[Resolvido!]Eu to com janelas CiD e em nas paginas q entro da erro

[Rafael Icassati 0]

Eu to com alguns problemas na internet com as janelas CiD e na maioria das janelas q eu entro aparece "erro no explorer essa janela tera que ser fechada" gostaria q alguem podesse me ajudar

 

eu passei hijackthis e deu isso:

 

Logfile of HijackThis v1.99.1

Scan saved at 10:55:33, on 6/10/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16512)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\AGRSMMSG.exe

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\ARQUIV~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\ARQUIV~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe

C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

C:\WINDOWS\system32\spudscv.exe

C:\Arquivos de programas\Windows32.exe

C:\WinPH.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\MessengerDiscovery\MessengerDiscovery Live.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\Familia\Meus documentos\rafael\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Arquivos de programas\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL

O1 - Hosts: Bloqueados

O1 - Hosts: 216.55.142.99 www.nossacaixa.com.br

O1 - Hosts: 216.55.142.99 www.credicarditau.com.br

O1 - Hosts: 216.55.142.99 www.credicardciti.com.br

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Arquivos de programas\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Arquivos de programas\MyWebSearch\bar\2.bin\MWSBAR.DLL

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Arquivos de programas\MyWebSearch\bar\2.bin\MWSBAR.DLL

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [RaidTool] C:\Arquivos de programas\VIA\RAID\raid_t

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\ARQUIV~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\ARQUIV~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=2 /w

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [spudscv.exe] C:\WINDOWS\system32\spudscv.exe

O4 - HKLM\..\Run: [Windows32] C:\Arquivos de programas\Windows32.exe

O4 - HKLM\..\Run: [Windows Services] C:\\WinPH.exe

O4 - HKLM\..\Run: [CloneCDTray] "C:\Arquivos de programas\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [AXIS TONS THE MP3] C:\Documents and Settings\All Users\Dados de aplicativos\Readme Live Axis Tons\SPAM DRV.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [NBJ] "C:\Arquivos de programas\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\ARQUIV~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [eMuleAutoStart] C:\Arquivos de programas\eMule\emule.exe -AutoStart

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

O4 - HKCU\..\Run: [regskind] C:\DOCUME~1\Familia\DADOSD~1\BASHMA~1\Amok creative.exe

O4 - Global Startup: Assistente Tecnico Speedy.lnk = C:\Arquivos de programas\Assistente Tecnico Speedy\bin\matcli.exe

O4 - Global Startup: Windows32.exe

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZNxmk936YYBR

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{11D95B3A-435C-4E46-959F-662CD16BB0E9}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - AppInit_DLLs:

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

[DigRam 144]

Bom Dia Rafael Icassati!

 

>@< Faça o download do ComboFix.

>@< Baixe-o para o Desktop!

>@< Feche todas as janelas e execute a ferramenta!

>@< Para quem possui o Avast,surgirá um alerta de malware ( Win32 D adobra-EY[Trj] ),que deverá ser ignorado.

>@< Abrirá a janela Auto Scan. Aguarde!

>@< Digite a opção para continuar < Enter >

>@< Aguarde a conclusão!

>@< Poste o relatório: C:\ComboFix.txt,na sua resposta + Log do HJT,atualizado.

 

Abraços!

[Rafael Icassati 0]

eu passei o hijackthis ai deu isso

 

Logfile of HijackThis v1.99.1

Scan saved at 21:38:03, on 8/10/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16512)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

C:\WINDOWS\system32\spudscv.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\DAEMON Tools\daemon.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\notepad.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Documents and Settings\Familia\Meus documentos\rafael\Nova pasta (3)\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.emurayden.net

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Arquivos de programas\MyWebSearch\bar\2.bin\MWSBAR.DLL (file missing)

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [RaidTool] C:\Arquivos de programas\VIA\RAID\raid_t

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\ARQUIV~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=2 /w

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [spudscv.exe] C:\WINDOWS\system32\spudscv.exe

O4 - HKLM\..\Run: [CloneCDTray] "C:\Arquivos de programas\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [AXIS TONS THE MP3] C:\Documents and Settings\All Users\Dados de aplicativos\Readme Live Axis Tons\admin deaf.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [NBJ] "C:\Arquivos de programas\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Arquivos de programas\Alcohol Soft\Alcohol 52\axcmd.exe" /automount

O4 - HKCU\..\Run: [regskind] C:\DOCUME~1\Familia\DADOSD~1\BASHMA~1\Amok creative.exe

O4 - Global Startup: Assistente Tecnico Speedy.lnk = C:\Arquivos de programas\Assistente Tecnico Speedy\bin\matcli.exe

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZNxmk936YYBR

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{11D95B3A-435C-4E46-959F-662CD16BB0E9}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - AppInit_DLLs:

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

 

 

 

 

e no combofix deu isso:

 

ComboFix 07-10-07.2 - Familia 2007-10-08 21:21:30.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1046.18.212 [GMT -3:00]

Executando de: C:\Documents and Settings\Familia\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Arquivos de programas\FunWebProducts

C:\Arquivos de programas\FunWebProducts\ScreenSaver\Images6FD545.urr

C:\Arquivos de programas\FunWebProducts\Shared\Cache\AvatarSmallBtn.html

C:\Arquivos de programas\FunWebProducts\Shared\Cache\CursorManiaBtn.html

C:\Arquivos de programas\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html

C:\Arquivos de programas\FunWebProducts\Shared\Cache\MailStampBtn.html

C:\Arquivos de programas\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html

