[Resolvido] &nbspmaquina infectada

[Edvan 30]

Computador de uma amiga muito infectado, log para analise.

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 17:20:11, on 10/02/2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\userinit.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Arquivos de programas\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Documents and Settings\All Users\SgbaGwT6DyXK1i\Nc4a0GKpIAqK.exe

C:\Arquivos de programas\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch

O1 - Hosts: 64.31.58.161 www.bb.com.br

O1 - Hosts: 64.31.58.161 bb.com.br

O1 - Hosts: 64.31.58.161 www.bancodobrasil.com.br

O1 - Hosts: 64.31.58.161 www.bradesco.com.br

O1 - Hosts: 64.31.58.161 bradesco.com.br

O1 - Hosts: 64.31.58.161 www.itau.com.br

O1 - Hosts: 64.31.58.161 itau.com.br

O1 - Hosts: 64.31.58.161 www.santander.com.br

O1 - Hosts: 64.31.58.161 santander.com.br

O1 - Hosts: 64.31.58.161 www.santandernet.com.br

O1 - Hosts: 64.31.58.161 www.real.com.br

O1 - Hosts: 64.31.58.161 real.com.br

O1 - Hosts: 64.31.58.161 www.itaupersonnalite.com.br

O1 - Hosts: 64.31.58.161 itaupersonnalite.com.br

O1 - Hosts: 64.31.58.161 www.hsbc.com.br

O1 - Hosts: 64.31.58.161 www.hsbc.com.br

O1 - Hosts: 64.31.58.161 www.cetelem.com.br

O1 - Hosts: 64.31.58.161 cetelem.com.br

O1 - Hosts: 64.31.58.161 caixaeconomica.com.br

O1 - Hosts: 64.31.58.161 www.caixaeconomicafederal.gov.br

O1 - Hosts: 64.31.58.161 caixaeconomicafederal.gov.br

O1 - Hosts: 64.31.58.161 www.citibank.com.br

O1 - Hosts: 64.31.58.161 citibank.com.br

O1 - Hosts: 64.31.58.161 www.sicredi.com.br

O1 - Hosts: 64.31.58.161 sicredi.com.br

O1 - Hosts: 64.31.58.161 www.serasaexperian.com.br

O1 - Hosts: 64.31.58.161 serasaexperian.com.br

O1 - Hosts: 64.31.58.161 www.serasa.com.br

O1 - Hosts: 64.31.58.161 www.hotmail.com

O1 - Hosts: 64.31.58.161 hotmail.com

O1 - Hosts: 64.31.58.161 www.americanexpress.com

O1 - Hosts: 64.31.58.161 www.americanexpress.com.br

O1 - Hosts: 64.31.58.161 americanexpress.com.br

O1 - Hosts: 64.31.58.161 www.caixapenedes.com

O1 - Hosts: 64.31.58.161 caixapenedes.com

O1 - Hosts: 64.31.58.161 www.caixapenedes.es

O1 - Hosts: 64.31.58.161 caixapenedes.es

O1 - Hosts: 64.31.58.161 www.pagseguro.com.br

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [HDAudDeck] C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe 1

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [avast5] C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /nogui

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [ASUS Update Checker] C:\Arquivos de programas\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [YSw0eINSb325QnQ] C:\Documents and Settings\All Users\SgbaGwT6DyXK1i\Nc4a0GKpIAqK.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: McAfee Security Scan Plus.lnk = ?

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Arquivos de programas\McAfee Security Scan\2.0.181\McCHSvc.exe

 

--

End of file - 8722 bytes

 

-------------------------------\\--------------------------------------------

 

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

 

Versão da Base de Dados: 912021007

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

10/02/2012 17:06:34

mbam-log-2012-02-10 (17-06-34).txt

 

Tipo de Verificação: Verificação Completa (C:\|)

Objetos escaneados: 268341

Tempo decorrido: 40 minuto(s), 55 segundo(s)

 

Processos de Memória Infectados: 0

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 132

Valores de Registro Infectados: 9

Itens de Dados no Registro Infectados: 0

Pastas Infectadas: 26

Arquivos Infectados: 50

 

Processos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Chaves de Registro Infectadas:

HKEY_CLASSES_ROOT\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MyWebSearchToolBar.SettingsPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MyWebSearchToolBar.SettingsPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{1093995A-BA37-41D2-836E-091067C4AD17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\FunWebProducts.IECookiesManager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\FunWebProducts.IECookiesManager (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\FunWebProducts.DataControl.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\FunWebProducts.DataControl (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{3E720451-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{49E0E0F0-5C30-11D4-945D-000000000000} (Spyware.Banker) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{49E0E0F0-5C30-11D4-945D-000000000000} (Spyware.Banker) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{49E0E0F0-5C30-11D4-945D-000000000000} (Spyware.Banker) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterSettingsControl.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterSettingsControl (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{7473D290-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterBarButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterBarButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{A9571378-68A1-443d-B082-284F960C6D17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MyWebSearch.OutlookAddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{B813095C-81C0-4E40-AA14-67520372B987} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\FunWebProducts.KillerObjManager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\FunWebProducts.KillerObjManager (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\FunWebProducts.HistoryKillerScheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\FunWebProducts.HistoryKillerScheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\FunWebProducts.HistorySwatterControlBar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\FunWebProducts.HistorySwatterControlBar (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{E79DFBC0-5697-4fbd-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MyWebSearch.ChatSessionPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MyWebSearch.ChatSessionPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{F42228FB-E84E-479E-B922-FBBD096E792C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MyWebSearch.MultipleButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MyWebSearch.MultipleButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MyWebSearch.SkinLauncher (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MyWebSearch.SkinLauncher.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MyWebSearch.SkinLauncherSettings (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MyWebSearch.SkinLauncherSettings.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MyWebSearch.ThirdPartyInstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MyWebSearch.ThirdPartyInstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MyWebSearch.UrlAlertButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MyWebSearch.UrlAlertButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.

