Ir para conteúdo

Anders0n_mg

Participante
  • Postagens

    218
  • Desde

  • Última visita

Sobre Anders0n_mg

  • Data de Nascimento 22/03/1989
  1. ComboFix 13-07-27.01 - Administrador 28/07/2013 12:00:25.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2302.1945 [GMT -3:00] Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} . ATENÇAO - ESTA MAQUINA não tem O CONSOLE DE RECUPERAÇÃO INSTALADO !! . . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\chrome.manifest c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\funmoods.css c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\funmoods.xul c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\images\pref.jpg c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\arwDwn.gif c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ae.png c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\bg.png c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ch.png c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\cn.png c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\cz.png c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\de.png c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\eg.png c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\en.png c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\es.png c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\fr.png c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\gr.png c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\he.png c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\il.png c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\it.png c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ja.png c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\jp.png c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\nl.png c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\no.png c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\pl.png c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\pt.png c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ro.png c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ru.png c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\sa.png c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\se.png c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\sv.png c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\tr.png c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ua.png c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\us.png c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\help_16.gif c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\home.gif c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\logo.png c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\privecy_16_hot.gif c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\tellafriend.gif c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\loader.xul c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\mtstart.js c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\preferences.xul c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\tmplt.js c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\install.rdf c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\META-INF\le_c6a58f26_4d2d_4341_b387_c4f2289b6170.rsa c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\META-INF\le_c6a58f26_4d2d_4341_b387_c4f2289b6170.sf c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\META-INF\manifest.mf . . ((((((((((((((((((((((((((((((((((((((( Drivers/Serviços ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_WSYSSVC -------\Service_WsysSvc . . (((((((((((((((( Arquivos/Ficheiros criados de 2013-06-28 to 2013-07-28 )))))))))))))))))))))))))))) . . 2013-07-28 13:52 . 2013-07-28 13:52 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Java 2013-07-28 13:52 . 2013-07-28 13:51 144896 ----a-w- c:\windows\system32\javacpl.cpl 2013-07-28 13:52 . 2013-07-28 13:51 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-07-28 13:51 . 2013-07-28 13:51 -------- d-----w- c:\arquivos de programas\Java 2013-07-27 22:02 . 2013-07-28 13:02 260 ----a-w- c:\windows\DeleteOnReboot.bat 2013-07-24 14:43 . 2013-07-24 14:43 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Malwarebytes 2013-07-24 14:43 . 2013-07-24 14:43 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes 2013-07-24 14:43 . 2013-07-24 14:43 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware 2013-07-24 14:43 . 2013-04-04 17:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-07-21 17:03 . 2013-07-21 18:32 -------- d-----w- c:\windows\system32\NtmsData 2013-07-03 15:34 . 2013-07-28 13:07 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\eSafe . . . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-07-28 13:51 . 2012-08-21 21:50 867240 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-07-28 13:51 . 2012-08-21 21:50 789416 ----a-w- c:\windows\system32\deployJava1.dll 2013-06-26 16:11 . 2013-06-27 01:34 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2013-06-26 16:11 . 2013-06-27 01:34 84744 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2013-06-26 16:11 . 2013-06-27 01:34 135136 ----a-w- c:\windows\system32\drivers\avipbb.sys 2013-06-13 08:58 . 