Logo Hardware.com.br
bladex15
bladex15 Novo Membro Registrado
25 Mensagens 0 Curtidas

Análise de Log

#1 Por bladex15 07/12/2011 - 16:27
Boa Tarde(dia ou noite),
meu computador recentemente começou a ficar muito lento e o flash player começou a travar varias vezes por esses motivos e outros, eu suspeito de virus. intão preciso da analise deste log, agradeço quem poder me ajudar.



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:22:54, on 7/12/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\RTHDCPL.EXE
D:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
D:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe
D:\Program Files\Ask.com\Updater\Updater.exe
D:\Program Files\Messenger\msmsgs.exe
D:\WINDOWS\system32\XP-7B358B7C.EXE
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\CDBurnerXP\NMSAccessU.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
D:\WINDOWS\system32\SearchIndexer.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINDOWS\system32\VT525C59.EXE
D:\Program Files\Common Files\Java\Java Update\jucheck.exe
D:\Documents and Settings\Administrator\My Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?babsrc=HP_ss&affID=100489&mntrId=74cef02d000000000000001fd0f1ebe9
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - D:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
O2 - BHO: JQSIEStartDetector.Class - {37EBCB4F-61B5-4074-995B-52CC5CF57B9A} - D:\WINDOWS\System32\jqsie_plugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - D:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - D:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: @D:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - D:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - D:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
O4 - HKLM\..\Run: [DWPersistentQueuedReporting] D:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE -a
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [StartCCC] "D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [PlusService] D:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
O4 - HKLM\..\Run: [Bing Bar] "D:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "D:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [ApnUpdater] "D:\Program Files\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [Adobe ARM] "D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [XP-7B358B7C] D:\WINDOWS\system32\XP-7B358B7C.EXE
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Update] "D:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [KB976002-v5] rundll32.exe advpack.dll,LaunchINFSection OPMWXPUP.inf,BrowserChoiceGoo (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [KB976002-v5] rundll32.exe advpack.dll,LaunchINFSection OPMWXPUP.inf,BrowserChoiceGoo (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [KB976002-v5] rundll32.exe advpack.dll,LaunchINFSection OPMWXPUP.inf,BrowserChoiceGoo (User 'Default user')
O4 - Startup: ¡¡¡¡¡¡.lnk = D:\WINDOWS\system32\XP-7B358B7C.EXE
O4 - Global Startup: Windows Search.lnk = D:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{16733A6C-EA09-42B0-8E29-E0C30FE2A5D6}: NameServer = 200.222.145.86 200.149.55.142
O20 - Winlogon Notify: RailNotification - Invalid registry found
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccess - Unknown owner - D:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Windows Presentation Foundation Font Cache 4.0.0.0 (WPFFontCache_v0400) - Unknown owner - D:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPFFontCache_v0400.exe (file missing)

--
End of file - 7630 bytes
computador boa recentemente analise log noite comecou dia tarde
Wings
Wings Cyber Highlander Registrado
20.3K Mensagens 1.2K Curtidas
#2 Por Wings
07/12/2011 - 16:35
Olá bladex15


1.
*Baixe o AD-Remover e salve-o no desktop

*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

*Clique [Clean] > [Sim] > [OK] > [Sim]. O PC poderá ser reiniciado para a completa limpeza.
*Cole o relatório C:\Ad-Report-CLEAN[1].txt

2.
*Instale o MalwareBytes
*Aguarde a atualização e o programa será aberto automaticamente
*Na aba [Verificação], selecione [Verificação completa]
*Clique [Verificar] e selecione a partição onde o Windows está instalado
*Ao finalizar o scan, clique [SIM] > [OK] > [Ver Resultados] > [Remover Selecionados]
*Cole o relatório apresentado

Caso já tenhas o Malwarebytes instalado....