 

Valores de Registro Infectados:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Value: {00A6FAF6-072E-44CF-8957-5838F569A31D} -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Value: {00A6FAF6-072E-44cf-8957-5838F569A31D} -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Value: (default) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\explorer.exe (Trojan.Agent) -> Value: explorer.exe -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Email Plugin (Adware.MyWebSearch) -> Value: MyWebSearch Email Plugin -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Value: f3PopularScreensavers -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Value: FunWebProducts -> Quarantined and deleted successfully.

 

Itens de Dados no Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Pastas Infectadas:

c:\arquivos de programas\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\arquivos de programas\funwebproducts\Installr (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\arquivos de programas\funwebproducts\Installr\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\arquivos de programas\funwebproducts\Installr\1.bin\chrome (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\arquivos de programas\funwebproducts\screensaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\arquivos de programas\funwebproducts\screensaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\arquivos de programas\funwebproducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\arquivos de programas\funwebproducts\Shared\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\arquivos de programas\mywebsearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\arquivos de programas\mywebsearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\arquivos de programas\mywebsearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\arquivos de programas\mywebsearch\bar\1.bin\chrome (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\arquivos de programas\mywebsearch\bar\1.bin\thirdpartyinstallers (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\arquivos de programas\mywebsearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\arquivos de programas\mywebsearch\bar\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\arquivos de programas\mywebsearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\arquivos de programas\mywebsearch\bar\gen1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\arquivos de programas\mywebsearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\arquivos de programas\mywebsearch\bar\icons (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\arquivos de programas\mywebsearch\bar\IE9Mesg (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\arquivos de programas\mywebsearch\bar\jsifb (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\arquivos de programas\mywebsearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\arquivos de programas\mywebsearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\arquivos de programas\mywebsearch\bar\Overlay (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\arquivos de programas\mywebsearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\arquivos de programas\mywebsearch\bar\wbnotify (Adware.MyWebSearch) -> Quarantined and deleted successfully.

 

Arquivos Infectados:

c:\documents and settings\all users\3NB90At5.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\documents and settings\all users\FAvAyfuW.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\documents and settings\f003407\dados de aplicativos\Sun\Java\deployment\cache\6.0\47\3458a36f-4c0a3e25 (Trojan.Agent) -> Quarantined and deleted successfully.

c:\documents and settings\f003407\dados de aplicativos\Sun\Java\deployment\cache\6.0\47\3458a36f-6ebc2d30 (Trojan.Agent) -> Quarantined and deleted successfully.

c:\arquivos de programas\funwebproducts\Shared\Cache\cursormaniabtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\arquivos de programas\funwebproducts\Shared\Cache\smileycentralbtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\arquivos de programas\mywebsearch\bar\1.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\arquivos de programas\mywebsearch\bar\1.bin\chrome.manifest (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\arquivos de programas\mywebsearch\bar\1.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\arquivos de programas\mywebsearch\bar\1.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\arquivos de programas\mywebsearch\bar\1.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\arquivos de programas\mywebsearch\bar\1.bin\INSTALL.RDF (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\arquivos de programas\mywebsearch\bar\1.bin\chrome\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\arquivos de programas\mywebsearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\arquivos de programas\mywebsearch\bar\Cache\00C49F05 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\arquivos de programas\mywebsearch\bar\Cache\00C4A781 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\arquivos de programas\mywebsearch\bar\Cache\00C4A994.bmp (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\arquivos de programas\mywebsearch\bar\Cache\00C4AA5F.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\arquivos de programas\mywebsearch\bar\Cache\00C4AAFC.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\arquivos de programas\mywebsearch\bar\Cache\00C4AC34.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\arquivos de programas\mywebsearch\bar\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\arquivos de programas\mywebsearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\arquivos de programas\mywebsearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\arquivos de programas\mywebsearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\arquivos de programas\mywebsearch\bar\gen1\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\arquivos de programas\mywebsearch\bar\History\search3 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\arquivos de programas\mywebsearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\arquivos de programas\mywebsearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\arquivos de programas\mywebsearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\arquivos de programas\mywebsearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\arquivos de programas\mywebsearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\arquivos de programas\mywebsearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\arquivos de programas\mywebsearch\bar\IE9Mesg\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\arquivos de programas\mywebsearch\bar\jsifb\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\arquivos de programas\mywebsearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\arquivos de programas\mywebsearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\arquivos de programas\mywebsearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\arquivos de programas\mywebsearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\arquivos de programas\mywebsearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\arquivos de programas\mywebsearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\arquivos de programas\mywebsearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\arquivos de programas\mywebsearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\arquivos de programas\mywebsearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\arquivos de programas\mywebsearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\arquivos de programas\mywebsearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\arquivos de programas\mywebsearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\arquivos de programas\mywebsearch\bar\Overlay\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\arquivos de programas\mywebsearch\bar\Settings\prevcfg2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\arquivos de programas\mywebsearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\arquivos de programas\mywebsearch\bar\wbnotify\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

 

 

 

-------------------------------------------\\-------------------------------------------------

 

BankerFix 3.1 VALKYRIE - Removedor de Bankers

Linha Defensiva | http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

-------------------------------------------------------

Data: 2012-02-10 - 16:18

-------------------------------------------------------

Lista de Definição: 2012-01-27-1 | CORE: 2012-01-27-1

=======================================================

 

Arquivo infectado detectado: C:\DOCUME~1\f003407\CONFIG~1\Temp\6.tmp

Arquivo infectado removido com sucesso!