2013-06-07 01:35 31816 ----a-w- c:\windows\Launcher.exe 2013-06-12 16:55 . 2012-07-13 10:44 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-06-12 16:55 . 2012-07-13 10:44 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-06-12 16:55 . 2012-07-27 01:59 8610696 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2008-04-14 01:00 . E6942BC84ABD8C6D105ABC761A2C09D5 . 2944 . . [------] . . c:\windows\system32\drivers\null.sys . [-] 2012-01-13 . 412BCCD6FCC8A722F558C9DA787DD45D . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por padrão não são apresentadas. REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension] @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}" [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}] 2012-02-08 00:49 22376 ----a-w- c:\arquivos de programas\Internet Download Manager\IDMShellExt.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IDMan"="c:\arquivos de programas\Internet Download Manager\IDMan.exe" [2012-06-10 3491264] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2013-07-01 345144] "VTTimer"="VTTimer.exe" [2006-11-24 53248] "S3Trayp"="S3trayp.exe" [2006-11-24 176128] "PWRISOVM.EXE"="c:\arquivos de programas\PowerISO\PWRISOVM.EXE" [2012-05-31 336992] "Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2013-03-12 253816] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "_nltide_2"="shell32" [X] "_nltide_3"="advpack.dll" [2009-03-07 128512] . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"= "c:\\WINDOWS\\system32\\usmt\\migwiz.exe"= "c:\\Arquivos de programas\\DsNET Corp\\aTube Catcher 2.0\\yct.exe"= "c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"= "c:\\Documents and Settings\\All Users\\Dados de aplicativos\\eSafe\\eGdpSvc.exe"= . R0 360HookOem;360HookOem;c:\windows\system32\drivers\360HookOem.sys [15/7/2012 02:26 54912] R1 360FileOem;360FileOem;c:\windows\system32\drivers\360FileOem.sys [15/7/2012 02:26 146304] R1 360RegOem;360RegOem;c:\windows\system32\drivers\360RegOem.sys [15/7/2012 02:26 23168] R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [26/6/2013 22:34 37352] R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [7/6/2012 03:18 108448] R2 AntiVirSchedulerService;Avira Agendamento;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [26/6/2013 22:35 84024] S2 SkypeUpdate;Skype Updater;c:\arquivos de programas\Skype\Updater\Updater.exe [1/3/2013 12:11 161384] . --- =Outros Serviços/Drivers Na Memória --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . Conteúdo da pasta 'Tarefas Agendadas' . 2013-07-28 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-13 16:55] . . ------- Scan Suplementar ------- . IE: Fazer o download de todos os links usando o IDM - c:\arquivos de programas\Internet Download Manager\IEGetAll.htm IE: Fazer o download usando o IDM - c:\arquivos de programas\Internet Download Manager\IEExt.htm TCP: DhcpNameServer = 10.1.1.1 . - - - - ORFÃOS REMOVIDOS - - - - . HKCU-Run-DrvUpdater - c:\documents and settings\Administrador\Dados de aplicativos\DRPSu\DrvUpdater.exe HKLM-Run-PlusService - c:\arquivos de programas\Yuna Software\Messenger Plus!\PlusService.exe HKLM-Run-hpqSRMon - c:\arquivos de programas\HP\Digital Imaging\bin\hpqSRMon.exe HKLM-Run-Guard.Mail.ru.gui - c:\arquivos de programas\Mail.Ru\Guard\GuardMailRu.exe c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-07-28 12:24 Windows 5.1.2600 Service Pack 3 NTFS . Procurando processos ocultos ... . Procurando entradas auto inicializáveis ocultas ... . Procurando ficheiros/arquivos ocultos ... . Varredura completada com sucesso arquivos/ficheiros ocultos: 0 . ************************************************************************** . --------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------- . [HKEY_USERS\S-1-5-21-606747145-1580436667-1417001333-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,60,99,77,36,68,b1,dd,4d,80,bf,fd,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8f,9b,63,7f,a0,48,eb,4f,82,89,fb,\ . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}] @Denied: (Full) (Everyone) "scansk"=hex(0):33,2b,f7,da,29,7f,97,af,5b,a7,69,25,cb,8e,b4,e4,96,a2,07,07,29, 4c,77,a1,d7,79,9e,80,70,7e,db,b6,36,64,ef,34,4c,b3,02,26,00,00,00,00,00,00,\ . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{951b3fea-7d8c-48fa-bc91-e884ec621366}] @Denied: (Full) (Everyone) "Model"=dword:0000010d "Therad"=dword:00000012 "MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a, 1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\ . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- . - - - - - - - > 'explorer.exe'(3084) c:\windows\system32\WININET.dll c:\arquivos de programas\Internet Download Manager\IDMShellExt.dll c:\arquivos de programas\Internet Download Manager\IDMNetMon.DLL c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Outros Processos em Execução ------------------------ . c:\arquivos de programas\Avira\AntiVir Desktop\avguard.exe c:\arquivos de programas\Java\jre7\bin\jqs.exe c:\arquivos de programas\Avira\AntiVir Desktop\avshadow.exe c:\windows\system32\wbem\wmiapsrv.exe c:\windows\system32\wscntfy.exe c:\windows\system32\VTTimer.exe c:\windows\system32\S3trayp.exe c:\arquivos de programas\Internet Download Manager\IEMonitor.exe . ************************************************************************** . Tempo para conclusão: 2013-07-28 12:27:53 - Máquina reiniciou ComboFix-quarantined-files.txt 2013-07-28 15:27 . Pré-execução: 6 pasta(s) 31.229.636.608 bytes disponíveis Pós execução: 9 pasta(s) 31.329.964.032 bytes disponíveis . - - End Of File - - 9E47860DFAB59DF2C0EF66EA03FDDB04 239FC8B1C26D5286165A956F5A98D8D7 Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:33:29, on 28/7/2013 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe C:\Arquivos de programas\Java\jre7\bin\jqs.