Queria saber se meu windows está bem, o log do

osmano807 · 30 de outubro de 2005

queria saber se emu windjows está bem, então analisem para min e postem, please

Logfile of HijackThis v1.99.1

Scan saved at 12:22:01, on 30/10/2005

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\TuneUp WinStyler\WinStylerThemeSvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\Arquivos de programas\ewido\security suite\ewidoctrl.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\wdfmgr.exe

C:\WINDOWS\system32\ZONELABS\vsmon.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Java\jre1.5.0_04\bin\jusched.exe

C:\Arquivos de programas\aceleradorpop\PxUi.exe

C:\Arquivos de programas\MusicMatch\MusicMatch Jukebox\mm_tray.exe

C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe

C:\Arquivos de programas\aceleradorpop\PxClient.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe

C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

C:\Arquivos de programas\iGv6\Discador iG.exe

C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Arquivos de programas\HbTools\Bin\4.7.0.0\HbtWeatherOnTray.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\SoftwareDoctor\ErrorDoctor\ErrorDoctor.exe

C:\Arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe

c:\arquiv~1\intern~1\iexplore.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\RamBooster\Rambooster.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\ARQUIV~1\YAHOO!\MESSEN~1\ypager.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\Yahoo Acelerador\baloonvip.exe

C:\WINDOWS\SideBar\SideBar.exe

C:\Arquivos de programas\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe

C:\Arquivos de programas\Arquivos comuns\Bluebeam Software\Brewery\V45\Printer Support\AutoCAD\MicroBrew2.exe

C:\Arquivos de programas\Oi Internet\DiscaOi.exe

C:\Arquivos de programas\MSN Toolbar Suite\DS\02.05.0000.1082\pt-br\bin\WindowsSearch.exe

C:\Arquivos de programas\WinZip\WZQKPICK.EXE

C:\Arquivos de programas\MSN Toolbar Suite\DS\02.05.0000.1082\pt-br\bin\WindowsSearchIndexer.exe

C:\Arquivos de programas\Quick ShutDown\qsd.exe

C:\WINDOWS\System32\taskmgr.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Arquivos de programas\JetAudio\JetAudio.exe

C:\Arquivos de programas\FlashGet\flashget.exe

C:\ARQUIV~1\MOZILL~1\firefox.exe

C:\WINDOWS\System32\cmd.exe

C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.aekbwtfqslgvubzqsa.com/a_ef9NT5...3USCRBAG4f.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xchanger.ecomercial.com.br/index.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://br.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://br.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://br.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornecido por Oi Internet

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6198

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = clinic.mcafee.com; bin.mcafee.com; download.mcafee.com;<local>

O2 - BHO: Band Class - {00000FF6-0043-40AE-A591-3FB8AB4B8316} - C:\Arquivos de programas\Acez SiteError\siteError.dll

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {244C161F-FAB6-35A9-9A6C-58B2A7E1789C} - C:\DOCUME~1\User\DADOSD~1\ONCEGL~1\logo obj.exe

O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - (no file)

O2 - BHO: PrxcnBHO Class - {7D9E713D-0388-4384-BDD8-2A42EB1C4F04} - C:\Arquivos de programas\aceleradorpop\PrxcnBrsrCtrl.dll

O2 - BHO: &iG - {7EEF1E3D-FD97-4401-BCDB-5827F2D11709} - C:\Arquivos de programas\iGv6\igshop.dll

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\ARQUIV~1\FLASHGET\JCCATCH.DLL

O2 - BHO: (no name) - {B4E18683-D8B5-1537-6932-C9F47718E245} - C:\DOCUME~1\User\DADOSD~1\SURFEX~1\HelpSoap.exe

O2 - BHO: Barra do MSN Busca Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Toolbar Suite\também\02.05.0000.1082\pt-br\msntb.dll

O3 - Toolbar: &iG - {7EEF1E3D-FD97-4401-BCDB-5827F2D11709} - C:\Arquivos de programas\iGv6\igshop.dll

O3 - Toolbar: Barra do MSN Busca - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Toolbar Suite\também\02.05.0000.1082\pt-br\msntb.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dll

O3 - Toolbar: (no name) - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - (no file)

O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Arquivos de programas\ICQToolbar\toolbaru.dll

O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [systemTray] "SysTray.Exe"

O4 - HKLM\..\Run: [Tweak UI] "RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.5.0_04\bin\jusched.exe"

