[Resolvido!] Analisem meu log, hj fui infectado

Dannn · Agosto 30, 2010

Hoje qndo liguei o pc apareceu msg do avast, e tbm percebi q tinha varios processos desconhecidos, fexei todos e procurei arquivos no pc e deletei

agora fiz um log no hijack, naum sei se tenhu q reiniciar e fazer outro, mas ta ai esse, analisem por favor!

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 11:28:22, on 30/8/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\svchost.exe

C:\hijackthis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.tangosearch.com/?useie5=1&q=

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsearch.com/index.jhtml?ptnrS=ZNxdm414YYBR&ptb=_bDXH.dJxZ7uL66g69czKA&n=77cf6dfe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.tangosearch.com/?useie5=1&q=

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Arquivos de programas\MyWebSearch\bar\1.bin\MWSSRCAS.DLL

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Arquivos de programas\MyWebSearch\bar\1.bin\MWSSRCAS.DLL

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Arquivos de programas\MyWebSearch\bar\1.bin\MWSBAR.DLL

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: Tango - {F2A58121-CC98-4AA5-837B-6491DF76AB4C} - C:\WINDOWS\system32\1978.dll

O3 - Toolbar: Tango - {F2A58120-CC98-4AA5-837B-6491DF76AB4C} - C:\WINDOWS\system32\1978.dll

O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Arquivos de programas\MyWebSearch\bar\1.bin\MWSBAR.DLL

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Reinaldo\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: McAfee Security Scan Plus.lnk = ?

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?s=100000349&p=ZNxdm414YYBR&si=44384&a=_bDXH.dJxZ7uL66g69czKA&n=2010082814

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/SmileyCentralInitialSetup1.0.1.1.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1271347050343

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1271346959453

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Arquivos de programas\McAfee Security Scan\2.0.181\McCHSvc.exe

O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\ARQUIV~1\MYWEBS~1\bar\1.bin\mwssvc.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: ResultDns Service - Unknown owner - C:\Documents and Settings\All Users\Dados de aplicativos\ResultDns\resultdns115.exe

--

End of file - 8535 bytes

wings · Agosto 30, 2010

Bom dia...

1.

*Baixe o AD-Remover e salve-o no desktop

*Execute o AD-Remover

*Clique em [Clean]...aguarde o término. A reinicialização do PC poderá ser solicitada pelo programa.

*Cole o relatório criado em C:\Ad-Report-CLEAN.log

Dannn · Agosto 31, 2010

Prontinho :P

e agora ta bom?

======= REPORT FROM AD-REMOVER 2.0.0.1,D | ONLY XP/VISTA/7 =======

Updated by C_XX on 26/07/10 at 12:00

Contact: AdRemover.contact[AT]gmail.com

website: http://pagesperso-orange.fr/NosTools/ad_remover.html

C:\Arquivos de programas\Ad-Remover\main.exe (CLEAN [2]) -> Launched at 10:47:13 on 31/08/2010, Normal boot

Microsoft Windows XP Professional Service Pack 2 (X86)

Reinaldo@REINALDO ( )

============== ACTION(S) ==============

0,File deleted: C:\WINDOWS\Downloaded Program Files\F3initialsetup1.0.1.1.inf

0,File deleted: C:\WINDOWS\system32\f3PSSavr.scr

0,File deleted: C:\Documents and Settings\Reinaldo\Dados de aplicativos\Mozilla\FireFox\Profiles\qjgrsyyx.default\searchplugins\mywebsearch.xml

0,Folder deleted: C:\DOCUME~1\Reinaldo\CONFIG~1\Temp\AskSearch

0,File deleted: C:\DOCUME~1\Reinaldo\CONFIG~1\Temp\ASKSUTBLOG

0,Folder deleted: C:\Arquivos de programas\FunWebProducts

0,Folder deleting error: C:\Arquivos de programas\MyWebSearch (Error code: 0)

2,File deleted: C:\Arquivos de programas\Windows Live\Messenger\Riched20.dll

(!) -- Temporary files deleted.

-- File opened: C:\Documents and Settings\Reinaldo\Dados de aplicativos\Mozilla\FireFox\Profiles\qjgrsyyx.default\Prefs.js --

Line deleted: user_pref("browser.search.selectedEngine", "My Web Search");

Line deleted: user_pref("extensions.enabledItems", "jqs@sun.com:1.0,{1A615EA8-4C56-49EE-BE83-F9A264B79997}:1.0,m3f...