*Execute-o, clique [Atualização] > [Baixar Atualizações]
*Na aba [Verificação], selecione Verificação completa
*Clique [Verificar] e selecione a partição onde o Windows está instalado
*Ao término, clique [SIM] > [OK] > [Ver Resultados] > [Remover Selecionados]
*Cole o relatório apresentado
bladex15
bladex15 Novo Membro Registrado
25 Mensagens 0 Curtidas
#3 Por bladex15
07/12/2011 - 17:26

AD-Remover Log:

======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 =======

Updated by TeamXscript on 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
website: http://www.teamxscript.org

D:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Launched at 15:50:43 on 07/12/2011, Normal boot

Microsoft Windows XP Professional Service Pack 3 (X86)
Administrator@ROGER-649805C0E ( )

============== SEARCH ==============





============== ADDITIONNAL SCAN ==============

**** Mozilla Firefox Version [8.0.1 (pt-BR)] ****

HKLM_MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf (x)
HKLM_MozillaPlugins\Adobe Reader (x)
Searchplugins\babylon.xml (hxxp://search.babylon.com/web/{searchTerms})
Searchplugins\buscape.xml (hxxp://busca.buscape.com.br/cprocura)
Searchplugins\mercadolivre.xml (hxxp://pmstrk.mercadolivre.com.br/jm/PmsTrk)
Searchplugins\twitter.xml (hxxps://twitter.com/search/{searchTerms})
Searchplugins\wikipedia-br.xml (hxxp://pt.wikipedia.org/wiki/Especial:Busca)
Searchplugins\yahoo-br.xml (hxxp://br.search.yahoo.com/search)
Components\browsercomps.dll (Mozilla Foundation)
HKLM_Extensions|msntoolbar@msn.com - D:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox

-- D:\Documents and Settings\Administrator\Application Data\Mozilla\FireFox\Profiles\39s82a81.default --
Extensions\DefaultManager@Microsoft (Microsoft Default Manager)
Extensions\ffxtlbr@babylon.com (Babylon)
Prefs.js - browser.download.lastDir, D:\\Documents and Settings\\Administrator\\Desktop
Prefs.js - browser.startup.homepage, hxxp://www.google.com.br/
Prefs.js - browser.startup.homepage_override.buildID, 20111120135848
Prefs.js - browser.startup.homepage_override.mstone, rv:8.0.1

========================================

**** Google Chrome Version [15.0.874.121] ****


-- D:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default --
Preferences - default_search_provider: "Search the web (Babylon)" (Enabled: true) (hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=100489&mntrId=74cef02d000000000000001fd0f1ebe9)
Preferences - homepage: hxxp://search.babylon.com/?babsrc=HP_ss&affID=100489&mntrId=74cef02d000000000000001fd0f1ebe9
Preferences - homepage_is_newtabpage: false
Plugin - Remoting Viewer (Enabled: true) (internal-remoting-viewer) (x)
Plugin - Native Client (Enabled: true) (D:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll)
Plugin - Bing Bar (Enabled: true) (D:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll)
Plugin - "Java" (Enabled: true)
Plugin - "Silverlight" (Enabled: true)
Plugin - "Remoting Viewer" (Enabled: true)
Plugin - "Native Client" (Enabled: true)
Plugin - "Foxit Reader Plugin for Mozilla" (Enabled: true)
Plugin - "Bing Bar" (Enabled: true)

========================================

**** Internet Explorer Version [8.0.6001.18702] ****

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKLM_Toolbar|{8dcb7100-df86-4384-8842-8fa844297b3f} (D:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll)
HKLM_Toolbar|{98889811-442D-49dd-99D7-DC866BE87DBC} (D:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll)
HKLM_ElevationPolicy\{02073B90-44EE-47B1-9633-732376A8A3C8} - D:\Program Files\Veetle\Player\VeetleNet.exe (?)
HKLM_ElevationPolicy\{6052BF20-EA23-4A04-B3C1-A20EFE01A95A} - D:\Program Files\Veetle\Player\vtl_hfs.exe (?)
HKLM_ElevationPolicy\{680FA47E-AB59-46BE-B594-7358726E108B} - D:\Program Files\Veetle\Player\player.exe (?)
HKLM_ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542} - D:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarsrv.exe (Babylon Ltd.)
HKLM_ElevationPolicy\{E8BC6C2B-DD90-4397-96EB-2AAF0E48ABE6} - D:\Program Files\Veetle\Player\vtl_hfax.exe (?)
HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?)
BHO\{2EECD738-5844-4a99-B4B6-146BF802613B} - "Babylon toolbar helper" (D:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll)
BHO\{37EBCB4F-61B5-4074-995B-52CC5CF57B9A} - "JQSIEStartDetector.Class" (D:\WINDOWS\System32\jqsie_plugin.dll)
BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?)
BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (D:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll)

========================================

D:\Program Files\Ad-Remover\Quarantine: 237 File(s)
D:\Program Files\Ad-Remover\Backup: 14 File(s)