O4 - HKLM\..\Run: [PxClient.exe] "C:\Arquivos de programas\aceleradorpop\PxUi.exe" /Automation

O4 - HKLM\..\Run: [PTSNOOP] "ptsnoop.exe"

O4 - HKLM\..\Run: [Nulware] "C:\WINDOWS\System32\nulware.exe"

O4 - HKLM\..\Run: [MMTray] "C:\Arquivos de programas\MusicMatch\MusicMatch Jukebox\mm_tray.exe"

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [LoadPowerProfile] "Rundll32.exe " powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [internat.exe] "internat.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] "C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe"

O4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [Discador iG] "C:\Arquivos de programas\iGv6\Discador iG.exe" boot

O4 - HKLM\..\Run: [DeviceDiscovery] "C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe"

O4 - HKLM\..\Run: [defyheckbookbash] "C:\Documents and Settings\All Users\Dados de aplicativos\LOVE ENC DEFY HECK\FOUR ABOUT.exe"

O4 - HKLM\..\Run: [CountrySelection] "pctptt.exe"

O4 - HKLM\..\Run: [bikeLoadNameCity] C:\Documents and Settings\All Users\Dados de aplicativos\Stupid Five Bike Load\OBJBIRD.exe

O4 - HKLM\..\Run: [ErrorDoctor] C:\Arquivos de programas\SoftwareDoctor\ErrorDoctor\ErrorDoctor.exe

O4 - HKLM\..\Run: [Zone Labs Client] C:\Arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [bootSkin Startup Jobs] "C:\ARQUIV~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs

O4 - HKLM\..\Run: [MBRun] C:\Arquivos de programas\Arquivos comuns\Bluebeam Software\Brewery\V45\Printer Support\MBrun.exe

O4 - HKLM\..\Run: [PbAdminACAD] C:\Arquivos de programas\Bluebeam Software\Pushbutton PDF\AutoCAD\PbMngr5.exe /install_user

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunOnce: [srePostpone] rundll32.exe c:\windows\system32\zonelabs\srescan.dll,DoSpecialAction

O4 - HKCU\..\Run: [cast type] C:\DOCUME~1\User\DADOSD~1\OPTION~1\Window Memo Amen.exe

O4 - HKCU\..\Run: [RamBooster] C:\Arquivos de programas\RamBooster\Rambooster.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\ARQUIV~1\YAHOO!\MESSEN~1\ypager.exe" -quiet

O4 - HKCU\..\Run: [spybotSD TeaTimer] "C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe"

O4 - HKCU\..\Run: [third nurb] C:\DOCUME~1\User\DADOSD~1\RdrLove\Titlebalmcorn.exe

O4 - HKCU\..\Run: [iBest.baloon] "C:\Arquivos de programas\Yahoo Acelerador\baloonvip.exe"

O4 - HKCU\..\Run: [Longhorn SideBar] C:\WINDOWS\SideBar\SideBar.exe

O4 - HKCU\..\Run: [ccleaner] "C:\Arquivos de programas\CCleaner\ccleaner.exe" /AUTO

O4 - HKCU\..\Run: [FreeRAM XP] "C:\Arquivos de programas\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win

O4 - Startup: Discador iG.lnk = C:\Arquivos de programas\iGv6\discador ig.exe

O4 - Startup: Holiday Lights.lnk = C:\Arquivos de programas\Tiger Technologies\Holiday Lights\Holiday Lights.exe

O4 - Startup: Quick ShutDown.lnk = C:\Arquivos de programas\Quick ShutDown\qsd.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Discador Oi Internet.lnk = C:\Arquivos de programas\Oi Internet\DiscaOi.exe

O4 - Global Startup: Windows Desktop Search.lnk = C:\Arquivos de programas\MSN Toolbar Suite\DS\02.05.0000.1082\pt-br\bin\WindowsSearch.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Arquivos de programas\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: &MSN Busca - res://C:\Arquivos de programas\MSN Toolbar Suite\também\02.05.0000.1082\pt-br\msntb.dll/search.htm

O8 - Extra context menu item: Abrir em uma nova guia do plano de fundo - res://C:\Arquivos de programas\MSN Toolbar Suite\TAB\02.05.0000.1082\pt-br\msntabres.dll/229?17f63d251d9148b088b6d1cfdf15a52f

O8 - Extra context menu item: Abrir em uma nova guia do primeiro plano - res://C:\Arquivos de programas\MSN Toolbar Suite\TAB\02.05.0000.1082\pt-br\msntabres.dll/230?17f63d251d9148b088b6d1cfdf15a52f

O8 - Extra context menu item: Descarregar tudo com o FlashGet - C:\Arquivos de programas\FlashGet\jc_all.htm

O8 - Extra context menu item: Descarregar utilizando o FlashGet - C:\Arquivos de programas\FlashGet\jc_link.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\ARQUIV~1\YAHOO!\COMMON\yhexbmesbr.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\ARQUIV~1\YAHOO!\COMMON\yhexbmesbr.dll

O9 - Extra button: Translate - {87680762-4A83-11B4-885B-0000E8ECA40F} - C:\Arquivos de programas\LingoCom\Translator.lnk (file missing)

O9 - Extra 'Tools' menuitem: LingoWare Translator... - {87680762-4A83-11B4-885B-0000E8ECA40F} - C:\Arquivos de programas\LingoCom\Translator.lnk (file missing)

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARQUIV~1\FLASHGET\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARQUIV~1\FLASHGET\flashget.exe

O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Arquivos de programas\IrfanView\Ebay\Ebay.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE

O9 - Extra button: Barra do iG - {FD1672E0-AE0D-465B-B345-F7B0944A121D} - C:\Arquivos de programas\iGv6\igshop.dll

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.oi.com.br

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120348554069

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{45DE3EF6-BAF8-4805-AA02-710ADCD05397}: NameServer = 200.202.193.76 200.222.0.35

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)

O20 - AppInit_DLLs: MsgPlusLoader.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: ewido security suite control - ewido networks - C:\Arquivos de programas\ewido\security suite\ewidoctrl.exe

O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\PC-cillin 2002\PCCPFW.exe

O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\PC-cillin 2002\Tmntsrv.exe

O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Arquivos de programas\TuneUp WinStyler\WinStylerThemeSvc.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

Obrigado

JoseMelo · 30 de outubro de 2005

Está com o Lop.Com. Desative o antivírus, desinstale o Messenger Plus!, reinicie, gere novo log e cole na sua resposta.

osmano807 · 30 de outubro de 2005

Obrigado, iz o q você disse, aqui o log

Logfile of HijackThis v1.99.1

Scan saved at 13:23:16, on 30/10/2005

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\TuneUp WinStyler\WinStylerThemeSvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\Arquivos de programas\ewido\security suite\ewidoctrl.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\wdfmgr.exe

C:\WINDOWS\system32\ZONELABS\vsmon.exe

C:\Arquivos de programas\Java\jre1.5.0_04\bin\jusched.exe

C:\Arquivos de programas\aceleradorpop\PxUi.exe

C:\Arquivos de programas\MusicMatch\MusicMatch Jukebox\mm_tray.exe

C:\Arquivos de programas\aceleradorpop\PxClient.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe

C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

C:\Arquivos de programas\iGv6\Discador iG.exe

C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\RamBooster\Rambooster.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\ARQUIV~1\YAHOO!\MESSEN~1\ypager.exe

c:\arquiv~1\intern~1\iexplore.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\Yahoo Acelerador\baloonvip.exe

C:\WINDOWS\SideBar\SideBar.exe

C:\Arquivos de programas\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe

C:\Arquivos de programas\Oi Internet\DiscaOi.exe

C:\Arquivos de programas\MSN Toolbar Suite\DS\02.05.0000.1082\pt-br\bin\WindowsSearch.exe

C:\Arquivos de programas\WinZip\WZQKPICK.EXE

C:\Arquivos de programas\Arquivos comuns\Bluebeam Software\Brewery\V45\Printer Support\AutoCAD\MicroBrew2.exe

C:\Arquivos de programas\Quick ShutDown\qsd.exe

C:\Arquivos de programas\MSN Toolbar Suite\DS\02.05.0000.1082\pt-br\bin\WindowsSearchIndexer.exe

C:\WINDOWS\System32\dwwin.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\taskmgr.exe

C:\WINDOWS\System32\cmd.exe

C:\HijackThis\HijackThis.exe

C:\WINDOWS\System32\wuauclt.exe

C:\ARQUIV~1\MOZILL~1\FIREFOX.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.cguybesyoqdd.com/Kq28TQkSJtnEiM...PfzNh/guypj.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.yahoo.com/