Line deleted: user_pref("extensions.mywebsearch.openSearchURL", "hxxp://search.mywebsearch.com/mywebsearch/opensea...

Line deleted: user_pref("extensions.mywebsearch.prevKwdEnabled", true);

Line deleted: user_pref("extensions.mywebsearch.prevKwdURL", "chrome://browser-region/locale/region.properties");

Line deleted: user_pref("keyword.URL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZNxdm414YYBR&ptb...

-- File closed --

1,Key deleted: HKLM\Software\Classes\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D}

1,Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}

1,Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44cf-8957-5838F569A31D}

1,Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44cf-8957-5838F569A31D}

1,Key deleted: HKLM\Software\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}

1,Key deleted: HKLM\Software\Classes\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}

1,Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}

1,Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA}

1,Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}

1,Key deleted: HKLM\Software\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}

1,Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA}

1,Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}

1,Key deleted: HKLM\Software\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}

1,Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA}

1,Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA}

1,Key deleted: HKLM\Software\Classes\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}

1,Key deleted: HKLM\Software\Classes\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}

1,Key deleted: HKLM\Software\Classes\CLSID\{25560540-9571-4D7B-9389-0F166788785A}

1,Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A}

1,Key deleted: HKLM\Software\Classes\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}

1,Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}

1,Key deleted: HKLM\Software\Classes\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}

1,Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906}

1,Key deleted: HKLM\Software\Classes\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}

1,Key deleted: HKLM\Software\Classes\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}

1,Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}

1,Key deleted: HKLM\Software\Classes\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}

1,Key deleted: HKLM\Software\Classes\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}

1,Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}

1,Key deleted: HKLM\Software\Classes\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}

1,Key deleted: HKLM\Software\Classes\CLSID\{799391D3-EB86-4bac-9BD3-CBFEA58A0E15}

1,Key deleted: HKLM\Software\Classes\CLSID\{819FFE22-35C7-4925-8CDA-4E0E2DB94302}

1,Key deleted: HKLM\Software\Classes\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983}

1,Key deleted: HKLM\Software\Classes\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}

1,Key deleted: HKLM\Software\Classes\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA}

1,Key deleted: HKLM\Software\Classes\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}

1,Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB}

1,Key deleted: HKLM\Software\Classes\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}

1,Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF}

1,Key deleted: HKLM\Software\Classes\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}

1,Key deleted: HKLM\Software\Classes\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}

1,Key deleted: HKLM\Software\Classes\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}

1,Key deleted: HKLM\Software\Classes\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}

1,Key deleted: HKLM\Software\Classes\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}

1,Key deleted: HKLM\Software\Classes\CLSID\{D858DAFC-9573-4811-B323-7011A3AA7E61}

1,Key deleted: HKLM\Software\Classes\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}

1,Key deleted: HKLM\Software\Classes\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}

1,Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}

1,Key deleted: HKLM\Software\Classes\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}

1,Key deleted: HKLM\Software\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}

1,Key deleted: HKLM\Software\Classes\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}

1,Key deleted: HKLM\Software\Classes\Interface\{115CCBAE-27B0-47C3-BA42-BAB708424393}

1,Key deleted: HKLM\Software\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}

1,Key deleted: HKLM\Software\Classes\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}

1,Key deleted: HKLM\Software\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}

1,Key deleted: HKLM\Software\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}

1,Key deleted: HKLM\Software\Classes\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}

1,Key deleted: HKLM\Software\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}

1,Key deleted: HKLM\Software\Classes\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}

1,Key deleted: HKLM\Software\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}

1,Key deleted: HKLM\Software\Classes\Interface\{3E720451-B472-4954-B7AA-33069EB53906}

1,Key deleted: HKLM\Software\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}

1,Key deleted: HKLM\Software\Classes\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}

1,Key deleted: HKLM\Software\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}

1,Key deleted: HKLM\Software\Classes\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}

1,Key deleted: HKLM\Software\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}

1,Key deleted: HKLM\Software\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}

1,Key deleted: HKLM\Software\Classes\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}

1,Key deleted: HKLM\Software\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}

1,Key deleted: HKLM\Software\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}

1,Key deleted: HKLM\Software\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}

1,Key deleted: HKLM\Software\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}

