Portal
# AdwCleaner v2.301 - Relatório criado em 03/06/2013 às 04:18:45
# Atualizado em 16/05/2013 por Xplode
# Sistema Operacional : Microsoft Windows XP Service Pack 3 (32 bits)
# Usuário : Paulinho - PAULINHO-778192
# Modo de Boot : Normal
# Executado de : C:\Documents and Settings\Paulinho\Meus documentos\Downloads\adwcleaner.exe
# Opção [Remover]
***** [Serviços] *****
Encerrado & Removido : BrowserProtect
Encerrado & Removido : Yontoo Desktop Updater
***** [Arquivos/Pastas] *****
Arquivo Removido : C:\Arquivos de programas\Mozilla Firefox\searchplugins\babylon.xml
Arquivo Removido : C:\Documents and Settings\Paulinho\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\bProtector Web Data
Arquivo Removido : C:\Documents and Settings\Paulinho\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\bprotectorpreferences
Arquivo Removido : C:\Documents and Settings\Paulinho\Dados de aplicativos\BabMaint.exe
Arquivo Removido : C:\Documents and Settings\Paulinho\Dados de aplicativos\Mozilla\Firefox\Profiles\pge0mysw.default\bprotector_extensions.sqlite
Arquivo Removido : C:\Documents and Settings\Paulinho\Dados de aplicativos\Mozilla\Firefox\Profiles\pge0mysw.default\bprotector_prefs.js
Arquivo Removido : C:\Documents and Settings\Paulinho\Dados de aplicativos\Mozilla\Firefox\Profiles\pge0mysw.default\searchplugins\Askcom.xml
Arquivo Removido : C:\Documents and Settings\Paulinho\Dados de aplicativos\Mozilla\Firefox\Profiles\pge0mysw.default\searchplugins\Babylon.xml
Arquivo Removido : C:\Documents and Settings\Paulinho\Dados de aplicativos\Mozilla\Firefox\Profiles\pge0mysw.default\searchplugins\BrowserProtect.xml
Arquivo Removido : C:\Documents and Settings\Paulinho\Dados de aplicativos\Mozilla\Firefox\Profiles\pge0mysw.default\searchplugins\delta.xml
Arquivo Removido : C:\Documents and Settings\Paulinho\Dados de aplicativos\Mozilla\Firefox\Profiles\pge0mysw.default\searchplugins\my-web-search.xml
Arquivo Removido : C:\WINDOWS\Tasks\EPUpdater.job
Pasta Removido : C:\Arquivos de programas\DealPly
Pasta Removido : C:\Arquivos de programas\Delta
Pasta Removido : C:\Arquivos de programas\Yontoo
Pasta Removido : C:\Documents and Settings\All Users\Dados de aplicativos\Babylon
Pasta Removido : C:\Documents and Settings\All Users\Dados de aplicativos\Tarma Installer
Pasta Removido : C:\Documents and Settings\Paulinho\Configurações locais\Dados de aplicativos\APN
Pasta Removido : C:\Documents and Settings\Paulinho\Dados de aplicativos\BabSolution
Pasta Removido : C:\Documents and Settings\Paulinho\Dados de aplicativos\Babylon
Pasta Removido : C:\Documents and Settings\Paulinho\Dados de aplicativos\DealPly
Pasta Removido : C:\Documents and Settings\Paulinho\Dados de aplicativos\Delta
Pasta Removido : C:\Documents and Settings\Paulinho\Dados de aplicativos\Mozilla\Firefox\Profiles\pge0mysw.default\extensions\amo@dealplyshopping.com
Pasta Removido : C:\Documents and Settings\Paulinho\Dados de aplicativos\Mozilla\Firefox\Profiles\pge0mysw.default\extensions\ffxtlbr@delta.com
Pasta Removido : C:\Documents and Settings\Paulinho\Dados de aplicativos\Mozilla\Firefox\Profiles\pge0mysw.default\extensions\plugin@yontoo.com
Pasta Removido : C:\Documents and Settings\Paulinho\Dados de aplicativos\Yontoo
Pasta Removido : C:\Documents and Settings\Paulinho\Menu Iniciar\Programas\DealPly
Removido Durante o reboot : C:\Documents and Settings\All Users\Dados de aplicativos\BrowserProtect
***** [Registro] *****
Chave Removida : HKCU\Software\5928adfb66fee48
Chave Removida : HKCU\Software\BabylonToolbar
Chave Removida : HKCU\Software\DataMngr
Chave Removida : HKCU\Software\DataMngr_Toolbar
Chave Removida : HKCU\Software\DealPly
Chave Removida : HKCU\Software\Delta
Chave Removida : HKCU\Software\delta LTD
Chave Removida : HKCU\Software\InstallCore
Chave Removida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF7BD87A-8024-11E2-F316-F3E56188709B}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C547C6C2-561B-4169-A2A5-20BA771CA93B}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF7BD87A-8024-11E2-F316-F3E56188709B}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Chave Removida : HKLM\SOFTWARE\5928adfb66fee48
Chave Removida : HKLM\Software\Babylon
Chave Removida : HKLM\Software\BabylonToolbar