C:\Arquivos de programas\FunWebProducts\Shared\Cache\MyStationeryBtn.html

C:\Arquivos de programas\FunWebProducts\Shared\Cache\SmileyCentralBtn.html

C:\Arquivos de programas\internet explorer\msimg32.dll

C:\Arquivos de programas\MSN Messenger\msimg32.dll

C:\Arquivos de programas\MyWebSearch

C:\Arquivos de programas\MyWebSearch\bar\1.bin\F3HTMLMU.DLL

C:\Arquivos de programas\MyWebSearch\bar\1.bin\F3SCRCTR.DLL

C:\Arquivos de programas\MyWebSearch\bar\1.bin\MWSBAR.DLL

C:\Arquivos de programas\MyWebSearch\bar\1.bin\MWSOEMON.EXE

C:\Arquivos de programas\MyWebSearch\bar\1.bin\MWSOEPLG.DLL

C:\Arquivos de programas\MyWebSearch\bar\1.bin\MWSOESTB.DLL

C:\Arquivos de programas\MyWebSearch\bar\2.bin\F3BKGERR.JPG

C:\Arquivos de programas\MyWebSearch\bar\2.bin\F3BROVLY.DLL

C:\Arquivos de programas\MyWebSearch\bar\2.bin\F3CJPEG.DLL

C:\Arquivos de programas\MyWebSearch\bar\2.bin\F3DTACTL.DLL

C:\Arquivos de programas\MyWebSearch\bar\2.bin\F3HISTSW.DLL

C:\Arquivos de programas\MyWebSearch\bar\2.bin\F3HTMLMU.DLL

C:\Arquivos de programas\MyWebSearch\bar\2.bin\F3HTTPCT.DLL

C:\Arquivos de programas\MyWebSearch\bar\2.bin\F3IMSTUB.DLL

C:\Arquivos de programas\MyWebSearch\bar\2.bin\F3POPSWT.DLL

C:\Arquivos de programas\MyWebSearch\bar\2.bin\F3PSSAVR.SCR

C:\Arquivos de programas\MyWebSearch\bar\2.bin\F3REPROX.DLL

C:\Arquivos de programas\MyWebSearch\bar\2.bin\F3RESTUB.DLL

C:\Arquivos de programas\MyWebSearch\bar\2.bin\F3SCHMON.EXE

C:\Arquivos de programas\MyWebSearch\bar\2.bin\F3SCRCTR.DLL

C:\Arquivos de programas\MyWebSearch\bar\2.bin\F3SHLLVW.DLL

C:\Arquivos de programas\MyWebSearch\bar\2.bin\F3SPACER.WMV

C:\Arquivos de programas\MyWebSearch\bar\2.bin\F3WALLPP.DAT

C:\Arquivos de programas\MyWebSearch\bar\2.bin\F3WPHOOK.DLL

C:\Arquivos de programas\MyWebSearch\bar\2.bin\M3FFXTBR.JAR

C:\Arquivos de programas\MyWebSearch\bar\2.bin\M3FFXTBR.MANIFEST

C:\Arquivos de programas\MyWebSearch\bar\2.bin\M3HTML.DLL

C:\Arquivos de programas\MyWebSearch\bar\2.bin\M3IDLE.DLL

C:\Arquivos de programas\MyWebSearch\bar\2.bin\M3IMPIPE.EXE

C:\Arquivos de programas\MyWebSearch\bar\2.bin\M3MSG.DLL

C:\Arquivos de programas\MyWebSearch\bar\2.bin\M3NTSTBR.JAR

C:\Arquivos de programas\MyWebSearch\bar\2.bin\M3NTSTBR.MANIFEST

C:\Arquivos de programas\MyWebSearch\bar\2.bin\M3OUTLCN.DLL

C:\Arquivos de programas\MyWebSearch\bar\2.bin\M3PLUGIN.DLL

C:\Arquivos de programas\MyWebSearch\bar\2.bin\M3SKIN.DLL

C:\Arquivos de programas\MyWebSearch\bar\2.bin\M3SKPLAY.EXE

C:\Arquivos de programas\MyWebSearch\bar\2.bin\M3SLSRCH.EXE

C:\Arquivos de programas\MyWebSearch\bar\2.bin\M3SRCHMN.EXE

C:\Arquivos de programas\MyWebSearch\bar\2.bin\MWSBAR.DLL

C:\Arquivos de programas\MyWebSearch\bar\2.bin\MWSOEMON.EXE

C:\Arquivos de programas\MyWebSearch\bar\2.bin\MWSOEPLG.DLL

C:\Arquivos de programas\MyWebSearch\bar\2.bin\MWSOESTB.DLL

C:\Arquivos de programas\MyWebSearch\bar\2.bin\NPMYWEBS.DLL

C:\Arquivos de programas\MyWebSearch\bar\Avatar\COMMON.F3S

C:\Arquivos de programas\MyWebSearch\bar\Cache047EF0

C:\Arquivos de programas\MyWebSearch\bar\Cache3480AC.bin

C:\Arquivos de programas\MyWebSearch\bar\Cache348734.bin

C:\Arquivos de programas\MyWebSearch\bar\Cache348957.bin

C:\Arquivos de programas\MyWebSearch\bar\Cache348B1C

C:\Arquivos de programas\MyWebSearch\bar\Cache4408DE

C:\Arquivos de programas\MyWebSearch\bar\Cache6F4AC8.bin

C:\Arquivos de programas\MyWebSearch\bar\Cache6F73AD.bin

C:\Arquivos de programas\MyWebSearch\bar\Cache6F7AA2.bin

C:\Arquivos de programas\MyWebSearch\bar\Cache6F889C.bin

C:\Arquivos de programas\MyWebSearch\bar\Cache6F8BE8.bin

C:\Arquivos de programas\MyWebSearch\bar\Cache6F9965

C:\Arquivos de programas\MyWebSearch\bar\Cache6FA3C5.bin

C:\Arquivos de programas\MyWebSearch\bar\Cache6FA702.bin

C:\Arquivos de programas\MyWebSearch\bar\Cache6FAAAB.bin

C:\Arquivos de programas\MyWebSearch\bar\Cache6FAC51.bin

C:\Arquivos de programas\MyWebSearch\bar\Cache82A242

C:\Arquivos de programas\MyWebSearch\bar\Cache\files.ini

C:\Arquivos de programas\MyWebSearch\bar\Game\CHECKERS.F3S

C:\Arquivos de programas\MyWebSearch\bar\Game\CHESS.F3S

C:\Arquivos de programas\MyWebSearch\bar\Game\REVERSI.F3S

C:\Arquivos de programas\MyWebSearch\bar\History\search2

C:\Arquivos de programas\MyWebSearch\bar\icons\CM.ICO

C:\Arquivos de programas\MyWebSearch\bar\icons\MFC.ICO

C:\Arquivos de programas\MyWebSearch\bar\icons\PSS.ICO

C:\Arquivos de programas\MyWebSearch\bar\icons\SMILEY.ICO

C:\Arquivos de programas\MyWebSearch\bar\icons\Thumbs.db

C:\Arquivos de programas\MyWebSearch\bar\icons\WB.ICO

C:\Arquivos de programas\MyWebSearch\bar\icons\ZWINKY.ICO

C:\Arquivos de programas\MyWebSearch\bar\Message\COMMON.F3S

C:\Arquivos de programas\MyWebSearch\bar\Notifier\COMMON.F3S

C:\Arquivos de programas\MyWebSearch\bar\Notifier\DOG.F3S

C:\Arquivos de programas\MyWebSearch\bar\Notifier\FISH.F3S

C:\Arquivos de programas\MyWebSearch\bar\Notifier\KUNGFU.F3S

C:\Arquivos de programas\MyWebSearch\bar\Notifier\LIFEGARD.F3S

C:\Arquivos de programas\MyWebSearch\bar\Notifier\MAID.F3S

C:\Arquivos de programas\MyWebSearch\bar\Notifier\MAILBOX.F3S

C:\Arquivos de programas\MyWebSearch\bar\Notifier\OPERA.F3S

C:\Arquivos de programas\MyWebSearch\bar\Notifier\ROBOT.F3S

C:\Arquivos de programas\MyWebSearch\bar\Notifier\SEDUCT.F3S

C:\Arquivos de programas\MyWebSearch\bar\Notifier\SURFER.F3S

C:\Arquivos de programas\MyWebSearch\bar\Settings\prevcfg2.htm

C:\Arquivos de programas\MyWebSearch\bar\Settings\s_pid.dat

C:\Arquivos de programas\MyWebSearch\bar\Settings\setting2.htm

C:\Arquivos de programas\MyWebSearch\bar\Settings\settings.dat

C:\Arquivos de programas\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

C:\Arquivos de programas\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL

C:\Arquivos de programas\windows32.exe

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\windows32.exe

C:\Documents and Settings\Familia\Dados de aplicativos\macromedia\Flash Player\#SharedObjects\MKFB8R37\iforex.com

C:\Documents and Settings\Familia\Dados de aplicativos\macromedia\Flash Player\#SharedObjects\MKFB8R37\iforex.com\Emerp\Events\flash_object.swf\user_data.sol

C:\Documents and Settings\Familia\Dados de aplicativos\macromedia\Flash Player\#SharedObjects\MKFB8R37\www.broadcaster.com

C:\Documents and Settings\Familia\Dados de aplicativos\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com

C:\Documents and Settings\Familia\Dados de aplicativos\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol

C:\Documents and Settings\Familia\Dados de aplicativos\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com

C:\Documents and Settings\Familia\Dados de aplicativos\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol

C:\WINDOWS\system32\f3PSSavr.scr

C:\winxp.exe

 

.

((((((((((((((((((((((( Ficheiros criados de 2007-09-09 to 2007-10-09 ))))))))))))))))))))))))))))))))

.

 

2007-10-08 21:20 51,200 --a------ C:\WINDOWS\NirCmd.exe

2007-10-08 19:34 <DIR> d-------- C:\Arquivos de programas\eMule

2007-10-07 19:28 <DIR> d-------- C:\Arquivos de programas\Bashmanagermail

2007-10-06 20:22 <DIR> d-------- C:\Documents and Settings\Familia\Dados de aplicativos\fltk.org

2007-10-06 18:39 <DIR> d-------- C:\!KillBox

2007-10-06 15:11 <DIR> d-------- C:\Arquivos de programas\psx emulation cheater

2007-10-06 13:43 <DIR> d-------- C:\Archivos de Programa

2007-10-03 23:08 <DIR> d-------- C:\Documents and Settings\Familia\Dados de aplicativos\InstallShield

2007-09-30 11:35 <DIR> d-------- C:\Arquivos de programas\Project64 1.6

2007-09-20 16:57 290,304 --a------ C:\cms22.exe

2007-09-20 16:23 4,033,536 --a------ C:\windm.exe

2007-09-20 16:23 <DIR> d-------- C:\WINDOWS\SoftWareProtector

2007-09-19 15:36 <DIR> d-------- C:\Arquivos de programas\EA GAMES

2007-09-13 20:55 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Readme Live Axis Tons

2007-09-13 16:07 34,464 --ah----- C:\WINDOWS\system32\mlfcache.dat

2007-09-11 13:46 <DIR> d-------- C:\Arquivos de programas\Eidos

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-10-08 21:24 --------- d-------- C:\Arquivos de programas\MSN Messenger

2007-10-07 19:30 --------- d-------- C:\Documents and Settings\Familia\Dados de aplicativos\Bashmanagermail

2007-10-06 21:50 --------- d-------- C:\Arquivos de programas\Alcohol Toolbar

2007-10-03 23:08 --------- d-------- C:\Arquivos de programas\Avanquest update

2007-10-02 22:28 --------- d-------- C:\Arquivos de programas\iLuminaPO

2007-09-26 21:29 --------- d-------- C:\Arquivos de programas\K-LiteNitro

2007-09-21 14:39 --------- d-------- C:\Arquivos de programas\Messenger Plus! Live

2007-09-18 22:14 --------- d--h----- C:\Arquivos de programas\InstallShield Installation Information

2007-09-18 19:44 --------- d-------- C:\Arquivos de programas\Arquivos comuns\InstallShield

2007-09-14 17:38 --------- d-------- C:\Arquivos de programas\MessengerDiscovery

2007-09-11 16:43 --------- d-------- C:\Arquivos de programas\StuffPlug3

2007-09-10 14:12 --------- d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus!

2007-09-08 13:06 --------- d-------- C:\Documents and Settings\Familia\Dados de aplicativos\My Games

2007-09-07 01:04 163644 --a------ C:\WINDOWS\system32\drivers\secdrv.sys

2007-09-06 18:16 --------- d-------- C:\Arquivos de programas\Windows Live

2007-09-06 18:16 --------- d-------- C:\Arquivos de programas\Adverts

2007-09-05 11:08 --------- d-------- C:\Arquivos de programas\Motorola Phone Tools

2007-09-05 11:05 --------- d-------- C:\Documents and Settings\All Users\Dados de aplicativos\BVRP Software

2007-09-05 11:04 24192 --a------ C:\Documents and Settings\Familia\usbsermptxp.sys

2007-09-05 11:04 22768 --a------ C:\WINDOWS\system32\drivers\usbsermpt.sys

2007-09-05 11:04 22768 --a------ C:\Documents and Settings\Familia\usbsermpt.sys

2007-09-03 20:07 --------- d-------- C:\Arquivos de programas\Google

2007-09-03 20:06 --------- d-------- C:\Arquivos de programas\GameSpy Arcade

2007-08-30 20:06 --------- d-------- C:\Documents and Settings\Familia\Dados de aplicativos\Google

2007-08-30 18:47 --------- d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Google

2007-08-30 13:30 98 --a------ C:\WINDOWS\system32\drivers\tmp.bat

2007-08-30 13:30 475136 --a------ C:\WINDOWS\system32\drivers\novo.exe

2007-08-30 13:29 516098 --a------ C:\WINDOWS\system32\drivers\versao.exe

2007-08-28 19:13 --------- d-------- C:\Arquivos de programas\SlySoft

2007-08-27 16:28 --------- d-------- C:\Arquivos de programas\Microsoft Games

2007-08-26 10:47 26 --a------ C:\WINDOWS\system32\drivers\ccApp.dll

2007-08-26 00:58 50176 --a------ C:\WinPH.exe

2007-08-26 00:58 247296 --a------ C:\WinWS.exe

2007-08-25 14:23 --------- d-------- C:\Documents and Settings\All Users\Dados de aplicativos\WhiteCap (Holiday Edition)

2007-08-22 13:42 156561 --a------ C:\WINDOWS\system32\drivers\CONFIOUNONAMORADOEFOIPARARNANET.zip

2007-08-22 13:40 20480 --------- C:\WINDOWS\system32\drivers\atApp.exe

2007-08-15 12:10 --------- d-------- C:\Arquivos de programas\MSXML 6.0

2005-03-31 22:17 40960 --a------ C:\Arquivos de programas\Uninstall_CDS.exe

2007-06-10 20:21:44 198,656 --sh--w C:\WINDOWS\system32\scripts.scr

.