1,Key deleted: HKLM\Software\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}

1,Key deleted: HKLM\Software\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}

1,Key deleted: HKLM\Software\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}

1,Key deleted: HKLM\Software\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}

1,Key deleted: HKLM\Software\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}

1,Key deleted: HKLM\Software\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}

1,Key deleted: HKLM\Software\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}

1,Key deleted: HKLM\Software\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}

1,Key deleted: HKLM\Software\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}

1,Key deleted: HKLM\Software\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}

1,Key deleted: HKLM\Software\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}

1,Key deleted: HKLM\Software\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}

1,Key deleted: HKLM\Software\Classes\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}

1,Key deleted: HKLM\Software\Classes\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}

1,Key deleted: HKLM\Software\Classes\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}

1,Key deleted: HKLM\Software\Classes\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}

1,Key deleted: HKLM\Software\Classes\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}

1,Key deleted: HKLM\Software\Classes\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302}

1,Key deleted: HKLM\Software\Classes\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}

1,Key deleted: HKLM\Software\Classes\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}

1,Key deleted: HKLM\Software\Classes\TypeLib\{937936AF-28CA-4973-B8AE-F250406149A2}

1,Key deleted: HKLM\Software\Classes\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}

1,Key deleted: HKLM\Software\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}

1,Key deleted: HKLM\Software\Classes\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}

1,Key deleted: HKLM\Software\Classes\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}

1,Key deleted: HKLM\Software\Classes\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}