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\system32\S3trayp.exe C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe C:\Arquivos de programas\Internet Download Manager\IDMan.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Internet Download Manager\IEMonitor.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Administrador\Meus documentos\Downloads\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Arquivos de programas\Internet Download Manager\IDMIECC.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre7\bin\ssv.dll O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre7\bin\jp2ssv.dll O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [s3Trayp] S3trayp.exe O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Arquivos de programas\PowerISO\PWRISOVM.EXE -startup O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [iDMan] C:\Arquivos de programas\Internet Download Manager\IDMan.exe /onboot O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O8 - Extra context menu item: Fazer o download de todos os links usando o IDM - C:\Arquivos de programas\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Fazer o download usando o IDM - C:\Arquivos de programas\Internet Download Manager\IEExt.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1342385420140 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Avira Agendamento (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Arquivos de programas\Java\jre7\bin\jqs.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Arquivos de programas\Skype\Updater\Updater.exe -- End of file - 6176 bytes
  2. # AdwCleaner v2.306 - Relatório criado em 28/07/2013 às 10:01:47 # Atualizado em 19/07/2013 por Xplode # Sistema Operacional : Microsoft Windows XP Service Pack 3 (32 bits) # Usuário : Administrador - PROPRIET-08F526 # Modo de Boot : Normal # Executado de : C:\Documents and Settings\Administrador\Meus documentos\Downloads\Programs\adwcleaner.exe # Opção [Remover] ***** [serviços] ***** ***** [Arquivos/Pastas] ***** Removido Durante o reboot : C:\Documents and Settings\All Users\Dados de aplicativos\eSafe ***** [Registro] ***** Chave Removida : HKLM\Software\eSafeSecControl ***** [Navegadores] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Registro está limpo. -\\ Google Chrome v28.0.1500.72 Arquivo : C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Preferences [OK] Arquivo está limpo. ************************* AdwCleaner[R1].txt - [21920 octets] - [27/07/2013 19:01:51] AdwCleaner[s1].txt - [20425 octets] - [27/07/2013 19:02:44] AdwCleaner[s2].txt - [1060 octets] - [28/07/2013 10:01:47] ########## EOF - C:\AdwCleaner[s2].txt - [1120 octets] ########## Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:13:07, on 28/7/2013 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\All Users\Dados de aplicativos\eSafe\eGdpSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe C:\Arquivos de programas\Java\jre7\bin\jqs.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\VTTimer.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe C:\WINDOWS\system32\S3trayp.exe C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Internet Download Manager\IDMan.exe C:\Arquivos de programas\Messenger\msmsgs.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Arquivos de programas\Internet Download Manager\IEMonitor.exe C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jucheck.exe C:\Documents and Settings\Administrador\Meus documentos\Downloads\HijackThis.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R3 - Default URLSearchHook is missing O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Arquivos de programas\Internet Download Manager\IDMIECC.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre7\bin\ssv.dll O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre7\bin\jp2ssv.dll O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [s3Trayp] S3trayp.exe O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Arquivos de programas\PowerISO\PWRISOVM.EXE -startup O4 - HKLM\..\Run: [PlusService] C:\Arquivos de programas\Yuna Software\Messenger Plus!\PlusService.exe O4 - HKLM\..\Run: [hpqSRMon] C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [Guard.Mail.ru.gui] "C:\Arquivos de programas\Mail.Ru\Guard\GuardMailRu.exe" /gui O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [iDMan] C:\Arquivos de programas\Internet Download Manager\IDMan.exe /onboot O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DrvUpdater] C:\Documents and Settings\Administrador\Dados de aplicativos\DRPSu\DrvUpdater.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Fazer o download de todos os links usando o IDM - C:\Arquivos de programas\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Fazer o download usando o IDM - C:\Arquivos de programas\Internet Download Manager\IEExt.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1342385420140 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Avira Agendamento (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Arquivos de programas\Java\jre7\bin\jqs.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Arquivos de programas\Skype\Updater\Updater.exe O23 - Service: Wsys Service (WsysSvc) - Wsys Co., Ltd. - C:\Documents and Settings\All Users\Dados de aplicativos\eSafe\eGdpSvc.exe -- End of file - 7625 bytes