 

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

----a-w 397,312 2005-04-15 18:46:04 C:\Arquivos de programas\Assistente Tecnico Speedy\SmartBridge\bak\MotiveSB.exe

 

----a-w 338,432 2007-04-05 20:55:04 C:\Arquivos de programas\Grisoft\AVG Free\bak\avgcc.exe

 

----a-w 263,680 2007-04-05 20:55:04 C:\Arquivos de programas\Grisoft\AVG Free\bak\avgemc.exe

 

----a-w 15,360 2004-08-04 12:00:00 C:\WINDOWS\system32\bak\ctfmon.exe

----a-w 15,360 2004-08-04 12:00:00 C:\WINDOWS\system32\ctfmon.exe

 

----a-w 155,648 2001-07-09 14:50:42 C:\WINDOWS\system32\bak\NeroCheck.exe

----a-w 155,648 2001-07-09 14:50:42 C:\WINDOWS\system32\NeroCheck.exe

 

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RaidTool"="C:\Arquivos de programas\VIA\RAID\raid_t" []

"SoundMan"="SOUNDMAN.EXE" [2005-05-17 07:48 C:\WINDOWS\SOUNDMAN.EXE]

"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 09:06 C:\WINDOWS\AGRSMMSG.exe]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2007-02-16 10:54]

"InCD"="C:\Arquivos de programas\Ahead\InCD\InCD.exe" [2005-06-10 11:20]

"iTunesHelper"="C:\Arquivos de programas\iTunes\iTunesHelper.exe" [2007-03-14 19:05]

"TkBellExe"="C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2007-06-29 12:58]

"My Web Search Bar Search Scope Monitor"="C:\ARQUIV~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" []

"AVG7_CC"="C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe" [2007-07-07 16:29]

"spudscv.exe"="C:\WINDOWS\system32\spudscv.exe" [2007-02-16 19:27]

"CloneCDTray"="C:\Arquivos de programas\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 16:21]

"Emurayden PSX Emulator"="" []

"AXIS TONS THE MP3"="C:\Documents and Settings\All Users\Dados de aplicativos\Readme Live Axis Tons\admin deaf.exe" [2007-10-08 21:27]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:00]

"swg"="C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-30 18:47]

"NBJ"="C:\Arquivos de programas\Ahead\Nero BackItUp\NBJ.exe" [2005-05-19 19:38]

"DAEMON Tools"="C:\Arquivos de programas\DAEMON Tools\daemon.exe" [2007-04-03 19:29]

"AlcoholAutomount"="C:\Arquivos de programas\Alcohol Soft\Alcohol 52\axcmd.exe" [2007-07-02 07:22]

"regskind"="C:\DOCUME~1\Familia\DADOSD~1\BASHMA~1\Amok creative.exe" [2007-10-07 19:28]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"appinit_dlls"=

 

R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys

S3 nocashio;nocashio;C:\WINDOWS\system32\drivers\nocashio.sys

S3 NTSIM;NTSIM;\??\C:\WINDOWS\system32\ntsim.sys

 

.

Conteúdo da pasta 'Tarefas Agendadas'

"2007-10-09 00:01:42 C:\WINDOWS\Tasks\AF591D5D918A8EF5.job"

"2007-09-30 15:14:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe

"2007-10-09 00:07:39 C:\WINDOWS\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job"

.

**************************************************************************

 

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-10-08 21:27:01

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2007-10-08 21:32:56 - machine was rebooted

C:\ComboFix-quarantined-files.txt ... 2007-10-08 21:32

.

[DigRam 144]

Bom Dia Rafael Icassati!

 

>@< O computador apresenta muitas infecções!

>@< E,devido a isso,executaremos um bom Anti-Spyware,para que reduza o volume infeccioso.

___________________

 

>@< Faça o download do a-squared Free 3.0

>@< Abra o programa e clique em: Atualizar agora >> Aguarde!

>@< Terminando,clique em: Analisar agora.

>@< Procure fazer,esta análise,em Modo de Segurança!

>@< Escolha a opção: A fundo.

>@< Clique em Analisar!

>@< Terminando,envie os ítens encontrados para a quarentena. Aonde,daí,serão eliminados ou restaurados.

>@< Salve o relatório,desta verificação,e poste na sua resposta + HJT,atualizado.

 

Abraços!

[Rafael Icassati 0]

Ae DigRam eu fiz oq você disse

 

Logfile of HijackThis v1.99.1

Scan saved at 11:30:26, on 9/10/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16512)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\AGRSMMSG.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

C:\WINDOWS\system32\spudscv.exe

C:\Arquivos de programas\SlySoft\CloneCD\CloneCDTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\DAEMON Tools\daemon.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\a-squared Free\a2service.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\Familia\Meus documentos\rafael\Nova pasta (3)\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.emurayden.net

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Arquivos de programas\MyWebSearch\bar\2.bin\MWSBAR.DLL (file missing)

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [RaidTool] C:\Arquivos de programas\VIA\RAID\raid_t

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\ARQUIV~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=2 /w

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [spudscv.exe] C:\WINDOWS\system32\spudscv.exe

O4 - HKLM\..\Run: [CloneCDTray] "C:\Arquivos de programas\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [AXIS TONS THE MP3] C:\Documents and Settings\All Users\Dados de aplicativos\Readme Live Axis Tons\admin deaf.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [NBJ] "C:\Arquivos de programas\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Arquivos de programas\Alcohol Soft\Alcohol 52\axcmd.exe" /automount

O4 - HKCU\..\Run: [regskind] C:\DOCUME~1\Familia\DADOSD~1\BASHMA~1\Amok creative.exe

O4 - Global Startup: Assistente Tecnico Speedy.lnk = C:\Arquivos de programas\Assistente Tecnico Speedy\bin\matcli.exe

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZNxmk936YYBR

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - AppInit_DLLs:

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

 

 

E AE TA A ANALISE:

 

a-squared Free - Versão 3.0

Last update: 9/10/2007 09:48:05

 

Configurações da análise:

 

Objetos: Memória, Rastros, Cookies, C:\

Análise de arquivos: Ligado

Heurística: Ligado

Análise de ADS: Ligado

 

Início da análise: 9/10/2007 09:54:53

 

Value: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\internet settings\5.0\user agent\post platform --> alexa toolbar detectado: Trace.Registry.AlexaToolbar

Key: HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 detectado: Trace.Registry.FunWebProducts

Key: HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler detectado: Trace.Registry.FunWebProducts

Key: HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 detectado: Trace.Registry.FunWebProducts

Key: HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar detectado: Trace.Registry.FunWebProducts

Key: HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 detectado: Trace.Registry.FunWebProducts

Key: HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 detectado: Trace.Registry.FunWebProducts

Key: HKEY_CLASSES_ROOT\funwebproducts.htmlmenu detectado: Trace.Registry.FunWebProducts

Key: HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 detectado: Trace.Registry.FunWebProducts

Key: HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager detectado: Trace.Registry.FunWebProducts

Key: HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 detectado: Trace.Registry.FunWebProducts

Key: HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton detectado: Trace.Registry.FunWebProducts

Key: HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 detectado: Trace.Registry.FunWebProducts

Key: HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol detectado: Trace.Registry.FunWebProducts

Key: HKEY_CLASSES_ROOT\interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} detectado: Trace.Registry.FunWebProducts

Key: HKEY_CLASSES_ROOT\typelib\{29d67d3c-509a-4544-903f-c8c1b8236554} detectado: Trace.Registry.FunWebProducts

Key: HKEY_CLASSES_ROOT\typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} detectado: Trace.Registry.FunWebProducts

Key: HKEY_LOCAL_MACHINE\software\fun web products detectado: Trace.Registry.FunWebProducts

Key: HKEY_CLASSES_ROOT\clsid\{0a1c811c-88ff-493b-98a9-83b4a649acd9} detectado: Trace.Registry.KeyLogger.wintective

Key: HKEY_CLASSES_ROOT\clsid\{bb81fa79-dcd7-48a6-a710-a85bd5ed9640} detectado: Trace.Registry.KeyLogger.wintective

Key: HKEY_CLASSES_ROOT\clsid\{c2a3ff36-c3a5-4334-968c-1dea85aaa772} detectado: Trace.Registry.KeyLogger.wintective

Key: HKEY_CLASSES_ROOT\typelib\{aa987bf8-e849-4996-9335-413df4a8158a} detectado: Trace.Registry.KeyLogger.wintective

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\MSNMessenger --> DLLDir detectado: Trace.Registry.MyWebSearch Toolbar

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\MSNMessenger --> DLLFile detectado: Trace.Registry.MyWebSearch Toolbar

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\ScreenSaver --> ImagesDir detectado: Trace.Registry.MyWebSearch Toolbar

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn --> ETag detectado: Trace.Registry.MyWebSearch Toolbar

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn --> HTMLMenuRevision detectado: Trace.Registry.MyWebSearch Toolbar

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn --> LastHTMLMenuURL detectado: Trace.Registry.MyWebSearch Toolbar

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\FunBuddyIconBtn --> ETag detectado: Trace.Registry.MyWebSearch Toolbar

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\FunBuddyIconBtn --> HTMLMenuRevision detectado: Trace.Registry.MyWebSearch Toolbar

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\FunBuddyIconBtn --> LastHTMLMenuURL detectado: Trace.Registry.MyWebSearch Toolbar

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\MyFunCardsIMBtn --> ETag detectado: Trace.Registry.MyWebSearch Toolbar

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\MyFunCardsIMBtn --> HTMLMenuRevision detectado: Trace.Registry.MyWebSearch Toolbar

