Explorer \ Painel de Controle presentes
O8 - Extra context menu item: & AOL Toolbar search - res: / / C: \ Program Files \ AOL Toolbar \ toolbar.dll / SEARCH.HTML
O8 - Extra context menu item: E & xportar para o Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ MICROS ~ 2 \ OFFICE11 \ EXCEL.EXE/3000
O8 - Extra context menu item: Subscrever no leitor de RSS padrão - C: \ Documents and Settings \ Administrador \ Application Data \ RssBandit \ iecontext_subscribefeed.htm
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O9 - Extra button: AOL Toolbar - (4982D40A-C53B-4615-B15B-B5B5E98D167C) - C: \ Program Files \ AOL Toolbar \ toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - (4982D40A-C53B-4615-B15B-B5B5E98D167C) - C: \ Program Files \ AOL Toolbar \ toolbar.dll
O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ MICROS ~ 2 \ OFFICE11 \ REFIEBAR.DLL
O9 - Extra button: Real.com - (CD67F990-D8E9-11d2-98FE-00C0F0318AFE) - C: \ WINDOWS \ system32 \ Shdocvw.dll
O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @ Xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra button: PokerStars.net - (FA9B9510-9FCB-4ca0-818C-5D0987B47C4D) - C: \ Program Files \ PokerStars.NET \ PokerStarsUpdate.exe
O9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O15 - Trusted Zone: *. bridgew.edu
O16 - DPF: (01A88BB1-1174-41EC-ACCB-963509EAE56B) (SysProWmi Classe) -- http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: (17492023-C23A-453E-A040-C7C580BBF700) (Windows Genuine Advantage Validation Tool) -- http://go.microsoft.com/fwlink/?link...67&clcid=0x409
O16 - DPF: (5e2a3510-4371-11d6-b64c-00c04faedb18) (Oracle JInitiator 1.1.8.18) -- http://frmserv.bridgew.edu/jinitiator/jinit.exe
O16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl Class) -- http://update.microsoft.com/windowsu...?1121111428606
O16 - DPF: (6E32070A-766D-4EE6-879C-DC1FA91D2FC3) (MUWebControl Class) -- http://update.microsoft.com/microsof...?1121873156643
O16 - DPF: (BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19) (CPlayFirstddfotgControl Object) -- http://aolsvc.aol.com/onlinegames/fr...g.1.0.0.33.cab
O20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C: \ Program Files \ Common Files \ Adobe Systems Shared \ Service \ Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C: \ Program Files \ Common Files \ AOL \ ACS \ AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - A America Online, Inc - C: \ Program Files \ Common Files \ AOL \ TopSpeed \ 2.0 \ aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C: \ WINDOWS \ System32 \ Ati2evxx.exe
O23 - Service: CSIScanner - Prevx - C: \ Program Files \ PrevxCSI \ prevxcsi.exe
O23 - Service: dlcx_device - - C: \ WINDOWS \ system32 \ dlcxcoms.exe
O23 - Service: Intel (R) PROSet / Wireless Event Log (EvtEng) - Intel Corporation - C: \ Program Files \ Intel \ Wireless \ Bin \ EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C: \ Program Files \ iPod \ bin \ iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C: \ WINDOWS \ system32 \ LEXBCES.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C: \ Program Files \ Dell \ cerca viva \ NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C: \ WINDOWS \ system32 \ nvsvc32.exe
O23 - Service: Intel (R) PROSet / Wireless Registry Service (RegSrvc) - Intel Corporation - C: \ Program Files \ Intel \ Wireless \ Bin \ RegSrvc.exe
O23 - Service: Chamada de procedimento remoto (RPC) Net (Rpcnet) - Unknown owner - C: \ WINDOWS \ system32 \ rpcnet.exe
O23 - Service: Intel (R) PROSet / Wireless Service (S24EventMonitor) - Intel Corporation - C: \ Program Files \ Intel \ Wireless \ Bin \ S24EvMon.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C: \ Program Files \ Viewpoint \ Common \ ViewpointService.exe
O23 - Service: Webroot CommAgent Service (WebrootCommAgentService) - Webroot Software, Inc. - C: \ Program Files \ Webroot \ Enterprise \ Spy Sweeper \ commagent.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C: \ Program Files \ Webroot \ Enterprise \ Spy Sweeper \ spysweeper.exe
O23 - Service: Intel (R) PROSet / Wireless SSO Service (WLANKEEPER) - Intel (R) Corporation - C: \ Program Files \ Intel \ Wireless \ Bin \ WLKeeper.exe

--
End of file - 10298 bytes

[evilfantasy]

Desativar SpySweeper

É possível reativá-la depois que você está limpo.