  3. # AdwCleaner v2.306 - Relatório criado em 27/07/2013 às 19:01:51 # Atualizado em 19/07/2013 por Xplode # Sistema Operacional : Microsoft Windows XP Service Pack 3 (32 bits) # Usuário : Administrador - PROPRIET-08F526 # Modo de Boot : Normal # Executado de : C:\Documents and Settings\Administrador\Meus documentos\Downloads\Programs\adwcleaner.exe # Opção [Verificar] ***** [serviços] ***** ***** [Arquivos/Pastas] ***** Arquivo Encontrado : C:\Arquivos de programas\mozilla firefox\searchplugins\Web Search.xml Arquivo Encontrado : C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\funmoods.crx Arquivo Encontrado : C:\WINDOWS\Tasks\Plus-HD-2.2-chromeinstaller.job Arquivo Encontrado : C:\WINDOWS\Tasks\Plus-HD-2.2-codedownloader.job Arquivo Encontrado : C:\WINDOWS\Tasks\Plus-HD-2.2-enabler.job Arquivo Encontrado : C:\WINDOWS\Tasks\Plus-HD-2.2-firefoxinstaller.job Arquivo Encontrado : C:\WINDOWS\Tasks\Plus-HD-2.2-updater.job Pasta Encontrado : C:\Arquivos de programas\1ClickDownload Pasta Encontrado : C:\Arquivos de programas\Mail.Ru Pasta Encontrado : C:\Arquivos de programas\Plus-HD-2.2 Pasta Encontrado : C:\Arquivos de programas\TornTV.com Pasta Encontrado : C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\SimplyTech Pasta Encontrado : C:\Documents and Settings\Administrador\Dados de aplicativos\eIntaller Pasta Encontrado : C:\Documents and Settings\Administrador\Dados de aplicativos\Toolbar4 Pasta Encontrado : C:\Documents and Settings\All Users\Dados de aplicativos\Ask Pasta Encontrado : C:\Documents and Settings\All Users\Dados de aplicativos\eSafe Pasta Encontrado : C:\Documents and Settings\All Users\Dados de aplicativos\Tarma Installer ***** [Registro] ***** Chave Encontrada : HKCU\Software\1ClickDownload Chave Encontrada : HKCU\Software\APN PIP Chave Encontrada : HKCU\Software\Crossrider Chave Encontrada : HKCU\Software\Headlight Chave Encontrada : HKCU\Software\InstallCore Chave Encontrada : HKCU\Software\InstalledBrowserExtensions Chave Encontrada : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Chave Encontrada : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Chave Encontrada : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{58124A0B-DC32-4180-9BFF-E0E21AE34026} Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{977AE9CC-AF83-45E8-9E03-E2798216E2D5} Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110311301136} Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{58124A0B-DC32-4180-9BFF-E0E21AE34026} Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{84FF7BD6-B47F-46F8-9130-01B2696B36CB} Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{977AE9CC-AF83-45E8-9E03-E2798216E2D5} Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Chave Encontrada : HKCU\Software\PIP Chave Encontrada : HKCU\Software\Plus-HD-2.2 Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826} Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C} Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\escort.DLL Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761} Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311301136} Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322302236} Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3} Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Chave Encontrada : HKLM\SOFTWARE\Classes\CrossriderApp0033036.BHO Chave Encontrada : HKLM\SOFTWARE\Classes\CrossriderApp0033036.BHO.1 Chave Encontrada : HKLM\SOFTWARE\Classes\CrossriderApp0033036.Sandbox Chave Encontrada : HKLM\SOFTWARE\Classes\CrossriderApp0033036.Sandbox.1 Chave Encontrada : HKLM\SOFTWARE\Classes\escort.escortIEPane Chave Encontrada : HKLM\SOFTWARE\Classes\escort.escortIEPane.1 Chave Encontrada : HKLM\SOFTWARE\Classes\f Chave Encontrada : HKLM\SOFTWARE\Classes\funmoods.dskBnd Chave Encontrada : HKLM\SOFTWARE\Classes\funmoods.dskBnd.1 Chave Encontrada : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr Chave Encontrada : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr.1 Chave Encontrada : HKLM\SOFTWARE\Classes\funmoodsApp.appCore Chave Encontrada : HKLM\SOFTWARE\Classes\funmoodsApp.appCore.1 Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355305536} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366306636} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7} Chave Encontrada : HKLM\SOFTWARE\Classes\oneclick Chave Encontrada : HKLM\SOFTWARE\Classes\oneclickmg Chave Encontrada : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759} Chave Encontrada : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440344304436} Chave Encontrada : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Chave Encontrada : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Chave Encontrada : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Chave Encontrada : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF} Chave Encontrada : HKLM\Software\delta-homesSoftware Chave Encontrada : HKLM\Software\Desksvc Chave Encontrada : HKLM\Software\eSafeSecControl Chave Encontrada : HKLM\SOFTWARE\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco Chave Encontrada : HKLM\Software\Iminent Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291} Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199} Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFD485F0-96BD-47CD-BB6D-CD7DDA95F102} Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08} Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\eSafeSecControl Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Plus-HD-2.2 Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311301136} Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311301136} Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5 Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375 Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4BD8E034-E0F4-4509-A753-467A8E854CD8} Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Plus-HD-2.2 Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP Chave Encontrada : HKLM\Software\PIP Chave Encontrada : HKLM\Software\Plus-HD-2.2 Chave Encontrada : HKLM\Software\qvo6Software Chave Encontrada : HKLM\Software\Tarma Installer Chave Encontrada : HKU\S-1-5-21-606747145-1580436667-1417001333-500\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Chave Encontrada : HKU\S-1-5-21-606747145-1580436667-1417001333-500\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Chave Encontrada : HKU\S-1-5-21-606747145-1580436667-1417001333-500\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} ***** [Navegadores] ***** -\\ Internet Explorer v8.0.6001.18702 -\\ Google Chrome v28.0.1500.72 Arquivo : C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Preferences ************************* AdwCleaner[R1].txt - [21789 octets] - [27/07/2013 19:01:51] ########## EOF - C:\AdwCleaner[R1].txt - [21850 octets] ########## _______________________________ Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 02:03:59, on 28/7/2013 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\All Users\Dados de aplicativos\eSafe\eGdpSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe C:\Arquivos de programas\Java\jre7\bin\jqs.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\VTTimer.exe C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe C:\WINDOWS\system32\S3trayp.exe C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Internet Download Manager\IDMan.exe C:\Arquivos de programas\Messenger\msmsgs.exe C:\Arquivos de programas\Internet Download Manager\IEMonitor.exe C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jucheck.exe C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Arquivos de programas\Winamp\winamp.exe C:\WINDOWS\system32\wscntfy.exe C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Administrador\Meus documentos\Downloads\HijackThis.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R3 - Default URLSearchHook is missing O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Arquivos de programas\Internet Download Manager\IDMIECC.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre7\bin\ssv.dll O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre7\bin\jp2ssv.dll O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [s3Trayp] S3trayp.exe O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Arquivos de programas\PowerISO\PWRISOVM.EXE -startup O4 - HKLM\..\Run: [PlusService] C:\Arquivos de programas\Yuna Software\Messenger Plus!\PlusService.exe O4 - HKLM\..\Run: [hpqSRMon] C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [Guard.Mail.ru.gui] "C:\Arquivos de programas\Mail.Ru\Guard\GuardMailRu.exe" /gui O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [iDMan] C:\Arquivos de programas\Internet Download Manager\IDMan.exe /onboot O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DrvUpdater] C:\Documents and Settings\Administrador\Dados de aplicativos\DRPSu\DrvUpdater.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Fazer o download de todos os links usando o IDM - C:\Arquivos de programas\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Fazer o download usando o IDM - C:\Arquivos de programas\Internet Download Manager\IEExt.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1342385420140 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Avira Agendamento (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Arquivos de programas\Java\jre7\bin\jqs.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Arquivos de programas\Skype\Updater\Updater.exe O23 - Service: Wsys Service (WsysSvc) - Wsys Co., Ltd. - C:\Documents and Settings\All Users\Dados de aplicativos\eSafe\eGdpSvc.exe -- End of file - 7822 bytes ______________________________ O JRT.exe, não consegui executar ele no meu windows xp. Nao sei se é algum problema no meu notebook, mas o programa só abre uma janelinha do prompt e fecha em seguida. Devido a isso não mandei o log do mesmo. Desde já agradeço pela atenção. Obrigado!