 

IP malicioso encontrado no hosts: caixa.com.br

 

IP malicioso encontrado no hosts: caixa.gov.br

 

IP malicioso encontrado no hosts: www.caixaeconomica.com.br

 

IP malicioso encontrado no hosts: www.cef.com.br

 

 

 

----- Fim -------------------------

[DigRam 144]

Boa Noite! Edvan

 

|- Repita o scan com o Malwarebytes,em seu escaneamento rápido!

|- Poste o relatório!

 

///°°°///

 

|- Baixe: < AdwCleaner > ( ... par Xplode )

 

|- Clique em Télécharger! < >

 

|- Salve-o no desktop!

 

|- Dê início ao scan,clicando em "Recherche" < >

 

|- Ao concluir,poste o relatório: C:\AdwCleaner[R].txt

 

///°°°///

 

|- Baixe: < GabKiller > ( ... par 2011N2 )

|- Salve-o no desktop!

|- Feche pastas que estejam abertas e execute a ferramenta.

|- Para Windows Vista ou 7,clique direito e execute como administrador.

 

 

|- Escolha a opção 1. Rechercher -> Aperte Enter!

|- Aguarde a conclusão e poste o relatório: Rapport de recherche de GabKiller

|- Para sair,aperte a opção "4. Quitter" -> Enter!

 

Abraços!

[Edvan 30]

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

 

Versão da Base de Dados: v2012.02.12.01

 

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

f003407 :: FUN0085 [administrador]

 

11/02/2012 22:34:28

mbam-log-2012-02-11 (22-34-28).txt

 

Tipo de Verificação: Verificação Rápida

Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM

Opções de verificação desativadas: P2P

Objetos escaneados: 226152

Tempo decorrido: 4 minuto(s), 11 segundo(s)

 

Processos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

 

Módulos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

 

Chaves de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

 

Valores de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

 

Itens de Dados no Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

 

Pastas Detectadas: 0

(Não foram detectados ítens maliciosos)

 

Arquivos Detectados: 0

(Não foram detectados ítens maliciosos)

 

(fim)

 

----------------------------------\\\---------------------------------

 

# AdwCleaner v1.408 - Logfile created 02/11/2012 at 22:41:39

# Updated 29/01/2012 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : f003407 - FUN0085 (Administrator)

# Running from : C:\Documents and Settings\f003407\Desktop\adwcleaner.exe

# Option [search]

 

 

***** [services] *****

 

 

***** [Files / Folders] *****

 

Folder Found : C:\Documents and Settings\f003407\Dados de aplicativos\Mozilla\Firefox\Profiles\4ttxy0nj.default\extensions\m3ffxtbr@mywebsearch.com

 

***** [Registry] *****

 

Key Found : HKLM\SOFTWARE\Classes\CLSID\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{799391D3-EB86-4bac-9BD3-CBFEA58A0E15}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{819FFE22-35C7-4925-8CDA-4E0E2DB94302}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{D858DAFC-9573-4811-B323-7011A3AA7E61}

Key Found : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4

Key Found : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212

Key Found : HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}

Key Found : HKLM\SOFTWARE\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}

Key Found : HKLM\SOFTWARE\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}

Key Found : HKLM\SOFTWARE\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}

Key Found : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}

Key Found : HKLM\SOFTWARE\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}

Key Found : HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}

Key Found : HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}

Key Found : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}

Key Found : HKLM\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}

Key Found : HKLM\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}

Key Found : HKLM\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}

Key Found : HKLM\SOFTWARE\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}

Key Found : HKLM\SOFTWARE\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}

Key Found : HKLM\SOFTWARE\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}

Key Found : HKLM\SOFTWARE\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}

Key Found : HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}

Key Found : HKLM\SOFTWARE\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}

Key Found : HKLM\SOFTWARE\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}

Key Found : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}

Key Found : HKLM\SOFTWARE\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}

Key Found : HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}

Key Found : HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}

Key Found : HKLM\SOFTWARE\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{8FFDF636-0D87-4B33-B9E9-79A53F6E1DAE}

Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8856F961-340A-11D0-A96B-00C04FD705A2}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}

Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe

Key Found : HKLM\SOFTWARE\MozillaPlugins\@mywebsearch.com/Plugin

Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform [FunWebProducts]

Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [m3ffxtbr@mywebsearch.com]

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v8.0.6001.18702

 

[OK] Registry is clean.

 

-\\ Mozilla Firefox v8.0 (pt-BR)

 

Profile : 4ttxy0nj.default

File : C:\Documents and Settings\f003407\Dados de aplicativos\Mozilla\Firefox\Profiles\4ttxy0nj.default\prefs.js

 

[OK] File is clean.