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\MyFunCardsIMBtn --> LastHTMLMenuURL detectado: Trace.Registry.MyWebSearch Toolbar

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos --> BuddyFreqNone detectado: Trace.Registry.MyWebSearch Toolbar

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos --> BuddyFreqUninstalled detectado: Trace.Registry.MyWebSearch Toolbar

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos --> BuddyTextNone.0 detectado: Trace.Registry.MyWebSearch Toolbar

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos --> BuddyTextNone.numActive detectado: Trace.Registry.MyWebSearch Toolbar

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos --> BuddyTextUninstalled.0 detectado: Trace.Registry.MyWebSearch Toolbar

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos --> BuddyTextUninstalled.numActive detectado: Trace.Registry.MyWebSearch Toolbar

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos --> MSN.1 detectado: Trace.Registry.MyWebSearch Toolbar

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos --> MSN.2 detectado: Trace.Registry.MyWebSearch Toolbar

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos --> MSN.numActive detectado: Trace.Registry.MyWebSearch Toolbar

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos --> MSN.numActive2 detectado: Trace.Registry.MyWebSearch Toolbar

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn --> ETag detectado: Trace.Registry.MyWebSearch Toolbar

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn --> HTMLMenuPosDeleted detectado: Trace.Registry.MyWebSearch Toolbar

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn --> HTMLMenuRevision detectado: Trace.Registry.MyWebSearch Toolbar

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn --> LastHTMLMenuURL detectado: Trace.Registry.MyWebSearch Toolbar

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products --> CacheDir detectado: Trace.Registry.MyWebSearch Toolbar

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products --> JpegConversionLib detectado: Trace.Registry.MyWebSearch Toolbar

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\DownloadInformation --> CODEBASE detectado: Trace.Registry.MyWebSearch Toolbar

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\DownloadInformation --> INF detectado: Trace.Registry.MyWebSearch Toolbar

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\InstalledVersion --> LastModified detectado: Trace.Registry.MyWebSearch Toolbar

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} --> Installer detectado: Trace.Registry.MyWebSearch Toolbar

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} --> SystemComponent detectado: Trace.Registry.MyWebSearch Toolbar

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} --> DisplayName detectado: Trace.Registry.MyWebSearch Toolbar

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} --> URL detectado: Trace.Registry.MyWebSearch Toolbar

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\sources --> f3PopularScreensavers detectado: Trace.Registry.MyWebSearch Toolbar

Key: HKEY_CLASSES_ROOT\clsid\{00a6faf6-072e-44cf-8957-5838f569a31d} detectado: Trace.Registry.MyWebSearchToobar

Key: HKEY_CLASSES_ROOT\clsid\{07b18eab-a523-4961-b6bb-170de4475cca} detectado: Trace.Registry.MyWebSearchToobar

Key: HKEY_CLASSES_ROOT\clsid\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} detectado: Trace.Registry.MyWebSearchToobar

Key: HKEY_CLASSES_ROOT\clsid\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} detectado: Trace.Registry.MyWebSearchToobar

Key: HKEY_CLASSES_ROOT\clsid\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} detectado: Trace.Registry.MyWebSearchToobar

Key: HKEY_CLASSES_ROOT\clsid\{a4730ebe-43a6-443e-9776-36915d323ad3} detectado: Trace.Registry.MyWebSearchToobar

Key: HKEY_CLASSES_ROOT\interface\{07b18eaa-a523-4961-b6bb-170de4475cca} detectado: Trace.Registry.MyWebSearchToobar

Key: HKEY_CLASSES_ROOT\interface\{07b18eac-a523-4961-b6bb-170de4475cca} detectado: Trace.Registry.MyWebSearchToobar

Key: HKEY_CLASSES_ROOT\interface\{1093995a-ba37-41d2-836e-091067c4ad17} detectado: Trace.Registry.MyWebSearchToobar

Key: HKEY_CLASSES_ROOT\interface\{120927bf-1700-43bc-810f-fab92549b390} detectado: Trace.Registry.MyWebSearchToobar

Key: HKEY_CLASSES_ROOT\interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} detectado: Trace.Registry.MyWebSearchToobar

Key: HKEY_CLASSES_ROOT\interface\{1f52a5fa-a705-4415-b975-88503b291728} detectado: Trace.Registry.MyWebSearchToobar

Key: HKEY_CLASSES_ROOT\interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} detectado: Trace.Registry.MyWebSearchToobar

Key: HKEY_CLASSES_ROOT\interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} detectado: Trace.Registry.MyWebSearchToobar

Key: HKEY_CLASSES_ROOT\interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} detectado: Trace.Registry.MyWebSearchToobar

Key: HKEY_CLASSES_ROOT\interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} detectado: Trace.Registry.MyWebSearchToobar

Key: HKEY_CLASSES_ROOT\interface\{3e720451-b472-4954-b7aa-33069eb53906} detectado: Trace.Registry.MyWebSearchToobar

Key: HKEY_CLASSES_ROOT\interface\{3e720453-b472-4954-b7aa-33069eb53906} detectado: Trace.Registry.MyWebSearchToobar

Key: HKEY_CLASSES_ROOT\interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} detectado: Trace.Registry.MyWebSearchToobar

Key: HKEY_CLASSES_ROOT\interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} detectado: Trace.Registry.MyWebSearchToobar

Key: HKEY_CLASSES_ROOT\interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} detectado: Trace.Registry.MyWebSearchToobar

Key: HKEY_CLASSES_ROOT\interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} detectado: Trace.Registry.MyWebSearchToobar

Key: HKEY_CLASSES_ROOT\interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} detectado: Trace.Registry.MyWebSearchToobar

Key: HKEY_CLASSES_ROOT\interface\{90449521-d834-4703-bb4e-d3aa44042ff8} detectado: Trace.Registry.MyWebSearchToobar

Key: HKEY_CLASSES_ROOT\interface\{991aac62-b100-47ce-8b75-253965244f69} detectado: Trace.Registry.MyWebSearchToobar

Key: HKEY_CLASSES_ROOT\interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} detectado: Trace.Registry.MyWebSearchToobar

Key: HKEY_CLASSES_ROOT\interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} detectado: Trace.Registry.MyWebSearchToobar

Key: HKEY_CLASSES_ROOT\interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} detectado: Trace.Registry.MyWebSearchToobar

Key: HKEY_CLASSES_ROOT\interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} detectado: Trace.Registry.MyWebSearchToobar

Key: HKEY_CLASSES_ROOT\interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} detectado: Trace.Registry.MyWebSearchToobar

Key: HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 detectado: Trace.Registry.MyWebSearchToobar

Key: HKEY_CLASSES_ROOT\mywebsearch.htmlpanel detectado: Trace.Registry.MyWebSearchToobar

Key: HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 detectado: Trace.Registry.MyWebSearchToobar

Key: HKEY_CLASSES_ROOT\mywebsearch.outlookaddin detectado: Trace.Registry.MyWebSearchToobar

Key: HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin detectado: Trace.Registry.MyWebSearchToobar

Key: HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 detectado: Trace.Registry.MyWebSearchToobar

Key: HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin detectado: Trace.Registry.MyWebSearchToobar

Key: HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 detectado: Trace.Registry.MyWebSearchToobar

Key: HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin detectado: Trace.Registry.MyWebSearchToobar

Key: HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 detectado: Trace.Registry.MyWebSearchToobar

Key: HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller detectado: Trace.Registry.MyWebSearchToobar

Key: HKEY_CLASSES_ROOT\typelib\{07b18ea0-a523-4961-b6bb-170de4475cca} detectado: Trace.Registry.MyWebSearchToobar

Key: HKEY_CLASSES_ROOT\typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} detectado: Trace.Registry.MyWebSearchToobar

Key: HKEY_CLASSES_ROOT\typelib\{3e720450-b472-4954-b7aa-33069eb53906} detectado: Trace.Registry.MyWebSearchToobar

Key: HKEY_CLASSES_ROOT\typelib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} detectado: Trace.Registry.MyWebSearchToobar

Key: HKEY_CLASSES_ROOT\typelib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} detectado: Trace.Registry.MyWebSearchToobar

Key: HKEY_CLASSES_ROOT\typelib\{8e6f1830-9607-4440-8530-13be7c4b1d14} detectado: Trace.Registry.MyWebSearchToobar

Key: HKEY_CLASSES_ROOT\typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} detectado: Trace.Registry.MyWebSearchToobar

Key: HKEY_CLASSES_ROOT\typelib\{e47caee0-deea-464a-9326-3f2801535a4d} detectado: Trace.Registry.MyWebSearchToobar

Key: HKEY_CLASSES_ROOT\clsid\{00a6faf6-072e-44cf-8957-5838f569a31d} detectado: Trace.Registry.MyWebSearchToolbar

Key: HKEY_CLASSES_ROOT\clsid\{07b18eab-a523-4961-b6bb-170de4475cca} detectado: Trace.Registry.MyWebSearchToolbar

Key: HKEY_CLASSES_ROOT\clsid\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} detectado: Trace.Registry.MyWebSearchToolbar

Key: HKEY_CLASSES_ROOT\clsid\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} detectado: Trace.Registry.MyWebSearchToolbar

Key: HKEY_CLASSES_ROOT\clsid\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} detectado: Trace.Registry.MyWebSearchToolbar

Key: HKEY_CLASSES_ROOT\clsid\{a4730ebe-43a6-443e-9776-36915d323ad3} detectado: Trace.Registry.MyWebSearchToolbar

Key: HKEY_CLASSES_ROOT\interface\{07b18eaa-a523-4961-b6bb-170de4475cca} detectado: Trace.Registry.MyWebSearchToolbar

Key: HKEY_CLASSES_ROOT\interface\{07b18eac-a523-4961-b6bb-170de4475cca} detectado: Trace.Registry.MyWebSearchToolbar

Key: HKEY_CLASSES_ROOT\interface\{1093995a-ba37-41d2-836e-091067c4ad17} detectado: Trace.Registry.MyWebSearchToolbar

