[Resolvido!] MyWay.MyWebSearch

cedraz · Dezembro 26, 2008

Rodei o Spybot e ele achou isso MyWay.MyWebSearch mais não consseguiu excluir, pediu para fazer a exclusão reiniciando, eu fiz e ele informou que não pode excluir, pois o que é esta sendo usado, alguem poderia me ajudar? Segue o log do HijackThis abaixo.

Desde já fico muito agradecido pela atenção.

Logfile of HijackThis v1.99.1

Scan saved at 12:08:43, on 26/12/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Spyware Doctor\pctsTray.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\RocketDock\RocketDock.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\locator.exe

C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

C:\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Arquivos de programas\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Arquivos de programas\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehcef.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [iSTray] "C:\Arquivos de programas\Spyware Doctor\pctsTray.exe"

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKCU\..\Run: [RocketDock] "C:\Arquivos de programas\RocketDock\RocketDock.exe"

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: RocketDock.lnk = C:\Arquivos de programas\RocketDock\RocketDock.exe

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1227061114062

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: GbPluginCef - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehcef.dll

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Arquivos de programas\IVT Corporation\BlueSoleil\BTNtService.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Arquivos de programas\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

jgarcia · Dezembro 26, 2008

Opa cedraz,

Baixe o ComboFix em:

ComboFix

1) Desabilite o seu anti-vírus temporariamente;

2) Dê um duplo-clique no combofix.exe e aguarde (o processo total demora cerca de 10 minutos);

3) A janela de “NEGAÇÃO DE GARANTIA DO SOFTWARE” abrir-se-á. Leia atentamente o texto contido nesta janela e clique sobre “SIM” para continuar.

PS.: Caso não concorde com os termos clique sobre “NÃO” para sair do software, cabendo lembrar que o processo de desinfecção não será possível sem a continuidade do ComboFix.

4) Outra janela irá abrir, caso a sua máquina não possua o CONSOLE DE RECUPERAÇÃO DO WINDOWS. É recomendável executar a instalação do console ante de dar continuidade ao processo, pois tal ação proporcionará a garantia de que o sistema poderá ser recuperado em caso de problemas durante a varredura.

Clique sobre “SIM” e aguarde, pois o processo de instalação do console dar-se-á automaticamente através do próprio ComboFix. Ele poderá demorar alguns minutos (dependerá da velocidade de sua conexão), portanto seja paciente.

Quando a janela “INSTALANDO O CONSOLE DE RECUPERAÇÃO” aparecer clique em “OK”, depois clique sobre “SIM” para aceitar a licença EULA.

Ao término da instalação do console de recuperação abrir-se-á uma janela avisando que “O CONSOLE DE RECUPERAÇÃO FOI INSTALADA COM SUCESSO”.

Clique sobre “SIM” para continuar a varredura.

5) O ComboFix iniciará o AUTOSCAN (aguarde).

ATENÇÃO: Não clique na janela do ComboFix, nem termine o processo abruptamente enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco).

Ao término do processo a máquina será reiniciada para a emissão do relatório.

6) Ao reiniciar a máquina o ComboFix irá executar o FIND3M para a criação do relatório final da varredura. O log ficará alocado em C:\ComboFix.txt.

7) Reabilite o seu anti-vírus;

8) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta.

OBS.1: Caso apareça uma mensagem avisando que ESTE NÃO É UM APLICATIVO WIN 32 VÁLIDO baixe o ComboFix novamente, mas salve-o em seu Desktop como KomboFix. Em último caso, tente utilizar o ComboFix em MODO SEGURO.

OBS.2: Caso haja um clique sobre a janela do ComboFix em execução, ela irá MAXIMIZAR, sobrepondo-se sobre as demais. Para minimizá-la novamente basta utilizar a combinação ALT + TAB.

Abraços.

cedraz · Janeiro 6, 2009

Desculpe-me a demora da resposta pois estava viajando segue abaixo o log do ComboFix:

ComboFix 08-12-23.01 - Sonia 2009-01-06 19:59:21.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.2031.1538 [GMT -3:00]

Running from: c:\documents and settings\Sonia\Desktop\ComboFix.exe

* Created a new restore point

.

- REDUCED FUNCTIONALITY MODE -

.

