Meus programas estão bloqueados por um virus.

mary-batista · 16-02-2010, 3:19

Olá pessoal, não estou conseguindo acessar nada no meu pc.
Ele esta aparecendo a propaganda de um antivirus Securuty essentials 2010.
Pede cod de acesso e encaminha para um site onde tem custo.
Tentei restaurar o sistema mas aparece esta mensagem :WARNING
Application cannot be executed. The file is infected. Please activate your antivirus software.
Embaixo na barra de ferramentas aparece esta mensagem:
Click here to protect you computer from spyware!
Your computer is infected! Windows has detected an infection of spyware! It is recommended to use special antispyware tools to prevent data loss. Windows will now download and install the most up-to-date antispyware for you.

Estou perdida, não sei o que fazer para restaurar meu sistema.
Sera que ha alguma maneira de remover isso?
Sou um pouco leiga no assunto .
Eu li um topico que pediu para baixar dds mas o virus não deixou aparece a tela preta e apareceu novamente a mensagem:Application cannot be executed. The file is infected. Please activate your antivirus software.
Se poderem me ensinar passo a passo ficarei agradecida...

**Wings** · 16-02-2010, 8:49

Bom dia....

1.
*Baixe o RKill e salve-o no desktop
*Duplo clique em RKill caso receba alguma notificação de que rkill seja uma infecção, desconsidere e continue o processo.
*Seja paciente e aguarde o término do programa.
*Não reinicie o PC!!

2.
*Baixe o MalwareBytes Anti-malware e salve-o no desktop:
*Instale o programa
*Se alguma atualização existir,o download será automático. Aguarde...
*O programa será aberto automaticamente.
*Na aba [Verificação], selecione a opção [Verificação completa]
*Clique em [Verificar] e selecione as unidades a serem examinadas
*Ao término do scan, poderá ser interrogado se deseja remover objetos da memória. Clique [SIM] > [OK] > [Mostrar Resultados]
*Selecione todos os resultados e clique em [Remover Selecionados]
*Um relatório (mbam-log-ano-mês-data.txt) será apresentado.
*Cole-o na sua próxima resposta.

mary-batista · 16-02-2010, 12:26

bom dia...
Apos baixar o RKill dei os dois cliques ele apareceu uma pagina preta e logo em seguida a mensagem :Application cannot be executed. The file is infected. Please activate your antivirus software.
O que faço agora???

**Wings** · 16-02-2010, 12:38

Citação:

Postado Originalmente por mary-batista

bom dia...
Apos baixar o RKill dei os dois cliques ele apareceu uma pagina preta e logo em seguida a mensagem :Application cannot be executed. The file is infected. Please activate your antivirus software.
O que faço agora???

Vc não leu o que eu citei?

Citação:

.....caso receba alguma notificação de que rkill seja uma infecção, desconsidere e continue o processo.

mary-batista · 16-02-2010, 17:01

este e o relatorio:

Malwarebytes' Anti-Malware 1.44
Versão do banco de dados: 3746
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

16/2/2010 17:00:17
mbam-log-2010-02-16 (17-00-17).txt

Tipo de Verificação: Completa (A:\|C:\|D:\|E:\|)
Objetos verificados: 199282
Tempo decorrido: 3 hour(s), 0 minute(s), 57 second(s)

Processos da Memória infectados: 1
Módulos de Memória Infectados: 1
Chaves do Registro infectadas: 180
Valores do Registro infectados: 12
Ítens do Registro infectados: 13
Pastas infectadas: 23
Arquivos infectados: 102

Processos da Memória infectados:
C:\WINDOWS\system32\smss32.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Módulos de Memória Infectados:
C:\WINDOWS\system32\helpers32.dll (Trojan.FakeAlert) -> Delete on reboot.

Chaves do Registro infectadas:
HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybar button (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybar button.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlayemb ed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlayemb ed.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillersche duler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0f8ecf4f-3646-4c3a-8881-8e138ffcaf70} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b813095c-81c0-4e40-aa14-67520372b987} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c9d7be3e-141a-4c85-8cd6-32461f3df2c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cff4ce82-3aa2-451f-9b77-7165605fb835} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillersche duler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercon trolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercon trolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager. 1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager. 1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutt on (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8e6f1832-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a9571378-68a1-443d-b082-284f960c6d17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutt on.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersetting scontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersetting scontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{621feacd-8857-43a6-ae26-451d670d5370} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2763e333-b168-41a0-a112-d35f96f410c0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol. 1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{adb01e81-3c79-4272-a0f1-7b2be7a782dc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplu gin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplu gin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugi n (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Settings\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Settings\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{53ced2d0-5e9a-4761-9005-648404e6f7e5} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugi n.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin .1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverin staller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{938aa51a-996c-4884-98ce-80dd16a5c9da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverin staller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xbtb03021.ietoolbar (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{77aa25e8-6083-4949-a831-9cb11861dc10} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9ebb289a-2d7b-465b-825f-1530b813e95a} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cd5c92ae-97b0-4bc3-ba65-ba0308d543bf} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Settings\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{fcbccb87-9224-4b8d-b117-f56d924beb18} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{fcbccb87-9224-4b8d-b117-f56d924beb18} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Settings\{fcbccb87-9224-4b8d-b117-f56d924beb18} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{fcbccb87-9224-4b8d-b117-f56d924beb18} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xbtb03021.ietoolbar.1 (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xbtb03021.xbtb03021 (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xbtb03021.xbtb03021.3 (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d778513b-1c40-4819-b0c5-49e40b39afd0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d9fffb27-d62a-4d64-8cec-1ff006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{98635087-3f5d-418f-990c-b1efe0797a3b} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5b4c3b43-49b6-42a7-a602-f7acdca0d409} (Adware.OneStepSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{7aa32fc7-133b-4ae7-998e-ced0d9829b12} (Trojan.Dialer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Uninstall\winbutler (Adware.WinButler) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\SE2010 (Rogue.Securityessentials2010) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-f3embed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WUSN.1 (Adware.WhenU) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\FrmPrincipal (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.TryMedia) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\WinButler (Adware.WinButler) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\W MPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlo ok\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\ Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Valores do Registro infectados:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\security essentials 2010 (Rogue.SecurityEssentials) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\smss32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\smss32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3popularscreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Internet Settings\User Agent\Post Platform\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\my web search bar search scope monitor (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Ítens do Registro infectados:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\winlogon32.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: system32\winlogon32.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\winlogon32.exe) Good: (userinit.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\ActiveDesktop\NoChangingWallpap er (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Policies\activedesktop\NoChangingWallpa per (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Policies\Explorer\NoActiveDesktopChange s (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Pastas infectadas:
C:\Documents and Settings\Mariana\Dados de aplicativos\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mariana\Dados de aplicativos\FunWebProducts\Data (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mariana\Dados de aplicativos\FunWebProducts\Data\Mariana (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mariana\Dados de aplicativos\WinButler (Adware.WinButler) -> Quarantined and deleted successfully.
C:\Arquivos de programas\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\FunWebProducts\Shared\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\icons (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\MSNBackgrounds (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\SrchAstt (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\SrchAstt\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Arquivos infectados:
C:\WINDOWS\system32\helpers32.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\Arquivos de programas\MyWebSearch\bar\1.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\1.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\1.bin\F3SHLLVW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\1.bin\M3MSG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\1.bin\M3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\1.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\1.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\1.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\1.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\Freeze.com Toolbar\freeze_int.dll (Adware.Softomate) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\1.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\1.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MSN Messenger\riched20.dll (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\1.bin\F3RESTUB.DLL (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\1.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\1.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\1.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\1.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\1.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\1.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\1.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Securityessentials2010\SE2010.exe (Rogue.SecurityEssentials) -> Delete on reboot.
C:\WINDOWS\system32\26962.exe (Rogue.AdvancedAntiVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mariana\Dados de aplicativos\FunWebProducts\Data\Mariana\register.d at (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mariana\Dados de aplicativos\WinButler\config.cfg (Adware.WinButler) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mariana\Dados de aplicativos\WinButler\WinBuninstaller.exe (Adware.WinButler) -> Quarantined and deleted successfully.
C:\Arquivos de programas\FunWebProducts\ScreenSaver\Images\0081BB 8C.urr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\FunWebProducts\ScreenSaver\Images\00840B 67.urr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\FunWebProducts\ScreenSaver\Images\wrkpar am.lst (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\FunWebProducts\Shared\Cache\AvatarSmallB tn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\FunWebProducts\Shared\Cache\CursorManiaB tn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\FunWebProducts\Shared\Cache\FunBuddyIcon Btn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\FunWebProducts\Shared\Cache\MailStampBtn .html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\FunWebProducts\Shared\Cache\MyFunCardsIM Btn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\FunWebProducts\Shared\Cache\MyStationery Btn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\FunWebProducts\Shared\Cache\SmileyCentra lBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\1.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\1.bin\F3IMSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\1.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\1.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\1.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\1.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\1.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\1.bin\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\1.bin\M3NTSTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\Cache\00052D22 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\Cache\00267EEB.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\Cache\00268246.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\Cache\002685E0.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\Cache\00268880.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\Cache\0034352C.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\Cache\00344A2B.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\Cache\00344CAC.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\Cache\00344EEE.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\Cache\0081502F (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\Cache\0081607B (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\Cache\00816619.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\Cache\00816DD9.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\Cache\00817144.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\Cache\008179D0.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\History\search2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\Settings\prevcfg2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\warnings.html (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mariana\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Security essentials 2010.lnk (Rogue.SecurityEssentials2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mariana\Menu Iniciar\Security essentials 2010.lnk (Rogue.SecurityEssentials2010) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\smss32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Winlogon32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\service\service.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\reg_0001.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f3PSSavr.scr (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\service\ARQUIVOS_EXCLUIDOS_3 (Trojan.Banker) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\41.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

**Wings** · 16-02-2010, 17:23

Qual antivírus vc usa?

mary-batista · 16-02-2010, 17:29

Avira Antivir Personal

**Wings** · 16-02-2010, 17:34

1.
*Abra o programa Malwarebytes e na aba [Quarentena], selecione todos os resultados e clique em [Remover tudo]
*Clique na aba [Logs], selecione o relatório e clique em [Remover]
*Feche o programa

2.
*Desative temporariamente seu antivírus

Citação:

Clique com o botão direito do mouse no ícone do Avira ao lado do relógio > clique na opção "AntiVir Guard enable".

*Baixe o ComboFix e salve-o no desktop
*Duplo-clique no arquivo Combofix.exe
*Aceite o contrato

*Se o console de recuperação do Windows já estiver instalado, o ComboFix continuará o processo automaticamente. Caso não esteja, uma janela conforme abaixo será aberta. Clique em [SIM] para aceitar a instalação do mesmo.

*Após a instalação, clique em [SIM] para continuar.

*Importante: enquanto o ComboFix estiver em execução, não use o mouse nem o teclado!!..... Para interromper o procedimento tecle N ou 2 e depois ENTER.

*O programa será fechado automaticamente

*Cole o relatório criado em C:\combofix.txt

mary-batista · 16-02-2010, 17:57

Não estou achando C:\combofix.txt

**Wings** · 16-02-2010, 18:09

Ele está em C:\

O nome que aparece é combofix

mary-batista · 16-02-2010, 18:24

Quando clico nele aparece

Arquivos armazenados neste computador

documentos compartilhados

unidades de disco regido

dispositivo com armazenamento removível

outros

scaner e cameras

**Wings** · 16-02-2010, 18:26

OK...