 

*************************

 

AdwCleaner[R1].txt - [4289 octets] - [11/02/2012 22:41:39]

 

########## EOF - C:\AdwCleaner[R1].txt - [4417 octets] ##########

 

 

---------------------------------------\\\------------------------------------------------

 

====================================== Informations ======================================

 

Rapport de recherche de GabKiller

 

Outil développé par 2011N2

Contact : lot12@hotmail.fr

Site : http://2011n2.forumgratuit.fr/

Mis à jour le : 04/08/2011 à 13h | 1.45 par 2011N2

 

Début du scan de recherche : 22:42:54

Nom du PC : FUN0085

 

Système d'exploitation : VERSION 3.0

Système d'exploitation : Microsoft Windows XP

Internet Explorer : VERSION 3.0

Internet Explorer : 8.0.6001.18702

Mozilla Firefox : VERSION 3.0

Mozilla Firefox : 8.0 (pt-BR)

Mozilla Firefox : version 5

Mozilla Firefox : version 6

 

############################# Éléments infectieux #############################

 

============================ Section HKLM ============================

 

Présent : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\NetworkCrawler\Objects\WorkgroupCrawler

Présent : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\NetworkCrawler\Objects\WorkgroupCrawler

Présent : HKLM\Software\Classes\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302}

Présent : HKLM\Software\Classes\CLSID\{72B3882F-453A-4633-AAC9-8C3DCED62AFF}

Présent : HKLM\Software\Classes\CLSID\{72B3882F-453A-4633-AAC9-8C3DCED62AFF}

Présent : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\NetworkCrawler\Objects\WorkgroupCrawler

Présent : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\NetworkCrawler\Objects\WorkgroupCrawler

Présent : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\NetworkCrawler\Objects\WorkgroupCrawler

Présent : HKLM\Software\Classes\CLSID\{72B3882F-453A-4633-AAC9-8C3DCED62AFF}

Présent : HKLM\Software\Classes\CLSID\{72B3882F-453A-4633-AAC9-8C3DCED62AFF}

Présent : HKLM\Software\Classes\CLSID\{72B3882F-453A-4633-AAC9-8C3DCED62AFF}

Présent : HKLM\Software\Classes\CLSID\{72B3882F-453A-4633-AAC9-8C3DCED62AFF}

Présent : HKLM\Software\Classes\CLSID\{72B3882F-453A-4633-AAC9-8C3DCED62AFF}

Présent : HKLM\Software\Classes\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302}

Présent : HKLM\Software\Classes\CLSID\{9461b922-3c5a-11d2-bf8b-00c04fb93661}

Présent : HKLM\Software\Classes\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff}

Présent : HKLM\Software\Classes\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc}

Présent : HKLM\Software\Classes\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978}

Présent : HKLM\Software\Classes\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8}

Présent : HKLM\Software\Classes\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612}

Présent : HKLM\Software\Classes\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612}

Présent : HKLM\Software\Classes\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f}

Présent : HKLM\Software\Classes\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477}

Présent : HKLM\Software\Classes\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1}

Présent : HKLM\Software\Classes\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d}

Présent : HKLM\Software\Classes\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc}

Présent : HKLM\Software\Classes\Interface\{991aac62-b100-47ce-8b75-253965244f69}

Présent : HKLM\Software\Classes\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8}

Présent : HKLM\Software\Classes\Interface\{8e9cf769-3d3b-40eb-9e2d-76e7a205e4d2}

Présent : HKLM\Software\Classes\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9}

Présent : HKLM\Software\Classes\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9}

Présent : HKLM\Software\Classes\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9}

Présent : HKLM\Software\Classes\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c}

Présent : HKLM\Software\Classes\Interface\{3e720453-b472-4954-b7aa-33069eb53906}

Présent : HKLM\Software\Classes\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82}

Présent : HKLM\Software\Classes\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a}

Présent : HKLM\Software\Classes\Interface\{1f52a5fa-a705-4415-b975-88503b291728}

Présent : HKLM\Software\Classes\Interface\{120927bf-1700-43bc-810f-fab92549b390}

Présent : HKLM\Software\Classes\Interface\{07b18eac-a523-4961-b6bb-170de4475cca}

 

============================ Section HKCU ============================

 

 

============================ Section HKCR ============================

 

 

========================== Dossiers/Fichiers ==========================

 

 

 

================================================================================================

 

Fin du scan de recherche : 22:44:08

 

Copyright © 2011. Tous droits réservés.

############### EOF ###############

 

 

P.S: Valeu Digram pela força!

[DigRam 144]

Bom Dia! Edvan

 

|- Baixe: < RstHosts > ( ... de Xplode )

|- Salve-o no desktop!

 

 

|- Abra-o e clique em "Créer un rapport".

|- Copie e poste o relatório: RstHosts v2.0 - Rapport créé le dd/mm/2012 à hs:min:seg

 

///°°°///

 

|- Lance,novamente,AdwCleaner e GabKiller na opção "Suppression" ou "Delete".

|- Poste seus relatórios! ( Delete os anteriores! )

 

///°°°///

 

|- Baixe: < AD-Remover > ( ... de C-XX )

 

|- Ou... < Aqui! > <- Link!

 

|- Salve-o em C:\ ( Disco local )

|- Duplo clique em AD-R.exe

|- Para Windows Vista ou 7,execute-o como administrador!