((((((((((((((((((((((((( Files Created from 2008-12-06 to 2009-01-06 )))))))))))))))))))))))))))))))

.

2009-01-06 16:33 . 2009-01-06 16:33 685,816 --a------ c:\windows\system32\drivers\sptd.sys

2009-01-06 15:29 . 2009-01-06 15:29 <DIR> d-------- c:\documents and settings\Sonia\Dados de aplicativos\Canneverbe_Limited

2009-01-06 13:54 . 2009-01-06 14:28 69 --a------ c:\windows\NeroDigital.ini

2009-01-02 11:13 . 2009-01-02 11:13 268 --ah----- C:\sqmdata06.sqm

2009-01-02 11:13 . 2009-01-02 11:13 244 --ah----- C:\sqmnoopt06.sqm

2009-01-01 02:10 . 2009-01-01 02:10 268 --ah----- C:\sqmdata05.sqm

2009-01-01 02:10 . 2009-01-01 02:10 244 --ah----- C:\sqmnoopt05.sqm

2008-12-27 08:41 . 2008-12-27 08:41 <DIR> d-------- c:\documents and settings\Sonia\Dados de aplicativos\skypePM

2008-12-27 08:41 . 2008-12-27 08:41 56 --ah----- c:\windows\system32\ezsidmv.dat

2008-12-27 08:33 . 2008-12-27 10:56 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Skype

2008-12-25 23:27 . 2008-12-25 23:27 188 --a------ c:\windows\wininit.ini

2008-12-24 07:15 . 2008-12-24 07:15 <DIR> d-------- c:\arquivos de programas\AskTBar

2008-12-16 22:17 . 2008-12-16 22:17 <DIR> d-------- C:\aida3942

2008-12-15 17:17 . 2008-12-19 09:37 <DIR> d-------- c:\documents and settings\Sonia\Dados de aplicativos\OpenCandy

2008-12-15 17:17 . 2008-12-25 00:30 <DIR> d-------- c:\arquivos de programas\MediaCoder

2008-12-15 15:17 . 2009-01-06 17:40 <DIR> d-------- c:\windows\system32\CatRoot2

2008-12-15 15:17 . 2008-12-15 15:18 <DIR> d-------- c:\windows\system32\CatRoot

2008-12-14 18:17 . 2008-11-12 17:40 <DIR> d--h----- c:\documents and settings\Administrador\Modelos

2008-12-14 18:17 . 2008-11-12 15:33 <DIR> d-------- c:\documents and settings\Administrador\Meus documentos

2008-12-14 18:17 . 2008-11-12 15:33 <DIR> dr------- c:\documents and settings\Administrador\Menu Iniciar

2008-12-14 18:17 . 2008-11-12 15:33 <DIR> d-------- c:\documents and settings\Administrador\Favoritos

2008-12-14 18:17 . 2008-11-12 15:33 <DIR> dr-h----- c:\documents and settings\Administrador\Dados de aplicativos

2008-12-14 18:17 . 2009-01-06 19:59 <DIR> d--h----- c:\documents and settings\Administrador\Configurações locais

2008-12-14 18:17 . 2008-11-12 15:33 <DIR> d--h----- c:\documents and settings\Administrador\Ambiente de rede

2008-12-14 18:17 . 2008-11-12 15:33 <DIR> d--h----- c:\documents and settings\Administrador\Ambiente de impressão

2008-12-14 18:17 . 2008-12-14 18:17 <DIR> d-------- c:\documents and settings\Administrador

2008-12-14 16:19 . 2009-01-06 14:45 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Ahead

2008-12-14 16:14 . 2008-12-14 16:15 <DIR> d-------- C:\80ae1e91b5c11b1096

2008-12-14 14:10 . 2008-12-14 14:13 <DIR> d-------- c:\documents and settings\Sonia\Dados de aplicativos\Nero

2008-12-14 11:48 . 2008-12-14 11:48 4,767 --a------ c:\windows\Irremote.ini

2008-12-14 11:43 . 2008-12-14 11:43 <DIR> d-------- c:\arquivos de programas\Windows Sidebar

2008-12-14 11:08 . 2009-01-06 14:45 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Nero

2008-12-14 11:08 . 2008-12-14 18:29 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Nero

2008-12-13 23:11 . 2008-12-15 09:46 <DIR> d-------- c:\windows\system32\XPSViewer