1.
*Clique em [Iniciar] > [Executar] > digite: Combofix /uninstall
*Clique [OK]

*Clique em [Executar]
*Aguarde até surgir a mensagem: "ComboFix está desinstalado"

*Clique [OK]

2.
*Baixe o DDS e salve-o no desktop
*Desative temporariamente seu antivírus
*Duplo clique em dds e aguarde. Salve os relatórios no desktop
*Cole o relatório criado em DDS.txt

mary-batista · 16-02-2010, 18:37

DDS (Ver_09-12-01.01) - NTFSx86
Run by Mariana at 18:35:56,64 on ter 16/02/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.735.206 [GMT -2:00]

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {00000002-0002-0000-7C25-9D7C08000A00}

============== Running Processes ===============

C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\sm56hlpr.exe
C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe
C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe
C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\Arquivos de programas\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Arquivos de programas\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Arquivos de programas\LimeWire\LimeWire.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Documents and Settings\Mariana\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mariana\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mariana\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\runonce.exe
C:\32788R22FWJFW\n.pif
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\runonce.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Mariana\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.terra.com.br/portal/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:54114
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: ToolbarURLSearchHook Class: {ca3eb689-8f09-4026-aa10-b9534c691ce0} - c:\arquivos de programas\freeze.com toolbar\tbhelper.dll
uURLSearchHooks: N/A: {9cb65206-89c4-402c-ba80-02d8c59f9b1d} - c:\arquivos de programas\asktbar\srchastt\3.bin\A5SRCHAS.DLL
uURLSearchHooks: N/A: {0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2} - c:\arquivos de programas\asksbar\srchastt\1.bin\A2SRCHAS.DLL
uURLSearchHooks: SpeedBitPlus Toolbar: {60270dc7-9ea0-472f-9b77-66652c06246e} - c:\arquivos de programas\speedbitplus\tbSpe0.dll
uURLSearchHooks: Barra de Ferramentas do Yahoo! com bloqueador de pop-up: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uURLSearchHooks: free-downloads.net Toolbar: {ecdee021-0d17-467f-a1ff-c7a115230949} - c:\arquivos de programas\free-downloads.net\tbfre0.dll
BHO: 1 (0x1): {02478d38-c3f9-4efb-9b51-7695eca05670} - Yahoo! Toolbar Helper
BHO: Ask Search Assistant BHO: {0579b4b1-0293-4d73-b02d-5ebb0ba0f0a2} - c:\arquivos de programas\asksbar\srchastt\1.bin\A2SRCHAS.DLL
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\arquivos de programas\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: ssh2 Class: {2e3c3651-b19c-4dd9-a979-901ec3e930af} - c:\arquivos de programas\scpad\scpsssh2.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SpeedBitPlus Toolbar: {60270dc7-9ea0-472f-9b77-66652c06246e} - c:\arquivos de programas\speedbitplus\tbSpe0.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\arquivos de programas\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: NOW!Imaging: {9aa2f14f-e956-44b8-8694-a5b615cdf341} - c:\arquivos de programas\acelerador terra\components\NOWImaging.dll
BHO: Ask Search Assistant BHO: {9cb65201-89c4-402c-ba80-02d8c59f9b1d} - c:\arquivos de programas\asktbar\srchastt\3.bin\A5SRCHAS.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\arquivos de programas\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\arquivos de programas\google\googletoolbarnotifier\5.5.4723.18 20\swg.dll
BHO: GbIehObj Class: {c41a1c0e-ea6c-11d4-b1b8-444553540000} - c:\arquivos de programas\gbplugin\gbieh.dll
BHO: GbIehObj Class: {c41a1c0e-ea6c-11d4-b1b8-444553540003} - c:\arquivos de programas\gbplugin\gbiehcef.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\arquivos de programas\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\arquivos de programas\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.d ll
BHO: free-downloads.net Toolbar: {ecdee021-0d17-467f-a1ff-c7a115230949} - c:\arquivos de programas\free-downloads.net\tbfre0.dll
BHO: Ask Toolbar BHO: {f0d4b231-da4b-4daf-81e4-dfee4931a4aa} - c:\arquivos de programas\asksbar\bar\1.bin\ASKSBAR.DLL
BHO: Ask Toolbar BHO: {fe063db1-4ec0-403e-8dd8-394c54984b2c} - c:\arquivos de programas\asktbar\bar\4.bin\ASKTBAR.DLL
TB: Webshots Toolbar: {c17590d2-ecb4-4b15-8820-f58798dcc118} - c:\arquivos de programas\webshots\WSToolbar4IE.dll
TB: Ask Toolbar: {fe063db9-4ec0-403e-8dd8-394c54984b2c} - c:\arquivos de programas\asktbar\bar\4.bin\ASKTBAR.DLL
TB: Ask Toolbar: {f0d4b239-da4b-4daf-81e4-dfee4931a4aa} - c:\arquivos de programas\asksbar\bar\1.bin\ASKSBAR.DLL
TB: SpeedBitPlus Toolbar: {60270dc7-9ea0-472f-9b77-66652c06246e} - c:\arquivos de programas\speedbitplus\tbSpe0.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\arquivos de programas\windows live\toolbar\wltcore.dll
TB: free-downloads.net Toolbar: {ecdee021-0d17-467f-a1ff-c7a115230949} - c:\arquivos de programas\free-downloads.net\tbfre0.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\arquivos de programas\google\google toolbar\GoogleToolbar_32.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - No File
uRun: [Nero PhotoShow Media Manager] c:\arquiv~1\nero\neroph~1\data\xtras\mssysmgr.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\arquivos de programas\google\googletoolbarnotifier\GoogleToolb arNotifier.exe
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\arquivos de programas\arquivos comuns\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [Google Update] "c:\documents and settings\mariana\configurações locais\dados de aplicativos\google\update\GoogleUpdate.exe" /c
mRun: [SMSERIAL] sm56hlpr.exe
mRun: [RemoteControl] "c:\arquivos de programas\cyberlink\powerdvd\PDVDServ.exe"
mRun: [HP Software Update] c:\arquivos de programas\hp\hp software update\HPWuSchd2.exe
mRun: [Media Codec Update Service] c:\arquivos de programas\essentials codec pack\update.exe -silent
mRun: [SpeedBitVideoAccelerator] "c:\arquivos de programas\speedbit video accelerator\VideoAccelerator.exe"
mRun: [avgnt] "c:\arquivos de programas\avira\antivir desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "c:\arquivos de programas\java\jre6\bin\jusched.exe"
mRun: [NeroFilterCheck] c:\arquivos de programas\arquivos comuns\nero\lib\NeroCheck.exe
mRun: [NBKeyScan] "c:\arquivos de programas\nero\nero8\nero backitup\NBKeyScan.exe"
mRunOnce: [Uninstall Adobe Download Manager] "c:\windows\system32\rundll32.exe" "c:\docume~1\mariana\config~1\temp\nos_uninstall_A dobe.dll",Uninstall /Get1noarp
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\mariana\menuin~1\progra~1\inicia~1\fer ram~1.lnk - c:\arquivos de programas\sony\sony picture utility\pmbcore\SPUVolumeWatcher.exe
StartupFolder: c:\docume~1\mariana\menuin~1\progra~1\inicia~1\lim ewi~1.lnk - c:\arquivos de programas\limewire\LimeWire.exe
StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\ad ober~1.lnk - c:\arquivos de programas\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\hp digi~1.lnk - c:\arquivos de programas\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\mc afee~1.lnk - c:\arquivos de programas\mcafee security scan\1.0.150\SSScheduler.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: &Search
IE: &Webshots Photo Search - c:\arquivos de programas\webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Download Flash with Flash Capture - c:\arquivos de programas\flash capture\dl.htm
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\arquivos de programas\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6 FF0C6D236BF8.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\arquivos de programas\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: buy-security-essentials.com
Trusted Zone: download-soft-package.com
Trusted Zone: download-software-package.com
Trusted Zone: get-key-se10.com
Trusted Zone: is-software-download.com
Trusted Zone: buy-security-essentials.com
Trusted Zone: get-key-se10.com
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\arquivos de programas\yahoo!\common\Yinsthelper200711281.dll
DPF: {31CB2F01-72C2-4CF4-B265-450E8817B039} - hxxp://idownload.br.toontown.com/sv1.4.22.7/ttinst-portuguese.cab
DPF: {32505657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://img2.orkut.com/activex/10035/photouploader.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1225243802625
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://imagem.caixa.gov.br/cab/gbpdist.cab
TCP: {99908038-28F8-47B1-8539-1BE2543A3869} = 200.204.0.10 200.204.0.138
TCP: {CB84E974-0330-43C8-BD09-A7661717358B} = 200.176.2.10,200.176.2.12
Notify: GbPluginBb - c:\arquivos de programas\gbplugin\gbieh.dll
Notify: GbPluginCef - c:\arquivos de programas\gbplugin\gbiehCef.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - c:\arquivos de programas\scpad\scpLIB.dll
STS: compIB Class: {a3717295-941d-416f-9384-ed1736729f1c} - c:\arquivos de programas\scpad\scpLIB.dll
SEH: GbPluginObj Class: {e37cb5f0-51f5-4395-a808-5fa49e399003} - c:\arquivos de programas\gbplugin\gbiehcef.dll
SEH: GbPluginObj Class: {e37cb5f0-51f5-4395-a808-5fa49e399f83} - c:\arquivos de programas\gbplugin\gbieh.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\mariana\dadosd~1\mozilla\firefox\profi les\60ct2e0a.default\
FF - component: c:\documents and settings\mariana\dados de aplicativos\mozilla\firefox\profiles\60ct2e0a.defa ult\extensions\{60270dc7-9ea0-472f-9b77-66652c06246e}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\mariana\dados de aplicativos\mozilla\firefox\profiles\60ct2e0a.defa ult\extensions\{60270dc7-9ea0-472f-9b77-66652c06246e}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\mariana\dados de aplicativos\mozilla\firefox\profiles\60ct2e0a.defa ult\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\mariana\dados de aplicativos\mozilla\firefox\profiles\60ct2e0a.defa ult\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}\components\RadioWMPCore.dll
FF - plugin: c:\arquivos de programas\google\picasa3\npPicasa3.dll
FF - plugin: c:\arquivos de programas\google\update\1.2.183.13\npGoogleOneClic k8.dll
FF - plugin: c:\arquivos de programas\microsoft\office live\npOLW.dll
FF - plugin: c:\arquivos de programas\real\realarcade\plugins\mozilla\npracplu g.dll
FF - plugin: c:\arquivos de programas\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\documents and settings\mariana\configuraã§ãµes locais\dados de aplicativos\google\update\1.2.183.13\npGoogleOneCl ick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

============= SERVICES / DRIVERS ===============

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys [2008-12-22 30752]
R1 avgio;avgio;c:\arquivos de programas\avira\antivir desktop\avgio.sys [2009-7-24 11608]
R2 AntiVirScheduler;Avira AntiVir Scheduler;c:\arquivos de programas\avira\antivir desktop\sched.exe [2009-7-24 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\arquivos de programas\avira\antivir desktop\avguard.exe [2009-7-24 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgn tflt.sys [2009-7-24 56816]
R2 GbpSv;Gbp Service;c:\arquiv~1\gbplugin\GbpSv.exe [2008-7-24 54048]
R2 sbbotdi;sbbotdi;c:\arquiv~1\speedb~1\sbbotdi.sys [2009-2-24 35584]
R3 PAC207;VideoCAM GE111;c:\windows\system32\drivers\pfc027.sys [2005-4-8 162176]
S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\google\update\GoogleUpdate.exe [2010-2-15 135664]
S2 OneStepSrch Service;OneStepSrch Service;"c:\documents and settings\all users\dados de aplicativos\onestepsrch\onestep210.exe" "c:\arquivos de programas\onestepsrch\onestep.dll" service --> c:\documents and settings\all users\dados de aplicativos\onestepsrch\onestep210.exe [?]
S3 FXDRV;FXDRV;\??\d:\fxdrv.sys --> d:\Fxdrv.sys [?]