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Chave Removida : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Chave Removida : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Chave Removida : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Chave Removida : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Chave Removida : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Chave Removida : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{EF7BD87A-8024-11E2-F316-F3E56188709B}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Chave Removida : HKLM\SOFTWARE\Classes\delta.deltaappCore
Chave Removida : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Chave Removida : HKLM\SOFTWARE\Classes\delta.deltadskBnd
Chave Removida : HKLM\SOFTWARE\Classes\delta.deltadskBnd.1
Chave Removida : HKLM\SOFTWARE\Classes\delta.deltaHlpr
Chave Removida : HKLM\SOFTWARE\Classes\delta.deltaHlpr.1
Chave Removida : HKLM\SOFTWARE\Classes\escort.escortIEPane
Chave Removida : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Chave Removida : HKLM\SOFTWARE\Classes\esrv.deltaESrvc
Chave Removida : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Chave Removida : HKLM\SOFTWARE\Classes\Prod.cap
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Chave Removida : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Chave Removida : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Chave Removida : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Chave Removida : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Chave Removida : HKLM\Software\DataMngr
Chave Removida : HKLM\Software\DealPly
Chave Removida : HKLM\Software\Delta
Chave Removida : HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Chave Removida : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF7BD87A-8024-11E2-F316-F3E56188709B}
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
Chave Removida : HKLM\Software\Tarma Installer
Chave Removida : HKU\S-1-5-21-1801674531-1060284298-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Dados Removida : HKLM\..\Windows [AppInit_DLLs] = c:\docume~1\alluse~1\dadosd~1\browse~1\261339~1.144\{c16c1~1\browse~1.dll
Valor Removida : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Valor Removida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Valor Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Yontoo Desktop]
Valor Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{82E1477C-B154-48D3-9891-33D83C26BCD3}]
***** [Navegadores] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Registro está limpo.
-\\ Mozilla Firefox v21.0 (pt-BR)
Arquivo : C:\Documents and Settings\Paulinho\Dados de aplicativos\Mozilla\Firefox\Profiles\pge0mysw.default\prefs.js
C:\Documents and Settings\Paulinho\Dados de aplicativos\Mozilla\Firefox\Profiles\pge0mysw.default\user.js ... Removido !
Removida : user_pref("browser.search.defaultengine", "Ask.com");
Removida : user_pref("browser.search.defaultenginename", "My Web Search");
Removida : user_pref("browser.search.order.1", "Ask.com");
Removida : user_pref("extensions.delta.bbDpng", "2");
Removida : user_pref("extensions.delta.cntry", "BR");
Removida : user_pref("extensions.delta.hdrMd5", "");
Removida : user_pref("extensions.delta.lastVrsnTs", "");
Removida : user_pref("extensions.delta.sg", "er");
Removida : user_pref("extensions.delta.smplGrp", "er");
Removida : user_pref("extensions.mywebsearch.prevDefaultEngine", "Ask.com");
Removida : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Removida : user_pref("extensions.mywebsearch.prevSelectedEngine", "Google");
Removida : user_pref("extensions.toolbar.mindspark._4zMembers_.homepage", "hxxp://home.mywebsearch.com/index.jh[...]
Removida : user_pref("extentions.y2layers.installId", "C2057465-C420-8471-E07D-FEDD4EF2FCA3");
Removida : user_pref("extentions.y2layers.installId_backup", "C2057465-C420-8471-E07D-FEDD4EF2FCA3");
Removida : user_pref("keyword.URL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=666AFD43[...]
-\\ Google Chrome v27.0.1453.94
Arquivo : C:\Documents and Settings\Paulinho\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Preferences
[OK] Arquivo está limpo.
*************************
AdwCleaner[S2].txt - [14806 octets] - [03/06/2013 04:18:45]
########## EOF - C:\AdwCleaner[S2].txt - [14867 octets] ##########
ComboFix 13-06-03.06 - Paulinho 04/06/2013 18:30:40.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.959.624 [GMT -3:00]
Executando de: c:\documents and settings\Paulinho\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\arquivos de programas\YTKaraoke\ytKAraoke.dll
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2013-05-04 to 2013-06-04 ))))))))))))))))))))))))))))
.
.
2013-06-04 20:29 . 2013-06-04 20:29 -------- d-sh--w- c:\documents and settings\Paulinho\IECompatCache
2013-06-03 08:09 . 2013-05-09 08:59 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-06-03 08:09 . 2013-05-09 08:59 174664 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-06-03 08:09 . 2013-05-09 08:59 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-05-26 02:11 . 2013-05-26 02:11 262552 ----a-w- c:\arquivos de programas\Mozilla Firefox\browser\components\browsercomps.dll
2013-05-23 01:44 . 2013-06-04 21:35 -------- d-----w- c:\arquivos de programas\YTKaraoke
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-13 09:04 . 2012-03-29 23:10 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-13 09:04 . 2012-03-29 23:10 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-09 08:59 . 2012-07-02 11:09 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-05-09 08:59 . 2012-03-27 21:01 368944 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-05-09 08:59 . 2012-03-27 21:01 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-05-09 08:59 . 2012-03-27 21:01 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-05-09 08:59 . 2012-03-27 21:01 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-05-09 08:58 . 2012-07-02 11:09 41664 ----a-w- c:\windows\avastSS.scr
2013-05-09 08:58 . 2012-03-27 21:00 229648 ----a-w- c:\windows\system32\aswBoot.exe
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 121968 ----a-w- c:\arquivos de programas\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-03-28 39408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-05-11 06:06 40048 ----a-w- c:\arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-13 22:20 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]
2007-05-11 07:47 790528 ----a-w- c:\arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-17 01:12 3872080 ----a-w- c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S3Trayp]
2007-02-05 23:30 176128 ----a-w- c:\windows\system32\S3Trayp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-11-09 13:27 17877168 ----a-r- c:\arquivos de programas\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 17:02 254696 ----a-w- c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2012-03-28 14:15 39408 ----a-w- c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
2006-09-21 08:36 53248 ----a-w- c:\windows\system32\VTTimer.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\HP2\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Arquivos de programas\\HP2\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Arquivos de programas\\HP2\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Arquivos de programas\\HP2\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Arquivos de programas\\HP2\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Arquivos de programas\\HP2\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Arquivos de programas\\HP2\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Arquivos de programas\\HP2\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Arquivos de programas\\HP2\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Arquivos de programas\\HP2\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Arquivos de programas\\HP2\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Arquivos de programas\\HP2\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Arquivos de programas\\HP2\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\muzapp.exe"=
.
R0 360HookOem;360HookOem;c:\windows\system32\drivers\360HookOem.sys [15/08/2012 17:01 54912]
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [03/06/2013 05:09 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [03/06/2013 05:09 174664]
R0 ViBus;ViBus;c:\windows\system32\drivers\ViBus.sys [27/03/2012 18:34 16896]
R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\ViPrt.sys [27/03/2012 18:34 52224]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [02/07/2012 08:09 765736]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [27/03/2012 18:01 368944]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [27/03/2012 18:01 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [03/06/2013 05:09 66336]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Dados de aplicativos\Skype\Toolbars\Skype C2C Service\c2c_service.exe [02/10/2012 11:13 3064000]
S2 SkypeUpdate;Skype Updater;c:\arquivos de programas\Skype\Updater\Updater.exe [09/11/2012 10:21 160944]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys --> c:\windows\system32\drivers\dgderdrv.sys [?]
S3 WJ2160A;EZ-XDVR Audio Capture Device Ver1.0;c:\windows\system32\drivers\WJ2160A.sys [28/03/2012 11:11 13056]
S3 WJ2160V;EZ-XDVR Video Capture Device Ver1.0;c:\windows\system32\drivers\WJ2160V.sys [28/03/2012 11:11 24832]
.
--- =Outros Serviços/Drivers Na Memória ---
.
*NewlyCreated* - ASWMONFLT
*NewlyCreated* - ASWRVRT
*NewlyCreated* - ASWVMM
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-05-23 07:14 1165776 ----a-w- c:\arquivos de programas\Google\Chrome\Application\27.0.1453.94\Installer\chrmstp.exe
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2013-06-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 09:04]
.
2013-06-04 c:\windows\Tasks\avast! Emergency Update.job
- c:\arquivos de programas\Alwil Software\Avast5\AvastEmUpdate.exe [2012-07-02 08:58]
.
2013-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2012-03-28 14:15]
.
2013-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2012-03-28 14:15]
.
2013-06-04 c:\windows\Tasks\PandaUSBVaccine.job
- c:\arquivos de programas\Panda USB Vaccine\RunInteractiveWin.exe [2012-03-28 19:45]
.
2013-06-04 c:\windows\Tasks\User_Feed_Synchronization-{D356E591-98FE-4E2D-8991-DE70561FCF20}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 07:31]
.
.
------- Scan Suplementar -------
.
uStart Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
mStart Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 189.124.128.32 189.124.128.33 189.124.128.34
FF - ProfilePath - c:\documents and settings\Paulinho\Dados de aplicativos\Mozilla\Firefox\Profiles\pge0mysw.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - ExtSQL: 2013-04-08 00:59; [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]; c:\arquivos de programas\LyricsFinder\FF
FF - ExtSQL: 2013-04-08 00:59; [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]; c:\documents and settings\Paulinho\Dados de aplicativos\Mozilla\Firefox\Profiles\pge0mysw.default\extensions\amo@dealplyshopping.com
FF - ExtSQL: 2013-04-08 01:00; [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]; c:\documents and settings\Paulinho\Dados de aplicativos\Mozilla\Firefox\Profiles\pge0mysw.default\extensions\plugin@yontoo.com
FF - ExtSQL: 2013-04-08 01:00; [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]; c:\documents and settings\Paulinho\Dados de aplicativos\Mozilla\Firefox\Profiles\pge0mysw.default\extensions\ffxtlbr@delta.com
FF - ExtSQL: 2013-04-22 13:58; [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]; c:\arquivos de programas\FindLyrics\FF
FF - ExtSQL: !HIDDEN! 2012-08-15 17:19; [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]; c:\arquivos de programas\HP2\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORFÃOS REMOVIDOS - - - -
.
MSConfigStartUp-InCD - c:\arquivos de programas\Nero\Tools\InCD\InCD.exe
MSConfigStartUp-NBHGui - c:\arquivos de programas\Nero\Tools\InCD\NBHGui.exe
AddRemove-Video Converter Packages 19 - c:\documents and settings\Paulinho\Dados de aplicativos\Video Converter Packages\uninstaller.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Rootkit scan 2013-06-04 18:35
Windows 5.1.2600 Service Pack 3 NTFS
.
Procurando processos ocultos ...
.
Procurando entradas auto inicializáveis ocultas ...
.
Procurando ficheiros/arquivos ocultos ...
.
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
.
**************************************************************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Tempo para conclusão: 2013-06-04 18:37:36
ComboFix-quarantined-files.txt 2013-06-04 21:37
.
Pré-execução: 4 pasta(s) 32.927.244.288 bytes disponíveis
Pós execução: 7 pasta(s) 33.005.223.936 bytes disponíveis
.
WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe
[Boot Loader]
Timeout=2
Default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[Operating Systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows" /noexecute=optin /fastdetect
.
- - End Of File - - 31BF1A1C2DAA5175E678C1D4BAC3CCEC
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Microsoft Windows XP x86
Ran by Paulinho on 04/06/2013 at 19:44:03,29
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{1BAFF3E4-2F3F-4886-BCB1-31ECEDB59E71}
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted: [File] C:\Documents and Settings\Paulinho\Dados de aplicativos\mozilla\firefox\profiles\pge0mysw.default\invalidprefs.js
Successfully deleted: [File] C:\Documents and Settings\Paulinho\Dados de aplicativos\mozilla\firefox\profiles\pge0mysw.default\searchplugins\babylon.xml
Successfully deleted the following from C:\Documents and Settings\Paulinho\Dados de aplicativos\mozilla\firefox\profiles\pge0mysw.default\prefs.js
user_pref("extensions.toolbar.mindspark._4zMembers_.hp.enabled", true);
user_pref("extensions.toolbar.mindspark._4zMembers_.initialized", true);
user_pref("extensions.toolbar.mindspark._4zMembers_.installation.contextKey", "");
user_pref("extensions.toolbar.mindspark._4zMembers_.installation.installDate", "2012112705");
user_pref("extensions.toolbar.mindspark._4zMembers_.installation.partnerId", "HJxdm022YYbr");
user_pref("extensions.toolbar.mindspark._4zMembers_.installation.partnerSubId", "pconverter");
user_pref("extensions.toolbar.mindspark._4zMembers_.installation.success", true);
user_pref("extensions.toolbar.mindspark._4zMembers_.installation.toolbarId", "666AFD43-C318-4647-946B-5911C9F6149C");
user_pref("extensions.toolbar.mindspark._4zMembers_.lastActivePing", "1354000254630");
user_pref("extensions.toolbar.mindspark._4zMembers_.options.defaultSearch", true);
user_pref("extensions.toolbar.mindspark._4zMembers_.options.homePageEnabled", true);
user_pref("extensions.toolbar.mindspark._4zMembers_.options.keywordEnabled", true);
user_pref("extensions.toolbar.mindspark._4zMembers_.options.tabEnabled", true);
user_pref("extensions.toolbar.mindspark._4zMembers_.weather.location", "10001");
user_pref("extensions.toolbar.mindspark.hp.enabled", true);
user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]");
user_pref("extensions.toolbar.mindspark.lastInstalled", "[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]");
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04/06/2013 at 19:49:32,65
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Atualizado em 16/05/2013 por Xplode
# Sistema Operacional : Microsoft Windows XP Service Pack 3 (32 bits)
# Usuário : Paulinho - PAULINHO-778192
# Modo de Boot : Normal
# Executado de : C:\Documents and Settings\Paulinho\Meus documentos\Downloads\adwcleaner.exe
# Opção [Remover]
***** [Serviços] *****
Encerrado & Removido : BrowserProtect
Encerrado & Removido : Yontoo Desktop Updater
***** [Arquivos/Pastas] *****
Arquivo Removido : C:\Arquivos de programas\Mozilla Firefox\searchplugins\babylon.xml
Arquivo Removido : C:\Documents and Settings\Paulinho\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\bProtector Web Data
Arquivo Removido : C:\Documents and Settings\Paulinho\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\bprotectorpreferences
Arquivo Removido : C:\Documents and Settings\Paulinho\Dados de aplicativos\BabMaint.exe
Arquivo Removido : C:\Documents and Settings\Paulinho\Dados de aplicativos\Mozilla\Firefox\Profiles\pge0mysw.default\bprotector_extensions.sqlite
Arquivo Removido : C:\Documents and Settings\Paulinho\Dados de aplicativos\Mozilla\Firefox\Profiles\pge0mysw.default\bprotector_prefs.js
Arquivo Removido : C:\Documents and Settings\Paulinho\Dados de aplicativos\Mozilla\Firefox\Profiles\pge0mysw.default\searchplugins\Askcom.xml
Arquivo Removido : C:\Documents and Settings\Paulinho\Dados de aplicativos\Mozilla\Firefox\Profiles\pge0mysw.default\searchplugins\Babylon.xml
Arquivo Removido : C:\Documents and Settings\Paulinho\Dados de aplicativos\Mozilla\Firefox\Profiles\pge0mysw.default\searchplugins\BrowserProtect.xml
Arquivo Removido : C:\Documents and Settings\Paulinho\Dados de aplicativos\Mozilla\Firefox\Profiles\pge0mysw.default\searchplugins\delta.xml
Arquivo Removido : C:\Documents and Settings\Paulinho\Dados de aplicativos\Mozilla\Firefox\Profiles\pge0mysw.default\searchplugins\my-web-search.xml
Arquivo Removido : C:\WINDOWS\Tasks\EPUpdater.job
Pasta Removido : C:\Arquivos de programas\DealPly
Pasta Removido : C:\Arquivos de programas\Delta
Pasta Removido : C:\Arquivos de programas\Yontoo
Pasta Removido : C:\Documents and Settings\All Users\Dados de aplicativos\Babylon
Pasta Removido : C:\Documents and Settings\All Users\Dados de aplicativos\Tarma Installer
Pasta Removido : C:\Documents and Settings\Paulinho\Configurações locais\Dados de aplicativos\APN
Pasta Removido : C:\Documents and Settings\Paulinho\Dados de aplicativos\BabSolution
Pasta Removido : C:\Documents and Settings\Paulinho\Dados de aplicativos\Babylon
Pasta Removido : C:\Documents and Settings\Paulinho\Dados de aplicativos\DealPly
Pasta Removido : C:\Documents and Settings\Paulinho\Dados de aplicativos\Delta
Pasta Removido : C:\Documents and Settings\Paulinho\Dados de aplicativos\Mozilla\Firefox\Profiles\pge0mysw.default\extensions\amo@dealplyshopping.com
Pasta Removido : C:\Documents and Settings\Paulinho\Dados de aplicativos\Mozilla\Firefox\Profiles\pge0mysw.default\extensions\ffxtlbr@delta.com
Pasta Removido : C:\Documents and Settings\Paulinho\Dados de aplicativos\Mozilla\Firefox\Profiles\pge0mysw.default\extensions\plugin@yontoo.com
Pasta Removido : C:\Documents and Settings\Paulinho\Dados de aplicativos\Yontoo
Pasta Removido : C:\Documents and Settings\Paulinho\Menu Iniciar\Programas\DealPly
Removido Durante o reboot : C:\Documents and Settings\All Users\Dados de aplicativos\BrowserProtect
***** [Registro] *****
Chave Removida : HKCU\Software\5928adfb66fee48
Chave Removida : HKCU\Software\BabylonToolbar
Chave Removida : HKCU\Software\DataMngr
Chave Removida : HKCU\Software\DataMngr_Toolbar
Chave Removida : HKCU\Software\DealPly
Chave Removida : HKCU\Software\Delta
Chave Removida : HKCU\Software\delta LTD
Chave Removida : HKCU\Software\InstallCore
Chave Removida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF7BD87A-8024-11E2-F316-F3E56188709B}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C547C6C2-561B-4169-A2A5-20BA771CA93B}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF7BD87A-8024-11E2-F316-F3E56188709B}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Chave Removida : HKLM\SOFTWARE\5928adfb66fee48
Chave Removida : HKLM\Software\Babylon
Chave Removida : HKLM\Software\BabylonToolbar
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Chave Removida : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Chave Removida : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Chave Removida : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Chave Removida : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Chave Removida : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Chave Removida : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{EF7BD87A-8024-11E2-F316-F3E56188709B}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Chave Removida : HKLM\SOFTWARE\Classes\delta.deltaappCore
Chave Removida : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Chave Removida : HKLM\SOFTWARE\Classes\delta.deltadskBnd
Chave Removida : HKLM\SOFTWARE\Classes\delta.deltadskBnd.1
Chave Removida : HKLM\SOFTWARE\Classes\delta.deltaHlpr
Chave Removida : HKLM\SOFTWARE\Classes\delta.deltaHlpr.1
Chave Removida : HKLM\SOFTWARE\Classes\escort.escortIEPane
Chave Removida : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Chave Removida : HKLM\SOFTWARE\Classes\esrv.deltaESrvc
Chave Removida : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Chave Removida : HKLM\SOFTWARE\Classes\Prod.cap
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Chave Removida : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Chave Removida : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Chave Removida : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Chave Removida : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Chave Removida : HKLM\Software\DataMngr
Chave Removida : HKLM\Software\DealPly
Chave Removida : HKLM\Software\Delta
Chave Removida : HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Chave Removida : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF7BD87A-8024-11E2-F316-F3E56188709B}
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
Chave Removida : HKLM\Software\Tarma Installer
Chave Removida : HKU\S-1-5-21-1801674531-1060284298-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Dados Removida : HKLM\..\Windows [AppInit_DLLs] = c:\docume~1\alluse~1\dadosd~1\browse~1\261339~1.144\{c16c1~1\browse~1.dll
Valor Removida : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Valor Removida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Valor Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Yontoo Desktop]
Valor Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{82E1477C-B154-48D3-9891-33D83C26BCD3}]
***** [Navegadores] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Registro está limpo.
-\\ Mozilla Firefox v21.0 (pt-BR)
Arquivo : C:\Documents and Settings\Paulinho\Dados de aplicativos\Mozilla\Firefox\Profiles\pge0mysw.default\prefs.js
C:\Documents and Settings\Paulinho\Dados de aplicativos\Mozilla\Firefox\Profiles\pge0mysw.default\user.js ... Removido !
Removida : user_pref("browser.search.defaultengine", "Ask.com");
Removida : user_pref("browser.search.defaultenginename", "My Web Search");
Removida : user_pref("browser.search.order.1", "Ask.com");
Removida : user_pref("extensions.delta.bbDpng", "2");
Removida : user_pref("extensions.delta.cntry", "BR");
Removida : user_pref("extensions.delta.hdrMd5", "");
Removida : user_pref("extensions.delta.lastVrsnTs", "");
Removida : user_pref("extensions.delta.sg", "er");
Removida : user_pref("extensions.delta.smplGrp", "er");
Removida : user_pref("extensions.mywebsearch.prevDefaultEngine", "Ask.com");
Removida : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Removida : user_pref("extensions.mywebsearch.prevSelectedEngine", "Google");
Removida : user_pref("extensions.toolbar.mindspark._4zMembers_.homepage", "hxxp://home.mywebsearch.com/index.jh[...]
Removida : user_pref("extentions.y2layers.installId", "C2057465-C420-8471-E07D-FEDD4EF2FCA3");
Removida : user_pref("extentions.y2layers.installId_backup", "C2057465-C420-8471-E07D-FEDD4EF2FCA3");
Removida : user_pref("keyword.URL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=666AFD43[...]
-\\ Google Chrome v27.0.1453.94
Arquivo : C:\Documents and Settings\Paulinho\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Preferences
[OK] Arquivo está limpo.
*************************
AdwCleaner[S2].txt - [14806 octets] - [03/06/2013 04:18:45]
########## EOF - C:\AdwCleaner[S2].txt - [14867 octets] ##########
ComboFix 13-06-03.06 - Paulinho 04/06/2013 18:30:40.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.959.624 [GMT -3:00]
Executando de: c:\documents and settings\Paulinho\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\arquivos de programas\YTKaraoke\ytKAraoke.dll
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2013-05-04 to 2013-06-04 ))))))))))))))))))))))))))))
.
.
2013-06-04 20:29 . 2013-06-04 20:29 -------- d-sh--w- c:\documents and settings\Paulinho\IECompatCache
2013-06-03 08:09 . 2013-05-09 08:59 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-06-03 08:09 . 2013-05-09 08:59 174664 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-06-03 08:09 . 2013-05-09 08:59 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-05-26 02:11 . 2013-05-26 02:11 262552 ----a-w- c:\arquivos de programas\Mozilla Firefox\browser\components\browsercomps.dll
2013-05-23 01:44 . 2013-06-04 21:35 -------- d-----w- c:\arquivos de programas\YTKaraoke
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-13 09:04 . 2012-03-29 23:10 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-13 09:04 . 2012-03-29 23:10 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-09 08:59 . 2012-07-02 11:09 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-05-09 08:59 . 2012-03-27 21:01 368944 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-05-09 08:59 . 2012-03-27 21:01 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-05-09 08:59 . 2012-03-27 21:01 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-05-09 08:59 . 2012-03-27 21:01 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-05-09 08:58 . 2012-07-02 11:09 41664 ----a-w- c:\windows\avastSS.scr
2013-05-09 08:58 . 2012-03-27 21:00 229648 ----a-w- c:\windows\system32\aswBoot.exe
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 121968 ----a-w- c:\arquivos de programas\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-03-28 39408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-05-11 06:06 40048 ----a-w- c:\arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-13 22:20 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]
2007-05-11 07:47 790528 ----a-w- c:\arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-17 01:12 3872080 ----a-w- c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S3Trayp]
2007-02-05 23:30 176128 ----a-w- c:\windows\system32\S3Trayp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-11-09 13:27 17877168 ----a-r- c:\arquivos de programas\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 17:02 254696 ----a-w- c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2012-03-28 14:15 39408 ----a-w- c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
2006-09-21 08:36 53248 ----a-w- c:\windows\system32\VTTimer.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\HP2\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Arquivos de programas\\HP2\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Arquivos de programas\\HP2\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Arquivos de programas\\HP2\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Arquivos de programas\\HP2\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Arquivos de programas\\HP2\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Arquivos de programas\\HP2\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Arquivos de programas\\HP2\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Arquivos de programas\\HP2\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Arquivos de programas\\HP2\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Arquivos de programas\\HP2\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Arquivos de programas\\HP2\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Arquivos de programas\\HP2\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\muzapp.exe"=
.
R0 360HookOem;360HookOem;c:\windows\system32\drivers\360HookOem.sys [15/08/2012 17:01 54912]
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [03/06/2013 05:09 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [03/06/2013 05:09 174664]
R0 ViBus;ViBus;c:\windows\system32\drivers\ViBus.sys [27/03/2012 18:34 16896]
R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\ViPrt.sys [27/03/2012 18:34 52224]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [02/07/2012 08:09 765736]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [27/03/2012 18:01 368944]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [27/03/2012 18:01 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [03/06/2013 05:09 66336]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Dados de aplicativos\Skype\Toolbars\Skype C2C Service\c2c_service.exe [02/10/2012 11:13 3064000]
S2 SkypeUpdate;Skype Updater;c:\arquivos de programas\Skype\Updater\Updater.exe [09/11/2012 10:21 160944]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys --> c:\windows\system32\drivers\dgderdrv.sys [?]
S3 WJ2160A;EZ-XDVR Audio Capture Device Ver1.0;c:\windows\system32\drivers\WJ2160A.sys [28/03/2012 11:11 13056]
S3 WJ2160V;EZ-XDVR Video Capture Device Ver1.0;c:\windows\system32\drivers\WJ2160V.sys [28/03/2012 11:11 24832]
.
--- =Outros Serviços/Drivers Na Memória ---
.
*NewlyCreated* - ASWMONFLT
*NewlyCreated* - ASWRVRT
*NewlyCreated* - ASWVMM
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-05-23 07:14 1165776 ----a-w- c:\arquivos de programas\Google\Chrome\Application\27.0.1453.94\Installer\chrmstp.exe
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2013-06-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 09:04]
.
2013-06-04 c:\windows\Tasks\avast! Emergency Update.job
- c:\arquivos de programas\Alwil Software\Avast5\AvastEmUpdate.exe [2012-07-02 08:58]
.
2013-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2012-03-28 14:15]
.
2013-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2012-03-28 14:15]
.
2013-06-04 c:\windows\Tasks\PandaUSBVaccine.job
- c:\arquivos de programas\Panda USB Vaccine\RunInteractiveWin.exe [2012-03-28 19:45]
.
2013-06-04 c:\windows\Tasks\User_Feed_Synchronization-{D356E591-98FE-4E2D-8991-DE70561FCF20}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 07:31]
.
.
------- Scan Suplementar -------
.
uStart Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
mStart Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 189.124.128.32 189.124.128.33 189.124.128.34
FF - ProfilePath - c:\documents and settings\Paulinho\Dados de aplicativos\Mozilla\Firefox\Profiles\pge0mysw.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - ExtSQL: 2013-04-08 00:59; [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]; c:\arquivos de programas\LyricsFinder\FF
FF - ExtSQL: 2013-04-08 00:59; [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]; c:\documents and settings\Paulinho\Dados de aplicativos\Mozilla\Firefox\Profiles\pge0mysw.default\extensions\amo@dealplyshopping.com
FF - ExtSQL: 2013-04-08 01:00; [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]; c:\documents and settings\Paulinho\Dados de aplicativos\Mozilla\Firefox\Profiles\pge0mysw.default\extensions\plugin@yontoo.com
FF - ExtSQL: 2013-04-08 01:00; [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]; c:\documents and settings\Paulinho\Dados de aplicativos\Mozilla\Firefox\Profiles\pge0mysw.default\extensions\ffxtlbr@delta.com
FF - ExtSQL: 2013-04-22 13:58; [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]; c:\arquivos de programas\FindLyrics\FF
FF - ExtSQL: !HIDDEN! 2012-08-15 17:19; [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]; c:\arquivos de programas\HP2\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORFÃOS REMOVIDOS - - - -
.
MSConfigStartUp-InCD - c:\arquivos de programas\Nero\Tools\InCD\InCD.exe
MSConfigStartUp-NBHGui - c:\arquivos de programas\Nero\Tools\InCD\NBHGui.exe
AddRemove-Video Converter Packages 19 - c:\documents and settings\Paulinho\Dados de aplicativos\Video Converter Packages\uninstaller.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Rootkit scan 2013-06-04 18:35
Windows 5.1.2600 Service Pack 3 NTFS
.
Procurando processos ocultos ...
.
Procurando entradas auto inicializáveis ocultas ...
.
Procurando ficheiros/arquivos ocultos ...
.
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
.
**************************************************************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Tempo para conclusão: 2013-06-04 18:37:36
ComboFix-quarantined-files.txt 2013-06-04 21:37
.
Pré-execução: 4 pasta(s) 32.927.244.288 bytes disponíveis
Pós execução: 7 pasta(s) 33.005.223.936 bytes disponíveis
.
WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe
[Boot Loader]
Timeout=2
Default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[Operating Systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows" /noexecute=optin /fastdetect
.
- - End Of File - - 31BF1A1C2DAA5175E678C1D4BAC3CCEC
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Microsoft Windows XP x86
Ran by Paulinho on 04/06/2013 at 19:44:03,29
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{1BAFF3E4-2F3F-4886-BCB1-31ECEDB59E71}
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted: [File] C:\Documents and Settings\Paulinho\Dados de aplicativos\mozilla\firefox\profiles\pge0mysw.default\invalidprefs.js
Successfully deleted: [File] C:\Documents and Settings\Paulinho\Dados de aplicativos\mozilla\firefox\profiles\pge0mysw.default\searchplugins\babylon.xml
Successfully deleted the following from C:\Documents and Settings\Paulinho\Dados de aplicativos\mozilla\firefox\profiles\pge0mysw.default\prefs.js
user_pref("extensions.toolbar.mindspark._4zMembers_.hp.enabled", true);
user_pref("extensions.toolbar.mindspark._4zMembers_.initialized", true);
user_pref("extensions.toolbar.mindspark._4zMembers_.installation.contextKey", "");
user_pref("extensions.toolbar.mindspark._4zMembers_.installation.installDate", "2012112705");
user_pref("extensions.toolbar.mindspark._4zMembers_.installation.partnerId", "HJxdm022YYbr");
user_pref("extensions.toolbar.mindspark._4zMembers_.installation.partnerSubId", "pconverter");
user_pref("extensions.toolbar.mindspark._4zMembers_.installation.success", true);
user_pref("extensions.toolbar.mindspark._4zMembers_.installation.toolbarId", "666AFD43-C318-4647-946B-5911C9F6149C");
user_pref("extensions.toolbar.mindspark._4zMembers_.lastActivePing", "1354000254630");
user_pref("extensions.toolbar.mindspark._4zMembers_.options.defaultSearch", true);
user_pref("extensions.toolbar.mindspark._4zMembers_.options.homePageEnabled", true);
user_pref("extensions.toolbar.mindspark._4zMembers_.options.keywordEnabled", true);
user_pref("extensions.toolbar.mindspark._4zMembers_.options.tabEnabled", true);
user_pref("extensions.toolbar.mindspark._4zMembers_.weather.location", "10001");
user_pref("extensions.toolbar.mindspark.hp.enabled", true);
user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]");
user_pref("extensions.toolbar.mindspark.lastInstalled", "[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]");
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04/06/2013 at 19:49:32,65
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
» KpRm ( ... by Kernel-panik )
» ESET Rogue Applications Remover ( ... by Eset.com )
» PW Clean 2.7 ( ... by Doutor PW )
» CKScanner ( ... by askey127 )
» AdwCleaner ( ... by XPlode )
» ZHPDiag ( ... de Nicolas Coolman )
» Argente - Registry Cleaner ( ... by Argente Software )
» ListChkdskResult ( ... by SleepyDude )