 

 

|- Aperte a opção "Clean".

|- Ao concluir,aceite/confirme o reboot,para que Adwares sejam removidos.

|- Ou seja,o computador irá reiniciar!

|- Poste o relatório: C:\Ad-Report-CLEAN[1].txt

 

///°°°///

 

|- Baixe: < > < > ( ...par Nicolas Coolman )

 

|- Estando na página,clique em: < >

|- Salve-o em Arquivos de programas.

 

 

|- Ps: Descompacte-o em Arquivos de programas.

|- Abra a ferramenta ZHPDiag e habilite todas as opções de diagnóstico,clicando em ( Ícone da chave de fenda )

 

 

|- Clique em All.

|- Dê início ao diagnóstico ( Diag ),clicando no ícone da lupa.

 

 

|- Ao concluir,clique em "Save Report",para dispormos do relatório.

|- Salve-o em um local conveniente!

|- Poste-o,na sua resposta: ZHPDiag.txt

|- Ps: Caso tenha problemas ao postar esse relatório,acesse < >

|- Maiores informações: |Aqui!| ou |pjjoint.malekal.com|

 

Abraços!

[Edvan 30]

1º RstHosts

 

-|x| RstHosts v2.0 - Rapport créé le 12/02/2012 à 00:07:57

-|x| Système d'exploitation : Microsoft Windows XP Service Pack 3 (32 bits)

-|x| Nom d'utilisateur : f003407 - FUN0085 (Administrateur)

 

-|x|- Informations -|x|-

 

Emplacement : C:\WINDOWS\System32\drivers\etc\hosts

Attribut(s) : A

Propriétaire : f003407 - FUNPEC.BR

Taille : 1270 bytes

Date de création : 02/03/2006 - 10:00:00

Date de modification : 10/02/2012 - 16:19:03

Date de dernier accès : 11/02/2012 - 22:37:07

 

-|x|- Contenu du fichier -|x|-

 

 

64.31.58.161 www.bb.com.br

64.31.58.161 bb.com.br

64.31.58.161 www.bancodobrasil.com.br

64.31.58.161 www.bradesco.com.br

64.31.58.161 bradesco.com.br

64.31.58.161 www.itau.com.br

64.31.58.161 itau.com.br

64.31.58.161 www.santander.com.br

64.31.58.161 santander.com.br

64.31.58.161 www.santandernet.com.br

64.31.58.161 www.real.com.br

64.31.58.161 real.com.br

64.31.58.161 www.itaupersonnalite.com.br

64.31.58.161 itaupersonnalite.com.br

64.31.58.161 www.hsbc.com.br

64.31.58.161 www.hsbc.com.br

64.31.58.161 www.cetelem.com.br

64.31.58.161 cetelem.com.br

64.31.58.161 caixaeconomica.com.br

64.31.58.161 www.caixaeconomicafederal.gov.br

64.31.58.161 caixaeconomicafederal.gov.br

64.31.58.161 www.citibank.com.br

64.31.58.161 citibank.com.br

64.31.58.161 www.sicredi.com.br

 

--> 14 ligne(s) supplémentaire(s)

 

-|x|- E.O.F - C:\RstHosts.txt - 1361 bytes -|x|-

 

2º AdwCleaner

 

# AdwCleaner v1.408 - Logfile created 02/12/2012 at 00:08:41

# Updated 29/01/2012 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : f003407 - FUN0085 (Administrator)

# Running from : C:\Documents and Settings\f003407\Desktop\adwcleaner.exe

# Option [Delete]

 

 

***** [services] *****

 

 

***** [Files / Folders] *****

 

Folder Deleted : C:\Documents and Settings\f003407\Dados de aplicativos\Mozilla\Firefox\Profiles\4ttxy0nj.default\extensions\m3ffxtbr@mywebsearch.com

 

***** [Registry] *****

 

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{799391D3-EB86-4bac-9BD3-CBFEA58A0E15}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{819FFE22-35C7-4925-8CDA-4E0E2DB94302}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D858DAFC-9573-4811-B323-7011A3AA7E61}

Key Deleted : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4

Key Deleted : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8FFDF636-0D87-4B33-B9E9-79A53F6E1DAE}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8856F961-340A-11D0-A96B-00C04FD705A2}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@mywebsearch.com/Plugin

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform [FunWebProducts]

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [m3ffxtbr@mywebsearch.com]

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v8.0.6001.18702

 

[OK] Registry is clean.

 

-\\ Mozilla Firefox v8.0 (pt-BR)

 

Profile : 4ttxy0nj.default

File : C:\Documents and Settings\f003407\Dados de aplicativos\Mozilla\Firefox\Profiles\4ttxy0nj.default\prefs.js

 

[OK] File is clean.