Key: HKEY_CLASSES_ROOT\interface\{120927bf-1700-43bc-810f-fab92549b390} detectado: Trace.Registry.MyWebSearchToolbar

Key: HKEY_CLASSES_ROOT\interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} detectado: Trace.Registry.MyWebSearchToolbar

Key: HKEY_CLASSES_ROOT\interface\{1f52a5fa-a705-4415-b975-88503b291728} detectado: Trace.Registry.MyWebSearchToolbar

Key: HKEY_CLASSES_ROOT\interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} detectado: Trace.Registry.MyWebSearchToolbar

Key: HKEY_CLASSES_ROOT\interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} detectado: Trace.Registry.MyWebSearchToolbar

Key: HKEY_CLASSES_ROOT\interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} detectado: Trace.Registry.MyWebSearchToolbar

Key: HKEY_CLASSES_ROOT\interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} detectado: Trace.Registry.MyWebSearchToolbar

Key: HKEY_CLASSES_ROOT\interface\{3e720451-b472-4954-b7aa-33069eb53906} detectado: Trace.Registry.MyWebSearchToolbar

Key: HKEY_CLASSES_ROOT\interface\{3e720453-b472-4954-b7aa-33069eb53906} detectado: Trace.Registry.MyWebSearchToolbar

Key: HKEY_CLASSES_ROOT\interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} detectado: Trace.Registry.MyWebSearchToolbar

Key: HKEY_CLASSES_ROOT\interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} detectado: Trace.Registry.MyWebSearchToolbar

Key: HKEY_CLASSES_ROOT\interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} detectado: Trace.Registry.MyWebSearchToolbar

Key: HKEY_CLASSES_ROOT\interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} detectado: Trace.Registry.MyWebSearchToolbar

Key: HKEY_CLASSES_ROOT\interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} detectado: Trace.Registry.MyWebSearchToolbar

Key: HKEY_CLASSES_ROOT\interface\{90449521-d834-4703-bb4e-d3aa44042ff8} detectado: Trace.Registry.MyWebSearchToolbar

Key: HKEY_CLASSES_ROOT\interface\{991aac62-b100-47ce-8b75-253965244f69} detectado: Trace.Registry.MyWebSearchToolbar

Key: HKEY_CLASSES_ROOT\interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} detectado: Trace.Registry.MyWebSearchToolbar

Key: HKEY_CLASSES_ROOT\interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} detectado: Trace.Registry.MyWebSearchToolbar

Key: HKEY_CLASSES_ROOT\interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} detectado: Trace.Registry.MyWebSearchToolbar

Key: HKEY_CLASSES_ROOT\interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} detectado: Trace.Registry.MyWebSearchToolbar

Key: HKEY_CLASSES_ROOT\interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} detectado: Trace.Registry.MyWebSearchToolbar

Key: HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 detectado: Trace.Registry.MyWebSearchToolbar

Key: HKEY_CLASSES_ROOT\mywebsearch.htmlpanel detectado: Trace.Registry.MyWebSearchToolbar

Key: HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 detectado: Trace.Registry.MyWebSearchToolbar

Key: HKEY_CLASSES_ROOT\mywebsearch.outlookaddin detectado: Trace.Registry.MyWebSearchToolbar

Key: HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin detectado: Trace.Registry.MyWebSearchToolbar

Key: HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 detectado: Trace.Registry.MyWebSearchToolbar

Key: HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin detectado: Trace.Registry.MyWebSearchToolbar

Key: HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 detectado: Trace.Registry.MyWebSearchToolbar

Key: HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin detectado: Trace.Registry.MyWebSearchToolbar

Key: HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 detectado: Trace.Registry.MyWebSearchToolbar

Key: HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller detectado: Trace.Registry.MyWebSearchToolbar

Key: HKEY_CLASSES_ROOT\typelib\{07b18ea0-a523-4961-b6bb-170de4475cca} detectado: Trace.Registry.MyWebSearchToolbar

Key: HKEY_CLASSES_ROOT\typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} detectado: Trace.Registry.MyWebSearchToolbar

Key: HKEY_CLASSES_ROOT\typelib\{3e720450-b472-4954-b7aa-33069eb53906} detectado: Trace.Registry.MyWebSearchToolbar

Key: HKEY_CLASSES_ROOT\typelib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} detectado: Trace.Registry.MyWebSearchToolbar

Key: HKEY_CLASSES_ROOT\typelib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} detectado: Trace.Registry.MyWebSearchToolbar

Key: HKEY_CLASSES_ROOT\typelib\{8e6f1830-9607-4440-8530-13be7c4b1d14} detectado: Trace.Registry.MyWebSearchToolbar

Key: HKEY_CLASSES_ROOT\typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} detectado: Trace.Registry.MyWebSearchToolbar

Key: HKEY_CLASSES_ROOT\typelib\{e47caee0-deea-464a-9326-3f2801535a4d} detectado: Trace.Registry.MyWebSearchToolbar

Value: HKEY_CLASSES_ROOT\wuse.1 --> wuse_id detectado: Trace.Registry.PurityScan

Value: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\savenow --> changed detectado: Trace.Registry.WhenU.SaveNow

Value: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\savenow --> slowinfocache detectado: Trace.Registry.WhenU.SaveNow

Key: HKEY_CLASSES_ROOT\wuse.1 detectado: Trace.Registry.WhenUSearch

Value: HKEY_CLASSES_ROOT\wuse.1 --> wuse_id detectado: Trace.Registry.WhenUSearch

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Elcom\Advanced Archive Password Recovery --> InstallDir detectado: Trace.Registry.Advanced Archive Password Recovery

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Elcom\Advanced Archive Password Recovery --> Stat param #1 detectado: Trace.Registry.Advanced Archive Password Recovery

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Elcom\Advanced Archive Password Recovery --> Stat param #2 detectado: Trace.Registry.Advanced Archive Password Recovery

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WUSE.1 --> WUSE_Id detectado: Trace.Registry.WhenU-DesktopBar

Value: HKEY_CLASSES_ROOT\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}\InprocServer32 --> ThreadingModel detectado: Trace.Registry.Zwinky Toolbar

Value: HKEY_CLASSES_ROOT\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\InprocServer32 --> ThreadingModel detectado: Trace.Registry.Zwinky Toolbar

Value: HKEY_CLASSES_ROOT\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\InprocServer32 --> ThreadingModel detectado: Trace.Registry.Zwinky Toolbar

Value: HKEY_CLASSES_ROOT\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32 --> ThreadingModel detectado: Trace.Registry.Zwinky Toolbar

Value: HKEY_CLASSES_ROOT\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32 --> ThreadingModel detectado: Trace.Registry.Zwinky Toolbar

Value: HKEY_CLASSES_ROOT\CLSID\{A6573479-9075-4A65-98A6-19FD29CF7374}\InprocServer32 --> ThreadingModel detectado: Trace.Registry.Zwinky Toolbar

Value: HKEY_CLASSES_ROOT\CLSID\{D778513B-1C40-4819-B0C5-49E40B39AFD0}\InprocServer32 --> ThreadingModel detectado: Trace.Registry.Zwinky Toolbar

Value: HKEY_CLASSES_ROOT\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\InprocServer32 --> ThreadingModel detectado: Trace.Registry.Zwinky Toolbar

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}\InprocServer32 --> ThreadingModel detectado: Trace.Registry.Zwinky Toolbar

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\InprocServer32 --> ThreadingModel detectado: Trace.Registry.Zwinky Toolbar

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\InprocServer32 --> ThreadingModel detectado: Trace.Registry.Zwinky Toolbar

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32 --> ThreadingModel detectado: Trace.Registry.Zwinky Toolbar

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32 --> ThreadingModel detectado: Trace.Registry.Zwinky Toolbar

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6573479-9075-4A65-98A6-19FD29CF7374}\InprocServer32 --> ThreadingModel detectado: Trace.Registry.Zwinky Toolbar

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D778513B-1C40-4819-B0C5-49E40B39AFD0}\InprocServer32 --> ThreadingModel detectado: Trace.Registry.Zwinky Toolbar

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\InprocServer32 --> ThreadingModel detectado: Trace.Registry.Zwinky Toolbar

c:\arquivos de programas\gamespy arcade detectado: Trace.Directory.GameSpy Arcade

c:\arquivos de programas\gamespy arcade\profiles detectado: Trace.Directory.GameSpy Arcade

c:\arquivos de programas\gamespy arcade\services detectado: Trace.Directory.GameSpy Arcade

c:\arquivos de programas\gamespy arcade\banner.html detectado: Trace.File.GameSpy Arcade

C:\Arquivos de programas\DAEMON Tools\SetupDTSB.exe detectado: Adware.SaveNow.bo

C:\Arquivos de programas\EA GAMES\The Sims 2 Quatro Estações\TSBin\Sims2EP5.exe detectado: Heuristic.Dialer.RAS

C:\Arquivos de programas\EA GAMES\The Sims 2 Vida Noturna\TSBin\Sims2EP2.exe detectado: Heuristic.Dialer.RAS

C:\Arquivos de programas\MSN Messenger\riched20.dll detectado: Adware.Win32.MyWebSearch

C:\Documents and Settings\Familia\Configurações locais\Temporary Internet Files\Content.IE5\2A0SIWXN\Final_Fantasy_Tactics__U__romsparagba.org_revgames.org.part2[1].rar/Final Fantasy Tactics.bin detectado: Heuristic.ArchiveBomb

C:\Documents and Settings\Familia\Configurações locais\Temporary Internet Files\Content.IE5\33RZEFJD\Final_Fantasy_Tactics__U__romsparagba.org_revgames.org.part1[1].rar/Final Fantasy Tactics.bin detectado: Heuristic.ArchiveBomb

C:\Documents and Settings\Familia\Configurações locais\Temporary Internet Files\Content.IE5\33RZEFJD\[113]_NIKAI__King_Of_Fighters_TheYuri_Friends__Hentai_[1].rar/[NIKAI] kof_yuri&friends_p02.jpg detectado: Heuristic.ArchiveBomb