Para desativar Spysweeper:

Abrir Spysweeper > clique Opções para a esquerda, em seguida> Programa Opções > Desmarque "carregar na inicialização do Windows"

Mais para a esquerda clique em "escudos" e Desmarque todos lá.

Desmarque "escudo home page"

Desmarque "automaticamente restaurar padrão sem notificação"

Após todas as correções estão completos, é muito importante que você ativar proteção em tempo real novamente.

----------

Desativar o Windows Defender

Precisamos de desativar o Windows Defender proteção em tempo real, uma vez que podem interferir com as correções que temos de fazer.

• Abrir Windows Defender
• Clique em Ferramentas, Configurações Gerais
• Role para baixo e desmarque Ligue a proteção em tempo real (recomendado)
• Depois de desligar esta opção, clique sobre o Salvar botão e feche o Windows Defender.

Após todas as correções estão completos, é muito importante que você ativar proteção em tempo real novamente.

----------

Temos de remover ErrorSmart. Este é considerado um programa rouge porque ele não é confiável e muitas vezes instalados sem o consentimento do usuário.

Vá para Adicionar ou Remover Programas e desinstale ErrorSmart (se ele está lá)

----------

Abrir HijackThis e escolha Faça um sistema de verificação só.

Coloque uma marca de verificação ao lado dos seguintes entradas: (se houver)

• O4 - HKLM \ .. \ Run: [ErrorSmart] C: \ Arquivos de Programas \ ErrorSmart \ ErrorSmart.exe

Importante: Feche todas as janelas excepto no HijackThis e clique em Fix controlados.

Sair HijackThis.

----------

Nota: as instruções abaixo foram criados especificamente para este usuário. Se você não é esse usuário, NÃO siga estas instruções, uma vez que poderia danificar o funcionamento de seu sistema

Ir para Iniciar> Executar e tipo notepad.exe clique em OK

Copie e cole a seguir no Bloco de notas e salve como fixme.reg a sua Desktop

Código:

REGEDIT4 [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ CurrentVersion \ Run] "ErrorSmart" =-

Localize fixme.reg em seu desktop e dê um duplo clique nele. Resposta Sim quando perguntado se fundir com a Secretaria.

Certifique-se de que você me diga se você receber uma mensagem de sucesso sobre como adicionar o acima
para o Registro. Se você não receber uma mensagem de sucesso, ele não funcionou.

Excluir a fixme.reg a partir do desktop.

----------

Baixar CCleaner Slim e guardá-la para o seu desktop.
Quando o arquivo foi salvo, vá para o seu desktop e dê um duplo clique sobre ccsetupxxx_slim.exe
Siga as instruções para instalar o programa.
Complete a instalação em seguida:

• Dê um duplo clique no CCleaner atalho na área de trabalho para iniciar o programa.
• Clique sobre a Opções bloco de esquerda, em seguida, escolha Cookies.
  • Sob Excluir cookies para, Realce quaisquer cookies que você gostaria de manter permanentemente
  • Clique na seta direita > para movê-las para o "Cookies" para manter janela.
• Vá em Opções > Avançado unverificar Apenas apagar arquivos no Windows Temp pastas com mais de 48 horas
• Clique Limpador à esquerda, em seguida, Executar Cleaner sobre o direito de executar o programa.
• Importante: Certifique-se de que TODOS janelas do navegador estão fechados antes de escolher Executar Cleaner
• Cuidado: Não é recomendado que você use o "Registro" recurso a menos que você esteja muito familiarizado com o registro.
• Sair CCleaner depois de ter concluído o seu processo.

Reinicie o computador e executar MBAM depois post o log.

----------

Baixar Malwarebytes' Anti-Malware (MBAM)

• Dê um clique duplo mbam-setup.exe e siga as instruções para instalar o programa.
• Ao final, certifique-se de uma marca de verificação é colocada ao lado da seguinte forma:
  • Actualizar Malwarebytes' Anti-Malware
  • Lançamento Malwarebytes' Anti-Malware
• Em seguida, clique em Concluir.
• Se uma atualização for encontrada, ela vai baixar e instalar a versão mais recente.
• Uma vez carregado o programa, selecione Execute verificação rápidaE, em seguida, clique em Scan.
• Quando a pesquisa estiver concluída, clique em OKE, em seguida, Mostrar resultados para ver os resultados.
• Tenha certeza de que tudo está marcada, e clique em Remover Selecionados.
• Desinfecção Quando estiver concluída, será aberto um log no Bloco de Notas e você pode ser solicitado a reiniciar. (Veja Nota Extra)
• O log é automaticamente salvo pelo MBAM e pode ser visualizada clicando no separador no MBAM Logs.
• Copie e cole todo o relatório em sua próxima resposta.

