[Resolvido!]analisem meu log

flcosma · Agosto 25, 2007

ola

toda hora aparece um erro no internet explore e fecha todas as paginas abertas, alem disso abre paginas estranhas como http://www.easywebsearch.net/ e outras

por favor vejam meu log

obrigado

Logfile of HijackThis v1.99.1

Scan saved at 4:16:31 PM, on 8/25/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\windows\System32\smss.exe

C:\windows\system32\winlogon.exe

C:\windows\system32\services.exe

C:\windows\system32\lsass.exe

C:\windows\system32\svchost.exe

C:\windows\System32\svchost.exe

C:\windows\system32\spoolsv.exe

C:\windows\system32\ctfmon.exe

C:\WINDOWS\system32\sistray.exe

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Windows32.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\windows\explorer.exe

C:\windows\system32\wuauclt.exe

C:\hijackthis_199\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = gw34.ufrrj.br:3128

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = cbcs

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: HttpGuard - {98B822AD-6BE7-49BC-B773-97240B774080} - C:\windows\system32\AClient.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [iNSANO] C:\Arquivos de programas\insano.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\backup salas de mapas\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

O4 - Global Startup: Windows32.exe

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {36C417C6-13C6-448B-9784-DD73A93B0582} (McAfee.com Download+Installer Class) - http://download.mcafee.com/molbin/shared/m...83/mcinsctl.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1182099390171

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,20/mcgdmgr.cab

O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - D:\Player\__CDS2.dll (file missing)

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ncbi8 - {2B576DD3-0B3E-4718-BCBF-B15E4FB8009D} - C:\Arquivos de programas\Invitrogen\Vector NTI Advance 10\Ncbi.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia LTDA - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\HOME\CONFIG~1\Temp\hpdj.exe (file missing)

log combo fix

"HOME" - 2007-08-25 15:38:42 - ComboFix 07-07-13.8 - Service Pack 2 NTFS

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\windows\ravmone.exe

((((((((((((((((((((((((( Files Created from 2007-07-25 to 2007-08-25 )))))))))))))))))))))))))))))))

2007-08-25 14:20 <DIR> d-------- C:\WINDOWS\LastGood

2007-08-25 14:20 <DIR> d-------- C:\DOCUME~1\HOME\DADOSD~1\McAfee

2007-08-13 14:10 <DIR> d-------- C:\boot

2007-08-13 14:02 <DIR> d-------- C:\wind

2007-08-13 10:32 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT

2007-08-13 10:32 <DIR> dr-h----- C:\DOCUME~1\ADMINI~1\Dados de aplicativos

2007-08-13 10:32 <DIR> dr------- C:\DOCUME~1\ADMINI~1\Menu Iniciar

2007-08-13 10:32 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Modelos

2007-08-13 10:32 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Configura‡äes locais

2007-08-13 10:32 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Ambiente de rede

2007-08-13 10:32 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Ambiente de impressÆo

2007-08-13 10:32 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Meus documentos

2007-08-13 10:32 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Favoritos

2007-08-07 10:31 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Nullsoft

2007-08-07 10:25 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files

2007-08-06 12:13 <DIR> d---s---- C:\DOCUME~1\HOME\gbiehuni.dll , GBIEHCEF.DLL , GBIEHABN.DLL, SCPSSSH2.DLL, GBPDIST.DLL

2007-08-06 10:43 233,526 --a------ C:\Arquivos de programas\Insano.exe

2007-08-06 10:42 784,384 --a------ C:\WINDOWS\fire.scr

2007-08-06 10:42 273,920 --a------ C:\WINDOWS\Wapp.exe

2007-08-06 10:42 233,526 --a------ C:\WINDOWS\mensegers.scr

2007-08-06 10:42 134 --a------ C:\autoexec.bat

2007-08-06 10:41 273,920 --a------ C:\WINDOWS\bohas.scr

2007-08-06 10:41 1,858,048 --a------ C:\WINDOWS\system\Windows32.exe

2007-08-06 10:40 1,858,048 --a------ C:\WINDOWS\explorer.scr

2007-08-06 10:38 2,752,512 --a------ C:\WINDOWS\exploere.scr

2007-08-04 15:10 <DIR> d--h----- C:\WINDOWS\PIF

2007-07-31 15:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Yahoo! Companion

2007-07-31 15:09 <DIR> d-------- C:\Arquivos de programas\Yahoo!

2007-07-31 15:09 <DIR> d-------- C:\Arquivos de programas\CCleaner

2007-07-31 14:11 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-07-31 09:55 419,840 --a------ C:\WINDOWS\system32\AClient.dll

2007-07-31 09:55 416,256 --a------ C:\WINDOWS\Installer.exe

2007-07-25 17:59 <DIR> d-------- C:\WINDOWS\system32\ActiveScan

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-24 14:46:48 -------- d-----w C:\DOCUME~1\HOME\DADOSD~1\AdobeUM

2007-08-19 18:03:39 -------- d-----w C:\DOCUME~1\HOME\DADOSD~1\Help

2007-07-23 19:21:56 -------- d-----w C:\Arquivos de programas\Windows Live Toolbar

2007-07-10 16:35:08 -------- d-----w C:\Arquivos de programas\Informax Installations

2007-07-10 16:34:39 -------- d-----w C:\Arquivos de programas\Invitrogen

2007-07-10 16:34:02 -------- d-----w C:\Arquivos de programas\Arquivos comuns\Informax

2007-07-10 16:31:31 -------- d-----w C:\Arquivos de programas\Vector NTI 10 Distributive

2007-07-07 15:19:57 -------- d-----w C:\Arquivos de programas\Winamp

2007-05-30 23:19:13 48,846 ----a-w C:\windows\system32\perfc016.dat

2007-05-30 23:19:13 344,734 ----a-w C:\windows\system32\perfh016.dat

2007-05-10 20:17:53 25,811,528 ----a-w C:\Arquivos de programas\media player11.exe

2007-03-24 17:30:51 19,576 -c--a-w C:\DOCUME~1\HOME\DADOSD~1\GDIPFONTCACHEV1.DAT

2004-08-04 02:45:46 73,728 -csha-w C:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]

2006-10-26 10:28 440384 --a------ C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

2003-11-03 14:17 54248 --a------ C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

2006-08-31 20:33 322368 --a------ C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98B822AD-6BE7-49BC-B773-97240B774080}]

2007-08-11 13:07 419840 --a------ C:\windows\system32\AClient.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SiSPower"="SiSPower.dll" [2004-09-02 02:47 C:\WINDOWS\system32\SiSPower.dll]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-01-15 15:28]

"HP Component Manager"="C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 19:51]

"HP Software Update"="C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 11:24]

"Cmaudio"="cmicnfg.cpl" []

"INSANO"="C:\Arquivos de programas\insano.exe" [2007-08-06 10:43]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\windows\system32\ctfmon.exe" [2004-08-03 23:45]

"msnmsgr"="C:\backup salas de mapas\Arquivos de programas\MSN Messenger\msnmsgr.exe" []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1ff39461-d896-11db-8846-00115b61a2c1}]

Auto\command- F:\RavMonE.exe e

AutoRun\command- C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{36c86ba7-3eb8-11dc-8918-00115b61a2c1}]

Auto\command- F:\RavMonE.exe e

AutoRun\command- C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3fa067af-ee89-11db-8870-00115b61a2c1}]

Auto\command- G:\RavMonE.exe e

AutoRun\command- C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{46a1ae2e-e446-11db-885a-00115b61a2c1}]

Auto\command- F:\RavMonE.exe e

AutoRun\command- C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5dfbb75a-50bb-11dc-8935-00115b61a2c1}]

Auto\command- F:\RavMonE.exe e

AutoRun\command- C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7bf330f9-4f28-11dc-8933-00115b61a2c1}]

Auto\command- F:\RavMonE.exe e

AutoRun\command- C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{867e2f5f-d876-11db-8844-806d6172696f}]

AutoRun\command- E:\Tese-CD.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a4d5b7ef-36cd-11dc-890d-00115b61a2c1}]

Auto\command- RavMonE.exe e

AutoRun\command- C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a662b6bc-ffc6-11db-88a0-00115b61a2c1}]

Auto\command- F:\RavMonE.exe e

AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dae42004-2e17-11dc-8901-00115b61a2c1}]

Auto\command- H:\AdobeR.exe e

AutoRun\command- C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f64560af-39e2-11dc-8913-00115b61a2c1}]

Auto\command- F:\RavMonE.exe e

AutoRun\command- C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fef1193c-4fe3-11dc-8934-00115b61a2c1}]

Auto\command- F:\RavMonE.exe e

AutoRun\command- C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e

Contents of the 'Scheduled Tasks' folder

2007-08-25 11:06:11 C:\windows\tasks\startt.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-08-25 15:42:40

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

Completion time: 2007-08-25 15:43:14

C:\ComboFix-quarantined-files.txt ... 2007-08-25 15:43

C:\ComboFix11.txt ... 2007-07-31 14:44

C:\ComboFix2.txt ... 2007-08-13 10:56

--- E O F ---

DigRam · Agosto 26, 2007

Boa Noite flcosma!

>@< Faça o download do BankerFix.

>@< Baixe-o para o Desktop!

>@< Feche todas as janelas e o navegador,ao rodar o BankerFix.Desabilite,se possível,as proteções residente de AntiVírus e AntiSpywares!!

>@< Dê um duplo clique no Bankerfix.exe,depois Enter. Aguarde!Ao terminar,leia a mensagem na tela ( Dos ),e dê Enter,novamente.

>@< A seguir,execute novamente o ComboFix,e poste o relatório.

>@< Poste o relatorio.txt do BankerFix que está em C:\LinhaDefensiva\relatorio.txt

>@< Poste,também,um nôvo Log do HijackThis + ComboFix.txt

Abraços!

flcosma · Agosto 29, 2007

Boa Noite DigRam

segue o log

BankerFix 2.4 - Removedor de Bankers

Linha Defensiva - http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

Data: 8/29/2007 - 19:18

-------------------------------------------------------

Lista de Definição: 2007-08-18-1

=======================================================

Killando arquivos em Help

-----------------------------------

Killing '*'

Removendo Arquivos em Help

-----------------------------------

Arquivos ruins restantes

-----------------------------------

----- Fim -------------------------

Logfile of HijackThis v1.99.1

Scan saved at 7:13:54 PM, on 8/29/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\windows\System32\smss.exe

C:\windows\system32\winlogon.exe

C:\windows\system32\services.exe

C:\windows\system32\lsass.exe

C:\windows\system32\svchost.exe

C:\windows\System32\svchost.exe

C:\windows\system32\spoolsv.exe

C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe

C:\windows\system32\RunDll32.exe

C:\windows\system32\ctfmon.exe

C:\WINDOWS\system32\sistray.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\windows\system32\wuauclt.exe

C:\windows\explorer.exe

C:\windows\system32\notepad.exe

C:\hijackthis_199\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = gw34.ufrrj.br:3128

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = cbcs

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\windows\WebAssist.dll