D:\Ad-Report-CLEAN[1].txt - 07/12/2011 15:46:21 (12036 Byte(s))
D:\Ad-Report-SCAN[1].txt - 07/12/2011 15:50:50 (5103 Byte(s))

End at: 15:51:46, 07/12/2011

============== E.O.F ==============



Malwarebytes Log:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Versão da Base de Dados: 8329

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/12/2011 16:24:56
mbam-log-2011-12-07 (16-24-56).txt

Tipo de Verificação: Verificação Completa (D:\|)
Objetos escaneados: 182151
Tempo decorrido: 17 minuto(s), 41 segundo(s)

Processos de Memória Infectados: 1
Módulos de Memória Infectados: 3
Chaves de Registro Infectadas: 7
Valores de Registro Infectados: 1
Itens de Dados no Registro Infectados: 0
Pastas Infectadas: 1
Arquivos Infectados: 35

Processos de Memória Infectados:
d:\WINDOWS\system32\xp-7b358b7c.exe (Trojan.Agent) -> 1900 -> Unloaded process successfully.

Módulos de Memória Infectados:
d:\WINDOWS\Wplugin.dll (Trojan.Dropper) -> Delete on reboot.
d:\WINDOWS\system32\jqsie_plugin.dll (Trojan.BHO) -> Delete on reboot.
d:\documents and settings\administrator\application data\Wplugin.dll (Trojan.Dropper) -> Delete on reboot.

Chaves de Registro Infectadas:
HKEY_CLASSES_ROOT\CLSID\{37EBCB4F-61B5-4074-995B-52CC5CF57B9A} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3A11D128-AA99-47F4-8B5B-40BDBC6377E2} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{88C3F793-8059-4D6F-8432-E2913921C5DD} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\JQSIEStartDetector.Class (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{37EBCB4F-61B5-4074-995B-52CC5CF57B9A} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{37EBCB4F-61B5-4074-995B-52CC5CF57B9A} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{37EBCB4F-61B5-4074-995B-52CC5CF57B9A} (Trojan.BHO) -> Quarantined and deleted successfully.

Valores de Registro Infectados:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\XP-7B358B7C (Trojan.Agent) -> Value: XP-7B358B7C -> Quarantined and deleted successfully.

Itens de Dados no Registro Infectados:
(Não foram detectados ítens maliciosos)

Pastas Infectadas:
d:\documents and settings\administrator\local settings\Temp\E_4 (Worm.AutoRun) -> Quarantined and deleted successfully.