2008-12-13 23:10 . 2008-12-13 23:10 <DIR> d-------- c:\arquivos de programas\Reference Assemblies

2008-12-13 23:10 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll

2008-12-13 11:42 . 2007-10-16 14:49 1,000,744 --a------ c:\windows\system32\ShellManager10E2D762.dll

2008-12-12 18:58 . 2008-12-12 18:58 4,444 --a------ c:\windows\system32\pid.PNF

2008-12-12 17:58 . 2008-12-12 17:58 <DIR> d-------- c:\arquivos de programas\MSXML 4.0

2008-12-11 00:09 . 2008-12-11 00:09 <DIR> d-------- c:\arquivos de programas\Circle Developement

2008-12-10 18:51 . 2008-12-10 18:52 <DIR> d-------- c:\documents and settings\Sonia\Dados de aplicativos\Desktopicon

2008-12-10 18:51 . 2008-12-10 18:51 <DIR> d-------- c:\arquivos de programas\VDOWNLOADER

2008-12-09 15:36 . 2008-12-26 16:37 332 --a------ c:\windows\desctemp.dat

2008-12-08 12:27 . 2008-12-11 13:03 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\GbPlugin

2008-12-08 12:27 . 2009-01-06 08:55 <DIR> d-------- c:\arquivos de programas\GbPlugin

2008-12-07 19:16 . 2008-12-07 19:16 <DIR> d-------- c:\arquivos de programas\Malwarebytes' Anti-Malware

2008-12-07 19:16 . 2008-12-03 19:59 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2008-12-07 19:16 . 2008-12-03 19:59 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2008-12-07 08:27 . 2009-01-06 14:24 <DIR> d-------- c:\documents and settings\Sonia\Dados de aplicativos\Ahead

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2038-12-12 18:54 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Ahead

2009-01-06 22:52 --------- d---a-w c:\documents and settings\All Users\Dados de aplicativos\TEMP

2009-01-06 21:55 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2009-01-06 10:45 --------- d-----w c:\arquivos de programas\DreaMule

2009-01-06 09:44 --------- d-----w c:\arquivos de programas\Spyware Doctor

2008-12-29 10:15 --------- d-----w c:\arquivos de programas\Arquivos comuns\InstallShield

2008-12-29 10:12 --------- d--h--w c:\arquivos de programas\InstallShield Installation Information

2008-12-27 11:34 --------- d-----w c:\arquivos de programas\Google

2008-12-23 23:56 --------- d-----w c:\arquivos de programas\CCleaner

2008-12-14 02:14 --------- d-----w c:\arquivos de programas\MSBuild

2008-12-12 21:01 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

2008-12-11 03:09 --------- d-----w c:\arquivos de programas\MSN Messenger

2008-12-11 03:09 --------- d-----w c:\arquivos de programas\Messenger Plus! Live

2008-12-04 11:42 --------- d-----w c:\arquivos de programas\DAP

2008-12-04 11:28 50,688 ----a-w c:\windows\system32\wbhelp2.dll

2008-12-04 11:28 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\SpeedBit

2008-12-04 10:40 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Yahoo! Companion

2008-12-03 18:57 --------- d-----w c:\arquivos de programas\Yahoo!

2008-12-03 02:44 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\SecTaskMan

2008-12-03 02:23 --------- dc-h--w c:\documents and settings\All Users\Dados de aplicativos\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}

2008-12-02 21:04 --------- d-----w c:\arquivos de programas\Java

2008-11-30 16:01 --------- d-----w c:\documents and settings\Sonia\Dados de aplicativos\FrostWire

2008-11-30 15:06 --------- d-----w c:\documents and settings\Sonia\Dados de aplicativos\LimeWire

2008-11-29 02:50 --------- d-----w c:\arquivos de programas\HD Tune

2008-11-24 14:30 --------- d-----w c:\documents and settings\Sonia\Dados de aplicativos\TuneUp Software

2008-11-24 14:29 --------- d-sh--w c:\documents and settings\All Users\Dados de aplicativos\{55A29068-F2CE-456C-9148-C869879E2357}

2008-11-24 14:29 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\TuneUp Software

2008-11-24 13:59 --------- d-----w c:\documents and settings\Sonia\Dados de aplicativos\Uniblue