 

*************************

 

AdwCleaner[R1].txt - [4418 octets] - [11/02/2012 22:41:39]

AdwCleaner[s1].txt - [4429 octets] - [12/02/2012 00:08:41]

 

*************************

 

Temporary folder : : 15 folder(s) and 260 file(s) deleted

 

########## EOF - C:\AdwCleaner[s1].txt - [4648 octets] ##########

 

 

 

3º GabKiller

 

=========== Informations ===========

 

Mis à jour le : 07/08/2011 à 16h12 | 1.45 par 2011N2

Rapport de suppression de GabKiller par 2011N2

Contact : lot12@hotmail.fr

Site : http://2011n2.forumgratuit.fr/

Début du nettoyage : 11:04:41

###################################### Clés supprimées ####################################

 

============================ Section HKLM ============================

 

supprimé !! HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\NetworkCrawler\Objects\WorkgroupCrawler

supprimé !! HKLM\Software\Classes\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302}

supprimé !! HKLM\Software\Classes\CLSID\{72B3882F-453A-4633-AAC9-8C3DCED62AFF}

supprimé !! HKLM\Software\Classes\CLSID\{9461b922-3c5a-11d2-bf8b-00c04fb93661}

 

============================ Section HKCU ============================

 

 

============================ Section HKCR ============================

 

 

========================== Dossiers/Fichiers ========================

 

 

===================================

 

Fin du nettoyage : 11:05:25

 

Copyright © 2011. Tous droits réservés.

======== EOF ========

 

 

4º AD-Remover

 

======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 =======

 

Updated by TeamXscript on 12/04/11

Contact: AdRemover[DOT]contact[AT]gmail[DOT]com

website: http://www.teamxscript.org

 

C:\Arquivos de programas\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 11:08:13 on 13/02/2012, Normal boot

 

Microsoft Windows XP Professional Service Pack 3 (X86)

f003407@FUN0085 ( )

 

============== ACTION(S) ==============

 

 

 

(!) -- Temporary files deleted.

 

 

Key deleted: HKLM\Software\Classes\CLSID\{03A37CA0-AC78-48C3-B061-E82D3644CCBE}

Key deleted: HKLM\Software\Classes\CLSID\{7A5C22FE-972C-4B1E-8521-E045F74E5F2E}

Key deleted: HKLM\Software\Classes\TypeLib\{65F1815B-26A0-4AA8-A973-1598F6D646F6}

 

 

============== ADDITIONNAL SCAN ==============

 

**** Mozilla Firefox Version [8.0 (pt-BR)] ****

 

Searchplugins\buscape.xml (hxxp://busca.buscape.com.br/cprocura)

Searchplugins\mercadolivre.xml (hxxp://pmstrk.mercadolivre.com.br/jm/PmsTrk)

Searchplugins\twitter.xml (hxxps://twitter.com/search/{searchTerms})

Searchplugins\wikipedia-br.xml (hxxp://pt.wikipedia.org/wiki/Especial:Busca)

Searchplugins\yahoo-br.xml (hxxp://br.search.yahoo.com/search)

Components\browsercomps.dll (Mozilla Foundation)

 

-- C:\Documents and Settings\f003407\Dados de aplicativos\Mozilla\FireFox\Profiles\4ttxy0nj.default --

Prefs.js - browser.startup.homepage_override.buildID, 20111104165243

Prefs.js - browser.startup.homepage_override.mstone, rv:8.0

 

========================================

 

**** Internet Explorer Version [8.0.6001.18702] ****

 

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896

HKCU_Main|Start Page - hxxp://fr.msn.com/

HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896

HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm

HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM_Main|Start Page - hxxp://fr.msn.com/

HKLM_Toolbar|{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} (C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll)

HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?)

BHO\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - "Facilitador de Leitor de Link Adobe PDF" (C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll)

BHO\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - "avast! WebRep" (C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll)

 

========================================

 

C:\Arquivos de programas\Ad-Remover\Quarantine: 0 File(s)

C:\Arquivos de programas\Ad-Remover\Backup: 13 File(s)

 

C:\Ad-Report-CLEAN[1].txt - 13/02/2012 11:08:21 (469 Byte(s))

 

End at: 11:08:47, 13/02/2012

 

============== E.O.F ==============

 

5º ZHPDiag

 

Link http://mydoc.tk/3/333ZHPDiag.txt

 

P.S: Ha!! Parabens pelos tutorias, tem me ajudado bastante! :thumbsup:

[DigRam 144]

Boa Tarde! Edvan

 

P.S: Ha!! Parabens pelos tutorias, tem me ajudado bastante!

|- Fico feliz com essa notícia!

 

///°°°///

---------

HKCU\Software\cbc544d3c40442b0b7ae02ce6c10e3c9

---------

|- Sabe à qual programa,está vinculada esta sub-chave?

 

///°°°///

 

|- Abra,novamente,RsHosts v2.0 e clique em "Restaurer".

|- Concluindo,clique em "Créer un rapport". <- Poste-o!

 

///°°°///

 

|- Feche programas/pastas que estejam abertas.

 

 

|- Dê um duplo clique em ZHPFix.