0,Key deleted: HKLM\Software\Classes\FunWebProducts.DataControl

0,Key deleted: HKLM\Software\Classes\FunWebProducts.DataControl.1

0,Key deleted: HKLM\Software\Classes\FunWebProducts.HistoryKillerScheduler

0,Key deleted: HKLM\Software\Classes\FunWebProducts.HistoryKillerScheduler.1

0,Key deleted: HKLM\Software\Classes\FunWebProducts.HistorySwatterControlBar

0,Key deleted: HKLM\Software\Classes\FunWebProducts.HistorySwatterControlBar.1

0,Key deleted: HKLM\Software\Classes\FunWebProducts.HTMLMenu

0,Key deleted: HKLM\Software\Classes\FunWebProducts.HTMLMenu.1

0,Key deleted: HKLM\Software\Classes\FunWebProducts.HTMLMenu.2

0,Key deleted: HKLM\Software\Classes\FunWebProducts.IECookiesManager

0,Key deleted: HKLM\Software\Classes\FunWebProducts.IECookiesManager.1

0,Key deleted: HKLM\Software\Classes\FunWebProducts.KillerObjManager

0,Key deleted: HKLM\Software\Classes\FunWebProducts.KillerObjManager.1

0,Key deleted: HKLM\Software\Classes\FunWebProducts.PopSwatterBarButton

0,Key deleted: HKLM\Software\Classes\FunWebProducts.PopSwatterBarButton.1

0,Key deleted: HKLM\Software\Classes\FunWebProducts.PopSwatterSettingsControl

0,Key deleted: HKLM\Software\Classes\FunWebProducts.PopSwatterSettingsControl.1

0,Key deleted: HKLM\Software\Classes\MyWebSearch.ChatSessionPlugin

0,Key deleted: HKLM\Software\Classes\MyWebSearch.ChatSessionPlugin.1

0,Key deleted: HKLM\Software\Classes\MyWebSearch.HTMLPanel

0,Key deleted: HKLM\Software\Classes\MyWebSearch.HTMLPanel.1

0,Key deleted: HKLM\Software\Classes\MyWebSearch.MultipleButton

0,Key deleted: HKLM\Software\Classes\MyWebSearch.MultipleButton.1

0,Key deleted: HKLM\Software\Classes\MyWebSearch.OutlookAddin

0,Key deleted: HKLM\Software\Classes\MyWebSearch.OutlookAddin.1

0,Key deleted: HKLM\Software\Classes\MyWebSearch.PseudoTransparentPlugin

0,Key deleted: HKLM\Software\Classes\MyWebSearch.PseudoTransparentPlugin.1

0,Key deleted: HKLM\Software\Classes\MyWebSearch.UrlAlertButton

0,Key deleted: HKLM\Software\Classes\MyWebSearch.UrlAlertButton.1

0,Key deleted: HKLM\Software\Classes\MyWebSearchToolBar.SettingsPlugin

0,Key deleted: HKLM\Software\Classes\MyWebSearchToolBar.SettingsPlugin.1

0,Key deleted: HKLM\Software\Classes\MyWebSearchToolBar.ToolbarPlugin

0,Key deleted: HKLM\Software\Classes\MyWebSearchToolBar.ToolbarPlugin.1

0,Key deleted: HKLM\Software\Classes\ScreenSaverControl.ScreenSaverInstaller

0,Key deleted: HKLM\Software\Classes\ScreenSaverControl.ScreenSaverInstaller.1

0,Key deleted: HKLM\Software\Classes\ToolBand.EasyHideBtn

0,Key deleted: HKLM\Software\Classes\ToolBand.EasyHideBtn.1

0,Key deleted: HKLM\Software\Classes\ToolBand.SkypeIEHelper

0,Key deleted: HKLM\Software\Classes\ToolBand.SkypeIEHelper.1

0,Key deleted: HKLM\Software\Classes\Toolbar.CT2124320

0,Key deleted: HKLM\Software\FocusInteractive

0,Key deleted: HKLM\Software\Fun Web Products

0,Key deleted: HKLM\Software\FunWebProducts

0,Key deleted: HKLM\Software\MyWebSearch

0,Key deleted: HKCU\Software\Conduit

0,Key deleted: HKCU\Software\FunWebProducts

0,Key deleted: HKCU\Software\IEBarProperties

0,Key deleted: HKCU\Software\MyWebSearch

0,Key deleted: HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\SearchSettings

3,Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}

3,Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}

3,Key deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}

3,Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}

3,Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}

3,Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127}

3,Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7}

3,Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}

0,Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall

0,Key deleted: HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search

0,Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}

0,Key deleted: HKLM\Software\Classes\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3}

0,Key deleted: HKLM\Software\Classes\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239}

0,Key deleted: HKLM\Software\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}

0,Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45DD-9B68-D6A12C30E5D7}

0,Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll

0,Key deleted: HKLM\Software\Microsoft\Multimedia\WMPlayer\Schemes\f3pss

0,Key deleted: HKLM\Software\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin

0,Key deleted: HKLM\Software\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin

0,Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyWebSearch bar Uninstall

0,Key deleted: HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin

0,Value deleted: HKLM\Software\Microsoft\Windows Media\Wmsdk\Sources|F3PopularScreenSavers

0,Value deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\post platform|FunWebProducts

0,Value deleted: HKLM\Software\Mozilla\Firefox\Extensions|m3ffxtbr@mywebsearch.com

0,Value deleted: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{00A6FAF6-072E-44CF-8957-5838F569A31D}

0,Value deleted: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{07B18EA9-A523-4961-B6BB-170DE4475CCA}

0,Value deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}

0,Value deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{07B18EA9-A523-4961-B6BB-170DE4475CCA}

============== ADDITIONNAL SCAN ==============

** Mozilla Firefox Version [3.6.8 (pt-BR)] **

-- C:\Documents and Settings\Reinaldo\Dados de aplicativos\Mozilla\FireFox\Profiles\qjgrsyyx.default\Prefs.js --

browser.download.lastDir, F:

browser.startup.homepage_override.mstone, rv:1.9.2.8

========================================

** Internet Explorer Version [8.0.6001.18702] **

[HKCU\Software\Microsoft\Internet Explorer\Main]

AutoHide: yes

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Do404Search: 0x01000000

Enable Browser Extensions: yes

Local Page: C:\WINDOWS\system32\blank.htm

Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896

Show_ToolBar: yes

Start Page: hxxp://fr.msn.com/

Use Custom Search URL: 1

[HKLM\Software\Microsoft\Internet Explorer\Main]

Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896

Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Delete_Temp_Files_On_Exit: yes

Local Page: C:\WINDOWS\system32\blank.htm

Search bar: hxxp://search.msn.com/spbasic.htm

Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Start Page: hxxp://fr.msn.com/

Use Custom Search URL: 1

[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]

Tabs: res://ieframe.dll/tabswelcome.htm

Blank: res://mshtml.dll/blank.htm

========================================

C:\Arquivos de programas\Ad-Remover\Quarantine: 127 File(s)

C:\Arquivos de programas\Ad-Remover\Backup: 15 File(s)

C:\Ad-Report-CLEAN[1].txt - 31/08/2010 (514 Byte(s))

C:\Ad-Report-CLEAN[2].txt - 31/08/2010 (13863 Byte(s))

End at: 10:51:29, 31/08/2010

============== E.O.F ==============

wings · Agosto 31, 2010

1.