=============== Created Last 30 ================

2010-02-16 20:33:11 0 dc----w- C:\ComboFix
2010-02-16 18:41:58 0 ----a-w- c:\windows\system32\5705.exe
2010-02-16 18:21:52 53248 ----a-w- c:\windows\system32\24464.exe
2010-02-16 17:41:19 0 ----a-w- c:\windows\system32\29358.exe
2010-02-16 17:21:18 0 ----a-w- c:\windows\system32\11478.exe
2010-02-16 15:37:34 0 dc----w- c:\docume~1\mariana\dadosd~1\Malwarebytes
2010-02-16 15:37:27 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-16 15:37:13 0 dc----w- c:\docume~1\alluse~1\dadosd~1\Malwarebytes
2010-02-16 15:37:12 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-16 15:37:12 0 dc----w- c:\arquivos de programas\Malwarebytes' Anti-Malware
2010-02-16 05:27:05 0 ----a-w- c:\windows\system32\15724.exe
2010-02-15 21:22:04 0 ----a-w- c:\windows\system32\19169.exe
2010-02-15 21:02:03 0 ----a-w- c:\windows\system32\26500.exe
2010-02-15 20:42:02 0 ----a-w- c:\windows\system32\6334.exe
2010-02-15 20:22:01 0 ----a-w- c:\windows\system32\18467.exe

==================== Find3M ====================

2010-01-03 14:02:41 92868 ----a-w- c:\windows\system32\perfc016.dat
2010-01-03 14:02:41 540112 ----a-w- c:\windows\system32\perfh016.dat
2009-12-31 16:50:03 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-30 12:59:36 30752 ----a-w- c:\windows\system32\drivers\GbpKm.sys
2009-12-21 19:08:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-17 07:41:40 345600 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:09:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-11-27 17:13:11 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 17:13:11 1296384 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 16:08:45 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:08:44 85504 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:08:44 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:08:44 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:08:44 11264 ----a-w- c:\windows\system32\msrle32.dll
2007-09-24 23:09:59 774144 -c--a-w- c:\arquivos de programas\RngInterstitial.dll
2008-08-24 01:04:39 32768 -csha-w- c:\windows\system32\config\systemprofile\configura ções locais\histórico\history.ie5\mshist012008082320080 824\index.dat

============= FINISH: 18:36:20,03 ===============

**Wings** · 16-02-2010, 19:07

1.
*Baixe o AD-Remover e salve-o no desktop
*Duplo clique em AD-R.exe e instale o programa.
*Duplo clique no ícone criado no desktop e clique em [Oui]
*Tecle L > [ENTER]

2.
*Acesse a página abaixo
http://mvps.org/winhelp2002/DelDomains.inf
*Clique com o botão direito do mouse na página e selecione "Salvar como..."
*Salve no desktop
*Atenção!!...O DelDomains removerá todas as entradas presentes nos sites confiáveis e nos sites restritos.
Se você tem adicionado sites restritos, é necessário adicioná-los novamente.
*Clique com o botão direito do mouse no arquivo deldomains.inf e selecione [Instalar]
*Reinicie o PC

3.
*Cole o relatório criado em C:\Ad-Report-CLEAN.log

mary-batista · 16-02-2010, 19:56

======= LOGFILE OF AD-REMOVER 1.1.4.6_J | ONLY XP/VISTA/7 =======
.
Updated by C_XX on 05.02.2010 at 17:34
Contact: AdRemover.contact@gmail.com
Website: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Launch at: 19:21:50, ter 16/02/2010 | Normal Boot | Option: CLEAN
Executed from: C:\Ad-Remover\
Operating system: Microsoft® Windows XP™ Service Pack 3 versÆo 5.1.2600
Computer Name: HP-PAVILION | Current user: Mariana
.
============== NEUTRALIZED ELEMENT(S) ==============
.
Service: *OneStepSrch Service*

C:\Arquivos de programas\Mozilla FireFox\extensions\{C7E0B063-1DC2-4DD0-A502-1D67957B9ADE}
C:\Arquivos de programas\AskSBar
C:\Arquivos de programas\AskTBar
C:\Arquivos de programas\OneStepSrch
C:\Arquivos de programas\Trymedia
C:\DOCUME~1\ALLUSE~1\DADOSD~1\OneStepSrch

(!) -- Temp files deleted.

.
HKCU\software\FunWebProducts
HKCU\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{FE063DB9-4EC0-403e-8DD8-394C54984B2C}
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{9CB65206-89C4-402c-BA80-02D8C59F9B1D}
HKCU\software\Swiss Casino
HKLM\Software\Classes\CLSID\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}
HKLM\Software\Classes\CLSID\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}
HKLM\Software\Classes\CLSID\{B15FD82E-85BC-430d-90CB-65DB1B030510}
HKLM\Software\Classes\CLSID\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}
HKLM\Software\Classes\CLSID\{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA}
HKLM\Software\Classes\CLSID\{F0D4B23B-DA4B-4daf-81E4-DFEE4931A4AA}
HKLM\Software\Classes\CLSID\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}
HKLM\Software\Classes\CLSID\{FE063DB9-4EC0-403e-8DD8-394C54984B2C}
HKLM\Software\Classes\CLSID\{FE063DBB-4EC0-403e-8DD8-394C54984B2C}
HKLM\Software\Classes\Interface\{62EB444A-07A0-4E0F-80EE-34B92A9B0E5D}
HKLM\software\classes\URLSearchHook.ToolbarURLSear chHook
HKLM\software\classes\URLSearchHook.ToolbarURLSear chHook.1
HKLM\software\microsoft\internet explorer\searchscopes\{E4013329-B79F-4680-AD25-5D4D64F28342}
HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA}
HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{FE063DB9-4EC0-403e-8DD8-394C54984B2C}
HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyWebSearch bar Uninstall
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}
HKLM\software\microsoft\windows\currentversion\uni nstall\AskSBar Uninstall
HKLM\software\microsoft\windows\currentversion\uni nstall\OneStepSrch
HKLM\software\OneStepSrch
HKLM\software\Swiss Casino
HKLM\software\Trymedia Systems
.
============== Added scan ==============
.
.
* Mozilla FireFox Version 3.5.7 [pt-BR] *
.
ProfilePath: 60ct2e0a.default (Mariana)
.
(Mariana, prefs.js) Browser.download.lastDir, C:\Documents and Settings\Mariana\Meus documentos\Downloads
(Mariana, prefs.js) Extensions.enabledItems, {CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}:1.5.2.29,{fce36c1e-58d8-498a-b2a5-66ad1cedebbb}:0.76,{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15,jqs@sun.com:1.0,{20a82645-c095-46ed-80e3-08825760534b}:1.1,{C7E0B063-1DC2-4DD0-A502-1D67957B9ADE}:1.0,{60270dc7-9ea0-472f-9b77-66652c06246e}:2.5.2.14,{ecdee021-0d17-467f-a1ff-c7a115230949}:2.5.2.14,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.7
.
.
* Internet Explorer Version 8.0.6001.18702 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Do404Search: 01000000
Local Page: C:\WINDOWS\system32\blank.htm
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
Enable Browser Extensions: yes
Use Search Asst: no
Use Custom Search URL: 1 (0x1)
Search Bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page Redirect Cache: hxxp://br.msn.com/?ocid=iehp
Start Page Redirect Cache_TIMESTAMP: dc484cd4192fca01
Start Page Redirect Cache AcceptLangs: pt-br
Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\system32\blank.htm
Start Page: hxxp://fr.msn.com/
Enable Browser Extensions: yes
Search bar: hxxp://search.msn.com/spbasic.htm
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
===================================
.
5288 Byte(s) - C:\Ad-Report-CLEAN[1].log
.
84 File(s) - C:\DOCUME~1\Mariana\CONFIG~1\Temp
77 File(s) - C:\WINDOWS\Temp
0 File(s) - C:\WINDOWS\Prefetch
.
18 File(s) - C:\Ad-Remover\BACKUP
44 File(s) - C:\Ad-Remover\QUARANTINE
.
End at: 19:33:35 | ter 16/02/2010 - CLEAN[1]
.
============== E.O.F ==============
.

dbatista · 16-02-2010, 20:02

Dando uma maozinha enquanto o Wings está off...

Faça os seguintes procedimentos:

Faça download do Dr. Web Cureit em

http://www.freedrweb.com/download+cureit/

(nesse link basta ir ao fim da página e clicar em "I accept Dr.Web License Agreement."

Após o download execute o programa;

Ao iniciar o aplicativo irá fazer um breve scan em seu computador;

Se alguma ameaça for detectada exclua;

Após o scan básico selecione o scan completo;

Faça download do Advanced System Care;

http://www.baixaki.com.br/download/advanced-systemcare.htm

Após instalar ele já irá fazer uma analise do seu sistema;

Basta usar a ferramenta corrigir erros;

Depois poste um novo log do hijackthis;

Um abraço.

**Wings** · 16-02-2010, 20:09

dbatista

Vamos aguardar...daqui há pouco ela faz um scan com o DrWeb.

mary-batista

1.
*Execute novamente o AD-Remover
*Tecle D > [ENTER]

2.
*Delete o arquivo DelDomains.inf

3.
*Execute novamente o DDS e cole o seu relatório.

mary-batista · 16-02-2010, 22:20

Advanced SystemCare Update History

v3.5.0

+ Added Turbo Boost
+ Added log view function
+ Updated Advanced Uninstaller
* Fixed general bugs

v3.4.2

+ Added Software Uninstaller
* Fixed general bugs

v3.4.1

* Fixed general bugs

v3.4.0

+ Improved "System Optimization" for Win 7 and Vista
+ Improved "Registry Fix" section
+ Improved "Utilities" section
+ Added "IObit Toolbar"
* Fixed bugs in update function
* Fixed general bugs

v3.3.4

* Fixed bugs for 64bit Windows 7
+ Improved AutoCare function

v3.3.3

+ Improved System Optimization module
* Fixed general bugs

v3.3.2

+ Added detailed online Help
+ Fixed compatible bugs in Registry Scan module
* Fixed general bugs

v3.3.1

+ Added Internet Booster tool
+ Added Clone File Finder tool
+ Improved Disk Explorer tool
+ Improved Registry Scan module
* Fixed main program startup bug
* Fixed compatible bug of AutoUpdate function
* Fixed bugs in Security Defense module with IE 8

v3.2.0

+ Improved Spyware Removal function
+ Added "Game Booster"
+ Supported "Google Chrome" privacy sweep
+ Improved "disk defragment" engine
+ Improved "Utilities" section
* Fixed bugs in update function
* Fixed general bugs

v3.1.2

* Improved update function
* Improved "Utilities" section
* Fixed general bugs

v3.1.1

+ Improved Registry scan module

v3.1.0

* Supported Windows XP/Vista 64bit edition
* Added support for FireFox 3
* Fixed general bugs

v3.0.1

* Fixed compatible bugs
* Fixed bugs in installation

v3.0.0

+ Added new functions, features and tools
+ Improved overall modules and functions
+ Applied new interface

mary-batista · 16-02-2010, 22:37

resultado DDS

DDS (Ver_09-12-01.01) - NTFSx86
Run by Mariana at 22:36:09,07 on ter 16/02/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.735.286 [GMT -2:00]