Nota adicional: Se MBAM encontrar um arquivo que é difícil de remover, você será presenteado com 1 de 2 solicitações, clique em OK para deixar MBAM e quer avançar com o processo de desinfecção, se solicitado para reiniciar o computador, faça-o imediatamente.

[caroleella]

Eu recebi uma mensagem de sucesso da Secretaria.





Malwarebytes' Anti-Malware 1/28
Database Version: 1216
5/1/2600 Windows Service Pack 2

9/28/2008 12:45:51
mbam-log-2008-09-28 (00-45-51). txt

Scan type: Quick Scan
Objetos verificados: 59369
Tempo decorrido: 10 minuto (s), 46 segundo (s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Valores do Registro infectados: 0
Dados de Registro Items Infected: 0
Pastas infectadas: 0
Arquivos infectados: 1

Memory Processes Infected:
(N º itens maliciosos detectados)

Memory Modules Infected:
(N º itens maliciosos detectados)

Registry Keys Infected:
(N º itens maliciosos detectados)

Valores do Registro infectados:
(N º itens maliciosos detectados)

Dados de Registro Items Infected:
(N º itens maliciosos detectados)

Folders Infected:
(N º itens maliciosos detectados)

Arquivos Infectados:
C: \ WINDOWS \ system32 \ SJv56bM4.exe.a_a (Trojan.Agent) -> Quarantined and deleted successfully.

[evilfantasy]

Quaisquer alterações?

[caroleella]

Não, ainda não há

[evilfantasy]

Não se preocupe, nós vamos encontrá-lo.

Download ComboFix por subcategorias de um dos links abaixo. Certifique-se de guardá-lo para o topo Desktop.

Link # 1
Link # 2

** Nota: É importante que ele é guardado directamente para o seu desktop

Feche todos os browsers abertos. (Firefox, Internet Explorer, etc) antes de iniciar ComboFix.

Temporariamente desabilitar seu antivírus, E qualquer antispyware proteção em tempo real antes realizar uma varredura. Clique este link para ver uma lista de programas de segurança que devem ser desativados e como desativá-los.

Dê um clique duplo combofix.exe e siga as instruções.
Quando terminar ComboFix irá produzir um log para você.
Publicar a Log ComboFix na sua próxima resposta.

Importante: Não mouseclick ComboFix da janela enquanto ele está sendo executado. Isso pode fazer com que a barraca.

Lembre-se de reativar a sua protecção antivírus e antispyware ComboFix quando estiver completa.

[caroleella]

ComboFix 08-09-27.05 - Administrador 2008-09-28 11:44:34.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.615 [GMT -4:00]
Executando de: C: \ Documents and Settings \ Administrador \ Desktop \ ComboFix.exe
* Criado um novo ponto restaurar

ATENÇÃO-ESTE NÃO TEM MÁQUINA DE RECUPERAÇÃO CONSOLE INSTALLED!
.

((((((((((((((((((((((((((((((((((((((( Outros Supressões ))))))))) ))))))))))))))))))))))))))))))))))))))))
.

C: \ Documents and Settings \ NetworkService \ Cookies \ system @ trafficmp [1]. Txt
C: \ WINDOWS \ system32 \ drivers \ fad.sys

.
((((((((((((((((((((((((( Arquivos criados a partir de 2008/08/28 a 2008/09/28 ))))))))))) ))))))))))))))))))))
.

2008-09-28 01:46. 2008-09-28 01:46 0 - a ------ C: \ WINDOWS \ system32 \ SJv56bM4.exe.a_a
2008/09/27 22:45. 2008/09/27 22:45 <dir> d -------- C: \ WINDOWS \ ERUNT
2008/09/27 22:20. 2008/09/27 23:19 <dir> d -------- C: \ SDFix
2008/09/27 21:03. 2008/09/27 21:03 <dir> d -------- C: \ Program Files \ Trend Micro
2008/09/27 20:48. 2008/09/27 20:48 <dir> d -------- C: \ Documents and Settings \ NetworkService \ Application Data \ AdobeUM
2008-09-27 20:36. 2008-09-27 20:40 d -------- C: \ Documents and Settings \ Administrador \ Dados de aplicativos \ ErrorSmart
2008/09/27 19:38. 2008/09/27 19:38 <dir> d -------- C: \ Program Files \ Malwarebytes' Anti-Malware
2008/09/27 19:38. 2008/09/27 19:38 <dir> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Malwarebytes
2008/09/27 19:38. 2008/09/27 19:38 <dir> d -------- C: \ Documents and Settings \ Administrador \ Application Data \ Malwarebytes
2008/09/27 19:38. 2008/09/10 00:04 38,528 - a ------ C: \ WINDOWS \ system32 \ drivers \ mbamswissarmy.sys
2008/09/27 19:38. 2008/09/10 00:03 17,200 - a ------ C: \ WINDOWS \ system32 \ drivers \ mbam.sys
2008/09/27 15:20. 2008/09/27 15:20 <dir> d -------- C: \ Program Files \ SUPERAntiSpyware
2008/09/27 15:20. 2008/09/27 15:20 <dir> d -------- C: \ Program Files \ Common Files \ Wise Installation Wizard
2008/09/27 15:20. 2008/09/27 15:20 <dir> d -------- C: \ Documents and Settings \ All Users \ Application Data \ SUPERAntiSpyware.com
2008/09/27 15:20. 2008/09/27 15:20 <dir> d -------- C: \ Documents and Settings \ Administrador \ Application Data \ SUPERAntiSpyware.com
2008/09/27 15:13. 2008/09/27 15:13 <dir> d -------- C: \ Program Files \ CCleaner
2008/09/27 12:35. 2008/09/27 12:35 <dir> d -------- C: \ Program Files \ PrevxCSI
2008-09-27 12:35. 2008-09-28 11:36 d -------- C: \ Documents and Settings \ All Users \ Application Data \ PrevxCSI
2008/09/27 12:35. 2008/09/27 12:35 17,408 - a ------ C: \ WINDOWS \ system32 \ drivers \ pxark.sys
2008/09/27 00:48. 2008/09/27 00:47 102,664 - a ------ C: \ WINDOWS \ system32 \ drivers \ tmcomm.sys
2008/09/27 00:47. 2008/09/27 00:48 <dir> d -------- C: \ Documents and Settings \ Administrador \. Housecall6.6
2008-09-26 23:23. 2008/09/26 23:22 30,272 - a ------ C: \ WINDOWS \ system32 \0vx55IOc.exe
2008/09/23 19:04. 2008/09/23 22:56 <dir> d -------- C: \ WINDOWS \ system32 \ CatRoot_bak
2008/09/21 00:19. 2008/09/21 00:19 <dir> d -------- C: \ Program Files \ Windows Defender
2008/09/12 13:32. 2004/03/29 16:23 90,112 - a ------ C: \ WINDOWS \ unvise32.exe
2008-09-11 12:41. 2008-09-28 11:36 54.156 - ah ----- C: \ WINDOWS \ QTFont.qfn
2008/09/11 12:41. 2008/09/11 12:41 1409 - a ------ C: \ WINDOWS \ QTFont.for
2008/09/09 15:33. 2008/09/09 15:56 <dir> d -------- C: \ Documents and Settings \ All Users \ Application Data \ FarmFrenzy2
2008/09/04 13:39. 2008/09/04 13:39 <dir> d -------- C: \ Program Files \ Atari
2008/09/03 23:06. 2008/06/10 02:32 73,728 - a ------ C: \ WINDOWS \ system32 \ javacpl.cpl
2008/09/01 20:34. 2008/09/01 20:34 <dir> d -------- C: \ Documents and Settings \ Administrador \ Application Data \ Eyeblaster
2008/08/28 23:11. 2004/08/04 00:56 159,232 - a ------ C: \ WINDOWS \ system32 \ ptpusd.dll
2008/08/28 23:11. 2001/08/17 22:36 5632 - a ------ C: \ WINDOWS \ system32 \ ptpusb.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008/09/28 15:35 31,232 ---- aw C: \ WINDOWS \ system32 \ rpcnet.dll
2008/09/28 15:35 17,408 ---- aw C: \ WINDOWS \ system32 \ Rpcnetp.exe
2008/09/28 03:10 17,408 ---- aw C: \ WINDOWS \ system32 \ rpcnetp.dll
2008/09/28 00:20 --------- d ----- w C: \ Program Files \ RealArcade
2008/09/25 21:30 --------- d ----- w C: \ Program Files \ FTP Commander
2008/09/21 04:33 --------- d ----- w C: \ Program Files \ Common Files \ Adobe
2008/09/11 16:36 --------- d ----- w C: \ Documents and Settings \ Administrador \ Application Data \ uTorrent
2008/09/05 18:19 98,304 ---- aw C: \ WINDOWS \ system32 \ CmdLineExt.dll
2008/09/04 17:39 --------- d - h - w C: \ Program Files \ InstallShield Informações de instalação
2008/09/04 03:06 --------- d ----- w C: \ Program Files \ Java
2008/08/30 00:32 --------- d ----- w C: \ Program Files \ dl_Cats
2008/08/24 21:28 --------- d ----- w C: \ Documents and Settings \ Administrador \ Dados de aplicativos \ Move Networks
2008/08/24 21:07 --------- d ----- w C: \ Documents and Settings \ Administrador \ Application Data \ Gamelab
2008/07/30 01:59 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ FreshGames
2008/07/19 02:10 94,920 ---- aw C: \ WINDOWS \ system32 \ cdm.dll
2008/07/19 02:10 53,448 ---- aw C: \ WINDOWS \ system32 \ wuauclt.exe
2008/07/19 02:10 45,768 ---- aw C: \ WINDOWS \ system32 \ wups2.dll
2008/07/19 02:10 36,552 ---- aw C: \ WINDOWS \ system32 \ wups.dll
2008/07/19 02:09 563,912 ---- aw C: \ WINDOWS \ system32 \ wuapi.dll
2008/07/19 02:09 325,832 ---- aw C: \ WINDOWS \ system32 \ wucltui.dll
2008/07/19 02:09 205,000 ---- aw C: \ WINDOWS \ system32 \ wuweb.dll
2008/07/19 02:09 1.811.656 ---- aw C: \ WINDOWS \ system32 \ Wuaueng.dll
2008/07/19 02:07 270,880 ---- aw C: \ WINDOWS \ system32 \ mucltui.dll
2008/07/19 02:07 210,976 ---- aw C: \ WINDOWS \ system32 \ muweb.dll
2008/07/07 20:32 253,952 ---- aw C: \ WINDOWS \ system32 \ Es.dll
2007/10/02 01:01 60,968 ---- aw C: \ Documents and Settings \ Administrador \ GoToAssistDownloadHelper.ex e
2007/01/13 12:49 774,144 ---- aw C: \ Program Files \ RngInterstitial.dll
2007/08/10 19:03 6.275.816 ---- aw C: \ Program Files \ Mozilla Firefox \ plugins \ ScorchPDFWrapper.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Nota * entradas vazias & legit entradas padrão não são mostrados
REGEDIT4