  4. Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Versão da Base de Dados: v2013.07.24.05 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Administrador :: PROPRIET-08F526 [administrador] 24/7/2013 11:45:18 mbam-log-2013-07-24 (11-45-18).txt Tipo de Verificação: Verificação Rápida Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM Opções de verificação desativadas: P2P Objetos escaneados: 218960 Tempo decorrido: 11 minuto(s), 48 segundo(s) Processos de Memória Detectados: 0 (Não foram detectados ítens maliciosos) Módulos de Memória Detectados: 0 (Não foram detectados ítens maliciosos) Chaves de Registro Detectadas: 8 HKCR\Typelib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> Enviado para a Quarentena e deletado com sucesso. HKCR\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} (PUP.Funmoods) -> Enviado para a Quarentena e deletado com sucesso. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Enviado para a Quarentena e deletado com sucesso. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Enviado para a Quarentena e deletado com sucesso. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Enviado para a Quarentena e deletado com sucesso. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Enviado para a Quarentena e deletado com sucesso. HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Enviado para a Quarentena e deletado com sucesso. HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Enviado para a Quarentena e deletado com sucesso. Valores de Registro Detectadas: 2 HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: Funmoods Toolbar -> Enviado para a Quarentena e deletado com sucesso. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: -> Enviado para a Quarentena e deletado com sucesso. Itens de Dados no Registro Detectadas: 9 HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Page (Hijack.SearchPage) -> Ruim: (http://search.certified-toolbar.com?si=43168&st=chrome&tid=3927&ver=3.5&ts=1370568845687&tguid=43168-3927-1370568845687-2796873D5033B44D9665704DCC2D23C6&q=) Bom: (http://www.google.com) -> Enviado para a Quarentena e reparado com sucesso. HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Bar (Hijack.SearchPage) -> Ruim: (http://search.certified-toolbar.com?si=43168&st=chrome&tid=3927&ver=3.5&ts=1370568845687&tguid=43168-3927-1370568845687-2796873D5033B44D9665704DCC2D23C6&q=) Bom: (http://www.google.com) -> Enviado para a Quarentena e reparado com sucesso. HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Search_URL (Hijack.SearchPage) -> Ruim: (http://search.certified-toolbar.com?si=43168&st=chrome&tid=3927&ver=3.5&ts=1370568845687&tguid=43168-3927-1370568845687-2796873D5033B44D9665704DCC2D23C6&q=) Bom: (http://www.google.com) -> Enviado para a Quarentena e reparado com sucesso. HKCU\SOFTWARE\Microsoft\Internet Explorer\Search|Default_Search_URL (Hijack.SearchPage) -> Ruim: (http://search.certified-toolbar.com?si=43168&st=chrome&tid=3927&ver=3.5&ts=1370568845687&tguid=43168-3927-1370568845687-2796873D5033B44D9665704DCC2D23C6&q=) Bom: (http://www.google.com/) -> Enviado para a Quarentena e reparado com sucesso. HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Search_URL (Hijack.SearchPage) -> Ruim: (http://search.certified-toolbar.com?si=43168&st=chrome&tid=3927&ver=3.5&ts=1370568845687&tguid=43168-3927-1370568845687-2796873D5033B44D9665704DCC2D23C6&q=) Bom: (http://www.google.com) -> Enviado para a Quarentena e reparado com sucesso. HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Search Page (Hijack.SearchPage) -> Ruim: (http://search.certified-toolbar.com?si=43168&st=chrome&tid=3927&ver=3.5&ts=1370568845687&tguid=43168-3927-1370568845687-2796873D5033B44D9665704DCC2D23C6&q=) Bom: (http://www.google.com) -> Enviado para a Quarentena e reparado com sucesso. HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Search Bar (Hijack.SearchPage) -> Ruim: (http://search.certified-toolbar.com?si=43168&st=chrome&tid=3927&ver=3.5&ts=1370568845687&tguid=43168-3927-1370568845687-2796873D5033B44D9665704DCC2D23C6&q=) Bom: (http://www.google.com) -> Enviado para a Quarentena e reparado com sucesso. HKLM\SOFTWARE\Microsoft\Internet Explorer\Search|Default_Search_URL (Hijack.SearchPage) -> Ruim: (http://search.certified-toolbar.com?si=43168&st=chrome&tid=3927&ver=3.5&ts=1370568845687&tguid=43168-3927-1370568845687-2796873D5033B44D9665704DCC2D23C6&q=) Bom: (http://www.google.com/) -> Enviado para a Quarentena e reparado com sucesso. HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Ruim: (1) Bom: (0) -> Enviado para a Quarentena e reparado com sucesso. Pastas Detectadas: 0 (Não foram detectados ítens maliciosos) Arquivos Detectados: 0 (Não foram detectados ítens maliciosos) (fim) __________________ Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:35:46, on 27/7/2013 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\All Users\Dados de aplicativos\eSafe\eGdpSvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\VTTimer.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe C:\Arquivos de programas\Java\jre7\bin\jqs.exe C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe C:\WINDOWS\system32\S3trayp.exe C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Internet Download Manager\IDMan.exe C:\Arquivos de programas\Messenger\msmsgs.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Arquivos de programas\Internet Download Manager\IEMonitor.exe C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Administrador\Meus documentos\Downloads\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&utm_medium=ild&from=ild&uid=WDCXWD800BEVS-22RST0_WD-WXE507F0709707097&ts=1372865604 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com/?utm_source=b&utm_medium=ild&from=ild&uid=WDCXWD800BEVS-22RST0_WD-WXE507F0709707097&ts=1372865604 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&utm_medium=ild&from=ild&uid=WDCXWD800BEVS-22RST0_WD-WXE507F0709707097&ts=1372865604 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com/?utm_source=b&utm_medium=ild&from=ild&uid=WDCXWD800BEVS-22RST0_WD-WXE507F0709707097&ts=1372865604 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R3 - Default URLSearchHook is missing O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Arquivos de programas\Internet Download Manager\IDMIECC.dll O2 - BHO: CrossriderApp0033036 - {11111111-1111-1111-1111-110311301136} - C:\Arquivos de programas\Plus-HD-2.2\Plus-HD-2.2-bho.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre7\bin\ssv.dll O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre7\bin\jp2ssv.dll O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [s3Trayp] S3trayp.exe O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Arquivos de programas\PowerISO\PWRISOVM.EXE -startup O4 - HKLM\..\Run: [PlusService] C:\Arquivos de programas\Yuna Software\Messenger Plus!\PlusService.exe O4 - HKLM\..\Run: [hpqSRMon] C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [Guard.Mail.ru.gui] "C:\Arquivos de programas\Mail.Ru\Guard\GuardMailRu.exe" /gui O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [iDMan] C:\Arquivos de programas\Internet Download Manager\IDMan.exe /onboot O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DrvUpdater] C:\Documents and Settings\Administrador\Dados de aplicativos\DRPSu\DrvUpdater.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Fazer o download de todos os links usando o IDM - C:\Arquivos de programas\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Fazer o download usando o IDM - C:\Arquivos de programas\Internet Download Manager\IEExt.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1342385420140 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Avira Agendamento (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Arquivos de programas\Java\jre7\bin\jqs.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Arquivos de programas\Skype\Updater\Updater.exe O23 - Service: Wsys Service (WsysSvc) - Wsys Co., Ltd. - C:\Documents and Settings\All Users\Dados de aplicativos\eSafe\eGdpSvc.exe -- End of file - 8434 bytes
  5. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:26:53, on 23/7/2013 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe C:\Arquivos de programas\Java\jre7\bin\jqs.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Internet Download Manager\IEMonitor.exe C:\WINDOWS\system32\dllhost.exe C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Administrador\Meus documentos\Downloads\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&utm_medium=ild&from=ild&uid=WDCXWD800BEVS-22RST0_WD-WXE507F0709707097&ts=1372865604 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.certified-toolbar.com?si=43168&st=chrome&tid=3927&ver=3.5&ts=1370568845687&tguid=43168-3927-1370568845687-2796873D5033B44D9665704DCC2D23C6&q= R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.certified-toolbar.com?si=43168&st=chrome&tid=3927&ver=3.5&ts=1370568845687&tguid=43168-3927-1370568845687-2796873D5033B44D9665704DCC2D23C6&q= R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.certified-toolbar.com?si=43168&st=chrome&tid=3927&ver=3.5&ts=1370568845687&tguid=43168-3927-1370568845687-2796873D5033B44D9665704DCC2D23C6&q= R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com/?utm_source=b&utm_medium=ild&from=ild&uid=WDCXWD800BEVS-22RST0_WD-WXE507F0709707097&ts=1372865604 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&utm_medium=ild&from=ild&uid=WDCXWD800BEVS-22RST0_WD-WXE507F0709707097&ts=1372865604 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.certified-toolbar.com?si=43168&st=chrome&tid=3927&ver=3.5&ts=1370568845687&tguid=43168-3927-1370568845687-2796873D5033B44D9665704DCC2D23C6&q= R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.certified-toolbar.com?si=43168&st=chrome&tid=3927&ver=3.5&ts=1370568845687&tguid=43168-3927-1370568845687-2796873D5033B44D9665704DCC2D23C6&q= R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.certified-toolbar.com?si=43168&st=chrome&tid=3927&ver=3.5&ts=1370568845687&tguid=43168-3927-1370568845687-2796873D5033B44D9665704DCC2D23C6&q= R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com/?utm_source=b&utm_medium=ild&from=ild&uid=WDCXWD800BEVS-22RST0_WD-WXE507F0709707097&ts=1372865604 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.certified-toolbar.com?si=43168&st=chrome&tid=3927&ver=3.5&ts=1370568845687&tguid=43168-3927-1370568845687-2796873D5033B44D9665704DCC2D23C6&q= R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.certified-toolbar.com?si=43168&st=chrome&tid=3927&ver=3.5&ts=1370568845687&tguid=43168-3927-1370568845687-2796873D5033B44D9665704DCC2D23C6&q= R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R3 - Default URLSearchHook is missing O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Arquivos de programas\Internet Download Manager\IDMIECC.dll O2 - BHO: CrossriderApp0033036 - {11111111-1111-1111-1111-110311301136} - C:\Arquivos de programas\Plus-HD-2.2\Plus-HD-2.2-bho.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre7\bin\ssv.dll O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: (no name) - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - (no file) O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [iDMan] C:\Arquivos de programas\Internet Download Manager\IDMan.exe /onboot O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-606747145-1580436667-1417001333-501\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Convidado') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O8 - Extra context menu item: Fazer o download de todos os links usando o IDM - C:\Arquivos de programas\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Fazer o download usando o IDM - C:\Arquivos de programas\Internet Download Manager\IEExt.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1342385420140 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Avira Agendamento (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Arquivos de programas\Java\jre7\bin\jqs.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Arquivos de programas\Skype\Updater\Updater.exe O23 - Service: Wsys Service (WsysSvc) - Wsys Co., Ltd. - C:\Documents and Settings\All Users\Dados de aplicativos\eSafe\eGdpSvc.exe -- End of file - 8993 bytes
  6. Boa tarde, Meu notebook está desligando frequentemente e está mais lento do que o normal. Segue abaixo o relatório do hijackthis: Logfile of Trend Micro HijackThis v2.0.4Scan saved at 11:57:29, on 26/6/2013Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: Normal Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\svchost.exeC:\Arquivos de programas\Java\jre7\bin\jqs.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\wbem\wmiapsrv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\ctfmon.exeC:\Arquivos de programas\Internet Download Manager\IEMonitor.exeC:\Documents and Settings\Administrador\Meus documentos\Downloads\HijackThis.exeC:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exeC:\WINDOWS\system32\NOTEPAD.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.certified-toolbar.com?si=43168&tid=3927&ver=3.5&ts=1370568845687&tguid=43168-3927-1370568845687-2796873D5033B44D9665704DCC2D23C6&st=chrome&q=R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.certified-toolbar.com?si=43168&tid=3927&ver=3.5&ts=1370568845687&tguid=43168-3927-1370568845687-2796873D5033B44D9665704DCC2D23C6&st=chrome&q=R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.certified-toolbar.com?si=43168&tid=3927&ver=3.5&ts=1370568845687&tguid=43168-3927-1370568845687-2796873D5033B44D9665704DCC2D23C6&st=chrome&q=R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:newtabR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.certified-toolbar.com?si=43168&tid=3927&ver=3.5&ts=1370568845687&tguid=43168-3927-1370568845687-2796873D5033B44D9665704DCC2D23C6&st=chrome&q=R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.certified-toolbar.com?si=43168&tid=3927&ver=3.5&ts=1370568845687&tguid=43168-3927-1370568845687-2796873D5033B44D9665704DCC2D23C6&st=chrome&q=R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.certified-toolbar.com?si=43168&tid=3927&ver=3.5&ts=1370568845687&tguid=43168-3927-1370568845687-2796873D5033B44D9665704DCC2D23C6&st=chrome&q=R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:newtabR1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.certified-toolbar.com?si=43168&tid=3927&ver=3.5&ts=1370568845687&tguid=43168-3927-1370568845687-2796873D5033B44D9665704DCC2D23C6&st=chrome&q=R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.certified-toolbar.com?si=43168&tid=3927&ver=3.5&ts=1370568845687&tguid=43168-3927-1370568845687-2796873D5033B44D9665704DCC2D23C6&st=chrome&q=R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R3 - Default URLSearchHook is missingO2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Arquivos de programas\Internet Download Manager\IDMIECC.dllO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre7\bin\ssv.dllO2 - BHO: HomeTab - {7b34775d-ff8b-44b8-a951-d062a0fe77fa} - C:\Documents and Settings\Administrador\Dados de aplicativos\HomeTab\HomeTab.dllO2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre7\bin\jp2ssv.dllO3 - Toolbar: (no name) - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - (no file)O3 - Toolbar: HomeTab - {7b34775d-ff8b-44b8-a951-d062a0fe77fa} - C:\Documents and Settings\Administrador\Dados de aplicativos\HomeTab\HomeTab.dllO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [iDMan] C:\Arquivos de programas\Internet Download Manager\IDMan.exe /onbootO4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /cO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')O8 - Extra context menu item: Fazer o download de todos os links usando o IDM - C:\Arquivos de programas\Internet Download Manager\IEGetAll.htmO8 - Extra context menu item: Fazer o download usando o IDM - C:\Arquivos de programas\Internet Download Manager\IEExt.htmO9 - Extra button: (no name) - {8bf9b87b-1993-414f-94fb-77b0c559ef81} - C:\Documents and Settings\Administrador\Dados de aplicativos\HomeTab\HomeTab.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exeO14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.aspO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1342385420140O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLLO22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dllO22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dllO23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Arquivos de programas\Java\jre7\bin\jqs.exeO23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Arquivos de programas\Skype\Updater\Updater.exe --End of file - 8004 bytes Desde já agradeço pela atenção. Atenciosamente, Anderson Soares!
×