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {00000002-0002-0000-7C25-9D7C08000A00}

============== Running Processes ===============

C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\IoctlSvc.exe
C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\sm56hlpr.exe
C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe
C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
C:\Arquivos de programas\SpeedBit Video Accelerator\VideoAccelerator.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe
C:\Arquivos de programas\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Arquivos de programas\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Mariana\Desktop\pvqh25jb.exe
C:\DOCUME~1\Mariana\CONFIG~1\Temp\RarSFX1\wr6y6g.e xe
C:\WINDOWS\system32\wscntfy.exe
C:\DOCUME~1\Mariana\CONFIG~1\Temp\RarSFX1\a7k2jXP. exe
C:\Arquivos de programas\IObit\Advanced SystemCare 3\Awc.exe
C:\Documents and Settings\Mariana\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:54114
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: SpeedBitPlus Toolbar: {60270dc7-9ea0-472f-9b77-66652c06246e} - c:\arquivos de programas\speedbitplus\tbSpe0.dll
uURLSearchHooks: Barra de Ferramentas do Yahoo! com bloqueador de pop-up: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uURLSearchHooks: free-downloads.net Toolbar: {ecdee021-0d17-467f-a1ff-c7a115230949} - c:\arquivos de programas\free-downloads.net\tbfre0.dll
BHO: 1 (0x1): {02478d38-c3f9-4efb-9b51-7695eca05670} - Yahoo! Toolbar Helper
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\arquivos de programas\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: ssh2 Class: {2e3c3651-b19c-4dd9-a979-901ec3e930af} - c:\arquivos de programas\scpad\scpsssh2.dll
BHO: SpeedBitPlus Toolbar: {60270dc7-9ea0-472f-9b77-66652c06246e} - c:\arquivos de programas\speedbitplus\tbSpe0.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\arquivos de programas\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {9aa2f14f-e956-44b8-8694-a5b615cdf341} - NOW!Imaging
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\arquivos de programas\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\arquivos de programas\google\googletoolbarnotifier\5.5.4723.18 20\swg.dll
BHO: GbIehObj Class: {c41a1c0e-ea6c-11d4-b1b8-444553540000} - c:\arquivos de programas\gbplugin\gbieh.dll
BHO: GbIehObj Class: {c41a1c0e-ea6c-11d4-b1b8-444553540003} - c:\arquivos de programas\gbplugin\gbiehcef.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\arquivos de programas\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\arquivos de programas\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.d ll
BHO: free-downloads.net Toolbar: {ecdee021-0d17-467f-a1ff-c7a115230949} - c:\arquivos de programas\free-downloads.net\tbfre0.dll
TB: Webshots Toolbar: {c17590d2-ecb4-4b15-8820-f58798dcc118} -
TB: SpeedBitPlus Toolbar: {60270dc7-9ea0-472f-9b77-66652c06246e} - c:\arquivos de programas\speedbitplus\tbSpe0.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\arquivos de programas\windows live\toolbar\wltcore.dll
TB: free-downloads.net Toolbar: {ecdee021-0d17-467f-a1ff-c7a115230949} - c:\arquivos de programas\free-downloads.net\tbfre0.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\arquivos de programas\google\google toolbar\GoogleToolbar_32.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\arquivos de programas\google\googletoolbarnotifier\GoogleToolb arNotifier.exe
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\arquivos de programas\arquivos comuns\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [Google Update] "c:\documents and settings\mariana\configurações locais\dados de aplicativos\google\update\GoogleUpdate.exe" /c
uRun: [Advanced SystemCare 3] "c:\arquivos de programas\iobit\advanced systemcare 3\AWC.exe" /startup
mRun: [SMSERIAL] sm56hlpr.exe
mRun: [RemoteControl] "c:\arquivos de programas\cyberlink\powerdvd\PDVDServ.exe"
mRun: [HP Software Update] c:\arquivos de programas\hp\hp software update\HPWuSchd2.exe
mRun: [SpeedBitVideoAccelerator] "c:\arquivos de programas\speedbit video accelerator\VideoAccelerator.exe"
mRun: [avgnt] "c:\arquivos de programas\avira\antivir desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "c:\arquivos de programas\java\jre6\bin\jusched.exe"
mRun: [NeroFilterCheck] c:\arquivos de programas\arquivos comuns\nero\lib\NeroCheck.exe
mRun: [NBKeyScan] "c:\arquivos de programas\nero\nero8\nero backitup\NBKeyScan.exe"
mRunOnce: [Uninstall Adobe Download Manager] "c:\windows\system32\rundll32.exe" "c:\docume~1\mariana\config~1\temp\nos_uninstall_A dobe.dll",Uninstall /Get1noarp
mRunOnce: [<NO NAME>]
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\mariana\menuin~1\progra~1\inicia~1\fer ram~1.lnk - c:\arquivos de programas\sony\sony picture utility\pmbcore\SPUVolumeWatcher.exe
StartupFolder: c:\docume~1\mariana\menuin~1\progra~1\inicia~1\lim ewi~1.lnk - c:\arquivos de programas\limewire\LimeWire.exe
StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\ad ober~1.lnk - c:\arquivos de programas\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\hp digi~1.lnk - c:\arquivos de programas\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\mc afee~1.lnk - c:\arquivos de programas\mcafee security scan\1.0.150\SSScheduler.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: &Webshots Photo Search - c:\arquivos de programas\webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Download Flash with Flash Capture - c:\arquivos de programas\flash capture\dl.htm
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\arquivos de programas\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6 FF0C6D236BF8.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\arquivos de programas\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~2\office11\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\arquivos de programas\yahoo!\common\Yinsthelper200711281.dll
DPF: {31CB2F01-72C2-4CF4-B265-450E8817B039} - hxxp://idownload.br.toontown.com/sv1.4.22.7/ttinst-portuguese.cab
DPF: {32505657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://img2.orkut.com/activex/10035/photouploader.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1225243802625
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://imagem.caixa.gov.br/cab/gbpdist.cab
TCP: {99908038-28F8-47B1-8539-1BE2543A3869} = 200.204.0.10 200.204.0.138
TCP: {CB84E974-0330-43C8-BD09-A7661717358B} = 200.176.2.10,200.176.2.12
Notify: GbPluginBb - c:\arquivos de programas\gbplugin\gbieh.dll
Notify: GbPluginCef - c:\arquivos de programas\gbplugin\gbiehCef.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - c:\arquivos de programas\scpad\scpLIB.dll
STS: compIB Class: {a3717295-941d-416f-9384-ed1736729f1c} - c:\arquivos de programas\scpad\scpLIB.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\mariana\dadosd~1\mozilla\firefox\profi les\60ct2e0a.default\
FF - component: c:\documents and settings\mariana\dados de aplicativos\mozilla\firefox\profiles\60ct2e0a.defa ult\extensions\{60270dc7-9ea0-472f-9b77-66652c06246e}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\mariana\dados de aplicativos\mozilla\firefox\profiles\60ct2e0a.defa ult\extensions\{60270dc7-9ea0-472f-9b77-66652c06246e}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\mariana\dados de aplicativos\mozilla\firefox\profiles\60ct2e0a.defa ult\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\mariana\dados de aplicativos\mozilla\firefox\profiles\60ct2e0a.defa ult\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}\components\RadioWMPCore.dll
FF - plugin: c:\arquivos de programas\google\picasa3\npPicasa3.dll
FF - plugin: c:\arquivos de programas\google\update\1.2.183.13\npGoogleOneClic k8.dll
FF - plugin: c:\arquivos de programas\microsoft\office live\npOLW.dll
FF - plugin: c:\arquivos de programas\real\realarcade\plugins\mozilla\npracplu g.dll
FF - plugin: c:\arquivos de programas\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\documents and settings\mariana\configuraã§ãµes locais\dados de aplicativos\google\update\1.2.183.13\npGoogleOneCl ick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

============= SERVICES / DRIVERS ===============

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys [2008-12-22 30752]
R1 avgio;avgio;c:\arquivos de programas\avira\antivir desktop\avgio.sys [2009-7-24 11608]
R2 AntiVirScheduler;Avira AntiVir Scheduler;c:\arquivos de programas\avira\antivir desktop\sched.exe [2009-7-24 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\arquivos de programas\avira\antivir desktop\avguard.exe [2009-7-24 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgn tflt.sys [2009-7-24 56816]
R2 GbpSv;Gbp Service;c:\arquiv~1\gbplugin\GbpSv.exe [2008-7-24 54048]
R2 sbbotdi;sbbotdi;c:\arquiv~1\speedb~1\sbbotdi.sys [2009-2-24 35584]
R3 PAC207;VideoCAM GE111;c:\windows\system32\drivers\pfc027.sys [2005-4-8 162176]
S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\google\update\GoogleUpdate.exe [2010-2-15 135664]
S3 FXDRV;FXDRV;\??\d:\fxdrv.sys --> d:\Fxdrv.sys [?]

=============== Created Last 30 ================

2010-02-17 00:19:07 0 dc----w- c:\docume~1\mariana\dadosd~1\IObit
2010-02-17 00:19:06 0 dc----w- c:\arquivos de programas\IObit
2010-02-16 22:22:39 0 dc----w- c:\documents and settings\mariana\DoctorWeb
2010-02-16 21:16:04 0 dc----w- C:\Ad-Remover
2010-02-16 20:33:11 0 dc----w- C:\ComboFix
2010-02-16 18:41:58 0 ----a-w- c:\windows\system32\5705.exe
2010-02-16 18:21:52 53248 ----a-w- c:\windows\system32\24464.exe
2010-02-16 17:41:19 0 ----a-w- c:\windows\system32\29358.exe
2010-02-16 17:21:18 0 ----a-w- c:\windows\system32\11478.exe
2010-02-16 15:37:34 0 dc----w- c:\docume~1\mariana\dadosd~1\Malwarebytes
2010-02-16 15:37:27 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-16 15:37:13 0 dc----w- c:\docume~1\alluse~1\dadosd~1\Malwarebytes
2010-02-16 15:37:12 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-16 15:37:12 0 dc----w- c:\arquivos de programas\Malwarebytes' Anti-Malware
2010-02-16 05:27:05 0 ----a-w- c:\windows\system32\15724.exe
2010-02-15 21:22:04 0 ----a-w- c:\windows\system32\19169.exe
2010-02-15 21:02:03 0 ----a-w- c:\windows\system32\26500.exe
2010-02-15 20:42:02 0 ----a-w- c:\windows\system32\6334.exe
2010-02-15 20:22:01 0 ----a-w- c:\windows\system32\18467.exe
2010-01-30 14:14:15 1374 ----a-w- c:\windows\imsins.BAK

==================== Find3M ====================

2010-01-03 14:02:41 92868 ----a-w- c:\windows\system32\perfc016.dat
2010-01-03 14:02:41 540112 ----a-w- c:\windows\system32\perfh016.dat
2009-12-31 16:50:03 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-30 12:59:36 30752 ----a-w- c:\windows\system32\drivers\GbpKm.sys
2009-12-21 19:08:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-17 07:41:40 345600 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:09:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-11-27 17:13:11 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 17:13:11 1296384 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 16:08:45 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:08:44 85504 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:08:44 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:08:44 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:08:44 11264 ----a-w- c:\windows\system32\msrle32.dll
2007-09-24 23:09:59 774144 -c--a-w- c:\arquivos de programas\RngInterstitial.dll
2008-08-24 01:04:39 32768 -csha-w- c:\windows\system32\config\systemprofile\configura ções locais\histórico\history.ie5\mshist012008082320080 824\index.dat

============= FINISH: 22:36:56,75 ===============

mary-batista · 16-02-2010, 23:29

o que faço agora???