 

|- Clique no menu,H < >

 

O1 - Hosts: 64.31.58.161 www.bb.com.br

O1 - Hosts: 64.31.58.161 bb.com.br

O1 - Hosts: 64.31.58.161 www.bancodobrasil.com.br

O1 - Hosts: 64.31.58.161 www.bradesco.com.br

O1 - Hosts: 64.31.58.161 bradesco.com.br

O1 - Hosts: 64.31.58.161 www.itau.com.br

O1 - Hosts: 64.31.58.161 itau.com.br

O1 - Hosts: 64.31.58.161 www.santander.com.br

O1 - Hosts: 64.31.58.161 santander.com.br

O1 - Hosts: 64.31.58.161 www.santandernet.com.br

O1 - Hosts: 64.31.58.161 www.real.com.br

O1 - Hosts: 64.31.58.161 real.com.br

O1 - Hosts: 64.31.58.161 www.itaupersonnalite.com.br

O1 - Hosts: 64.31.58.161 itaupersonnalite.com.br

O1 - Hosts: 64.31.58.161 www.hsbc.com.br

O1 - Hosts: 64.31.58.161 www.hsbc.com.br

O1 - Hosts: 64.31.58.161 www.cetelem.com.br

O1 - Hosts: 64.31.58.161 cetelem.com.br

O1 - Hosts: 64.31.58.161 caixaeconomica.com.br

O1 - Hosts: 64.31.58.161 www.caixaeconomicafederal.gov.br

O1 - Hosts: 64.31.58.161 caixaeconomicafederal.gov.br

O1 - Hosts: 64.31.58.161 www.citibank.com.br

O1 - Hosts: 64.31.58.161 citibank.com.br

O1 - Hosts: 64.31.58.161 www.sicredi.com.br

O1 - Hosts: 64.31.58.161 sicredi.com.br

O1 - Hosts: 64.31.58.161 www.serasaexperian.com.br

O1 - Hosts: 64.31.58.161 serasaexperian.com.br

O1 - Hosts: 64.31.58.161 www.serasa.com.br

O1 - Hosts: 64.31.58.161 www.hotmail.com

O1 - Hosts: 64.31.58.161 hotmail.com

O1 - Hosts: 64.31.58.161 www.americanexpress.com

O1 - Hosts: 64.31.58.161 www.americanexpress.com.br

O1 - Hosts: 64.31.58.161 americanexpress.com.br

O1 - Hosts: 64.31.58.161 www.caixapenedes.com

O1 - Hosts: 64.31.58.161 caixapenedes.com

O1 - Hosts: 64.31.58.161 www.caixapenedes.es

O1 - Hosts: 64.31.58.161 caixapenedes.es

O1 - Hosts: 64.31.58.161 www.pagseguro.com.br

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} . (...) -- (.not file.)

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-21-2586132527-314635491-3328972525-21374\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-21-2586132527-314635491-3328972525-21374\..\Run: [YSw0eINSb325QnQ] C:\Documents and Settings\All Users\SgbaGwT6DyXK1i\Nc4a0GKpIAqK.exe (.not file.)

O51 - MPSK:{d8db27a7-2a28-11e1-b78a-00248ccf6016}\AutoRun\command. (...) -- D:\urDrive.exe (.not file.)

 

[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: Modified

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]:Shell

[HKLM\Software\Classes\Interface\{01947140-417F-46B6-8751-A3A2B8345E1A}]

 

emptytemp

emptyflash

firewallraz

sysrestore

|- Copie e cole estas informações,que estão em vermelho,para o campo "amarelo claro" de ZHPFix.

|- Ps: Procure deixar o campo limpo,antes de colar as informações que estão na Quote.

|- Clique em GO -> Oui.

|- Ao concluir,e caso tenha desaparecido todos os ícones de seu desktop,faça o seguinte:

|- Abra o Gerenciador de tarefas. ( ctrl+alt+del )

|- Clique na aba "Aplicativos".

|- Clique em "Nova tarefa..."

|- Digite na caixa: explorer.exe

|- Clique em OK.

|- Poste o relatório: C:\ZHP\ZHPFix[R1].txt

|- Ps: Também,serão gerados os seguintes relatórios,que não serão postados!

 

|- ZHPExportRegistry-dia-mes-2012-hs-min-seg;

|- ZHPADSReport;

|- ZHPFixQuarantine;

 

Abraços!

[Edvan 30]

HKCU\Software\cbc544d3c40442b0b7ae02ce6c10e3c9

---------

|- Sabe à qual programa,está vinculada esta sub-chave?

 

Desconheço essa sub chave amigo!

 

------------------\\\-----------------------

 

-|x| RstHosts v2.0 - Rapport créé le 13/02/2012 à 14:09:31

-|x| Système d'exploitation : Microsoft Windows XP Service Pack 3 (32 bits)

-|x| Nom d'utilisateur : f003407 - FUN0085 (Administrateur)

 

-|x|- Informations -|x|-

 

Emplacement : C:\WINDOWS\System32\drivers\etc\hosts

Attribut(s) : RASH

Propriétaire : f003407 - FUNPEC.BR

Taille : 89 bytes

Date de création : 02/03/2006 - 09:00:00

Date de modification : 13/02/2012 - 14:09:24

Date de dernier accès : 13/02/2012 - 14:09:24

 

-|x|- Contenu du fichier -|x|-

 

# Fichier Hosts créé par RstHosts

 

127.0.0.1 localhost

::1 localhost

 

-|x|- E.O.F - C:\RstHosts.txt - 618 bytes -|x|-

 

 

-------------------------------\\\------------------------------------

 

Rapport de ZHPFix 1.12.3380 par Nicolas Coolman, Update du 05/02/2011

Fichier d'export Registre :

Run by f003407 at 13/02/2012 14:14:34

Windows XP Professional Service Pack 3 (Build 2600)

Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html

Web site : http://nicolascoolman.skyrock.com/

 

========== Registry Key ==========

DELETED CLSID MPSK: {d8db27a7-2a28-11e1-b78a-00248ccf6016}

DELETED Key: HKLM\Software\Classes\Interface\{01947140-417F-46B6-8751-A3A2B8345E1A}