C:\Documents and Settings\Familia\Configurações locais\Temporary Internet Files\Content.IE5\4P9UYM7Q\Final_Fantasy_Tactics__U__romsparagba.org_revgames.org.part3[1].rar/Final Fantasy Tactics.bin detectado: Heuristic.ArchiveBomb

C:\Documents and Settings\Familia\Configurações locais\Temporary Internet Files\Content.IE5\KH19ZURD\Final_Fantasy_Tactics__U__romsparagba.org_revgames.org.part1[1].rar/Final Fantasy Tactics.bin detectado: Heuristic.ArchiveBomb

C:\Documents and Settings\Familia\Dados de aplicativos\Bashmanagermail\jvatkvsu.exe detectado: Trojan.Win32.Obfuscated.io

C:\Documents and Settings\Familia\Meus documentos\rafael\Nova pasta (3)\new_uninstall.exe detectado: Adware.Lop

C:\qoobox\Quarantine\C\Arquivos de programas\Internet Explorer\msimg32.dll.vir detectado: Riskware.AdTool.Win32.MyWebSearch.au

C:\qoobox\Quarantine\C\Arquivos de programas\MyWebSearch\bar\1.bin\F3HTMLMU.DLL.vir detectado: Riskware.AdTool.Win32.MyWebSearch.l

C:\qoobox\Quarantine\C\Arquivos de programas\MyWebSearch\bar\1.bin\F3SCRCTR.DLL.vir detectado: Adware.Win32.MyWebSearch.an

C:\qoobox\Quarantine\C\Arquivos de programas\MyWebSearch\bar\1.bin\MWSBAR.DLL.vir detectado: Riskware.AdTool.Win32.MyWebSearch.bc

C:\qoobox\Quarantine\C\Arquivos de programas\MyWebSearch\bar\1.bin\MWSOEMON.EXE.vir detectado: Adware.Win32.MyWebSearch

C:\qoobox\Quarantine\C\Arquivos de programas\MyWebSearch\bar\1.bin\MWSOEPLG.DLL.vir detectado: Riskware.AdTool.Win32.MyWebSearch.au

C:\qoobox\Quarantine\C\Arquivos de programas\MyWebSearch\bar\1.bin\MWSOESTB.DLL.vir detectado: Riskware.AdTool.Win32.MyWebSearch

C:\qoobox\Quarantine\C\Arquivos de programas\MyWebSearch\bar\2.bin\F3BROVLY.DLL.vir detectado: Riskware.AdTool.Win32.MyWebSearch.at

C:\qoobox\Quarantine\C\Arquivos de programas\MyWebSearch\bar\2.bin\F3HISTSW.DLL.vir detectado: Adware.Win32.MyWebSearch

C:\qoobox\Quarantine\C\Arquivos de programas\MyWebSearch\bar\2.bin\F3HTMLMU.DLL.vir detectado: Riskware.AdTool.Win32.MyWebSearch.l

C:\qoobox\Quarantine\C\Arquivos de programas\MyWebSearch\bar\2.bin\F3HTTPCT.DLL.vir detectado: Adware.Win32.MyWebSearch.af

C:\qoobox\Quarantine\C\Arquivos de programas\MyWebSearch\bar\2.bin\F3IMSTUB.DLL.vir detectado: Riskware.AdTool.Win32.MyWebSearch.au

C:\qoobox\Quarantine\C\Arquivos de programas\MyWebSearch\bar\2.bin\F3POPSWT.DLL.vir detectado: Riskware.AdTool.Win32.MyWebSearch.au

C:\qoobox\Quarantine\C\Arquivos de programas\MyWebSearch\bar\2.bin\F3PSSAVR.SCR.vir detectado: Adware.Win32.MyWebSearch

C:\qoobox\Quarantine\C\Arquivos de programas\MyWebSearch\bar\2.bin\F3REPROX.DLL.vir detectado: Riskware.AdTool.Win32.MyWebSearch.au

C:\qoobox\Quarantine\C\Arquivos de programas\MyWebSearch\bar\2.bin\F3RESTUB.DLL.vir detectado: Adware.Win32.MyWebSearch

C:\qoobox\Quarantine\C\Arquivos de programas\MyWebSearch\bar\2.bin\F3SCHMON.EXE.vir detectado: Adware.Win32.MyWebSearch

C:\qoobox\Quarantine\C\Arquivos de programas\MyWebSearch\bar\2.bin\F3SCRCTR.DLL.vir detectado: Adware.Win32.MyWebSearch.an

C:\qoobox\Quarantine\C\Arquivos de programas\MyWebSearch\bar\2.bin\F3SHLLVW.DLL.vir detectado: Riskware.AdTool.Win32.MyWebSearch.aq

C:\qoobox\Quarantine\C\Arquivos de programas\MyWebSearch\bar\2.bin\F3WPHOOK.DLL.vir detectado: Adware.Win32.MyWebSearch

C:\qoobox\Quarantine\C\Arquivos de programas\MyWebSearch\bar\2.bin\M3HTML.DLL.vir detectado: Riskware.AdTool.Win32.MyWebSearch.bc

C:\qoobox\Quarantine\C\Arquivos de programas\MyWebSearch\bar\2.bin\M3IDLE.DLL.vir detectado: Adware.IWon.a

C:\qoobox\Quarantine\C\Arquivos de programas\MyWebSearch\bar\2.bin\M3OUTLCN.DLL.vir detectado: Adware.Win32.MyWebSearch

C:\qoobox\Quarantine\C\Arquivos de programas\MyWebSearch\bar\2.bin\M3PLUGIN.DLL.vir detectado: Riskware.AdTool.Win32.MyWebSearch.as

C:\qoobox\Quarantine\C\Arquivos de programas\MyWebSearch\bar\2.bin\M3SLSRCH.EXE.vir detectado: Riskware.AdTool.Win32.MyWebSearch.au

C:\qoobox\Quarantine\C\Arquivos de programas\MyWebSearch\bar\2.bin\M3SRCHMN.EXE.vir detectado: Riskware.AdTool.Win32.MyWebSearch.au

C:\qoobox\Quarantine\C\Arquivos de programas\MyWebSearch\bar\2.bin\MWSBAR.DLL.vir detectado: Riskware.AdTool.Win32.MyWebSearch.bc

C:\qoobox\Quarantine\C\Arquivos de programas\MyWebSearch\bar\2.bin\MWSOEMON.EXE.vir detectado: Adware.Win32.MyWebSearch

C:\qoobox\Quarantine\C\Arquivos de programas\MyWebSearch\bar\2.bin\MWSOEPLG.DLL.vir detectado: Riskware.AdTool.Win32.MyWebSearch.au

C:\qoobox\Quarantine\C\Arquivos de programas\MyWebSearch\bar\2.bin\MWSOESTB.DLL.vir detectado: Riskware.AdTool.Win32.MyWebSearch

C:\qoobox\Quarantine\C\Arquivos de programas\MyWebSearch\bar\2.bin\NPMYWEBS.DLL.vir detectado: Riskware.AdTool.Win32.MyWebSearch.i

C:\qoobox\Quarantine\C\Arquivos de programas\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL.vir detectado: Riskware.AdTool.Win32.MyWebSearch.as

C:\qoobox\Quarantine\C\Arquivos de programas\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL.vir detectado: Riskware.AdTool.Win32.MyWebSearch.as

C:\qoobox\Quarantine\C\WINDOWS\system32\f3PSSavr.scr.vir detectado: Adware.Win32.MyWebSearch

 

Analisado

 

Arquivos: 89249

Objetos: 143887

Cookies: 1

Processos: 10

 

Encontrado

 

Arquivos: 45

Objetos: 185

Cookies: 0

Processos: 0

Chaves do registro: 0

 

Fim da análise: 9/10/2007 11:01:53

Duração da análise: 01:07:00

[DigRam 144]

Boa Noite Rafael Icassati!

 

>@< Estando tudo Ok,excetuando-se as janelas CiD,vá à quarentena do a-squared.

>@< Selecione todo o conteúdo,e clique em Eliminar.

___________________

 

>@< Delete:

 

C:\QooBox

C:\ComboFix.txt << Log anterior do ComboFix.

__________________

 

>@< Selecione e copie,todo o conteúdo que está na área do quote,para o Bloco de Notas.

>@< Salve-o,no Desktop,com o nome: CFScript.txt

 

File::

C:\WINDOWS\Tasks\AF591D5D918A8EF5.job

C:\DOCUME~1\Familia\DADOSD~1\BASHMA~1\Amok creative.exe

C:\Documents and Settings\All Users\Dados de aplicativos\Readme Live Axis Tons\admin deaf.exe

C:\ARQUIV~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe

 

Registry::

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"regskind"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AXIS TONS THE MP3"=""

"My Web Search Bar Search Scope Monitor"=""

 

Folder::

C:\!KillBox

C:\Documents and Settings\All Users\Dados de aplicativos\Readme Live Axis Tons

C:\DOCUME~1\Familia\DADOSD~1\BASHMA~1

>@< Arraste,com o Mouse,o CFScript.txt para o ícone do ComboFix.

>@< Com esse procedimento,o ComboFix irá executar e,reiniciará o computador,automaticamente!

>@< Durante a execução,não utilize o teclado ou Mouse!

>@< Terminando,poste o relatório C:\ComboFix.txt + HJT,atualizado.

 

Abraços!

[Rafael Icassati 0]

ta ai:

 

Logfile of HijackThis v1.99.1

Scan saved at 22:04:38, on 9/10/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16512)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\a-squared Free\a2service.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

C:\WINDOWS\system32\spudscv.exe

C:\Arquivos de programas\SlySoft\CloneCD\CloneCDTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\notepad.exe

C:\Documents and Settings\Familia\Meus documentos\rafael\Nova pasta (3)\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.emurayden.net

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Arquivos de programas\MyWebSearch\bar\2.bin\MWSBAR.DLL (file missing)

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [RaidTool] C:\Arquivos de programas\VIA\RAID\raid_t

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [spudscv.exe] C:\WINDOWS\system32\spudscv.exe

O4 - HKLM\..\Run: [CloneCDTray] "C:\Arquivos de programas\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [NBJ] "C:\Arquivos de programas\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Arquivos de programas\Alcohol Soft\Alcohol 52\axcmd.exe" /automount

O4 - Global Startup: Assistente Tecnico Speedy.lnk = C:\Arquivos de programas\Assistente Tecnico Speedy\bin\matcli.exe

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZNxmk936YYBR

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{11D95B3A-435C-4E46-959F-662CD16BB0E9}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - AppInit_DLLs:

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

 

 

combofix:

 

 

ComboFix 07-10-07.2 - Familia 2007-10-09 21:55:00.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1046.18.188 [GMT -3:00]

Executando de: C:\Documents and Settings\Familia\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Familia\Desktop\CFScript.txt

* Criado um novo ponto de restauro

 

FILE::

C:\ARQUIV~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe

C:\DOCUME~1\Familia\DADOSD~1\BASHMA~1\Amok creative.exe

C:\Documents and Settings\All Users\Dados de aplicativos\Readme Live Axis Tons\admin deaf.exe

C:\WINDOWS\Tasks\AF591D5D918A8EF5.job

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\!KillBox

C:\!KillBox\[NIKAI] King Of Fighters Yuri&Friends Mai Special\Thumbs.db

C:\!KillBox\Logs\kb.log

C:\DOCUME~1\Familia\DADOSD~1\BASHMA~1

C:\DOCUME~1\Familia\DADOSD~1\BASHMA~1

C:\DOCUME~1\Familia\DADOSD~1\BASHMA~1\Amok creative.exe

C:\DOCUME~1\Familia\DADOSD~1\BASHMA~1\Amok creative.exe

C:\DOCUME~1\Familia\DADOSD~1\BASHMA~1\bfhaobkt.exe

C:\DOCUME~1\Familia\DADOSD~1\BASHMA~1\cbjzjoap.exe

C:\DOCUME~1\Familia\DADOSD~1\BASHMA~1\nodcrvfi.exe

C:\DOCUME~1\Familia\DADOSD~1\BASHMA~1\nxjqmxsg.exe

C:\DOCUME~1\Familia\DADOSD~1\BASHMA~1\plan bits live meow.exe

C:\DOCUME~1\Familia\DADOSD~1\BASHMA~1\scrsupportthe.exe

C:\Documents and Settings\All Users\Dados de aplicativos\Readme Live Axis Tons\admin deaf.exe

C:\WINDOWS\Tasks\AF591D5D918A8EF5.job

C:\Documents and Settings\All Users\Dados de aplicativos\Readme Live Axis Tons

 

.

((((((((((((((((((((((( Ficheiros criados de 2007-09-10 to 2007-10-10 ))))))))))))))))))))))))))))))))

.

 

2007-10-09 09:47 <DIR> d-------- C:\Arquivos de programas\a-squared Free

2007-10-08 21:20 51,200 --a------ C:\WINDOWS\NirCmd.exe

2007-10-08 19:34 <DIR> d-------- C:\Arquivos de programas\eMule

2007-10-07 19:28 <DIR> d-------- C:\Arquivos de programas\Bashmanagermail

2007-10-06 20:22 <DIR> d-------- C:\Documents and Settings\Familia\Dados de aplicativos\fltk.org

2007-10-06 15:11 <DIR> d-------- C:\Arquivos de programas\psx emulation cheater

2007-10-03 23:08 <DIR> d-------- C:\Documents and Settings\Familia\Dados de aplicativos\InstallShield

2007-09-30 11:35 <DIR> d-------- C:\Arquivos de programas\Project64 1.6

2007-09-20 16:57 290,304 --a------ C:\cms22.exe

2007-09-20 16:23 4,033,536 --a------ C:\windm.exe

2007-09-20 16:23 <DIR> d-------- C:\WINDOWS\SoftWareProtector

2007-09-19 15:36 <DIR> d-------- C:\Arquivos de programas\EA GAMES

2007-09-13 16:07 34,464 --ah----- C:\WINDOWS\system32\mlfcache.dat

2007-09-11 13:46 <DIR> d-------- C:\Arquivos de programas\Eidos

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-10-08 21:24 --------- d-------- C:\Arquivos de programas\MSN Messenger

2007-10-06 21:50 --------- d-------- C:\Arquivos de programas\Alcohol Toolbar

2007-10-03 23:08 --------- d-------- C:\Arquivos de programas\Avanquest update

2007-10-02 22:28 --------- d-------- C:\Arquivos de programas\iLuminaPO

2007-09-26 21:29 --------- d-------- C:\Arquivos de programas\K-LiteNitro

2007-09-21 14:39 --------- d-------- C:\Arquivos de programas\Messenger Plus! Live

2007-09-18 22:14 --------- d--h----- C:\Arquivos de programas\InstallShield Installation Information

2007-09-18 19:44 --------- d-------- C:\Arquivos de programas\Arquivos comuns\InstallShield

2007-09-14 17:38 --------- d-------- C:\Arquivos de programas\MessengerDiscovery

2007-09-11 16:43 --------- d-------- C:\Arquivos de programas\StuffPlug3

2007-09-10 14:12 --------- d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus!

2007-09-08 13:06 --------- d-------- C:\Documents and Settings\Familia\Dados de aplicativos\My Games

2007-09-07 01:04 163644 --a------ C:\WINDOWS\system32\drivers\secdrv.sys

2007-09-06 18:16 --------- d-------- C:\Arquivos de programas\Windows Live

2007-09-06 18:16 --------- d-------- C:\Arquivos de programas\Adverts

2007-09-05 11:08 --------- d-------- C:\Arquivos de programas\Motorola Phone Tools

2007-09-05 11:05 --------- d-------- C:\Documents and Settings\All Users\Dados de aplicativos\BVRP Software

2007-09-05 11:04 24192 --a------ C:\Documents and Settings\Familia\usbsermptxp.sys

2007-09-05 11:04 22768 --a------ C:\WINDOWS\system32\drivers\usbsermpt.sys

2007-09-05 11:04 22768 --a------ C:\Documents and Settings\Familia\usbsermpt.sys

2007-09-03 20:07 --------- d-------- C:\Arquivos de programas\Google

2007-08-30 20:06 --------- d-------- C:\Documents and Settings\Familia\Dados de aplicativos\Google

2007-08-30 18:47 --------- d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Google

2007-08-30 13:30 98 --a------ C:\WINDOWS\system32\drivers\tmp.bat

2007-08-30 13:30 475136 --a------ C:\WINDOWS\system32\drivers\novo.exe

2007-08-30 13:30 172032 --a------ C:\WINDOWS\system32\OSSMTP.DLL

2007-08-30 13:29 516098 --a------ C:\WINDOWS\system32\drivers\versao.exe

2007-08-28 19:13 --------- d-------- C:\Arquivos de programas\SlySoft

2007-08-27 16:28 --------- d-------- C:\Arquivos de programas\Microsoft Games

2007-08-26 10:47 26 --a------ C:\WINDOWS\system32\drivers\ccApp.dll

2007-08-26 00:58 50176 --a------ C:\WinPH.exe

2007-08-26 00:58 247296 --a------ C:\WinWS.exe

2007-08-25 14:23 --------- d-------- C:\Documents and Settings\All Users\Dados de aplicativos\WhiteCap (Holiday Edition)

2007-08-22 13:42 156561 --a------ C:\WINDOWS\system32\drivers\CONFIOUNONAMORADOEFOIPARARNANET.zip

2007-08-22 13:40 20480 --------- C:\WINDOWS\system32\drivers\atApp.exe

2007-08-15 12:10 --------- d-------- C:\Arquivos de programas\MSXML 6.0

2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll

2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll

2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe

2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll

2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll

2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll

2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll

2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll

2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll

2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll

2007-07-16 00:26 108144 --a------ C:\WINDOWS\system32\CmdLineExt.dll

2005-03-31 22:17 40960 --a------ C:\Arquivos de programas\Uninstall_CDS.exe

2007-06-10 20:21:44 198,656 --sh--w C:\WINDOWS\system32\scripts.scr

.

 

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

----a-w 397,312 2005-04-15 18:46:04 C:\Arquivos de programas\Assistente Tecnico Speedy\SmartBridge\bak\MotiveSB.exe

 

----a-w 338,432 2007-04-05 20:55:04 C:\Arquivos de programas\Grisoft\AVG Free\bak\avgcc.exe

 

----a-w 263,680 2007-04-05 20:55:04 C:\Arquivos de programas\Grisoft\AVG Free\bak\avgemc.exe

 

----a-w 15,360 2004-08-04 12:00:00 C:\WINDOWS\system32\bak\ctfmon.exe

----a-w 15,360 2004-08-04 12:00:00 C:\WINDOWS\system32\ctfmon.exe

 

----a-w 155,648 2001-07-09 14:50:42 C:\WINDOWS\system32\bak\NeroCheck.exe

----a-w 155,648 2001-07-09 14:50:42 C:\WINDOWS\system32\NeroCheck.exe

 

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RaidTool"="C:\Arquivos de programas\VIA\RAID\raid_t" []

"SoundMan"="SOUNDMAN.EXE" [2005-05-17 07:48 C:\WINDOWS\SOUNDMAN.EXE]

"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 09:06 C:\WINDOWS\AGRSMMSG.exe]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2007-02-16 10:54]

"InCD"="C:\Arquivos de programas\Ahead\InCD\InCD.exe" [2005-06-10 11:20]

"iTunesHelper"="C:\Arquivos de programas\iTunes\iTunesHelper.exe" [2007-03-14 19:05]

"TkBellExe"="C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2007-06-29 12:58]

"My Web Search Bar Search Scope Monitor"="" []

"AVG7_CC"="C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe" [2007-07-07 16:29]

"spudscv.exe"="C:\WINDOWS\system32\spudscv.exe" [2007-02-16 19:27]

"CloneCDTray"="C:\Arquivos de programas\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 16:21]

"Emurayden PSX Emulator"="" []

"AXIS TONS THE MP3"="" []

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:00]

"swg"="C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-30 18:47]

"NBJ"="C:\Arquivos de programas\Ahead\Nero BackItUp\NBJ.exe" [2005-05-19 19:38]

"DAEMON Tools"="C:\Arquivos de programas\DAEMON Tools\daemon.exe" [2007-04-03 19:29]

"AlcoholAutomount"="C:\Arquivos de programas\Alcohol Soft\Alcohol 52\axcmd.exe" [2007-07-02 07:22]

"regskind"="" []

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"appinit_dlls"=

 

R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys

S3 nocashio;nocashio;C:\WINDOWS\system32\drivers\nocashio.sys

S3 NTSIM;NTSIM;\??\C:\WINDOWS\system32\ntsim.sys

 

.

Conteúdo da pasta 'Tarefas Agendadas'

"2007-09-30 15:14:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe

"2007-10-10 00:07:02 C:\WINDOWS\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job"

.

**************************************************************************

 

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-10-09 21:59:44

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2007-10-09 22:03:45 - machine was rebooted

C:\ComboFix-quarantined-files.txt ... 2007-10-09 22:03

.

--- E O F ---

[DigRam 144]

Bom Dia Rafael Icassati!

 

>@< Abra o HijackThis e,com todas as janelas fechadas,dê Fix,nestas entradas:

 

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Arquivos de programas\MyWebSearch\bar\2.bin\MWSBAR.DLL (file missing)

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZNxmk936YYBR

O11 - Options group: [iNTERNATIONAL] International*

O20 - AppInit_DLLs:

@@@@@@@@@@@@@@@@@@@@@@@

 

>@< Configure o Windows para que mostre: Ver todos os Arquivos,até os ocultos!

>@< Desabilite as proteções residentes de AntiVírus e AntiSpywares!

>@< Faça o download da EliStarA.

>@< Baixe-a para o Desktop!

>@< Faça o download do EliTriIP.

>@< Baixe-o para o Desktop!

>@< Ps: Ambas,as ferramentas,estarão na página descargas ( Descargas > Utilidades SATINFO ).

>@< Selecione as ferramentas ( Uma por vez! ) e clique no pé da página,no botão Descargar xxx.Onde xxx é a denominação da ferramenta escolhida!

>@< Reinicie o computador e entre em Modo de Segurança.

>@< Execute,primeiro,a ferramenta: EliStartA.

>@< Vá ao seu ícone e execute-a!

>@< Aceite as condições propostas e aguarde o término do scan.Aguarde!Pois,pode demorar alguns minutos.

>@< Terminando,execute a ferramenta EliTriIP.

>@< O scan desta ferramenta é mais rápido!

____________________________

 

>@< Poste o relatório infoSAT.txt que está na raíz C:\ ( Disco Local-C ).

>@< Poste,também,um nôvo Log do HijackThis,na sua resposta.

>@< Ps: A ferramenta EliStarA,deletará (Opcional! ) a sua página inicial!Posteriormente,voçê à configurará novamente.

 

Abraços!

[Rafael Icassati 0]

Bom dia DigRam ou sei la não sei que horas você vai ler isso......valeu por ta me ajudando........

 

Logfile of HijackThis v1.99.1

Scan saved at 10:14:10, on 10/10/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16512)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

C:\WINDOWS\system32\spudscv.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\a-squared Free\a2service.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Documents and Settings\Familia\Meus documentos\rafael\Nova pasta (3)\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = aqui

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [RaidTool] C:\Arquivos de programas\VIA\RAID\raid_t

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [spudscv.exe] C:\WINDOWS\system32\spudscv.exe

O4 - HKLM\..\Run: [CloneCDTray] "C:\Arquivos de programas\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [NBJ] "C:\Arquivos de programas\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Arquivos de programas\Alcohol Soft\Alcohol 52\axcmd.exe" /automount

O4 - Global Startup: Assistente Tecnico Speedy.lnk = C:\Arquivos de programas\Assistente Tecnico Speedy\bin\matcli.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{11D95B3A-435C-4E46-959F-662CD16BB0E9}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

 

 

 

 

 

 

 

 

 

 

 

Wed Oct 10 09:30:36 2007

EliStartPage v14.80 ©2007 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones (por Acción Directa):

Eliminada Class, "{07B18EA9-A523-4961-B6BB-170DE4475CCA}" -> C:\Arquivos de programas\MyWebSearch\bar\2.bin\MWSBAR.DLL

No detectado Parche MS06-001 de Microsoft instalado. (WMF)

 

Wed Oct 10 09:48:09 2007

EliStartPage v14.80 ©2007 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones (por Acción Directa):

No detectado Parche MS06-001 de Microsoft instalado. (WMF)

Eliminadas las Paginas de Inicio y de Busqueda del IE

Eliminados Ficheros Temporales del IE

 

Wed Oct 10 09:54:21 2007

EliStartPage v14.80 ©2007 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\UPGRDHLP.EXE --> Eliminado, CyDoor

C:\WINDOWS\NIRCMD.EXE --> Eliminado, Tool-NirCmd

C:\WINDOWS\system32\OSSMTP.DLL --> Eliminado, Motor.OSSMTP(smtp)

C:\WINDOWS\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\F3INITIALSETUP1.0.0.15-3.INF --> Eliminado, MyWebSearch(inf)

 

Wed Oct 10 10:05:55 2007

EliTriIP v3.97 ©2007 S.G.H. / Satinfo S.L.

---------------------------------------------

Lista de Acciones (por Acción Directa):

No detectado Parche MS06-001 de Microsoft instalado. (WMF)

 

Wed Oct 10 10:06:03 2007

EliTriIP v3.97 ©2007 S.G.H. / Satinfo S.L.

---------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

C:\Arquivos de programas\Motorola Phone Tools\widcomm\Autorun.inf --> Eliminado, BackDoor.CMQ(inf)

[Rafael Icassati 0]

Bom dia DigRam ou sei la não sei que horas você vai ler isso......valeu por ta me ajudando........

 

Logfile of HijackThis v1.99.1

Scan saved at 10:14:10, on 10/10/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16512)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

C:\WINDOWS\system32\spudscv.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\a-squared Free\a2service.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Documents and Settings\Familia\Meus documentos\rafael\Nova pasta (3)\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = aqui

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [RaidTool] C:\Arquivos de programas\VIA\RAID\raid_t

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [spudscv.exe] C:\WINDOWS\system32\spudscv.exe

O4 - HKLM\..\Run: [CloneCDTray] "C:\Arquivos de programas\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [NBJ] "C:\Arquivos de programas\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Arquivos de programas\Alcohol Soft\Alcohol 52\axcmd.exe" /automount

O4 - Global Startup: Assistente Tecnico Speedy.lnk = C:\Arquivos de programas\Assistente Tecnico Speedy\bin\matcli.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{11D95B3A-435C-4E46-959F-662CD16BB0E9}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

 

 

 

 

 

 

 

 

 

 

 

Wed Oct 10 09:30:36 2007

EliStartPage v14.80 ©2007 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones (por Acción Directa):

Eliminada Class, "{07B18EA9-A523-4961-B6BB-170DE4475CCA}" -> C:\Arquivos de programas\MyWebSearch\bar\2.bin\MWSBAR.DLL

No detectado Parche MS06-001 de Microsoft instalado. (WMF)

 

Wed Oct 10 09:48:09 2007

EliStartPage v14.80 ©2007 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones (por Acción Directa):

No detectado Parche MS06-001 de Microsoft instalado. (WMF)

Eliminadas las Paginas de Inicio y de Busqueda del IE

Eliminados Ficheros Temporales del IE

 

Wed Oct 10 09:54:21 2007

EliStartPage v14.80 ©2007 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\UPGRDHLP.EXE --> Eliminado, CyDoor

C:\WINDOWS\NIRCMD.EXE --> Eliminado, Tool-NirCmd

C:\WINDOWS\system32\OSSMTP.DLL --> Eliminado, Motor.OSSMTP(smtp)

C:\WINDOWS\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\F3INITIALSETUP1.0.0.15-3.INF --> Eliminado, MyWebSearch(inf)

 

Wed Oct 10 10:05:55 2007

EliTriIP v3.97 ©2007 S.G.H. / Satinfo S.L.

---------------------------------------------

Lista de Acciones (por Acción Directa):

No detectado Parche MS06-001 de Microsoft instalado. (WMF)

 

Wed Oct 10 10:06:03 2007

EliTriIP v3.97 ©2007 S.G.H. / Satinfo S.L.

---------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

C:\Arquivos de programas\Motorola Phone Tools\widcomm\Autorun.inf --> Eliminado, BackDoor.CMQ(inf)

[Rafael Icassati 0]

abç.........

[DigRam 144]

Bom Dia Rafael Icassati!

 

>@< Apague a pasta: C:\QooBox << Pertence ao ComboFix.

>@< Abra o HijackThis e,com todas as janelas fechadas,dê Fix,nestas entradas:

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = aqui

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

>@< Estabeleça a sua página inicial!

_________________

 

>@< Faça o download do CCleaner.

>@< Baixe-o para o Desktop!

>@< Abra o programa e clique em Executar cleaner.

>@< Terminando,clique em Erros >> Procurar erros >> Corrigir erros.

_________________

 

Estando tudo Ok com o PC,crie um Ponto de Restauração do Sistema,Limpo!

Clique com o botão direito do mouse em cima de Meu Computador >> Propriedades >> Restauração do Sistema >> Marque: Desativar Restauração do Sistema >> Aplicar >> Ok.

Depois,desmarque novamente! >> Aplicar >> Ok.

Para maiores detalhes,vá em:< Docs >

>@< As janelas CiD,ainda lhe incomodam?

>@< Bom trabalho!

>@< Log Limpo!

 

Abraços! :thumbsup:

[Rafael Icassati 0]

valeu DigRam a janelas cid pararam e tambem saiu o "my web search toolbar" brigadao.......

[DigRam 144]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o Tópico seja reaberto é preciso enviar uma Mensagem Privada,para um Moderador,com um Link para o Tópico.