16-02-2010, 3:19	#1 (permalink)
mary-batista Novo Membro Registrado em: Sep 2006 Mensagens: 65 Reputação: 12	Meus programas estão bloqueados por um virus. Olá pessoal, não estou conseguindo acessar nada no meu pc. Ele esta aparecendo a propaganda de um antivirus Securuty essentials 2010. Pede cod de acesso e encaminha para um site onde tem custo. Tentei restaurar o sistema mas aparece esta mensagem :WARNING Application cannot be executed. The file is infected. Please activate your antivirus software. Embaixo na barra de ferramentas aparece esta mensagem: Click here to protect you computer from spyware! Your computer is infected! Windows has detected an infection of spyware! It is recommended to use special antispyware tools to prevent data loss. Windows will now download and install the most up-to-date antispyware for you. Estou perdida, não sei o que fazer para restaurar meu sistema. Sera que ha alguma maneira de remover isso? Sou um pouco leiga no assunto . Eu li um topico que pediu para baixar dds mas o virus não deixou aparece a tela preta e apareceu novamente a mensagem:Application cannot be executed. The file is infected. Please activate your antivirus software. Se poderem me ensinar passo a passo ficarei agradecida...

16-02-2010, 8:49	#2 (permalink)
Wings Colaborador Registrado em: Apr 2007 Mensagens: 16.449 Reputação: 14526	Bom dia.... 1. Baixe o RKill* e salve-o no desktop Duplo clique em RKill caso receba alguma notificação de que rkill seja uma infecção, desconsidere e continue o processo. Seja paciente e aguarde o término do programa. Não reinicie o PC!! 2. Baixe o MalwareBytes Anti-malware e salve-o no desktop: Instale o programa Se alguma atualização existir,o download será automático. Aguarde... O programa será aberto automaticamente. Na aba [Verificação], selecione a opção [Verificação completa] Clique em [Verificar] e selecione as unidades a serem examinadas Ao término do scan, poderá ser interrogado se deseja remover objetos da memória. Clique [SIM] > [OK] > [Mostrar Resultados] Selecione todos os resultados e clique em [Remover Selecionados] Um relatório (mbam-log-ano-mês-data.txt) será apresentado. *Cole-o na sua próxima resposta. __________________ Não respondo dúvidas técnicas por MP. Favor utilizar o Fórum.

16-02-2010, 17:23	#6 (permalink)
Wings Colaborador Registrado em: Apr 2007 Mensagens: 16.449 Reputação: 14526	Qual antivírus vc usa? __________________ Não respondo dúvidas técnicas por MP. Favor utilizar o Fórum.

16-02-2010, 18:09	#10 (permalink)
Wings Colaborador Registrado em: Apr 2007 Mensagens: 16.449 Reputação: 14526	Ele está em C:\ O nome que aparece é combofix __________________ Não respondo dúvidas técnicas por MP. Favor utilizar o Fórum.

16-02-2010, 18:26	#12 (permalink)
Wings Colaborador Registrado em: Apr 2007 Mensagens: 16.449 Reputação: 14526	OK... 1. Clique em [Iniciar] > [Executar] > digite: Combofix /uninstall* Clique [OK] Clique em [Executar] Aguarde até surgir a mensagem: "ComboFix está desinstalado" Clique [OK] 2. Baixe o DDS* e salve-o no desktop Desative temporariamente seu antivírus Duplo clique em dds e aguarde. Salve os relatórios no desktop *Cole o relatório criado em DDS.txt __________________ Não respondo dúvidas técnicas por MP. Favor utilizar o Fórum.

		FórumGdH > Software, Segurança e Mac (Apple) > Segurança: discussões, dúvidas e informações
Meus programas estão bloqueados por um virus.

1. Alguns programas sendo bloqueados.
Mais resultados? Use nossa pesquisa.

16-02-2010, 12:26	#3 (permalink)
mary-batista Novo Membro Registrado em: Sep 2006 Mensagens: 65 Reputação: 12	bom dia... Apos baixar o RKill dei os dois cliques ele apareceu uma pagina preta e logo em seguida a mensagem :Application cannot be executed. The file is infected. Please activate your antivirus software. O que faço agora???

16-02-2010, 17:29	#7 (permalink)
mary-batista Novo Membro Registrado em: Sep 2006 Mensagens: 65 Reputação: 12	Avira Antivir Personal

16-02-2010, 17:57	#9 (permalink)
mary-batista Novo Membro Registrado em: Sep 2006 Mensagens: 65 Reputação: 12	Não estou achando C:\combofix.txt

16-02-2010, 18:24	#11 (permalink)
mary-batista Novo Membro Registrado em: Sep 2006 Mensagens: 65 Reputação: 12	Quando clico nele aparece Arquivos armazenados neste computador documentos compartilhados unidades de disco regido dispositivo com armazenamento removível outros scaner e cameras