 

========== Registry Value ==========

DELETED Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F}

DELETED RunValue: CTFMON.EXE

DELETED RunValue: YSw0eINSb325QnQ

DELETED [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]:Shell

No Value in Firewall Exception Register Key (FirewallRaz)

 

========== Registry Data Items ==========

REPLACED Value AntiVirusOverride : Good (0) - Bad (1)

 

========== Repertory ==========

DELETED Window Temporary: : 1

DELETED Flash Cookies: 50

 

========== File ==========

DELETE on Reboot c:\windows\system32\ctfmon.exe

NOT FOUND File: c:\documents and settings\all users\sgbagwt6dyxk1i\nc4a0gkpiaqk.exe

DELETED Window Temporary: : 13

DELETED Flash Cookies: 29

 

========== Restoration ==========

Restore System Point created succefully

 

 

========== Summary ==========

2 : Registry Key

5 : Registry Value

1 : Registry Data Items

2 : Repertory

4 : File

1 : Restoration

 

 

End of clean in 00mn 07s

 

========== Report File ==========

C:\ZHP\ZHPFix[R1].txt - 13/02/2012 14:14:34 [1493]

[DigRam 144]

Boa Tarde! Edvan

 

|- Copie esta informação,que está em vermelho,para o Bloco de Notas.

 

reg query "HKEY_CURRENT_USER\Software\cbc544d3c40442b0b7ae02ce6c10e3c9" > C:\look.txt

notepad C:\look.txt

 

|- Salve-a com o nome DEL.bat,em seu desktop.

|- Em "Arquivos do tipo",coloque como "Todos os Arquivos".

|- Execute-o com um duplo clique! -> Aguarde a conclusão!

|- Poste seu relatório texto,que contem informações ao registro.

|- Como está o PC?

|- Algum acidente?

|- Tudo OK?

 

///°°°///

 

|- Poste,também,HijackThis atualizado.

 

Abraços!

[Edvan 30]

! REG.EXE VERSION 3.0

 

HKEY_CURRENT_USER\Software\cbc544d3c40442b0b7ae02ce6c10e3c9

709612d09ec9828ec149900f9f8aad1c REG_BINARY 47494638A0407A01708D07BB080880CB734FD37821677BD8F16A93665215DC9F0AFA5A1A8041AFEA1F14840AC6C413E0BADE000B9185A3EFBCA1555938A9ABBE2358577632299909AA7451FC55C525C3DE1E50EDC184D7DBDAA4E67CB8DCCE4DE228CEE5EF4CA87FFE22B1D86473C0764B48200B9114A21D58C1803CAD8CAC4C17CC10F5B6EE4D097E64E42856A6E590A84F60AA0117C0C81F32C4898DD80EAE10BE43C2A34C4919FB32648C21813006FB7F7628930432CAE9C0D67F9CB81DCD667E1281A12DEA3CBDA5D46E75033025BD8C563EB70693C8FE6180895D5A3EDEF22B91F682791AADA933613B7091A6A77B7F31FBA08521C829C2F77CED1B3CCD107E37D6F24F494A4C52A3AAC7F6F7E7AADEA0FB8FE5630E4AC19638AB8DC8E2F4CF01F0F52FE87C1B6669EDBEC4B6E97F707F5875D2D493BC

 

 

 

----------------------\\\----------------------------------

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 17:19:24, on 14/02/2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch

O1 - Hosts: ::1 localhost

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll

O4 - HKLM\..\Run: [HDAudDeck] C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe 1

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [avast5] C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /nogui

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [ASUS Update Checker] C:\Arquivos de programas\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

 

--

End of file - 5680 bytes

 

 

 

Como está o PC?

|- Algum acidente?

|- Tudo OK?

 

A maquina está otima Digram, muito obrigado amigo.

[DigRam 144]

Boa Noite! Edvan

 

|- Baixe: < > (...par A.Rothstein & dj Quiou )

 

|- Clique em "Télécharger",para o download.

|- Salve-o no desktop!

|- Feche programas que estejam abertos,e execute a ferramenta.

|- Clique no botão Recherche,para iniciar o scan.

|- Ao concluir,teremos relacionados as ferramentas que serão removidas.

|- Clique,à seguir,no botão "Supression" para remover os itens encontrados.

|- Clique em Quitter para sair! --> OK.

|- Caso queira,poste os relatórios: Rapport ToolsCleaner version 2.3.11 (par A.Rothstein & dj QUIOU)

|- Selecione e copie para o Bloco de Notas.

 

///°°°///

 

|- Seus logs estão limpos!

|- Creio que não preciso lhe orientar,quanto aos procedimentos de manutenção:

 

|- <1> DESFRAGMENTAÇÃO.

|- <2> Atualização do JAVA.

|- <3> ScanDisk.

 

|- Bom trabalho! :thumbsup:

 

Abraços!

[Edvan 30]

Seus logs estão limpos!

|- Creio que não preciso lhe orientar,quanto aos procedimentos de manutenção:

 

|- <1> DESFRAGMENTAÇÃO.

|- <2> Atualização do JAVA.

|- <3> ScanDisk.

 

|- Bom trabalho

 

Pois é meu amigo, o resto pode deixar que resolvo, mais uma vez fico grato por vossa ajuda.

 

Pode fechar o tópico!

[DigRam 144]

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.