Arquivos Infectados:
d:\WINDOWS\Wplugin.dll (Trojan.Dropper) -> Delete on reboot.
d:\WINDOWS\system32\jqsie_plugin.dll (Trojan.BHO) -> Quarantined and deleted successfully.
d:\documents and settings\administrator\application data\Wplugin.dll (Trojan.Dropper) -> Quarantined and deleted successfully.
d:\Documents and Settings\Administrator\Local Settings\Temp\E_4\dp1.fne (Worm.Autorun) -> Quarantined and deleted successfully.
d:\Documents and Settings\Administrator\Local Settings\Temp\E_4\internet.fne (HackTool.Patcher) -> Quarantined and deleted successfully.
d:\documents and settings\administrator\my documents\[www.mwbra.com]+ativador+office+2007+by+mwb\microsoft office 2007 - keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
d:\documents and settings\administrator\my documents\downloads\flash_player_12(1).exe (Trojan.Downloader) -> Quarantined and deleted successfully.
d:\documents and settings\administrator\my documents\downloads\flash_player_12.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
d:\system volume information\_restore{c4ee26a2-6797-4d76-9aa6-f850cd2bc05e}\RP4\A0000141.dll (Trojan.Dropper) -> Quarantined and deleted successfully.
d:\system volume information\_restore{c4ee26a2-6797-4d76-9aa6-f850cd2bc05e}\RP4\A0000095.dll (Trojan.Dropper) -> Quarantined and deleted successfully.
d:\WINDOWS\system32\dp1.fne (Worm.Autorun) -> Quarantined and deleted successfully.
d:\WINDOWS\system32\internet.fne (HackTool.Patcher) -> Quarantined and deleted successfully.
d:\WINDOWS\system32\V7BE0285.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
d:\WINDOWS\system32\VT525C59.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
d:\WINDOWS\system32\Z5H1C2D4.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
d:\WINDOWS\system32\ZH69U.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
d:\WINDOWS\system32\ZW5L.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
d:\WINDOWS\system32\ZW69U.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
d:\documents and settings\administrator\start menu\Programs\Startup\¡¡¡¡¡¡.lnk (Worm.AutoRun) -> Quarantined and deleted successfully.
d:\WINDOWS\system32\com.run (Trojan.Banker) -> Quarantined and deleted successfully.
d:\WINDOWS\system32\eAPI.fne (Worm.AutoRun) -> Quarantined and deleted successfully.
d:\WINDOWS\system32\krnln.fnr (Trojan.Agent) -> Quarantined and deleted successfully.
d:\WINDOWS\system32\og.dll (Worm.AutoRun) -> Quarantined and deleted successfully.
d:\WINDOWS\system32\og.EDT (Worm.AutoRun) -> Quarantined and deleted successfully.
d:\WINDOWS\system32\RegEx.fnr (Worm.AutoRun) -> Quarantined and deleted successfully.
d:\WINDOWS\system32\shell.fne (Worm.AutoRun) -> Quarantined and deleted successfully.
d:\WINDOWS\system32\spec.fne (Worm.AutoRun) -> Quarantined and deleted successfully.
d:\WINDOWS\system32\ul.dll (Worm.AutoRun) -> Quarantined and deleted successfully.
d:\documents and settings\administrator\local settings\Temp\E_4\krnln.fnr (Spyware.Agent) -> Quarantined and deleted successfully.
d:\WINDOWS\system32\xp-7b358b7c.exe (Trojan.Agent) -> Quarantined and deleted successfully.
d:\documents and settings\administrator\local settings\Temp\E_4\com.run (Worm.AutoRun) -> Quarantined and deleted successfully.
d:\documents and settings\administrator\local settings\Temp\E_4\eAPI.fne (Worm.AutoRun) -> Quarantined and deleted successfully.
d:\documents and settings\administrator\local settings\Temp\E_4\RegEx.fnr (Worm.AutoRun) -> Quarantined and deleted successfully.
d:\documents and settings\administrator\local settings\Temp\E_4\shell.fne (Worm.AutoRun) -> Quarantined and deleted successfully.
d:\documents and settings\administrator\local settings\Temp\E_4\spec.fne (Worm.AutoRun) -> Quarantined and deleted successfully.
Wings
Wings Cyber Highlander Registrado
20.3K Mensagens 1.2K Curtidas
#4 Por Wings
07/12/2011 - 17:34
1.
*Execute o AD-Remover e clique [Uninstall] > [Não] > [Close]
*Delete a pasta D:\Program Files\Ad-Remover
*Delete os arquivos D:\Ad-Report-CLEAN[1].txt e D:\Ad-Report-SCAN[1].txt

2.
*Desative temporariamente seu antivírus

*Baixe o ComboFix e salve-o no desktop
*Execute-o e aceite o contrato
*Se o Console de Recuperação do Microsoft Windows não estiver instalado, aceite a sua instalação
*Após a instalação do Console, clique [Sim] e aguarde a conclusão das etapas

1) Não use o mouse nem o teclado durante as etapas!!
2) Para interromper o scan, tecle N

*Cole o relatório apresentado
bladex15
bladex15 Novo Membro Registrado
25 Mensagens 0 Curtidas
#5 Por bladex15
08/12/2011 - 12:39
ComboFix Log:


ComboFix 11-12-06.02 - Administrator 08/12/2011 11:17:40.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.518 [GMT -2:00]
Running from: d:\documents and settings\Administrator\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
d:\documents and settings\Administrator\Application Data\Wplugin.dll
d:\windows\explorer.exe.local
d:\windows\Wplugin.dll
d:\windows\ws2help.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-11-08 to 2011-12-08 )))))))))))))))))))))))))))))))
.
.
2011-12-07 17:53 . 2011-12-07 17:53 -------- d-----w- d:\documents and settings\Administrator\Application Data\Malwarebytes
2011-12-07 17:53 . 2011-12-07 17:53 -------- d-----w- d:\documents and settings\All Users\Application Data\Malwarebytes
2011-12-07 17:53 . 2011-12-07 17:53 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
2011-12-07 17:53 . 2011-08-31 19:00 22216 ----a-w- d:\windows\system32\drivers\mbam.sys
2011-12-07 14:49 . 2011-12-07 14:51 -------- d-----w- d:\documents and settings\All Users\Application Data\Pinnacle VideoSpin
2011-12-07 14:49 . 2011-12-07 14:49 -------- d-----w- d:\program files\Pinnacle
2011-12-07 14:49 . 2011-12-07 14:49 -------- d-----w- d:\program files\Common Files\Yahoo!
2011-12-07 14:46 . 2011-12-07 14:46 -------- d-----w- d:\documents and settings\All Users\Application Data\Pinnacle
2011-12-07 14:45 . 2011-12-07 14:45 -------- d-----w- d:\documents and settings\Administrator\Local Settings\Application Data\Downloaded Installations
2011-12-07 13:33 . 2011-12-07 13:33 -------- d-----w- d:\documents and settings\Administrator\Application Data\Publish Providers
2011-12-07 13:33 . 2011-12-07 13:33 -------- d-----w- d:\documents and settings\Administrator\Application Data\Sony
2011-12-07 13:28 . 2011-12-07 13:28 -------- d-----w- d:\documents and settings\Administrator\Local Settings\Application Data\Sony
2011-12-07 13:26 . 2011-12-07 13:26 -------- d-----w- d:\program files\Vstplugins
2011-12-07 13:26 . 2011-12-07 13:26 -------- d-----w- d:\documents and settings\All Users\Application Data\Sony
2011-12-07 13:26 . 2011-12-07 13:26 -------- d-----w- d:\program files\Sony
2011-12-07 13:24 . 2011-12-07 13:24 -------- d-----w- d:\program files\Sony Setup
2011-12-06 18:15 . 2011-12-06 18:15 -------- d-----w- d:\documents and settings\Administrator\Application Data\YCanPDF
2011-12-02 01:03 . 2011-12-07 16:38 -------- d-----w- d:\documents and settings\Administrator\Local Settings\Application Data\WMTools Downloaded Files
2011-12-01 19:31 . 2011-12-01 19:31 -------- d-----w- d:\documents and settings\All Users\Application Data\Canneverbe Limited
2011-12-01 19:31 . 2011-12-01 19:31 -------- d-----w- d:\documents and settings\Administrator\Application Data\Canneverbe Limited
2011-12-01 19:31 . 2009-11-12 15:48 5504 ----a-w- d:\windows\system32\drivers\StarOpen.sys
2011-12-01 19:31 . 2011-12-01 19:31 -------- d-----w- d:\program files\CDBurnerXP
2011-12-01 14:12 . 2011-12-01 14:12 -------- d-----w- d:\program files\CDisplay
2011-12-01 14:07 . 2011-12-01 14:08 237 ----a-w- D:\user.js
2011-12-01 14:07 . 2011-12-01 14:07 -------- d-----w- d:\program files\BabylonToolbar
2011-12-01 14:07 . 2011-12-01 14:07 -------- d-----w- d:\documents and settings\Administrator\Local Settings\Application Data\Babylon
2011-12-01 14:07 . 2011-12-01 14:07 -------- d-----w- d:\documents and settings\All Users\Application Data\Babylon
2011-12-01 14:07 . 2011-12-01 14:07 -------- d-----w- d:\documents and settings\Administrator\Application Data\Babylon
2011-11-29 12:10 . 2011-11-29 12:10 -------- d-----w- d:\program files\uTorrent
2011-11-29 12:08 . 2011-12-04 00:39 -------- d-----w- d:\documents and settings\Administrator\Application Data\uTorrent
2011-11-29 12:08 . 2011-11-29 12:08 -------- d-----w- d:\documents and settings\Administrator\Local Settings\Application Data\uTorrent
2011-11-25 01:52 . 2011-11-25 01:52 -------- d-----w- d:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2011-11-16 15:45 . 2011-11-16 15:45 -------- d-----w- d:\windows\ShellNew
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-21 04:42 . 2011-12-05 16:03 134104 ----a-w- d:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-06-17 . EA22DA5C7AE7192A12E37A7C546220C6 . 361600 . . [5.1.2600.6009] . . d:\windows\system32\drivers\tcpip.sys
.
[-] 2011-06-17 . 1C891C955AAA123C937B82E3AE7610CF . 1614848 . . [5.1.2600.5512] . . d:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DWPersistentQueuedReporting"="d:\program files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE" [2007-02-26 437160]
"RTHDCPL"="RTHDCPL.EXE" [2011-08-09 20055144]
"StartCCC"="d:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-04-29 61440]
"SunJavaUpdateSched"="d:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"PlusService"="d:\program files\Yuna Software\Messenger Plus!\PlusService.exe" [2011-09-20 801792]
"Bing Bar"="d:\program files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe" [2010-04-27 243544]
"Microsoft Default Manager"="d:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-12 288088]
"Adobe ARM"="d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Malwarebytes' Anti-Malware"="d:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"KB976002-v5"="advpack.dll" [2009-03-08 128512]
.
d:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - d:\program files\Windows Desktop Search\WindowsSearch.exe [2011-9-6 128000]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "d:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Documents and Settings\\Administrator\\Application Data\\United Football\\UnitedFootball.exe"=
"d:\\Program Files\\Veetle\\Player\\VeetleNet.exe"=
"d:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\SNES\\utorrent.exe"=
"d:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\RM.exe"=
"d:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\umi.exe"=
"d:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"=
.
R2 MBAMService;MBAMService;d:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/12/2011 15:53 366152]
R3 MBAMProtector;MBAMProtector;d:\windows\system32\drivers\mbam.sys [7/12/2011 15:53 22216]
S1 DumpDrv;Crash Dump Driver;d:\windows\system32\drivers\dumpdrv.sys [18/8/2009 10:50 9472]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;d:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [6/9/2011 01:16 130384]
S3 Ambfilt;Ambfilt;d:\windows\system32\drivers\Ambfilt.sys [6/9/2011 03:55 1691480]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\d:\windows\system32\drivers\mbamswissarmy.sys --> d:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);d:\windows\system32\svchost.exe -k WINRM [3/10/2008 09:54 14848]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;d:\windows\Microsoft.NET\Framework\v4.0.30319\WPFFontCache_v0400.exe --> d:\windows\Microsoft.NET\Framework\v4.0.30319\WPFFontCache_v0400.exe [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-08 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-261903793-842925246-500Core.job
- d:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-13 20:15]
.
2011-12-08 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-261903793-842925246-500UA.job
- d:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-13 20:15]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 10.0.0.253
FF - ProfilePath - d:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\39s82a81.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/
FF - user.js: extensions.BabylonToolbar_i.id - 74cef02d000000000000001fd0f1ebe9
FF - user.js: extensions.BabylonToolbar_i.hardId - 74cef02d000000000000001fd0f1ebe9
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15309
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1712:07
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100489
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-ApnUpdater - d:\program files\Ask.com\Updater\Updater.exe
Notify-RailNotification - (no file)
AddRemove-Microsoft .NET Framework 3.5 SP1 - d:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
AddRemove-Microsoft .NET Framework 4 Client Profile - d:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe
AddRemove-Microsoft .NET Framework 4 Extended - d:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-08 11:32
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-854245398-261903793-842925246-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,64,13,34,73,d0,31,b3,47,86,e7,3b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,64,13,34,73,d0,31,b3,47,86,e7,3b,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(720)
d:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(1344)
d:\windows\system32\WININET.dll
d:\windows\system32\msi.dll
d:\windows\system32\ieframe.dll
d:\windows\system32\webcheck.dll
d:\windows\system32\WPDShServiceObj.dll
d:\windows\system32\PortableDeviceTypes.dll
d:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
d:\windows\system32\Ati2evxx.exe
d:\windows\system32\Ati2evxx.exe
d:\windows\RTHDCPL.EXE
d:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
d:\program files\Java\jre6\bin\jqs.exe
d:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
d:\program files\CDBurnerXP\NMSAccessU.exe
d:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
d:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
d:\windows\system32\SearchIndexer.exe
d:\windows\system32\wscntfy.exe
d:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
.
**************************************************************************
.
Completion time: 2011-12-08 11:35:47 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-08 13:35
.
Pre-Run: 10.304.569.344 bytes free
Post-Run: 10.321.997.824 bytes free
.
- - End Of File - - 127A467932CC6664D05AF2EB5DD4B8ED
bladex15
bladex15 Novo Membro Registrado
25 Mensagens 0 Curtidas
#7 Por bladex15
08/12/2011 - 13:18
eu não consegui efetuar o download pelo link fornecido, aparece uma mensagem: Accès non autorisé aux téléchargements!

mas eu achei no google, vou colar o log que apareceu, veja se ele serve.

AdwCleaner Log:

# AdwCleaner v1.401 - Logfile created 12/08/2011 at 12:13:53
# Updated 12/06/11 at 19:00p.m by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Administrator - ROGER-649805C0E (Administrator)
# Running from : D:\Documents and Settings\Administrator\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : D:\Documents and Settings\All Users\Application Data\Babylon
Folder Found : D:\Documents and Settings\Administrator\Application Data\Babylon
Folder Found : D:\Documents and Settings\Administrator\Local Settings\Application Data\Babylon
Folder Found : D:\Program Files\BabylonToolbar
Folder Found : D:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Folder Found : D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\39s82a81.default\extensions\ffxtlbr@babylon.com
File Found : D:\Program Files\Mozilla Firefox\searchplugins\babylon.xml

***** [Registry] *****

Key Found : HKCU\Software\APN
Key Found : HKCU\Software\BabylonToolbar
Key Found : HKCU\Software\Headlight
Key Found : HKLM\SOFTWARE\APN
Key Found : HKLM\SOFTWARE\Babylon
Key Found : HKLM\SOFTWARE\BabylonToolbar
Key Found : HKLM\SOFTWARE\Classes\b
Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484a-89D3-318C928DAC1B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4ccf-834A-2DDA4E29E39E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44a1-AF6E-957C64278AB1}
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4
Key Found : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Found : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4a99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49dd-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4a99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49dd-99D7-DC866BE87DBC}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49dd-99D7-DC866BE87DBC}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Registry is OK.

-\\ Mozilla Firefox v8.0.1 (pt-BR)

Profile : 39s82a81.default
File : D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\39s82a81.default\prefs.js

Found : user_pref("extensions.BabylonToolbar.admin", false);
Found : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Found : user_pref("extensions.BabylonToolbar.babExt", "");
Found : user_pref("extensions.BabylonToolbar.babTrack", "affID=100489");
Found : user_pref("extensions.BabylonToolbar.bbDpng", 8);
Found : user_pref("extensions.BabylonToolbar.dfltSrch", false);
Found : user_pref("extensions.BabylonToolbar.hmpg", false);
Found : user_pref("extensions.BabylonToolbar.id", "74cef02d000000000000001fd0f1ebe9");
Found : user_pref("extensions.BabylonToolbar.instlDay", "15309");
Found : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Found : user_pref("extensions.BabylonToolbar.lastDP", 8);
Found : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1712:07:52");
Found : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "8.0");
Found : user_pref("extensions.BabylonToolbar.newTab", true);
Found : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");
Found : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
Found : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Found : user_pref("extensions.BabylonToolbar.propectorlck", 61905652);
Found : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Found : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Found : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Found : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Found : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
Found : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");
Found : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1712:07:52");
Found : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");
Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Found : user_pref("extensions.BabylonToolbar_i.babExt", "");
Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=100489");
Found : user_pref("extensions.BabylonToolbar_i.hardId", "74cef02d000000000000001fd0f1ebe9");
Found : user_pref("extensions.BabylonToolbar_i.id", "74cef02d000000000000001fd0f1ebe9");
Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15309");
Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Found : user_pref("extensions.BabylonToolbar_i.newTab", false);
Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1712:07:52");
Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Found : user_pref("extensions.enabledAddons", "{20a82645-c095-46ed-80e3-08825760534b}:0.0.0,jqs@sun.com:1.0,[...]

-\\ Google Chrome v15.0.874.121

File : D:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Found : "icon_url": "hxxp://www.babylon.com/favicon.ico",
Found : "keyword": "babylon.com",
Found : "name": "Search the web (Babylon)",
Found : "search_url": "hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=100489&mntrId=74[...]
Found : "homepage": "hxxp://search.babylon.com/?babsrc=HP_ss&affID=100489&mntrId=74cef02d000000000000001f[...]

*************************

AdwCleaner[R1].txt - [9338 octets] - [08/12/2011 12:13:53]

########## EOF - D:\AdwCleaner[R1].txt - [9466 octets] ##########
bladex15
bladex15 Novo Membro Registrado
25 Mensagens 0 Curtidas
#9 Por bladex15
08/12/2011 - 13:57
O motivo da confusão é porque o programa que eu baixei esta em inglês portanto não possui essas opções que você pediu, penso eu que o equivalente na minha versão ao que você esta pedindo seja "Delete".


AdwCleaner Log:

# AdwCleaner v1.401 - Logfile created 12/08/2011 at 12:43:56
# Updated 12/06/11 at 19:00p.m by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Administrator - ROGER-649805C0E (Administrator)
# Running from : D:\Documents and Settings\Administrator\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : D:\Documents and Settings\All Users\Application Data\Babylon
Folder Deleted : D:\Documents and Settings\Administrator\Application Data\Babylon
Folder Deleted : D:\Documents and Settings\Administrator\Local Settings\Application Data\Babylon
Folder Deleted : D:\Program Files\BabylonToolbar
Folder Deleted : D:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Folder Deleted : D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\39s82a81.default\extensions\ffxtlbr@babylon.com
File Deleted : D:\Program Files\Mozilla Firefox\searchplugins\babylon.xml

***** [Registry] *****

Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKLM\SOFTWARE\APN
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Classes\b
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484a-89D3-318C928DAC1B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4ccf-834A-2DDA4E29E39E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44a1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4a99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49dd-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4a99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49dd-99D7-DC866BE87DBC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49dd-99D7-DC866BE87DBC}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Registry is OK.

-\\ Mozilla Firefox v8.0.1 (pt-BR)

Profile : 39s82a81.default
File : D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\39s82a81.default\prefs.js

D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\39s82a81.default\user.js ... Deleted !

Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=100489");
Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 8);
Deleted : user_pref("extensions.BabylonToolbar.dfltSrch", false);
Deleted : user_pref("extensions.BabylonToolbar.hmpg", false);
Deleted : user_pref("extensions.BabylonToolbar.id", "74cef02d000000000000001fd0f1ebe9");
Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15309");
Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar.lastDP", 8);
Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1712:07:52");
Deleted : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "8.0");
Deleted : user_pref("extensions.BabylonToolbar.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");
Deleted : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 61905652);
Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1712:07:52");
Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=100489");
Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "74cef02d000000000000001fd0f1ebe9");
Deleted : user_pref("extensions.BabylonToolbar_i.id", "74cef02d000000000000001fd0f1ebe9");
Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15309");
Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);
Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1712:07:52");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Deleted : user_pref("extensions.enabledAddons", "{20a82645-c095-46ed-80e3-08825760534b}:0.0.0,jqs@sun.com:1.0,[...]

-\\ Google Chrome v15.0.874.121

File : D:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Deleted : "icon_url": "hxxp://www.babylon.com/favicon.ico",
Deleted : "keyword": "babylon.com",
Deleted : "name": "Search the web (Babylon)",
Deleted : "search_url": "hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=100489&mntrId=74[...]
Deleted : "homepage": "hxxp://search.babylon.com/?babsrc=HP_ss&affID=100489&mntrId=74cef02d000000000000001f[...]

*************************

AdwCleaner[R1].txt - [9467 octets] - [08/12/2011 12:13:53]
AdwCleaner[S1].txt - [9750 octets] - [08/12/2011 12:43:56]

*************************

Temporary folder : : 3 folder(s)et 7 file(s) deleted

########## EOF - D:\AdwCleaner[S1].txt - [9964 octets] ##########




Novo Hijackthis Log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:52:36, on 8/12/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\RTHDCPL.EXE
D:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
D:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe
D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
D:\Program Files\Windows Desktop Search\WindowsSearch.exe
D:\WINDOWS\system32\NOTEPAD.EXE
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
D:\Program Files\CDBurnerXP\NMSAccessU.exe
D:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
D:\WINDOWS\system32\SearchIndexer.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Mozilla Firefox\plugin-container.exe
D:\Documents and Settings\Administrator\My Documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - D:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - D:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: @D:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - D:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll
O4 - HKLM\..\Run: [DWPersistentQueuedReporting] D:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE -a
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [StartCCC] "D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [PlusService] D:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
O4 - HKLM\..\Run: [Bing Bar] "D:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "D:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [Adobe ARM] "D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKUS\S-1-5-18\..\Run: [KB976002-v5] rundll32.exe advpack.dll,LaunchINFSection OPMWXPUP.inf,BrowserChoiceGoo (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [KB976002-v5] rundll32.exe advpack.dll,LaunchINFSection OPMWXPUP.inf,BrowserChoiceGoo (User 'Default user')
O4 - Global Startup: Windows Search.lnk = D:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{16733A6C-EA09-42B0-8E29-E0C30FE2A5D6}: NameServer = 200.222.145.86 200.149.55.142
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NMSAccess - Unknown owner - D:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Windows Presentation Foundation Font Cache 4.0.0.0 (WPFFontCache_v0400) - Unknown owner - D:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPFFontCache_v0400.exe (file missing)

--
End of file - 6162 bytes
© 1999-2025 Hardware.com.br. Todos os direitos reservados.
Imagem do Modal