*Execute o AD-Remover

*Clique [uninstall]

2.

*Baixe o MalwareBytes Anti-malware e salve-o no desktop

*Instale o programa e aguarde a atualização

*O programa será aberto automaticamente

*Na aba [Verificação], selecione [Verificação completa]

*Clique [Verificar] e selecione as partições a serem examinadas (geralmente C:\ e D:\)

*Ao finalizar o scan, clique [sIM] > [OK] > [Mostrar Resultados]

*Clique [Remover Selecionados]

*Cole o relatório apresentado

Dannn · Setembro 1, 2010

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Versão da Base de Dados: 4518

Windows 5.1.2600 Service Pack 2

Internet Explorer 8.0.6001.18702

1/9/2010 00:42:27

mbam-log-2010-09-01 (00-42-27).txt

Tipo de Verificação: Verificação Completa (C:\|D:\|)

Objetos escaneados: 191409

Tempo decorrido: 53 minuto(s), 5 segundo(s)

Processos de Memória Infectados: 0

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 13

Valores de Registro Infectados: 2

Itens de Dados no Registro Infectados: 3

Pastas Infectadas: 9

Arquivos Infectados: 43

Processos de Memória Infectados:

(Não foram detectados ítens maliciosos)

Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)

Chaves de Registro Infectadas:

HKEY_CLASSES_ROOT\Interface\{8e9cf769-3d3b-40eb-9e2d-76e7a205e4d2} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{f2a58120-cc98-4aa5-837b-6491df76ab4c} (Adware.Mirar) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{f2a58120-cc98-4aa5-837b-6491df76ab4c} (Adware.Mirar) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f2a58120-cc98-4aa5-837b-6491df76ab4c} (Adware.Mirar) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{f2a58120-cc98-4aa5-837b-6491df76ab4c} (Adware.Mirar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{f2a58121-cc98-4aa5-837b-6491df76ab4c} (Adware.Mirar) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{f2a58121-cc98-4aa5-837b-6491df76ab4c} (Adware.Mirar) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f2a58121-cc98-4aa5-837b-6491df76ab4c} (Adware.Mirar) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f2a58121-cc98-4aa5-837b-6491df76ab4c} (Adware.Mirar) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\ResultDns (Adware.ResultDns) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RESULTDNS_SERVICE (Adware.ResultDns) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ResultDns Service (Adware.ResultDns) -> Quarantined and deleted successfully.

Valores de Registro Infectados:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{f2a58120-cc98-4aa5-837b-6491df76ab4c} (Adware.Mirar) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{f2a58120-cc98-4aa5-837b-6491df76ab4c} (Adware.Mirar) -> Quarantined and deleted successfully.

Itens de Dados no Registro Infectados:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Pastas Infectadas:

C:\Documents and Settings\All Users\Dados de aplicativos\ResultDns (Adware.ResultDns) -> Quarantined and deleted successfully.

C:\Arquivos de programas\Mozilla Firefox\extensions\{1A615EA8-4C56-49EE-BE83-F9A264B79997} (Adware.ResultDns) -> Delete on reboot.

C:\Arquivos de programas\Mozilla Firefox\extensions\{1A615EA8-4C56-49EE-BE83-F9A264B79997}\chrome (Adware.ResultDns) -> Delete on reboot.

C:\Arquivos de programas\Mozilla Firefox\extensions\{1A615EA8-4C56-49EE-BE83-F9A264B79997}\defaults (Adware.ResultDns) -> Quarantined and deleted successfully.