2008-11-23 13:07 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Bluetooth

2008-11-23 12:54 --------- d-----w c:\arquivos de programas\IVT Corporation

2008-11-20 15:24 --------- d-----w c:\arquivos de programas\K-Lite Codec Pack

2008-11-19 01:21 --------- d-----w c:\arquivos de programas\Defraggler

2008-11-19 00:28 218,112 ----a-w C:\HijackThis.exe

2008-11-18 23:53 --------- d-----w c:\documents and settings\Sonia\Dados de aplicativos\Malwarebytes

2008-11-18 23:53 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2008-11-18 16:36 --------- d-----w c:\documents and settings\Sonia\Dados de aplicativos\dvdcss

2008-11-17 21:39 --------- d-----w c:\arquivos de programas\Marcos Velasco Security

2008-11-17 01:09 --------- d-----w c:\documents and settings\Sonia\Dados de aplicativos\Media Player Classic

2008-11-15 00:15 --------- d-----w c:\documents and settings\Sonia\Dados de aplicativos\vlc

2008-11-14 15:49 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\InstallShield

2008-11-14 02:15 --------- d-----w c:\documents and settings\Sonia\Dados de aplicativos\Windows Search

2008-11-14 02:14 --------- d-----w c:\documents and settings\Sonia\Dados de aplicativos\Windows Desktop Search

2008-11-14 02:13 --------- d-----w c:\arquivos de programas\Windows Desktop Search

2008-11-13 12:27 --------- d-----w c:\arquivos de programas\Arquivos comuns\Adobe

2008-11-13 11:13 81,288 ----a-w c:\windows\system32\drivers\iksyssec.sys

2008-11-13 11:13 66,952 ----a-w c:\windows\system32\drivers\iksysflt.sys

2008-11-13 11:13 40,840 ----a-w c:\windows\system32\drivers\ikfilesec.sys

2008-11-13 11:02 --------- d-----w c:\arquivos de programas\Spybot - Search & Destroy

2008-11-13 04:15 --------- d-----w c:\documents and settings\Sonia\Dados de aplicativos\PC Tools

2008-11-13 03:38 --------- d-----w c:\arquivos de programas\RocketDock

2008-11-13 03:26 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\NOS

2008-11-13 03:26 --------- d-----w c:\arquivos de programas\NOS

2008-11-12 22:00 --------- d-----w c:\arquivos de programas\Alwil Software

2008-11-12 21:58 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!

2008-11-12 21:34 --------- d-----w c:\arquivos de programas\Windows Live

2008-11-12 21:15 --------- d-----w c:\arquivos de programas\Arquivos comuns\snp325

2008-11-12 21:13 --------- d-----w c:\documents and settings\Sonia\Dados de aplicativos\InstallShield

2008-11-12 21:11 155,995 ----a-w c:\windows\java\Packages\V5F7NJBT.ZIP

2008-11-12 21:07 --------- d-----w c:\arquivos de programas\Arquivos comuns\Java

2008-11-12 21:06 --------- d-----w c:\documents and settings\Sonia\Dados de aplicativos\AdobeUM

2008-11-12 21:06 --------- d-----w c:\arquivos de programas\Windows Media Connect 2

2008-11-12 21:02 --------- d-----w c:\arquivos de programas\MSECache

2008-11-12 20:44 --------- d-----w c:\arquivos de programas\microsoft frontpage

2008-11-12 20:42 --------- d-----w c:\arquivos de programas\Serviços on-line

2008-11-12 20:42 --------- d-----w c:\arquivos de programas\Arquivos comuns\Serviços

2008-11-10 08:43 410,984 ----a-w c:\windows\system32\deploytk.dll

2008-11-02 14:02 7,680 ----a-w c:\windows\system32\ff_vfw.dll

2008-10-28 22:35 684,032 ----a-w c:\windows\system32\divx.dll

2008-10-23 12:37 286,720 ----a-w c:\windows\system32\gdi32.dll

2008-10-16 20:23 826,368 ----a-w c:\windows\system32\wininet.dll

2008-10-16 17:13 202,776 ----a-w c:\windows\system32\wuweb.dll

2008-10-16 17:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll

2008-10-16 17:12 561,688 ----a-w c:\windows\system32\wuapi.dll

2008-10-16 17:12 323,608 ----a-w c:\windows\system32\wucltui.dll

2008-10-16 17:09 92,696 ----a-w c:\windows\system32\cdm.dll

2008-10-16 17:09 51,224 ----a-w c:\windows\system32\wuauclt.exe

2008-10-16 17:09 43,544 ----a-w c:\windows\system32\wups2.dll

2008-10-16 17:08 34,328 ----a-w c:\windows\system32\wups.dll

2008-10-16 17:06 268,648 ----a-w c:\windows\system32\mucltui.dll

2008-10-16 17:06 208,744 ----a-w c:\windows\system32\muweb.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"= "c:\arquivos de programas\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" [2008-12-24 57344]

[HKEY_CLASSES_ROOT\clsid\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RocketDock"="c:\arquivos de programas\RocketDock\RocketDock.exe" [2007-09-02 495616]

"SpybotSD TeaTimer"="c:\arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast!"="c:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]

"ISTray"="c:\arquivos de programas\Spyware Doctor\pctsTray.exe" [2008-11-13 1168264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"GrpConv"="grpconv -o" [X]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\Sonia\Menu Iniciar\Programas\Inicializar\

RocketDock.lnk - c:\arquivos de programas\RocketDock\RocketDock.exe [2008-11-13 495616]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\arquivos de programas\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

"{E37CB5F0-51F5-4395-A808-5FA49E399003}"= "c:\arquivos de programas\GBPLUGIN\gbiehcef.dll" [2008-12-08 374856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]

2008-12-08 22:07 374856 c:\arquivos de programas\GbPlugin\gbiehcef.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^BlueSoleil.lnk]

backup=c:\windows\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Windows Search.lnk]

backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Sonia^Menu Iniciar^Programas^Inicializar^Dic Michaelis - UOL.LNK]

backup=c:\windows\pss\Dic Michaelis - UOL.LNKStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Sonia^Menu Iniciar^Programas^Inicializar^Internet.lnk]

backup=c:\windows\pss\Internet.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-10-15 00:04 39792 c:\arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

--a------ 2008-04-13 23:20 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]

--a------ 2006-10-26 18:48 434528 c:\arquiv~1\ARQUIV~1\MICROS~1\DW\DWTRIG20.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera]

--a------ 2007-02-12 13:50 20480 c:\windows\FixCamera.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HD Tune]

--a------ 2008-02-09 15:17 401408 c:\arquiv~1\HDTUNE~1\HDTune.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

--a------ 2004-04-17 12:41 196608 c:\arquiv~1\ARQUIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

--a------ 2004-04-13 06:07 69632 c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]

--a------ 2008-12-03 19:59 399504 c:\arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--------- 2008-04-13 23:21 1695232 c:\arquivos de programas\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp325]

--a------ 2007-05-10 12:18 835584 c:\windows\vsnp325.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2008-11-10 05:43 136600 c:\arquivos de programas\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnp325]

--a------ 2007-04-21 08:36 270336 c:\windows\tsnp325.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSPower]

-ra------ 2005-04-12 08:31 49152 c:\windows\system32\SiSPower.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"c:\\Arquivos de programas\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=

"c:\\Arquivos de programas\\DreaMule\\emule.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-12 111184]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-11-12 20560]

R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [2008-12-08 52800]

R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe [2008-09-30 935208]

R2 sdAuxService;PC Tools Auxiliary Service;c:\arquivos de programas\Spyware Doctor\pctsAuxs.exe [2008-11-13 356920]

R3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\DRIVERS\snp325.sys [2008-11-12 10343168]

S3 CrystalSysInfo;CrystalSysInfo;\??\c:\arquivos de programas\MediaCoder\SysInfo.sys [2007-09-25 15152]

S3 getPlus® Helper;getPlus® Helper;c:\arquivos de programas\NOS\bin\getPlus_HelperSvc.exe [2008-11-13 33752]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4380a0c3-b131-11dd-b2ed-001558b57bad}]

\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

.

Contents of the 'Scheduled Tasks' folder

2008-11-24 c:\windows\Tasks\JkDefrag.job

- c:\windows\tasks\JkDefragTask.cmd [2008-11-18 00:18]

.