[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ actuais ntVersion \ Run]
"ctfmon.exe" = "C: \ WINDOWS \ system32 \ ctfmon.exe" [2004-08-04 15360]
"A AOL Fast Start" = "C: \ Program Files \ America Online 9.0 \ AOL.EXE" [2005-07-12 50776]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"NvCplDaemon" = "C: \ WINDOWS \ system32 \ NvCpl.dll" [2007-04-28 8429568]
"Dell cerca viva" = "C: \ Program Files \ Dell \ cerca viva \ quickset.exe" [2007-07-20 1228800]
"HPDJ Taskbar Utility" = "C: \ WINDOWS \ system32 \ spool \ drivers \ w32x86 \ 3 \ hpztsb03.exe" [2001-06-12 200704]
"QuickTime Task" = "C: \ Program Files \ QuickTime \ qttask.exe" [2008-01-10 385024]
"iTunesHelper" = "C: \ Program Files \ iTunes \ iTunesHelper.exe" [2008-01-15 267048]
"DLCXCATS" = "C: \ WINDOWS \ system32 \ spool \ DRIVERS \ W32X 86 \ 3 \ DLCXtime.dll" [2006-10-16 106496]
"SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe" [2008-06-10 144784]
"NvMediaCenter" = "NvMCTray.dll" [2007/04/28 C: \ WINDOWS \ system32 \ nvmctray.dll]

[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ RunOnce]
"RunNarrator" = "Narrator.exe" [2004/08/04 C: \ WINDOWS \ system32 \ Narrator.exe]

C: \ Documents and Settings \ Administrador \ Menu Iniciar \ Programas \ Startup \
Limpo Acesso Agent.lnk - C: \ Program Files \ Cisco Systems \ Limpo Acesso Agent \ CCAAgent.exe [2007-06-28 2056266]

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ actuais ntversion \ policies \ Explorer]
"NoSMBalloonTip" = 1 (0x1)
"NoAutoTrayNotify" = 1 (0x1)

[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ act rentversion \ Policies \ Explorer]
"NoActiveDesktopChanges" = 0 (0x0)

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ explorer \ ShellExecuteHooks]
"(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = "C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ notificar \! SASWinLogon]
2008-07-23 16:28 352256 C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ Administrador ^ Menu Iniciar ^ Programas ^ Inicializar ^ Adobe Gamma.lnk]
path = C: \ Documents and Settings \ Administrador \ Menu Iniciar \ Programas \ Inicializar \ Adobe Gamma.lnk
backup = C: \ WINDOWS \ pss \ Adobe Gamma.lnkStartup

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Menu Iniciar ^ Programas ^ Arranque ^ Adobe Reader Speed Launch.lnk]
path = C: \ Documents and Settings \ All Users \ Menu Iniciar \ Programas \ Inicializar \ Adobe Reader Speed Launch.lnk
backup = C: \ WINDOWS \ pss \ Adobe Reader Speed Launch.lnkCommon Inicialização

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ AOLDialer]
-ra ------ 2006-10-23 08:50 71216 C: \ Program Files \ Common Files \ AOL \ ACS \ AOLDial.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ Apoint]
- a ------ 2003-08-20 20:24 151552 C: \ Program Files \ Apoint \ Apoint.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ ctfmon.exe]
- a ------ 2004-08-04 00:56 15360 C: \ WINDOWS \ system32 \ ctfmon.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ HostManager]
- a ------ 2006-09-25 20:52 50736 C: \ Program Files \ Common Files \ AOL \ 1155864818 \ EE \ aolsoftware.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ igfxhkcmd]
- a ------ 2006-07-14 18:04 77824 C: \ WINDOWS \ system32 \ hkcmd.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ igfxpers]
- a ------ 2006-07-14 18:08 118784 C: \ WINDOWS \ system32 \ igfxpers.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ igfxtray]
- a ------ 2006-07-14 18:07 94208 C: \ WINDOWS \ system32 \ igfxtray.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ IntelWireless]
- a ------ 2006-08-02 01:32 696320 C: \ Program Files \ Intel \ Wireless \ Bin \ iFrmewrk.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ IntelZeroConfig]
- a ------ 2006-08-02 01:38 802816 C: \ Program Files \ Intel \ Wireless \ Bin \ ZCfgSvc.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ iTunesHelper]
- a ------ 2008-01-15 04:22 267048 C: \ Program Files \ iTunes \ iTunesHelper.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ MSMSGS]
- ah ----- 2004/10/13 12:24 1694208 C: \ Program Files \ Messenger \ msmsgs.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ NvCplDaemon]
- a ------ 2007-04-28 19:05 8429568 C: \ WINDOWS \ system32 \ nvcpl.dll

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ NvMediaCenter]
- a ------ 2007-04-28 19:05 81920 C: \ WINDOWS \ system32 \ nvmctray.dll

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ QuickTime Task]
- a ------ 2008-01-10 16:27 385024 C: \ Program Files \ QuickTime \ QTTask.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ RealTray]
- a ------ 2006-08-17 21:34 26112 C: \ Program Files \ Real \ RealPlayer \ realplay.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ SunJavaUpdateSched]
- a ------ 2006-12-15 04:23 75520 C: \ Program Files \ Java \ jre1.5.0_11 \ bin \ jusched.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ WMPNSCFG]
--------- 2006-10-18 20:05 204288 C: \ Program Files \ Windows Media Player \ wmpnscfg.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ NVHotkey]
- a ------ 2007-04-28 19:05 67584 C: \ WINDOWS \ system32 \ nvhotkey.dll

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ nwiz]
- a ------ 2007-04-28 19:05 1626112 C: \ WINDOWS \ system32 \ nwiz.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ SigmatelSysTrayApp]
- a - c --- 2005-11-16 15:35 397312 C: \ WINDOWS \ stsystra.exe

[HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List]
"% windir% \ \ system32 \ \ Sessmgr.exe" =
"C: \ \ Arquivos de Programas \ \ RssBandit \ \ RSSBandit.exe" =
"C: \ \ Program Files \ \ Common Files \ AOL \ \ Loader \ \ aolload.exe" =
"C: \ \ Program Files \ \ Common Files \ AOL \ \ ACS \ \ AOLDial.exe" =
"C: \ \ Program Files \ \ Common Files \ AOL \ \ ACS \ \ AOLacsd.exe" =
"C: \ \ Arquivos de Programas \ \ America Online 9.0 \ \ waol.exe" =
"C: \ \ Program Files \ \ Common Files \ AOL \ \ TopSpeed \ \ 2.0 \ \ aoltsmon.exe" =
"C: \ \ Program Files \ \ Common Files \ AOL \ \ TopSpeed \ \ 2.0 \ \ aoltpspd.exe" =
"C: \ \ Program Files \ \ Common Files \ AOL \ \ 1155864818 \ \ EE \ \ AOLServiceHost.exe" =
"C: \ \ Program Files \ \ Common Files \ AOL \ \ System \ \ sinf.exe" =
"C: \ \ Program Files \ \ Common Files \ AOL \ \ AOL Spyware Protecção \ \ AOLSP Scheduler.exe" =
"C: \ \ Program Files \ \ Common Files \ AOL \ \ AOL Spyware Protecção \ \ Asp.exe" =
"C: \ \ Program Files \ \ Common Files \ \ AolCoach \ \ en_en \ \ player \ \ AOLNySEV.exe" =
"C: \ \ Arquivos de Programas \ \ FTP Commander \ \ ftpcomm.exe" =
"C: \ \ Arquivos de Programas \ \ Real \ \ RealPlayer \ \ realplay.exe" =
"C: \ \ StubInstaller.exe" =
"C: \ \ Arquivos de Programas \ \ SmartFTP Client 2.0 \ \ SmartFTP.exe" =
"C: \ \ Arquivos de Programas \ \ Bittornado \ \ btdownloadgui.exe" =
"C: \ \ Program Files \ \ Common Files \ AOL \ \ 1155864818 \ \ EE \ \ aolsoftware.exe" =
"C: \ \ Arquivos de Programas \ \ Mozilla Firefox \ \ firefox.exe" =
"C: \ \ Arquivos de Programas \ \ BitZip \ \ bitzip.exe" =
"C: \ \ Arquivos de Programas \ \ uTorrent \ \ uTorrent.exe" =
"C: \ \ Arquivos de Programas \ \ iTunes \ \ iTunes.exe" =
"% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" =
"C: \ \ WINDOWS \ \ system32 \ \ dlcxcoms.exe" =

[HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile \ GloballyOpenPorts \ List]
"50001: TCP" = 50001: TCP: webroots
"50002: TCP" = 50002: TCP: webroots2
"3389: TCP" = 3389: TCP: @ Xpsp2res.dll, -22.009

[HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile \ IcmpSettings]
"AllowInboundEchoRequest" = 1 (0x1)

R0 a320raid; a320raid; C: \ WINDOWS \ system32 \ DRIVERS \ A320 raid.sys [2006/04/04 251578]
R0 pxark; pxark; C: \ WINDOWS \ system32 \ drivers \ pxark.sys [2008-09-27 17408]
R1 SAVOnAccess Controle; SAVOnAccess Controle; C: \ WINDOWS \ system32 \ DRIVERS \ savonaccesscon trol.sys [2006-04-14 80128]
R1 SAVOnAccess Filter; SAVOnAccess Filter; C: \ WINDOWS \ system32 \ DRIVERS \ savonaccessfilt er.sys [2006-04-14 24064]
R2 CSIScanner; CSIScanner; C: \ Program Files \ PrevxCSI \ prevxcsi.exe [2008-09-27 618040]
R2 dlcx_device; dlcx_device; C: \ WINDOWS \ system32 \ dlcxco ms.exe [2006/11/03 537480]
R2 Viewpoint Manager Service; Viewpoint Manager Service; C: \ Program Files \ Viewpoint \ Common \ ViewpointService.exe [2007-01-04 24652]
S2 ousbehci; NEC PCI para USB Enhanced Host Controller; C: \ WINDOWS \ system32 \ Drivers \ ousbehci.sy s [2003-08-01 41600]
S3 GTIPCI21; GTIPCI21; C: \ WINDOWS \ system32 \ DRIVERS \ gtip ci21.sys [2004-05-03 80384]
S3 NWADI; NWADI Bus Enumerator; C: \ WINDOWS \ system32 \ DRIVERS \ NWADIenum.s ys [2005-12-09 67840]
S3 ousb2hub; OrangeWare USB 2.0 Hub Raiz Apoio; C: \ WINDOWS \ system32 \ DRIVERS \ ousb2hub.sys [2003-08-01 55552]
S3 whfltr2k; WheelMouse USB Lower Filter Driver; C: \ WINDOWS \ system32 \ DRIVERS \ whfltr2k.sys [2007-01-25 6784]
S3 whmice2k; avançada Wheel Mouse Upper Filter Driver; C: \ WINDOWS \ system32 \ DRIVERS \ whmice2k.sys [2004-04-25 6885]

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ actuais ntversion \ explorer \ mountpoints2 \ D]
\ Shell \ AutoRun \ command - D: \ Autorun.exe

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ actuais ntversion \ explorer \ mountpoints2 \ (64d8acf2-5f84-11db-b756-00038a000015)]
\ Shell \ AutoRun \ command - E: \ Installer.exe

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ actuais ntversion \ explorer \ mountpoints2 \ (7aebf132-2e3f-11db-b6e0-0015c547091a)]
\ Shell \ AutoRun \ command - E: \ wd_windows_tools \ setup.exe

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ actuais ntversion \ explorer \ mountpoints2 \ (c4f3f4e1-2c11-11d9-8305-806d6172696f)]
\ Shell \ AutoRun \ command - D: \ Programas \ nu2menu \ nu2menu.exe

* Serviço recém-criado * - PROCEXP90
.
Conteúdo da 'Tarefas agendadas' pasta
.
- - - - ÓRFÃOS REMOVIDO - - - --

MSConfigStartUp-! AVG Anti-Spyware - C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ avgas.exe
MSConfigStartUp-SunJavaUpdateSched - C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe
MSConfigStartUp-SpySweeperEnterprise - C: \ Program Files \ Webroot \ Enterprise \ Spy Sweeper \ \ SpySweeperUI.exe
MSConfigStartUp-SpysweeperUI - C: \ Program Files \ Webroot \ Enterprise \ Spy Sweeper \ SpySweeperUI.exe
MSConfigStartUp-NeroFilterCheck - C: \ Program Files \ Common Files \ Sonic \ Update Manager \ Lib


.
Scan Suplementar ------- -------
.
FireFox -: Profile - C: \ Documents and Settings \ Administrador \ Dados de aplicativos \ Mozilla \ Firefox \ Profiles dlc1hobz.default \ \
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp: / / www.broadway.com/
FF - Plugin: - C: \ Documents and Settings \ Administrador \ Dados de aplicativos \ Mozilla \ Firefox \ Profiles dlc1hobz.default \ \ ENSÕES ext \ npmozax@real.com \ plugins \ npmozax.dll
FF - Plugin: - C: \ Program Files \ Adobe \ Acrobat 7.0 \ Reader \ browser \ nppdf32.dll
FF -: plugin - C: \ Program Files \ iTunes \ Mozilla Plugins \ npitunes.dll
FF - Plugin: - C: \ Program Files \ Mozilla Firefox \ plugins \ npagent.dll
FF - Plugin: - C: \ Program Files \ Mozilla Firefox \ plugins \ npmozax.dll
FF - Plugin: - C: \ Program Files \ Mozilla Firefox \ plugins \ npmusicn.dll
FF - Plugin: - C: \ Program Files \ Mozilla Firefox \ plugins \ npracplug.dll
FF - Plugin: - C: \ Program Files \ Mozilla Firefox \ plugins \ nptgeqplugin.dll
FF - Plugin: - C: \ Program Files \ Mozilla Firefox \ plugins \ npunagi2.dll
FF - Plugin: - C: \ Program Files \ Real \ RealArcade \ Plugins \ Mozilla \ l npracplug.dl
FF - Plugin: - C: \ Program Files \ Viewpoint \ Viewpoint Experience Technology \ npViewpoint.dll
.

************************************************** ************************

CatchMe 0.3.1361 W2K/XP/Vista - rootkit / stealth malware detector por Gmer, http://www.gmer.net
Rootkit scan 2008-09-28 11:48:43
5/1/2600 Windows Service Pack 2 NTFS

digitalizar processos escondidos ...

escaneamento automático entradas escondidas ...

HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run
DLCXCATS = rundll32 C: \ WINDOWS \ system32 \ spool \ DRIVERS \ W32X86 \ 3 e.dll \ DLCXtim, NvStartup 16 ???????????????????????? ????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ??????????????????????????????????????????????????

digitalizar os arquivos ocultos ...

varredura foi concluída com êxito
ficheiros ocultos: 0

************************************************** ************************
.
--------------------- DLLs Loaded Sob Running Processes ---------------------

PROCESS: C: \ WINDOWS \ system32 \ winlogon.exe
-> C: \ WINDOWS \ system32 \ Ati2evxx.dll
.
Tempo para conclusão: 2008-09-28 11:50:56
ComboFix-quarantined-files.txt 2008-09-28 15:50:52

Pre-Run: 25918537728 bytes free
Post-Run: 25986658304 bytes free

255 --- EOF --- 2008-09-26 12:22:29

[evilfantasy]

Nota: as instruções abaixo foram criados especificamente para este usuário. Se você não é esse usuário, NÃO siga estas instruções, uma vez que poderia danificar o funcionamento de seu sistema

Excluir esses arquivos / pastas, como se segue:

1. Ir para Iniciar > Correr > Tipo Notepad.exe e clique em OK para abrir o Bloco de Notas.
Ele deve ser Notepad, Wordpad não.
2. Copie o código abaixo o texto na caixa de realce todo o texto e pressionar Ctrl + C

Código:

Killall:: File:: C: \ WINDOWS \ system32 \ SJv56bM4.exe.a_a C: \ WINDOWS \ system32 \ 0vx55IOc.exe:: C: \ Documents and Settings \ Administrador \ Dados de aplicativos \ ErrorSmart

3. Vá até a janela e clique em Bloco de notas Editar > Colar
4. Em seguida, clique em Arquivo > Salvar
5. Nome do arquivo CFScript.txt - Salve o arquivo para o seu desktop
6. Em seguida, arraste o CFScript (mantenha o botão esquerdo do mouse ao arrastar o arquivo) e largá-la (liberar o botão esquerdo do mouse) em ComboFix.exe como você vê na imagem abaixo. Importante: Realize estas instruções cuidadosamente!



ComboFix irá começar a executar, basta seguir as instruções na tela.
Após o reboot (no caso ele pede para reiniciar), que irá produzir um log para você.
Post que log (Combofix.txt) em sua próxima resposta.

Nota: Não mouseclick ComboFix da janela enquanto ele está sendo executado. Isso pode fazer com que seu sistema de congelar