C:\Arquivos de programas\Mozilla Firefox\extensions\{1A615EA8-4C56-49EE-BE83-F9A264B79997}\defaults\preferences (Adware.ResultDns) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\1.bin\chrome (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Arquivos Infectados:

C:\Documents and Settings\All Users\Dados de aplicativos\ResultDns\resultdns115.exe (Adware.ResultDns) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DA3E4314-4011-4BAB-AE83-773506788661}\RP156\A0176822.exe (Adware.ResultDns) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DA3E4314-4011-4BAB-AE83-773506788661}\RP158\A0179867.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DA3E4314-4011-4BAB-AE83-773506788661}\RP159\A0181065.exe (Adware.ResultDns) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DA3E4314-4011-4BAB-AE83-773506788661}\RP159\A0181071.dll (Adware.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DA3E4314-4011-4BAB-AE83-773506788661}\RP161\A0185108.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DA3E4314-4011-4BAB-AE83-773506788661}\RP161\A0185126.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DA3E4314-4011-4BAB-AE83-773506788661}\RP161\A0185092.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DA3E4314-4011-4BAB-AE83-773506788661}\RP161\A0185094.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DA3E4314-4011-4BAB-AE83-773506788661}\RP161\A0185097.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DA3E4314-4011-4BAB-AE83-773506788661}\RP161\A0185101.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DA3E4314-4011-4BAB-AE83-773506788661}\RP161\A0185102.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DA3E4314-4011-4BAB-AE83-773506788661}\RP161\A0185104.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DA3E4314-4011-4BAB-AE83-773506788661}\RP161\A0185105.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DA3E4314-4011-4BAB-AE83-773506788661}\RP161\A0185109.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DA3E4314-4011-4BAB-AE83-773506788661}\RP161\A0185110.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DA3E4314-4011-4BAB-AE83-773506788661}\RP161\A0185111.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DA3E4314-4011-4BAB-AE83-773506788661}\RP161\A0185112.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DA3E4314-4011-4BAB-AE83-773506788661}\RP161\A0185113.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DA3E4314-4011-4BAB-AE83-773506788661}\RP161\A0185114.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DA3E4314-4011-4BAB-AE83-773506788661}\RP161\A0185115.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DA3E4314-4011-4BAB-AE83-773506788661}\RP161\A0185116.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DA3E4314-4011-4BAB-AE83-773506788661}\RP161\A0185117.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DA3E4314-4011-4BAB-AE83-773506788661}\RP161\A0185118.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DA3E4314-4011-4BAB-AE83-773506788661}\RP161\A0185119.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DA3E4314-4011-4BAB-AE83-773506788661}\RP161\A0185120.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DA3E4314-4011-4BAB-AE83-773506788661}\RP161\A0185121.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DA3E4314-4011-4BAB-AE83-773506788661}\RP161\A0185122.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DA3E4314-4011-4BAB-AE83-773506788661}\RP161\A0185123.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DA3E4314-4011-4BAB-AE83-773506788661}\RP161\A0185124.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DA3E4314-4011-4BAB-AE83-773506788661}\RP161\A0185125.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DA3E4314-4011-4BAB-AE83-773506788661}\RP161\A0185127.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DA3E4314-4011-4BAB-AE83-773506788661}\RP161\A0185128.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DA3E4314-4011-4BAB-AE83-773506788661}\RP161\A0185129.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DA3E4314-4011-4BAB-AE83-773506788661}\RP161\A0185130.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DA3E4314-4011-4BAB-AE83-773506788661}\RP161\A0185137.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\1978.dll (Adware.Mirar) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\RES92.tmp\upgrade.exe (Adware.Dropper.Gen) -> Quarantined and deleted successfully.

C:\Arquivos de programas\Mozilla Firefox\extensions\{1A615EA8-4C56-49EE-BE83-F9A264B79997}\chrome.manifest (Adware.ResultDns) -> Quarantined and deleted successfully.

C:\Arquivos de programas\Mozilla Firefox\extensions\{1A615EA8-4C56-49EE-BE83-F9A264B79997}\install.rdf (Adware.ResultDns) -> Quarantined and deleted successfully.

C:\Arquivos de programas\Mozilla Firefox\extensions\{1A615EA8-4C56-49EE-BE83-F9A264B79997}\chrome\resultdns.jar (Adware.ResultDns) -> Delete on reboot.

C:\Arquivos de programas\Mozilla Firefox\extensions\{1A615EA8-4C56-49EE-BE83-F9A264B79997}\defaults\preferences\prefs.js (Adware.ResultDns) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\1.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

wings · Setembro 1, 2010

1.

*Reinicie o PC

2.

*Novo log do hijack

Dannn · Setembro 1, 2010

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 11:15:56, on 1/9/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Reinaldo\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

C:\Arquivos de programas\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe

C:\hijackthis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =