[Resolvido!] Analise de Log do HijHackThis

kainan · Fevereiro 13, 2010

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:17:49, on 13/2/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\svchost.exe

C:\Documents and Settings\All Users\Dados de aplicativos\Zwunzi\zwunzi141.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\mmc.exe

C:\WINDOWS\system32\DfrgNtfs.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\MessengerDiscovery 2\MessengerDiscovery 2.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrador\Meus documentos\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.localstrike.com.ar/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.plusnetwork.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.localstrike.com.ar/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.localstrike.com.ar/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.localstrike.com.ar/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.localstrike.com.ar/

R3 - URLSearchHook: (no name) - - (no file)

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG9\Toolbar\IEToolbar.dll (file missing)

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\arquivos de programas\real\realplayer\rpbrowserrecordplugin.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG9\Toolbar\IEToolbar.dll (file missing)

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Arquivos de programas\AVG\AVG9\Toolbar\IEToolbar.dll (file missing)

O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [sXe Injected] C:\Arquivos de programas\sXe Injected\sXe Injected.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [Motive SmartBridge] "C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe" /restart

O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe"

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [dki] c:\tst.com

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [storegrim] C:\DOCUME~1\ADMINI~1\DADOSD~1\SPAMGP~1\KeepMail.exe

O4 - HKCU\..\Run: [iCQ] "C:\Arquivos de programas\ICQ6.5\ICQ.exe" silent

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - Startup: raw32.dll

O4 - Global Startup: Assistente Tecnico Speedy.lnk = C:\Arquivos de programas\Assistente Tecnico Speedy\bin\matcli.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Arquivos de programas\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: @C:\Arquivos de programas\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: @C:\Arquivos de programas\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{8704DD1F-AEE6-4803-9B5B-E3B99EA55ECC}: NameServer = 200.204.0.10 200.204.0.138

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: Zwunzi Service - Unknown owner - C:\Documents and Settings\All Users\Dados de aplicativos\Zwunzi\zwunzi141.exe

--

End of file - 8404 bytes

wings · Fevereiro 13, 2010

Boa tarde....

*Baixe o AD-Remover e salve-o no desktop

*Duplo clique em AD-R.exe e instale o programa.

*Duplo clique no ícone criado no desktop e clique em [Oui]

*Tecle S > [ENTER]

*Aguarde o término

*Cole o relatório criado em C:\Ad-Report-SCAN.log

kainan · Fevereiro 14, 2010

.

======= LOGFILE OF AD-REMOVER 1.1.4.6_J | ONLY XP/VISTA/7 =======

.

Updated by C_XX on 05.02.2010 at 17:34

Contact: AdRemover.contact@gmail.com

Website: http://pagesperso-orange.fr/NosTools/ad_remover.html

.

Launch at: 12:17:52, dom 14/02/2010 | Normal Boot | Option: SCAN

Executed from: C:\Ad-Remover\

Operating system: Microsoft® Windows XP™ Service Pack 3 versÆo 5.1.2600

Computer Name: ADMIN | Current user: Administrador

.

============== FOUND ELEMENT(S) ==============

.

Service: *Zwunzi Service*

C:\DOCUME~1\ADMINI~1\DADOSD~1\Mozilla\FireFox\Profiles\zag4kr2y.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

C:\Arquivos de programas\Mozilla FireFox\Components\AskSearch.js

C:\Arquivos de programas\AskBarDis

C:\Arquivos de programas\Zwunzi

.

HKCU\software\appdatalow\AskBarDis

HKCU\software\AskBarDis

HKCU\software\microsoft\internet explorer\searchscopes\{CF739809-1C6C-47C0-85B9-569DBB141420}

HKLM\software\AskBarDis

HKLM\software\classes\AskIBar.PopSwatterBarButton

HKLM\software\classes\AskIBar.PopSwatterBarButton.1

HKLM\software\classes\AskIBar.PopSwatterSettingsControl

HKLM\software\classes\AskIBar.PopSwatterSettingsControl.1

HKLM\software\classes\AskToolBar.SettingsPlugin

HKLM\software\classes\AskToolBar.SettingsPlugin.1

HKLM\Software\Classes\CLSID\{0702a2b6-13aa-4090-9e01-bcdc85dd933f}

HKLM\Software\Classes\CLSID\{08993A7C-E764-4172-9627-BFB5EA6897B2}

HKLM\Software\Classes\CLSID\{128A6C66-AC6A-4617-8268-AB7F47B7215E}

HKLM\Software\Classes\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}

HKLM\Software\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}

HKLM\Software\Classes\CLSID\{571715D7-3395-4DF0-B43C-784836209E60}

HKLM\Software\Classes\CLSID\{622fd888-4e91-4d68-84d4-7262fd0811bf}

HKLM\Software\Classes\CLSID\{b0de3308-5d5a-470d-81b9-634fc078393b}

HKLM\Software\Classes\Interface\{4634804A-F0B0-4A74-A550-FC0EEF8A4362}

HKLM\Software\Classes\Interface\{4C07EA4F-5F52-4222-B170-4CD9ED33BAEA}

HKLM\Software\Classes\Interface\{C44FEFF4-EF0C-4CF7-83D0-92B4266A32B9}

HKLM\Software\Classes\Interface\{F131923C-381D-4E4C-A472-4A17118FD742}

HKLM\Software\Classes\TypeLib\{4B1C1E16-6B34-430E-B074-5928ECA4C150}

HKLM\Software\Classes\TypeLib\{D2E5FA06-DCC7-46F9-BEFF-BFD06F69B9B2}

HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{3041d03e-fd4b-44e0-b742-2d9b88305f98}

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}

HKLM\software\microsoft\windows\currentversion\uninstall\Ask Toolbar_is1

HKLM\software\Trymedia Systems

HKLM\software\Zwunzi

HKU\s-1-5-21-299502267-1336601894-1177238915-500\software\appdatalow\AskBarDis

HKU\s-1-5-21-299502267-1336601894-1177238915-500\software\AskBarDis

.

============== Added scan ==============

.

* Mozilla FireFox Version 3.6b2 [pt-BR] *

.

ProfilePath: zag4kr2y.default (Administrador)

.

(ADMINI~1, prefs.js) Browser.download.lastDir, C:\Documents and Settings\Administrador\Meus documentos

(ADMINI~1, prefs.js) Browser.search.defaultenginename, LocalStrike

(ADMINI~1, prefs.js) Browser.search.defaulturl, hxxp://search.localstrike.com.ar/?q={searchTerms}

(ADMINI~1, prefs.js) Browser.search.selectedEngine, Google

(ADMINI~1, prefs.js) Browser.startup.homepage, hxxp://pt-BR.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:pt-BR:official

(ADMINI~1, prefs.js) Extensions.enabledItems, jqs@sun.com:1.0,{ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0,{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3,nasanightlaunch@example.com:0.6.20091031

(ADMINI~1, prefs.js) Keyword.URL, hxxp://search.localstrike.com.ar/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

.

* Internet Explorer Version 8.0.6001.18702 *

.

[HKEY_CURRENT_USER\..\Internet Explorer\Main]

.

Do404Search: 01000000

Local Page: C:\WINDOWS\system32\blank.htm

Show_ToolBar: yes

Start Page: hxxp://www.plusnetwork.com/

Search Page: hxxp://search.localstrike.com.ar/

Enable Browser Extensions: yes

Search Bar: hxxp://www.google.com/ie

Default_Search_URL: hxxp://www.google.com/ie

Start Page Redirect Cache: hxxp://br.msn.com/?ocid=iehp

Start Page Redirect Cache_TIMESTAMP: f83faf50e49eca01

Start Page Redirect Cache AcceptLangs: pt-br

.

[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

.

Default_Page_URL: hxxp://search.localstrike.com.ar/

Default_Search_URL: hxxp://search.localstrike.com.ar/

Search Page: hxxp://search.localstrike.com.ar/

Delete_Temp_Files_On_Exit: yes

Local Page: C:\WINDOWS\system32\blank.htm

Start Page: hxxp://search.localstrike.com.ar/

.

[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

.

Tabs: C:\Documents and Settings\All Users\Dados de aplicativos\ICQ\ICQNewTab\newTab.html

.

===================================

.

4796 Byte(s) - C:\Ad-Report-SCAN[1].log

.

349 File(s) - C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp

73 File(s) - C:\WINDOWS\Temp

117 File(s) - C:\WINDOWS\Prefetch

.

1 File(s) - C:\Ad-Remover\BACKUP

0 File(s) - C:\Ad-Remover\QUARANTINE

.

End at: 12:27:58 | dom 14/02/2010 - SCAN[1]

.

============== E.O.F ==============

.

wings · Fevereiro 14, 2010

*Execute novamente o AD-Remover

*Tecle L > [ENTER]...aguarde. O PC poderá ser reiniciado.

*Cole o relatório criado em C:\Ad-Report-CLEAN.log e novo log do hijack

kainan · Fevereiro 15, 2010

.

======= LOGFILE OF AD-REMOVER 1.1.4.6_J | ONLY XP/VISTA/7 =======

.

Updated by C_XX on 05.02.2010 at 17:34

Contact: AdRemover.contact@gmail.com

Website: http://pagesperso-orange.fr/NosTools/ad_remover.html

.

Launch at: 11:28:46, seg 15/02/2010 | Normal Boot | Option: CLEAN

Executed from: C:\Ad-Remover\

Operating system: Microsoft® Windows XP™ Service Pack 3 versÆo 5.1.2600

Computer Name: ADMIN | Current user: Administrador

.

============== NEUTRALIZED ELEMENT(S) ==============

.

Service: *Zwunzi Service*

(!) -- Temp files deleted.

.

HKCU\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}

HKCU\software\microsoft\internet explorer\searchscopes\{CF739809-1C6C-47C0-85B9-569DBB141420}

HKLM\software\AskBarDis

HKLM\software\Trymedia Systems

HKLM\software\Zwunzi

.

============== Added scan ==============

.

* Mozilla FireFox Version 3.6b2 [pt-BR] *

.

ProfilePath: zag4kr2y.default (Administrador)

.

(ADMINI~1, prefs.js) Browser.download.lastDir, C:\Documents and Settings\Administrador\Meus documentos

(ADMINI~1, prefs.js) Browser.search.defaultenginename, LocalStrike

(ADMINI~1, prefs.js) Browser.search.defaulturl, hxxp://search.localstrike.com.ar/?q={searchTerms}

(ADMINI~1, prefs.js) Browser.search.selectedEngine, Google

(ADMINI~1, prefs.js) Browser.startup.homepage, hxxp://pt-BR.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:pt-BR:official

(ADMINI~1, prefs.js) Extensions.enabledItems, jqs@sun.com:1.0,{ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0,{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3,nasanightlaunch@example.com:0.6.20091031

(ADMINI~1, prefs.js) Keyword.URL, hxxp://search.localstrike.com.ar/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

.

* Internet Explorer Version 8.0.6001.18702 *

.

[HKEY_CURRENT_USER\..\Internet Explorer\Main]

.

Do404Search: 01000000

Local Page: C:\WINDOWS\system32\blank.htm

Show_ToolBar: yes

Start Page: hxxp://fr.msn.com/

Enable Browser Extensions: yes

Search Bar: hxxp://go.microsoft.com/fwlink/?linkid=54896

Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Start Page Redirect Cache: hxxp://br.msn.com/?ocid=iehp

Start Page Redirect Cache_TIMESTAMP: f83faf50e49eca01

Start Page Redirect Cache AcceptLangs: pt-br

Use Search Asst: no

Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

.

[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

.

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Delete_Temp_Files_On_Exit: yes

Local Page: C:\WINDOWS\system32\blank.htm

Start Page: hxxp://fr.msn.com/

Search bar: hxxp://search.msn.com/spbasic.htm

.

[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

.

Tabs: res://ieframe.dll/tabswelcome.htm

.

===================================

.

3058 Byte(s) - C:\Ad-Report-CLEAN[1].log

.

31 File(s) - C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp

4 File(s) - C:\WINDOWS\Temp

9 File(s) - C:\WINDOWS\Prefetch

.

19 File(s) - C:\Ad-Remover\BACKUP

0 File(s) - C:\Ad-Remover\QUARANTINE

.

End at: 11:29:46 | seg 15/02/2010 - CLEAN[1]

.

============== E.O.F ==============

.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:33:57, on 15/2/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\VTTimer.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe

C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe

C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmon.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Assistente Tecnico Speedy\bin\mad.exe

C:\ARQUIV~1\Motive\ASSTCO~1\MOTIVE~1.EXE

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Rar$EX00.593\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R3 - URLSearchHook: (no name) - - (no file)

R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)

R3 - URLSearchHook: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Arquivos de programas\MyAshampoo\tbMyAs.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\arquivos de programas\real\realplayer\rpbrowserrecordplugin.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Arquivos de programas\MyAshampoo\tbMyAs.dll

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O3 - Toolbar: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Arquivos de programas\MyAshampoo\tbMyAs.dll