16-02-2010, 18:37	#13 (permalink)
mary-batista Novo Membro Registrado em: Sep 2006 Mensagens: 65 Reputação: 12	DDS (Ver_09-12-01.01) - NTFSx86 Run by Mariana at 18:35:56,64 on ter 16/02/2010 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15 Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.735.206 [GMT -2:00] AV: AntiVir Desktop On-access scanning disabled (Updated) {00000002-0002-0000-7C25-9D7C08000A00} ============== Running Processes =============== C:\ARQUIV~1\GbPlugin\GbpSv.exe C:\WINDOWS\system32\svchost -k DcomLaunch C:\WINDOWS\system32\svchost -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\IoctlSvc.exe C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\System32\alg.exe C:\WINDOWS\sm56hlpr.exe C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe C:\Arquivos de programas\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe C:\Arquivos de programas\McAfee Security Scan\1.0.150\SSScheduler.exe C:\Arquivos de programas\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe C:\Arquivos de programas\LimeWire\LimeWire.exe C:\WINDOWS\system32\wuauclt.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe C:\Documents and Settings\Mariana\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Mariana\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Mariana\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\runonce.exe C:\32788R22FWJFW\n.pif C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\runonce.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Documents and Settings\Mariana\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.terra.com.br/portal/ uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uDefault_Search_URL = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyServer = http=127.0.0.1:54114 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie uURLSearchHooks: ToolbarURLSearchHook Class: {ca3eb689-8f09-4026-aa10-b9534c691ce0} - c:\arquivos de programas\freeze.com toolbar\tbhelper.dll uURLSearchHooks: N/A: {9cb65206-89c4-402c-ba80-02d8c59f9b1d} - c:\arquivos de programas\asktbar\srchastt\3.bin\A5SRCHAS.DLL uURLSearchHooks: N/A: {0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2} - c:\arquivos de programas\asksbar\srchastt\1.bin\A2SRCHAS.DLL uURLSearchHooks: SpeedBitPlus Toolbar: {60270dc7-9ea0-472f-9b77-66652c06246e} - c:\arquivos de programas\speedbitplus\tbSpe0.dll uURLSearchHooks: Barra de Ferramentas do Yahoo! com bloqueador de pop-up: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - uURLSearchHooks: free-downloads.net Toolbar: {ecdee021-0d17-467f-a1ff-c7a115230949} - c:\arquivos de programas\free-downloads.net\tbfre0.dll BHO: 1 (0x1): {02478d38-c3f9-4efb-9b51-7695eca05670} - Yahoo! Toolbar Helper BHO: Ask Search Assistant BHO: {0579b4b1-0293-4d73-b02d-5ebb0ba0f0a2} - c:\arquivos de programas\asksbar\srchastt\1.bin\A2SRCHAS.DLL BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\arquivos de programas\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: ssh2 Class: {2e3c3651-b19c-4dd9-a979-901ec3e930af} - c:\arquivos de programas\scpad\scpsssh2.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: SpeedBitPlus Toolbar: {60270dc7-9ea0-472f-9b77-66652c06246e} - c:\arquivos de programas\speedbitplus\tbSpe0.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\arquivos de programas\microsoft\search enhancement pack\search helper\SearchHelper.dll BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll BHO: NOW!Imaging: {9aa2f14f-e956-44b8-8694-a5b615cdf341} - c:\arquivos de programas\acelerador terra\components\NOWImaging.dll BHO: Ask Search Assistant BHO: {9cb65201-89c4-402c-ba80-02d8c59f9b1d} - c:\arquivos de programas\asktbar\srchastt\3.bin\A5SRCHAS.DLL BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\arquivos de programas\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\arquivos de programas\google\googletoolbarnotifier\5.5.4723.18 20\swg.dll BHO: GbIehObj Class: {c41a1c0e-ea6c-11d4-b1b8-444553540000} - c:\arquivos de programas\gbplugin\gbieh.dll BHO: GbIehObj Class: {c41a1c0e-ea6c-11d4-b1b8-444553540003} - c:\arquivos de programas\gbplugin\gbiehcef.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\arquivos de programas\java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\arquivos de programas\windows live\toolbar\wltcore.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.d ll BHO: free-downloads.net Toolbar: {ecdee021-0d17-467f-a1ff-c7a115230949} - c:\arquivos de programas\free-downloads.net\tbfre0.dll BHO: Ask Toolbar BHO: {f0d4b231-da4b-4daf-81e4-dfee4931a4aa} - c:\arquivos de programas\asksbar\bar\1.bin\ASKSBAR.DLL BHO: Ask Toolbar BHO: {fe063db1-4ec0-403e-8dd8-394c54984b2c} - c:\arquivos de programas\asktbar\bar\4.bin\ASKTBAR.DLL TB: Webshots Toolbar: {c17590d2-ecb4-4b15-8820-f58798dcc118} - c:\arquivos de programas\webshots\WSToolbar4IE.dll TB: Ask Toolbar: {fe063db9-4ec0-403e-8dd8-394c54984b2c} - c:\arquivos de programas\asktbar\bar\4.bin\ASKTBAR.DLL TB: Ask Toolbar: {f0d4b239-da4b-4daf-81e4-dfee4931a4aa} - c:\arquivos de programas\asksbar\bar\1.bin\ASKSBAR.DLL TB: SpeedBitPlus Toolbar: {60270dc7-9ea0-472f-9b77-66652c06246e} - c:\arquivos de programas\speedbitplus\tbSpe0.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\arquivos de programas\windows live\toolbar\wltcore.dll TB: free-downloads.net Toolbar: {ecdee021-0d17-467f-a1ff-c7a115230949} - c:\arquivos de programas\free-downloads.net\tbfre0.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\arquivos de programas\google\google toolbar\GoogleToolbar_32.dll TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File TB: {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - No File uRun: [Nero PhotoShow Media Manager] c:\arquiv~1\nero\neroph~1\data\xtras\mssysmgr.exe uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [swg] c:\arquivos de programas\google\googletoolbarnotifier\GoogleToolb arNotifier.exe uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\arquivos de programas\arquivos comuns\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 uRun: [Google Update] "c:\documents and settings\mariana\configurações locais\dados de aplicativos\google\update\GoogleUpdate.exe" /c mRun: [SMSERIAL] sm56hlpr.exe mRun: [RemoteControl] "c:\arquivos de programas\cyberlink\powerdvd\PDVDServ.exe" mRun: [HP Software Update] c:\arquivos de programas\hp\hp software update\HPWuSchd2.exe mRun: [Media Codec Update Service] c:\arquivos de programas\essentials codec pack\update.exe -silent mRun: [SpeedBitVideoAccelerator] "c:\arquivos de programas\speedbit video accelerator\VideoAccelerator.exe" mRun: [avgnt] "c:\arquivos de programas\avira\antivir desktop\avgnt.exe" /min mRun: [SunJavaUpdateSched] "c:\arquivos de programas\java\jre6\bin\jusched.exe" mRun: [NeroFilterCheck] c:\arquivos de programas\arquivos comuns\nero\lib\NeroCheck.exe mRun: [NBKeyScan] "c:\arquivos de programas\nero\nero8\nero backitup\NBKeyScan.exe" mRunOnce: [Uninstall Adobe Download Manager] "c:\windows\system32\rundll32.exe" "c:\docume~1\mariana\config~1\temp\nos_uninstall_A dobe.dll",Uninstall /Get1noarp dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\docume~1\mariana\menuin~1\progra~1\inicia~1\fer ram~1.lnk - c:\arquivos de programas\sony\sony picture utility\pmbcore\SPUVolumeWatcher.exe StartupFolder: c:\docume~1\mariana\menuin~1\progra~1\inicia~1\lim ewi~1.lnk - c:\arquivos de programas\limewire\LimeWire.exe StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\ad ober~1.lnk - c:\arquivos de programas\adobe\acrobat 7.0\reader\reader_sl.exe StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\hp digi~1.lnk - c:\arquivos de programas\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\mc afee~1.lnk - c:\arquivos de programas\mcafee security scan\1.0.150\SSScheduler.exe mPolicies-system: EnableLUA = 0 (0x0) IE: &Search IE: &Webshots Photo Search - c:\arquivos de programas\webshots\WSToolbar4IE.dll/MENUSEARCH.HTM IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: Download Flash with Flash Capture - c:\arquivos de programas\flash capture\dl.htm IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~2\office11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\arquivos de programas\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6 FF0C6D236BF8.dll/cmsidewiki.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\arquivos de programas\windows live\writer\WriterBrowserExtension.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~2\office11\REFIEBAR.DLL Trusted Zone: buy-security-essentials.com Trusted Zone: download-soft-package.com Trusted Zone: download-software-package.com Trusted Zone: get-key-se10.com Trusted Zone: is-software-download.com Trusted Zone: buy-security-essentials.com Trusted Zone: get-key-se10.com DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\arquivos de programas\yahoo!\common\Yinsthelper200711281.dll DPF: {31CB2F01-72C2-4CF4-B265-450E8817B039} - hxxp://idownload.br.toontown.com/sv1.4.22.7/ttinst-portuguese.cab DPF: {32505657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://img2.orkut.com/activex/10035/photouploader.cab DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1225243802625 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://imagem.caixa.gov.br/cab/gbpdist.cab TCP: {99908038-28F8-47B1-8539-1BE2543A3869} = 200.204.0.10 200.204.0.138 TCP: {CB84E974-0330-43C8-BD09-A7661717358B} = 200.176.2.10,200.176.2.12 Notify: GbPluginBb - c:\arquivos de programas\gbplugin\gbieh.dll Notify: GbPluginCef - c:\arquivos de programas\gbplugin\gbiehCef.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - c:\arquivos de programas\scpad\scpLIB.dll STS: compIB Class: {a3717295-941d-416f-9384-ed1736729f1c} - c:\arquivos de programas\scpad\scpLIB.dll SEH: GbPluginObj Class: {e37cb5f0-51f5-4395-a808-5fa49e399003} - c:\arquivos de programas\gbplugin\gbiehcef.dll SEH: GbPluginObj Class: {e37cb5f0-51f5-4395-a808-5fa49e399f83} - c:\arquivos de programas\gbplugin\gbieh.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\mariana\dadosd~1\mozilla\firefox\profi les\60ct2e0a.default\ FF - component: c:\documents and settings\mariana\dados de aplicativos\mozilla\firefox\profiles\60ct2e0a.defa ult\extensions\{60270dc7-9ea0-472f-9b77-66652c06246e}\components\FFExternalAlert.dll FF - component: c:\documents and settings\mariana\dados de aplicativos\mozilla\firefox\profiles\60ct2e0a.defa ult\extensions\{60270dc7-9ea0-472f-9b77-66652c06246e}\components\RadioWMPCore.dll FF - component: c:\documents and settings\mariana\dados de aplicativos\mozilla\firefox\profiles\60ct2e0a.defa ult\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}\components\FFExternalAlert.dll FF - component: c:\documents and settings\mariana\dados de aplicativos\mozilla\firefox\profiles\60ct2e0a.defa ult\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}\components\RadioWMPCore.dll FF - plugin: c:\arquivos de programas\google\picasa3\npPicasa3.dll FF - plugin: c:\arquivos de programas\google\update\1.2.183.13\npGoogleOneClic k8.dll FF - plugin: c:\arquivos de programas\microsoft\office live\npOLW.dll FF - plugin: c:\arquivos de programas\real\realarcade\plugins\mozilla\npracplu g.dll FF - plugin: c:\arquivos de programas\windows live\photo gallery\NPWLPG.dll FF - plugin: c:\documents and settings\mariana\configuraã§ãµes locais\dados de aplicativos\google\update\1.2.183.13\npGoogleOneCl ick8.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br"); ============= SERVICES / DRIVERS =============== R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys [2008-12-22 30752] R1 avgio;avgio;c:\arquivos de programas\avira\antivir desktop\avgio.sys [2009-7-24 11608] R2 AntiVirScheduler;Avira AntiVir Scheduler;c:\arquivos de programas\avira\antivir desktop\sched.exe [2009-7-24 108289] R2 AntiVirService;Avira AntiVir Guard;c:\arquivos de programas\avira\antivir desktop\avguard.exe [2009-7-24 185089] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgn tflt.sys [2009-7-24 56816] R2 GbpSv;Gbp Service;c:\arquiv~1\gbplugin\GbpSv.exe [2008-7-24 54048] R2 sbbotdi;sbbotdi;c:\arquiv~1\speedb~1\sbbotdi.sys [2009-2-24 35584] R3 PAC207;VideoCAM GE111;c:\windows\system32\drivers\pfc027.sys [2005-4-8 162176] S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\google\update\GoogleUpdate.exe [2010-2-15 135664] S2 OneStepSrch Service;OneStepSrch Service;"c:\documents and settings\all users\dados de aplicativos\onestepsrch\onestep210.exe" "c:\arquivos de programas\onestepsrch\onestep.dll" service --> c:\documents and settings\all users\dados de aplicativos\onestepsrch\onestep210.exe [?] S3 FXDRV;FXDRV;\??\d:\fxdrv.sys --> d:\Fxdrv.sys [?] =============== Created Last 30 ================ 2010-02-16 20:33:11 0 dc----w- C:\ComboFix 2010-02-16 18:41:58 0 ----a-w- c:\windows\system32\5705.exe 2010-02-16 18:21:52 53248 ----a-w- c:\windows\system32\24464.exe 2010-02-16 17:41:19 0 ----a-w- c:\windows\system32\29358.exe 2010-02-16 17:21:18 0 ----a-w- c:\windows\system32\11478.exe 2010-02-16 15:37:34 0 dc----w- c:\docume~1\mariana\dadosd~1\Malwarebytes 2010-02-16 15:37:27 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-02-16 15:37:13 0 dc----w- c:\docume~1\alluse~1\dadosd~1\Malwarebytes 2010-02-16 15:37:12 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-02-16 15:37:12 0 dc----w- c:\arquivos de programas\Malwarebytes' Anti-Malware 2010-02-16 05:27:05 0 ----a-w- c:\windows\system32\15724.exe 2010-02-15 21:22:04 0 ----a-w- c:\windows\system32\19169.exe 2010-02-15 21:02:03 0 ----a-w- c:\windows\system32\26500.exe 2010-02-15 20:42:02 0 ----a-w- c:\windows\system32\6334.exe 2010-02-15 20:22:01 0 ----a-w- c:\windows\system32\18467.exe ==================== Find3M ==================== 2010-01-03 14:02:41 92868 ----a-w- c:\windows\system32\perfc016.dat 2010-01-03 14:02:41 540112 ----a-w- c:\windows\system32\perfh016.dat 2009-12-31 16:50:03 353792 ----a-w- c:\windows\system32\drivers\srv.sys 2009-12-30 12:59:36 30752 ----a-w- c:\windows\system32\drivers\GbpKm.sys 2009-12-21 19:08:00 916480 ----a-w- c:\windows\system32\wininet.dll 2009-12-17 07:41:40 345600 ----a-w- c:\windows\system32\mspaint.exe 2009-12-14 07:09:23 33280 ----a-w- c:\windows\system32\csrsrv.dll 2009-11-27 17:13:11 17920 ----a-w- c:\windows\system32\msyuv.dll 2009-11-27 17:13:11 1296384 ----a-w- c:\windows\system32\quartz.dll 2009-11-27 16:08:45 8704 ----a-w- c:\windows\system32\tsbyuv.dll 2009-11-27 16:08:44 85504 ----a-w- c:\windows\system32\avifil32.dll 2009-11-27 16:08:44 48128 ----a-w- c:\windows\system32\iyuv_32.dll 2009-11-27 16:08:44 28672 ----a-w- c:\windows\system32\msvidc32.dll 2009-11-27 16:08:44 11264 ----a-w- c:\windows\system32\msrle32.dll 2007-09-24 23:09:59 774144 -c--a-w- c:\arquivos de programas\RngInterstitial.dll 2008-08-24 01:04:39 32768 -csha-w- c:\windows\system32\config\systemprofile\configura ções locais\histórico\history.ie5\mshist012008082320080 824\index.dat ============= FINISH: 18:36:20,03 ===============

16-02-2010, 19:07	#14 (permalink)
Wings Colaborador Registrado em: Apr 2007 Mensagens: 16.449 Reputação: 14526	1. Baixe o AD-Remover* e salve-o no desktop Duplo clique em AD-R.exe e instale o programa. Duplo clique no ícone criado no desktop e clique em [Oui] Tecle L > [ENTER] 2. Acesse a página abaixo http://mvps.org/winhelp2002/DelDomains.inf Clique com o botão direito do mouse na página e selecione "Salvar como..." Salve no desktop Atenção!!...O DelDomains removerá todas as entradas presentes nos sites confiáveis e nos sites restritos. Se você tem adicionado sites restritos, é necessário adicioná-los novamente.* Clique com o botão direito do mouse no arquivo deldomains.inf e selecione [Instalar] Reinicie o PC 3. *Cole o relatório criado em C:\Ad-Report-CLEAN.log __________________ Não respondo dúvidas técnicas por MP. Favor utilizar o Fórum.

16-02-2010, 19:56	#15 (permalink)
mary-batista Novo Membro Registrado em: Sep 2006 Mensagens: 65 Reputação: 12	======= LOGFILE OF AD-REMOVER 1.1.4.6_J \| ONLY XP/VISTA/7 ======= . Updated by C_XX on 05.02.2010 at 17:34 Contact: AdRemover.contact@gmail.com Website: http://pagesperso-orange.fr/NosTools/ad_remover.html . Launch at: 19:21:50, ter 16/02/2010 \| Normal Boot \| Option: CLEAN Executed from: C:\Ad-Remover\ Operating system: Microsoft® Windows XP™ Service Pack 3 versÆo 5.1.2600 Computer Name: HP-PAVILION \| Current user: Mariana . ============== NEUTRALIZED ELEMENT(S) ============== . Service: OneStepSrch Service C:\Arquivos de programas\Mozilla FireFox\extensions\{C7E0B063-1DC2-4DD0-A502-1D67957B9ADE} C:\Arquivos de programas\AskSBar C:\Arquivos de programas\AskTBar C:\Arquivos de programas\OneStepSrch C:\Arquivos de programas\Trymedia C:\DOCUME~1\ALLUSE~1\DADOSD~1\OneStepSrch (!) -- Temp files deleted. . HKCU\software\FunWebProducts HKCU\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{FE063DB9-4EC0-403e-8DD8-394C54984B2C} HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{9CB65206-89C4-402c-BA80-02D8C59F9B1D} HKCU\software\Swiss Casino HKLM\Software\Classes\CLSID\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} HKLM\Software\Classes\CLSID\{9CB65201-89C4-402c-BA80-02D8C59F9B1D} HKLM\Software\Classes\CLSID\{B15FD82E-85BC-430d-90CB-65DB1B030510} HKLM\Software\Classes\CLSID\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} HKLM\Software\Classes\CLSID\{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} HKLM\Software\Classes\CLSID\{F0D4B23B-DA4B-4daf-81E4-DFEE4931A4AA} HKLM\Software\Classes\CLSID\{FE063DB1-4EC0-403e-8DD8-394C54984B2C} HKLM\Software\Classes\CLSID\{FE063DB9-4EC0-403e-8DD8-394C54984B2C} HKLM\Software\Classes\CLSID\{FE063DBB-4EC0-403e-8DD8-394C54984B2C} HKLM\Software\Classes\Interface\{62EB444A-07A0-4E0F-80EE-34B92A9B0E5D} HKLM\software\classes\URLSearchHook.ToolbarURLSear chHook HKLM\software\classes\URLSearchHook.ToolbarURLSear chHook.1 HKLM\software\microsoft\internet explorer\searchscopes\{E4013329-B79F-4680-AD25-5D4D64F28342} HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{FE063DB9-4EC0-403e-8DD8-394C54984B2C} HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyWebSearch bar Uninstall HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{9CB65201-89C4-402c-BA80-02D8C59F9B1D} HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{FE063DB1-4EC0-403e-8DD8-394C54984B2C} HKLM\software\microsoft\windows\currentversion\uni nstall\AskSBar Uninstall HKLM\software\microsoft\windows\currentversion\uni nstall\OneStepSrch HKLM\software\OneStepSrch HKLM\software\Swiss Casino HKLM\software\Trymedia Systems . ============== Added scan ============== . . * Mozilla FireFox Version 3.5.7 [pt-BR] * . ProfilePath: 60ct2e0a.default (Mariana) . (Mariana, prefs.js) Browser.download.lastDir, C:\Documents and Settings\Mariana\Meus documentos\Downloads (Mariana, prefs.js) Extensions.enabledItems, {CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}:1.5.2.29,{fce36c1e-58d8-498a-b2a5-66ad1cedebbb}:0.76,{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15,jqs@sun.com:1.0,{20a82645-c095-46ed-80e3-08825760534b}:1.1,{C7E0B063-1DC2-4DD0-A502-1D67957B9ADE}:1.0,{60270dc7-9ea0-472f-9b77-66652c06246e}:2.5.2.14,{ecdee021-0d17-467f-a1ff-c7a115230949}:2.5.2.14,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.7 . . * Internet Explorer Version 8.0.6001.18702 * . [HKEY_CURRENT_USER\..\Internet Explorer\Main] . Do404Search: 01000000 Local Page: C:\WINDOWS\system32\blank.htm Show_ToolBar: yes Start Page: hxxp://fr.msn.com/ Enable Browser Extensions: yes Use Search Asst: no Use Custom Search URL: 1 (0x1) Search Bar: hxxp://go.microsoft.com/fwlink/?linkid=54896 Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Start Page Redirect Cache: hxxp://br.msn.com/?ocid=iehp Start Page Redirect Cache_TIMESTAMP: dc484cd4192fca01 Start Page Redirect Cache AcceptLangs: pt-br Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome . [HKEY_LOCAL_MACHINE\..\Internet Explorer\Main] . Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Delete_Temp_Files_On_Exit: yes Local Page: C:\WINDOWS\system32\blank.htm Start Page: hxxp://fr.msn.com/ Enable Browser Extensions: yes Search bar: hxxp://search.msn.com/spbasic.htm . [HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS] . Tabs: res://ieframe.dll/tabswelcome.htm . =================================== . 5288 Byte(s) - C:\Ad-Report-CLEAN[1].log . 84 File(s) - C:\DOCUME~1\Mariana\CONFIG~1\Temp 77 File(s) - C:\WINDOWS\Temp 0 File(s) - C:\WINDOWS\Prefetch . 18 File(s) - C:\Ad-Remover\BACKUP 44 File(s) - C:\Ad-Remover\QUARANTINE . End at: 19:33:35 \| ter 16/02/2010 - CLEAN[1] . ============== E.O.F ============== .

16-02-2010, 20:02	#16 (permalink)
dbatista Veterano Registrado em: Feb 2009 Idade: 27 Mensagens: 1.150 Reputação: 50	Dando uma maozinha enquanto o Wings está off... Faça os seguintes procedimentos: Faça download do Dr. Web Cureit em http://www.freedrweb.com/download+cureit/ (nesse link basta ir ao fim da página e clicar em "I accept Dr.Web License Agreement." Após o download execute o programa; Ao iniciar o aplicativo irá fazer um breve scan em seu computador; Se alguma ameaça for detectada exclua; Após o scan básico selecione o scan completo; Faça download do Advanced System Care; http://www.baixaki.com.br/download/advanced-systemcare.htm Após instalar ele já irá fazer uma analise do seu sistema; Basta usar a ferramenta corrigir erros; Depois poste um novo log do hijackthis; Um abraço. __________________ Tudo que sei procuro dividir e o que não sei quero muito aprender: -reputação - dê a quem mereça http://www.youtube.com/watch?v=Fn4mZ8-S2hE Vejam Isso.

16-02-2010, 20:09	#17 (permalink)
Wings Colaborador Registrado em: Apr 2007 Mensagens: 16.449 Reputação: 14526	dbatista Vamos aguardar...daqui há pouco ela faz um scan com o DrWeb. mary-batista 1. Execute novamente o AD-Remover Tecle D > [ENTER] 2. Delete o arquivo DelDomains.inf 3. Execute novamente o DDS e cole o seu relatório. __________________ Não respondo dúvidas técnicas por MP. Favor utilizar o Fórum.

16-02-2010, 22:20	#18 (permalink)
mary-batista Novo Membro Registrado em: Sep 2006 Mensagens: 65 Reputação: 12	Advanced SystemCare Update History v3.5.0 + Added Turbo Boost + Added log view function + Updated Advanced Uninstaller * Fixed general bugs v3.4.2 + Added Software Uninstaller * Fixed general bugs v3.4.1 * Fixed general bugs v3.4.0 + Improved "System Optimization" for Win 7 and Vista + Improved "Registry Fix" section + Improved "Utilities" section + Added "IObit Toolbar" * Fixed bugs in update function * Fixed general bugs v3.3.4 * Fixed bugs for 64bit Windows 7 + Improved AutoCare function v3.3.3 + Improved System Optimization module * Fixed general bugs v3.3.2 + Added detailed online Help + Fixed compatible bugs in Registry Scan module * Fixed general bugs v3.3.1 + Added Internet Booster tool + Added Clone File Finder tool + Improved Disk Explorer tool + Improved Registry Scan module * Fixed main program startup bug * Fixed compatible bug of AutoUpdate function * Fixed bugs in Security Defense module with IE 8 v3.2.0 + Improved Spyware Removal function + Added "Game Booster" + Supported "Google Chrome" privacy sweep + Improved "disk defragment" engine + Improved "Utilities" section * Fixed bugs in update function * Fixed general bugs v3.1.2 * Improved update function * Improved "Utilities" section * Fixed general bugs v3.1.1 + Improved Registry scan module v3.1.0 * Supported Windows XP/Vista 64bit edition * Added support for FireFox 3 * Fixed general bugs v3.0.1 * Fixed compatible bugs * Fixed bugs in installation v3.0.0 + Added new functions, features and tools + Improved overall modules and functions + Applied new interface

16-02-2010, 22:37	#19 (permalink)
mary-batista Novo Membro Registrado em: Sep 2006 Mensagens: 65 Reputação: 12	resultado DDS DDS (Ver_09-12-01.01) - NTFSx86 Run by Mariana at 22:36:09,07 on ter 16/02/2010 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15 Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.735.286 [GMT -2:00] AV: AntiVir Desktop On-access scanning disabled (Updated) {00000002-0002-0000-7C25-9D7C08000A00} ============== Running Processes =============== C:\ARQUIV~1\GbPlugin\GbpSv.exe C:\WINDOWS\system32\svchost -k DcomLaunch C:\WINDOWS\system32\svchost -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\system32\svchost.exe -k LocalService C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\IoctlSvc.exe C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\System32\alg.exe C:\WINDOWS\sm56hlpr.exe C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe C:\Arquivos de programas\SpeedBit Video Accelerator\VideoAccelerator.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe C:\Arquivos de programas\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe C:\Arquivos de programas\McAfee Security Scan\1.0.150\SSScheduler.exe C:\Arquivos de programas\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe C:\WINDOWS\system32\wuauclt.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\Documents and Settings\Mariana\Desktop\pvqh25jb.exe C:\DOCUME~1\Mariana\CONFIG~1\Temp\RarSFX1\wr6y6g.e xe C:\WINDOWS\system32\wscntfy.exe C:\DOCUME~1\Mariana\CONFIG~1\Temp\RarSFX1\a7k2jXP. exe C:\Arquivos de programas\IObit\Advanced SystemCare 3\Awc.exe C:\Documents and Settings\Mariana\Desktop\dds.scr C:\WINDOWS\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyServer = http=127.0.0.1:54114 uSearchURL,(Default) = hxxp://www.google.com/search?q=%s uURLSearchHooks: SpeedBitPlus Toolbar: {60270dc7-9ea0-472f-9b77-66652c06246e} - c:\arquivos de programas\speedbitplus\tbSpe0.dll uURLSearchHooks: Barra de Ferramentas do Yahoo! com bloqueador de pop-up: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - uURLSearchHooks: free-downloads.net Toolbar: {ecdee021-0d17-467f-a1ff-c7a115230949} - c:\arquivos de programas\free-downloads.net\tbfre0.dll BHO: 1 (0x1): {02478d38-c3f9-4efb-9b51-7695eca05670} - Yahoo! Toolbar Helper BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\arquivos de programas\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: ssh2 Class: {2e3c3651-b19c-4dd9-a979-901ec3e930af} - c:\arquivos de programas\scpad\scpsssh2.dll BHO: SpeedBitPlus Toolbar: {60270dc7-9ea0-472f-9b77-66652c06246e} - c:\arquivos de programas\speedbitplus\tbSpe0.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\arquivos de programas\microsoft\search enhancement pack\search helper\SearchHelper.dll BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll BHO: {9aa2f14f-e956-44b8-8694-a5b615cdf341} - NOW!Imaging BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\arquivos de programas\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\arquivos de programas\google\googletoolbarnotifier\5.5.4723.18 20\swg.dll BHO: GbIehObj Class: {c41a1c0e-ea6c-11d4-b1b8-444553540000} - c:\arquivos de programas\gbplugin\gbieh.dll BHO: GbIehObj Class: {c41a1c0e-ea6c-11d4-b1b8-444553540003} - c:\arquivos de programas\gbplugin\gbiehcef.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\arquivos de programas\java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\arquivos de programas\windows live\toolbar\wltcore.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.d ll BHO: free-downloads.net Toolbar: {ecdee021-0d17-467f-a1ff-c7a115230949} - c:\arquivos de programas\free-downloads.net\tbfre0.dll TB: Webshots Toolbar: {c17590d2-ecb4-4b15-8820-f58798dcc118} - TB: SpeedBitPlus Toolbar: {60270dc7-9ea0-472f-9b77-66652c06246e} - c:\arquivos de programas\speedbitplus\tbSpe0.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\arquivos de programas\windows live\toolbar\wltcore.dll TB: free-downloads.net Toolbar: {ecdee021-0d17-467f-a1ff-c7a115230949} - c:\arquivos de programas\free-downloads.net\tbfre0.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\arquivos de programas\google\google toolbar\GoogleToolbar_32.dll TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File TB: {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [swg] c:\arquivos de programas\google\googletoolbarnotifier\GoogleToolb arNotifier.exe uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\arquivos de programas\arquivos comuns\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 uRun: [Google Update] "c:\documents and settings\mariana\configurações locais\dados de aplicativos\google\update\GoogleUpdate.exe" /c uRun: [Advanced SystemCare 3] "c:\arquivos de programas\iobit\advanced systemcare 3\AWC.exe" /startup mRun: [SMSERIAL] sm56hlpr.exe mRun: [RemoteControl] "c:\arquivos de programas\cyberlink\powerdvd\PDVDServ.exe" mRun: [HP Software Update] c:\arquivos de programas\hp\hp software update\HPWuSchd2.exe mRun: [SpeedBitVideoAccelerator] "c:\arquivos de programas\speedbit video accelerator\VideoAccelerator.exe" mRun: [avgnt] "c:\arquivos de programas\avira\antivir desktop\avgnt.exe" /min mRun: [SunJavaUpdateSched] "c:\arquivos de programas\java\jre6\bin\jusched.exe" mRun: [NeroFilterCheck] c:\arquivos de programas\arquivos comuns\nero\lib\NeroCheck.exe mRun: [NBKeyScan] "c:\arquivos de programas\nero\nero8\nero backitup\NBKeyScan.exe" mRunOnce: [Uninstall Adobe Download Manager] "c:\windows\system32\rundll32.exe" "c:\docume~1\mariana\config~1\temp\nos_uninstall_A dobe.dll",Uninstall /Get1noarp mRunOnce: [<NO NAME>] dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\docume~1\mariana\menuin~1\progra~1\inicia~1\fer ram~1.lnk - c:\arquivos de programas\sony\sony picture utility\pmbcore\SPUVolumeWatcher.exe StartupFolder: c:\docume~1\mariana\menuin~1\progra~1\inicia~1\lim ewi~1.lnk - c:\arquivos de programas\limewire\LimeWire.exe StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\ad ober~1.lnk - c:\arquivos de programas\adobe\acrobat 7.0\reader\reader_sl.exe StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\hp digi~1.lnk - c:\arquivos de programas\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\mc afee~1.lnk - c:\arquivos de programas\mcafee security scan\1.0.150\SSScheduler.exe mPolicies-system: EnableLUA = 0 (0x0) IE: &Webshots Photo Search - c:\arquivos de programas\webshots\WSToolbar4IE.dll/MENUSEARCH.HTM IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: Download Flash with Flash Capture - c:\arquivos de programas\flash capture\dl.htm IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~2\office11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\arquivos de programas\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6 FF0C6D236BF8.dll/cmsidewiki.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\arquivos de programas\windows live\writer\WriterBrowserExtension.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~2\office11\REFIEBAR.DLL DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\arquivos de programas\yahoo!\common\Yinsthelper200711281.dll DPF: {31CB2F01-72C2-4CF4-B265-450E8817B039} - hxxp://idownload.br.toontown.com/sv1.4.22.7/ttinst-portuguese.cab DPF: {32505657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://img2.orkut.com/activex/10035/photouploader.cab DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1225243802625 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://imagem.caixa.gov.br/cab/gbpdist.cab TCP: {99908038-28F8-47B1-8539-1BE2543A3869} = 200.204.0.10 200.204.0.138 TCP: {CB84E974-0330-43C8-BD09-A7661717358B} = 200.176.2.10,200.176.2.12 Notify: GbPluginBb - c:\arquivos de programas\gbplugin\gbieh.dll Notify: GbPluginCef - c:\arquivos de programas\gbplugin\gbiehCef.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - c:\arquivos de programas\scpad\scpLIB.dll STS: compIB Class: {a3717295-941d-416f-9384-ed1736729f1c} - c:\arquivos de programas\scpad\scpLIB.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\mariana\dadosd~1\mozilla\firefox\profi les\60ct2e0a.default\ FF - component: c:\documents and settings\mariana\dados de aplicativos\mozilla\firefox\profiles\60ct2e0a.defa ult\extensions\{60270dc7-9ea0-472f-9b77-66652c06246e}\components\FFExternalAlert.dll FF - component: c:\documents and settings\mariana\dados de aplicativos\mozilla\firefox\profiles\60ct2e0a.defa ult\extensions\{60270dc7-9ea0-472f-9b77-66652c06246e}\components\RadioWMPCore.dll FF - component: c:\documents and settings\mariana\dados de aplicativos\mozilla\firefox\profiles\60ct2e0a.defa ult\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}\components\FFExternalAlert.dll FF - component: c:\documents and settings\mariana\dados de aplicativos\mozilla\firefox\profiles\60ct2e0a.defa ult\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}\components\RadioWMPCore.dll FF - plugin: c:\arquivos de programas\google\picasa3\npPicasa3.dll FF - plugin: c:\arquivos de programas\google\update\1.2.183.13\npGoogleOneClic k8.dll FF - plugin: c:\arquivos de programas\microsoft\office live\npOLW.dll FF - plugin: c:\arquivos de programas\real\realarcade\plugins\mozilla\npracplu g.dll FF - plugin: c:\arquivos de programas\windows live\photo gallery\NPWLPG.dll FF - plugin: c:\documents and settings\mariana\configuraã§ãµes locais\dados de aplicativos\google\update\1.2.183.13\npGoogleOneCl ick8.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br"); ============= SERVICES / DRIVERS =============== R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys [2008-12-22 30752] R1 avgio;avgio;c:\arquivos de programas\avira\antivir desktop\avgio.sys [2009-7-24 11608] R2 AntiVirScheduler;Avira AntiVir Scheduler;c:\arquivos de programas\avira\antivir desktop\sched.exe [2009-7-24 108289] R2 AntiVirService;Avira AntiVir Guard;c:\arquivos de programas\avira\antivir desktop\avguard.exe [2009-7-24 185089] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgn tflt.sys [2009-7-24 56816] R2 GbpSv;Gbp Service;c:\arquiv~1\gbplugin\GbpSv.exe [2008-7-24 54048] R2 sbbotdi;sbbotdi;c:\arquiv~1\speedb~1\sbbotdi.sys [2009-2-24 35584] R3 PAC207;VideoCAM GE111;c:\windows\system32\drivers\pfc027.sys [2005-4-8 162176] S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\google\update\GoogleUpdate.exe [2010-2-15 135664] S3 FXDRV;FXDRV;\??\d:\fxdrv.sys --> d:\Fxdrv.sys [?] =============== Created Last 30 ================ 2010-02-17 00:19:07 0 dc----w- c:\docume~1\mariana\dadosd~1\IObit 2010-02-17 00:19:06 0 dc----w- c:\arquivos de programas\IObit 2010-02-16 22:22:39 0 dc----w- c:\documents and settings\mariana\DoctorWeb 2010-02-16 21:16:04 0 dc----w- C:\Ad-Remover 2010-02-16 20:33:11 0 dc----w- C:\ComboFix 2010-02-16 18:41:58 0 ----a-w- c:\windows\system32\5705.exe 2010-02-16 18:21:52 53248 ----a-w- c:\windows\system32\24464.exe 2010-02-16 17:41:19 0 ----a-w- c:\windows\system32\29358.exe 2010-02-16 17:21:18 0 ----a-w- c:\windows\system32\11478.exe 2010-02-16 15:37:34 0 dc----w- c:\docume~1\mariana\dadosd~1\Malwarebytes 2010-02-16 15:37:27 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-02-16 15:37:13 0 dc----w- c:\docume~1\alluse~1\dadosd~1\Malwarebytes 2010-02-16 15:37:12 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-02-16 15:37:12 0 dc----w- c:\arquivos de programas\Malwarebytes' Anti-Malware 2010-02-16 05:27:05 0 ----a-w- c:\windows\system32\15724.exe 2010-02-15 21:22:04 0 ----a-w- c:\windows\system32\19169.exe 2010-02-15 21:02:03 0 ----a-w- c:\windows\system32\26500.exe 2010-02-15 20:42:02 0 ----a-w- c:\windows\system32\6334.exe 2010-02-15 20:22:01 0 ----a-w- c:\windows\system32\18467.exe 2010-01-30 14:14:15 1374 ----a-w- c:\windows\imsins.BAK ==================== Find3M ==================== 2010-01-03 14:02:41 92868 ----a-w- c:\windows\system32\perfc016.dat 2010-01-03 14:02:41 540112 ----a-w- c:\windows\system32\perfh016.dat 2009-12-31 16:50:03 353792 ----a-w- c:\windows\system32\drivers\srv.sys 2009-12-30 12:59:36 30752 ----a-w- c:\windows\system32\drivers\GbpKm.sys 2009-12-21 19:08:00 916480 ----a-w- c:\windows\system32\wininet.dll 2009-12-17 07:41:40 345600 ----a-w- c:\windows\system32\mspaint.exe 2009-12-14 07:09:23 33280 ----a-w- c:\windows\system32\csrsrv.dll 2009-11-27 17:13:11 17920 ----a-w- c:\windows\system32\msyuv.dll 2009-11-27 17:13:11 1296384 ----a-w- c:\windows\system32\quartz.dll 2009-11-27 16:08:45 8704 ----a-w- c:\windows\system32\tsbyuv.dll 2009-11-27 16:08:44 85504 ----a-w- c:\windows\system32\avifil32.dll 2009-11-27 16:08:44 48128 ----a-w- c:\windows\system32\iyuv_32.dll 2009-11-27 16:08:44 28672 ----a-w- c:\windows\system32\msvidc32.dll 2009-11-27 16:08:44 11264 ----a-w- c:\windows\system32\msrle32.dll 2007-09-24 23:09:59 774144 -c--a-w- c:\arquivos de programas\RngInterstitial.dll 2008-08-24 01:04:39 32768 -csha-w- c:\windows\system32\config\systemprofile\configura ções locais\histórico\history.ie5\mshist012008082320080 824\index.dat ============= FINISH: 22:36:56,75 ===============

16-02-2010, 23:29	#20 (permalink)
mary-batista Novo Membro Registrado em: Sep 2006 Mensagens: 65 Reputação: 12	o que faço agora???

Opções do Tópico
Exibir Versão para Impressão Envie essa página por e-mail