- - - - ORPHANS REMOVED - - - -

HKLM-RunOnce-<NO NAME> - (no file)

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com.br/

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

IE: &Clean Traces - c:\arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

IE: &Download with &DAP - c:\arquivos de programas\DAP\dapextie.htm

IE: Download &all with DAP - c:\arquivos de programas\DAP\dapextie2.htm

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000

Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\arquiv~1\DAP\dapie.dll

Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\arquiv~1\DAP\dapie.dll

O16 -: Microsoft XML Parser for Java - c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

c:\windows\Downloaded Program Files\gbpdist.dll - O16 -: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931}

hxxps://imagem.caixa.gov.br/cab/gbpdist.cab

c:\windows\Downloaded Program Files\gbpdist.inf

FF - ProfilePath - c:\documents and settings\Sonia\Dados de aplicativos\Mozilla\Firefox\Profiles\n5x8di70.default\

FF - prefs.js: browser.startup.homepage - www.google.com.br

FF - component: c:\arquivos de programas\DAP\DAPFireFox\components\DAPFireFox.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF - plugin: c:\arquivos de programas\Yahoo!\Common\npyaxmpb.dll

ATTENTION: FIREFOX POLICES IS IN FORCE

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-06 19:59:51

Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:

ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GbpSv]

"ImagePath"="c:\arquiv~1\GbPlugin\GbpSv.exe"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(688)

c:\arquivos de programas\GBPLUGIN\gbiehcef.dll

.

Completion time: 2009-01-06 20:01:54

ComboFix-quarantined-files.txt 2009-01-06 23:01:49

Pre-Run: 13 pasta(s) 276.246.790.144 bytes disponíveis

Post-Run: 13 pasta(s) 276,236,447,744 bytes disponíveis

281 --- E O F --- 2009-01-03 23:40:06

jgarcia · Janeiro 9, 2009

Opa cedraz,

Siga as instruções:

1. Abra o Bloco de Notas -> Copie (Control + C) e Cole (Control + V) todo o texto incluído no "Quote":

File::
c:\arquivos de programas\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL

c:\windows\Tasks\JkDefrag.job

c:\windows\tasks\JkDefragTask.cmd

c:\windows\system32\ezsidmv.dat

c:\windows\system32\pid.PNF

c:\windows\wininit.ini

c:\windows\Irremote.ini

Folder::

c:\arquivos de programas\AskTBar

c:\documents and settings\All Users\Dados de aplicativos\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}

c:\documents and settings\All Users\Dados de aplicativos\{55A29068-F2CE-456C-9148-C869879E2357}

Registry::

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"=-

[-HKEY_CLASSES_ROOT\clsid\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"GrpConv"=-

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000000

"UpdatesDisableNotify"=dword:00000000

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4380a0c3-b131-11dd-b2ed-001558b57bad}]

ATENÇÃO: O script acima foi elaborado especificamente para a infecção contida neste computador. Utilizá-lo em outra máquina poderá originar graves problemas ao usuário.

2. Salve o arquivo como CFScript.txt;

3. Tal como exemplificado na foto abaixo, arraste o arquivo CFScript.txt para o ComboFix.exe.

4. Ao término do processo a ferramenta irá gerar um log. Poste-o (C:\ComboFix.txt) em sua próxima resposta, juntamente com um novo log do HijackThis.

Abraços.

PS.: Execute a ação com o Pendrive conectado ao PC.

cedraz · Janeiro 12, 2009

O combofix gerou este log e ele reiniciou a maquina eu encontrei este log dele em C:Combofix

ComboFix 09-01-11.04 - Sonia 2009-01-12 18:24:47.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.2031.1529 [GMT -3:00]

Executando de: C:\Documents and Settings\Sonia\Desktop\ComboFix.exe

AV: avast! antivirus 4.8.1296 [VPS 090112-0] *On-access scanning disabled* (Outdated)

* Criado um novo ponto de restauro

.

E este é do HijackThis

Logfile of HijackThis v1.99.1

Scan saved at 18:31, on 2009-01-12

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\msiexec.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE

C:\Arquivos de programas\Spyware Doctor\pctsTray.exe

C:\Arquivos de programas\RocketDock\RocketDock.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\locator.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\SearchFilterHost.exe

C:\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\yt.dll

R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Arquivos de programas\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehcef.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll