Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Entre para seguir isso  
gatolica

Análise de log

Recommended Posts

Oi, o meu antivirus tem detectado o MediaGateway e não me consigo livrar dele. Fui aconselhada a fazer um no HijackThis,mas confesso que não percebo nada disto :muro: ...alguém poderia ajudar-me a analisar o meu log?! Obrigada.

Aqui vai:

Logfile of HijackThis v1.99.1

Scan saved at 14:37:52, on 02/06/2006

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programas\Ficheiros comuns\Symantec Shared\ccProxy.exe

C:\Programas\Ficheiros comuns\Symantec Shared\ccSetMgr.exe

C:\Programas\Norton Internet Security\ISSVC.exe

C:\Programas\Ficheiros comuns\Symantec Shared\SNDSrvc.exe

C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programas\IVT Corporation\BlueSoleil\BTNtService.exe

C:\Programas\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Programas\Ficheiros comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Venturi2\Client\ventc.exe

C:\WINDOWS\Explorer.EXE

C:\Programas\QuickTime\qttask.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Programas\HP\hpcoretech\hpcmpmgr.exe

C:\WINDOWS\System32\rundll32.exe

C:\Programas\Microsoft AntiSpyware\gcasServ.exe

C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe

C:\Programas\HP\HP Software Update\HPWuSchd2.exe

C:\Programas\Real\RealPlayer\RealPlay.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Programas\Messenger\msmsgs.exe

C:\Programas\SAPO Messenger\sapoim.exe

C:\Programas\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe

C:\Programas\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe

C:\Programas\HP\hpcoretech\comp\hptskmgr.exe

C:\Programas\Microsoft AntiSpyware\gcasDtServ.exe

C:\Programas\MSN Messenger\msnmsgr.exe

C:\Programas\IVT Corporation\BlueSoleil\BlueSoleil.exe

C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Venturi2\Configurator\ventcfg.exe

C:\Programas\OpenOffice.org 1.9.130\program\soffice.exe

C:\Programas\OpenOffice.org 1.9.130\program\soffice.BIN

C:\Programas\HP\Digital Imaging\bin\hpqgalry.exe

C:\Programas\Internet Explorer\iexplore.exe

C:\Programas\Windows Media Player\wmplayer.exe

C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sapo.pt/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.clix.pt/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

R3 - Default URLSearchHook is missing

F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe

O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programas\Ficheiros comuns\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programas\google\googletoolbar1.dll

O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programas\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O2 - BHO: IEFriendly Class - {D240DC29-C093-4388-B71F-A7103C796B0C} - C:\Programas\Oemji\OemjiSearchPlus\OemjiPls.dll (file missing)

O3 - Toolbar: Oemji - {804DB5C7-31E6-4885-850A-F1941B58A4C7} - C:\Programas\Oemji\Toolbar\OemjiSrc.dll (file missing)

O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programas\Ficheiros comuns\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programas\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [siS KHooker] C:\WINDOWS\System32\khooker.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [Microsoft Transfer File Server] mtfs.exe

O4 - HKLM\..\Run: [HP Component Manager] "C:\Programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [MsWindows Syspg] mspg32.exe

O4 - HKLM\..\Run: [¢‰¸u0–4C

}ïÁzî[8C:\Programas\ISTsvc\istsvc.exe] C:\WINDOWS\cvgmbria.exe

O4 - HKLM\..\Run: [¢‰¸u0–4C

}ïÁzîžigÝC:\Programas\ISTsvc\istsvc.exe] C:\WINDOWS\cvgmbria.exe

O4 - HKLM\..\Run: [¢‰¸u0Ô@ÔÁß]­ú"ü‰üžiC:\Programas\ISTsvc\istsvc.exe] C:\WINDOWS\cvgmbria.exe

O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar

O4 - HKLM\..\Run: [¢‰¸u0Ô@ÔÁß]­ú"ü‰¸u0C:\Programas\ISTsvc\istsvc.exe] C:\WINDOWS\cvgmbria.exe

O4 - HKLM\..\Run: [¢‰¸u0ÔÁß]­ú"ü‰üžigÝC:\Programas\ISTsvc\istsvc.exe] C:\WINDOWS\cvgmbria.exe

O4 - HKLM\..\Run: [gcasServ] "C:\Programas\Microsoft AntiSpyware\gcasServ.exe"

O4 - HKLM\..\Run: [HELPER] C:\WINDOWS\System32\temp532.exe -N

O4 - HKLM\..\Run: [ccApp] "C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Programas\Ficheiros comuns\Symantec Shared\Security Center\UsrPrmpt.exe

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe

O4 - HKLM\..\Run: [HP Software Update] "C:\Programas\HP\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [RealTray] C:\Programas\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\RunServices: [Microsoft Transfer File Server] mtfs.exe

O4 - HKLM\..\RunServices: [MsWindows Syspg] mspg32.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [NvCplScan] nvsc32.exe

O4 - HKCU\..\Run: [Registry Cleaner] "C:\Programas\Registry Cleaner Trial\regclean.exe"

O4 - HKCU\..\Run: [sAPO Messenger] "C:\Programas\SAPO Messenger\sapoim.exe" /silent

O4 - HKCU\..\Run: [instantTray] C:\Programas\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe

O4 - HKCU\..\Run: [iW_Drop_Icon] C:\Programas\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /dropdisc

O4 - HKCU\..\Run: [MessengerPlus3] "\" /WinStart

O4 - HKCU\..\Run: [msnmsgr] "C:\Programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\RunServices: [HLL Data Parameter] hllcxpa.exe

O4 - Startup: OpenOffice.org 1.9.130.lnk = C:\Programas\OpenOffice.org 1.9.130\program\quickstart.exe

O4 - Global Startup: BlueSoleil.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Inicialização rápida do HP Image Zone.lnk = C:\Programas\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Lembretes Corel Family & Friends.LNK = C:\Programas\Corel\Print House Magic\cffrem.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Venturi 2.lnk = ?

O8 - Extra context menu item: &Búsqueda en Google - res://c:\programas\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZNxmk878DOPT

O8 - Extra context menu item: &Traducir palabra inglesa - res://c:\programas\google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Instantánea de caché de la página - res://c:\programas\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: Páginas similares - res://c:\programas\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Páginas vinculadas - res://c:\programas\google\GoogleToolbar1.dll/cmbacklinks.html

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\MSMSGS.EXE

O12 - Plugin for .spop: C:\Programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.clix.pt/

O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab

O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab

O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by13fd.bay13.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Programas\Autodesk Map 5\AcDcToday.ocx

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Programas\Autodesk Map 5\InstBanr.ocx

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab

O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Programas\Autodesk Map 5\InstFred.ocx

O16 - DPF: {D19781C5-2051-44F8-8445-DDC82933C191} (VacPro.internazionale_ver11) - http://advnt01.com/dialer/internazionale_ver11.CAB

O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Programas\Autodesk Map 5\AcPreview.ocx

O17 - HKLM\System\CCS\Services\Tcpip\..\{09C8F677-B989-48D7-A673-4AB63ED8B1B3}: NameServer = 194.65.100.117

O17 - HKLM\System\CS3\Services\Tcpip\..\{09C8F677-B989-48D7-A673-4AB63ED8B1B3}: NameServer = 194.65.100.117

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O18 - Filter: text/html - {ED7B4C6E-A7DA-4212-9334-E64596FB2B89} - C:\Documents and Settings\Susana\Definições locais\Application Data\microsoft\internet explorer\V0.34.dat

O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2.dll (file missing)

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programas\IVT Corporation\BlueSoleil\BTNtService.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccSetMgr.exe

O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Programas\Norton Internet Security\ISSVC.exe

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programas\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Programas\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHEI~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Venturi2 Client (Venturi2) - Fourelle Systems, Inc - C:\Program Files\Venturi2\Client\ventc.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

1ª Etapa

Baixa a tool symantec /clica

Vá ao Painel de Controle -> em Adicionar e Remover programas

Remova -> C:\Arquivos de programas\ISTbar ou C:\Programas\ISTsvc

Reboot (desliga e liga computador) => Entra no modo de segurança apertando a tecla F8 onde você pode selecionar a opção "Modo Seguro" ou "Modo de Segurança"

Iniciar -> executar -> a tool da symantec (ou seja a ferramenta que voce baixou)

Agora via Windows Explorer -> apaga a pasta

Remova -> C:\Arquivos de programas\ISTbar ou C:\Programas\ISTsvc

Restart seu computador

2ª Etapa

Baixa a tool symantec 2/clica

Repetir o procedimento com este

Vá ao Painel de Controle -> em Adicionar e Remover programas

Remova -> C:\Programas\Oemji

Reinicie em Modo Seguro (aperte a tecla F8 até aparecer uma tela DOS e escolha Modo de Segurança).

Habilite o Windows para mostrar todos os arquivos (até ocultos). -> veja

Execute o HijackThis, clique em Do a System Scan Only, marque

somente as entradas abaixo e dê Fix Checked.

O2 - BHO: IEFriendly Class - {D240DC29-C093-4388-B71F-A7103C796B0C} - C:\Programas\Oemji\OemjiSearchPlus\OemjiPls.dll (file missing)

O3 - Toolbar: Oemji - {804DB5C7-31E6-4885-850A-F1941B58A4C7} - C:\Programas\Oemji\Toolbar\OemjiSrc.dll (file missing)

O4 - HKLM\..\Run: [Microsoft Transfer File Server] mtfs.exe

O4 - HKLM\..\Run: [MsWindows Syspg] mspg32.exe

O4 - HKLM\..\Run: [¢‰¸u0–4C

}ïÁz î[ 8C:\Programas\ISTsvc\istsvc.exe] C:\WINDOWS\cvgmbria.exe

O4 - HKLM\..\Run: [¢‰¸u0–4C

}ïÁz îžigÝC:\Programas\ISTsvc\istsvc.exe] C:\WINDOWS\cvgmbria.exe

O4 - HKLM\..\Run: [¢‰¸u0Ô@ÔÁß]ú" ü‰üžiC:\Programas\ISTsvc\istsvc.exe] C:\WINDOWS\cvgmbria.exe

O4 - HKLM\..\Run: [¢‰¸u0Ô@ÔÁß]ú" ü‰¸u0C:\Programas\ISTsvc\istsvc.exe] C:\WINDOWS\cvgmbria.exe

O4 - HKLM\..\Run: [¢‰¸u0ÔÁß]ú" ü‰üžigÝC:\Programas\ISTsvc\istsvc.exe] C:\WINDOWS\cvgmbria.exe

O4 - HKLM\..\Run: [HELPER] C:\WINDOWS\System32\temp532.exe -N

O4 - HKLM\..\RunServices: [Microsoft Transfer File Server] mtfs.exe

O4 - HKLM\..\RunServices: [MsWindows Syspg] mspg32.exe

O4 - HKCU\..\RunServices: [HLL Data Parameter] hllcxpa.exe

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZNxmk878DOPT

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab

O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab

O16 - DPF: {D19781C5-2051-44F8-8445-DDC82933C191} (VacPro.internazionale_ver11) - http://advnt01.com/dialer/internazionale_ver11.CAB

O18 - Filter: text/html - {ED7B4C6E-A7DA-4212-9334-E64596FB2B89} - C:\Documents and Settings\Susana\Definições locais\Application Data\microsoft\internet explorer\V0.34.dat

O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2.dll (file missing)

Agora via Windows Explorer -> apaga a pasta e os arquivos

C:\Programas\Oemji

C:\WINDOWS\System32\vbsys2.dll

C:\Documents and Settings\Susana\Definições locais\Application Data\microsoft\internet explorer\V0.34.dat

C:\WINDOWS\cvgmbria.exe

C:\WINDOWS\System32\temp532.exe

Procure estes, que podem estar no diretório C:\WINDOWS\System32 ou C:\WINDOWS\

Agora via Windows Explorer -> delete

hllcxpa.exe

mspg32.exe

mtfs.exe

Iniciar -> executar -> a tool da symantec 2 (ou seja a ferramenta que voce baixou)

Reinicie em modo normal.

Postar o novo log.

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • Tentei fazer o que me aconselhou, mas tive alguns problemas, porque não consegui encontras no Windows Explorer nenhum dos arquivos e pastas que me disse para apagar, não percebo porquê, porque habilitei o Windows para mostrar todos os arquivos.

    Além disso, as tools da symantec não acusaram nenhuma das ameaças que se destinavam a procurar e o Disco C, continua a abrir-se sozinho ao iniciar o PC em modo normal, embora não saiba se isso está em algo relacionado com o assunto.

    De qualquer das formas aqui vai o novo log. Obrigada.

    Logfile of HijackThis v1.99.1

    Scan saved at 17:27:46, on 02/07/2006

    Platform: Windows XP SP1 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Programas\Ficheiros comuns\Symantec Shared\ccProxy.exe

    C:\Programas\Ficheiros comuns\Symantec Shared\ccSetMgr.exe

    C:\Programas\Norton Internet Security\ISSVC.exe

    C:\Programas\Ficheiros comuns\Symantec Shared\SNDSrvc.exe

    C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Programas\IVT Corporation\BlueSoleil\BTNtService.exe

    C:\Programas\Norton Internet Security\Norton AntiVirus\navapsvc.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Programas\Ficheiros comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

    C:\Program Files\Venturi2\Client\ventc.exe

    C:\WINDOWS\Explorer.EXE

    C:\Programas\QuickTime\qttask.exe

    C:\WINDOWS\SOUNDMAN.EXE

    C:\Programas\HP\hpcoretech\hpcmpmgr.exe

    C:\WINDOWS\System32\rundll32.exe

    C:\Programas\Microsoft AntiSpyware\gcasServ.exe

    C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe

    C:\Programas\Ficheiros comuns\Symantec Shared\Security Center\UsrPrmpt.exe

    C:\Programas\HP\HP Software Update\HPWuSchd2.exe

    C:\Programas\Real\RealPlayer\RealPlay.exe

    C:\WINDOWS\System32\ctfmon.exe

    C:\Programas\Messenger\msmsgs.exe

    C:\Programas\SAPO Messenger\sapoim.exe

    C:\Programas\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe

    C:\Programas\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe

    C:\Programas\HP\hpcoretech\comp\hptskmgr.exe

    C:\Programas\MSN Messenger\msnmsgr.exe

    C:\Programas\Microsoft AntiSpyware\gcasDtServ.exe

    C:\Programas\IVT Corporation\BlueSoleil\BlueSoleil.exe

    C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe

    C:\Program Files\Venturi2\Configurator\ventcfg.exe

    C:\Programas\OpenOffice.org 1.9.130\program\soffice.exe

    C:\Programas\OpenOffice.org 1.9.130\program\soffice.BIN

    C:\WINDOWS\System32\HPZipm12.exe

    C:\Programas\HP\Digital Imaging\bin\hpqgalry.exe

    C:\Programas\Internet Explorer\iexplore.exe

    C:\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sapo.pt/

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.clix.pt/

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

    R3 - Default URLSearchHook is missing

    F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe

    O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programas\Ficheiros comuns\Symantec Shared\AdBlocking\NISShExt.dll

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programas\google\googletoolbar1.dll

    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programas\Norton Internet Security\Norton AntiVirus\NavShExt.dll

    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programas\Ficheiros comuns\Symantec Shared\AdBlocking\NISShExt.dll

    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programas\Norton Internet Security\Norton AntiVirus\NavShExt.dll

    O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programas\google\googletoolbar1.dll

    O4 - HKLM\..\Run: [siS KHooker] C:\WINDOWS\System32\khooker.exe

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

    O4 - HKLM\..\Run: [HP Component Manager] "C:\Programas\HP\hpcoretech\hpcmpmgr.exe"

    O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar

    O4 - HKLM\..\Run: [gcasServ] "C:\Programas\Microsoft AntiSpyware\gcasServ.exe"

    O4 - HKLM\..\Run: [ccApp] "C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe"

    O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Programas\Ficheiros comuns\Symantec Shared\Security Center\UsrPrmpt.exe

    O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe

    O4 - HKLM\..\Run: [HP Software Update] "C:\Programas\HP\HP Software Update\HPWuSchd2.exe"

    O4 - HKLM\..\Run: [RealTray] C:\Programas\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

    O4 - HKCU\..\Run: [MSMSGS] "C:\Programas\Messenger\msmsgs.exe" /background

    O4 - HKCU\..\Run: [NvCplScan] nvsc32.exe

    O4 - HKCU\..\Run: [Registry Cleaner] "C:\Programas\Registry Cleaner Trial\regclean.exe"

    O4 - HKCU\..\Run: [sAPO Messenger] "C:\Programas\SAPO Messenger\sapoim.exe" /silent

    O4 - HKCU\..\Run: [instantTray] C:\Programas\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe

    O4 - HKCU\..\Run: [iW_Drop_Icon] C:\Programas\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /dropdisc

    O4 - HKCU\..\Run: [MessengerPlus3] "\" /WinStart

    O4 - HKCU\..\Run: [msnmsgr] "C:\Programas\MSN Messenger\msnmsgr.exe" /background

    O4 - Startup: OpenOffice.org 1.9.130.lnk = C:\Programas\OpenOffice.org 1.9.130\program\quickstart.exe

    O4 - Global Startup: BlueSoleil.lnk = ?

    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe

    O4 - Global Startup: Inicialização rápida do HP Image Zone.lnk = C:\Programas\HP\Digital Imaging\bin\hpqthb08.exe

    O4 - Global Startup: Lembretes Corel Family & Friends.LNK = C:\Programas\Corel\Print House Magic\cffrem.exe

    O4 - Global Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office10\OSA.EXE

    O4 - Global Startup: Venturi 2.lnk = ?

    O8 - Extra context menu item: &Búsqueda en Google - res://c:\programas\google\GoogleToolbar1.dll/cmsearch.html

    O8 - Extra context menu item: &Traducir palabra inglesa - res://c:\programas\google\GoogleToolbar1.dll/cmwordtrans.html

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

    O8 - Extra context menu item: Instantánea de caché de la página - res://c:\programas\google\GoogleToolbar1.dll/cmcache.html

    O8 - Extra context menu item: Páginas similares - res://c:\programas\google\GoogleToolbar1.dll/cmsimilar.html

    O8 - Extra context menu item: Páginas vinculadas - res://c:\programas\google\GoogleToolbar1.dll/cmbacklinks.html

    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\MSMSGS.EXE

    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\MSMSGS.EXE

    O12 - Plugin for .spop: C:\Programas\Internet Explorer\Plugins\NPDocBox.dll

    O14 - IERESET.INF: START_PAGE_URL=http://www.clix.pt/

    O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab

    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by13fd.bay13.hotmail.msn.com/resources/MsnPUpld.cab

    O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Programas\Autodesk Map 5\AcDcToday.ocx

    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

    O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Programas\Autodesk Map 5\InstBanr.ocx

    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab

    O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Programas\Autodesk Map 5\InstFred.ocx

    O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Programas\Autodesk Map 5\AcPreview.ocx

    O17 - HKLM\System\CCS\Services\Tcpip\..\{09C8F677-B989-48D7-A673-4AB63ED8B1B3}: NameServer = 194.65.100.117

    O17 - HKLM\System\CS3\Services\Tcpip\..\{09C8F677-B989-48D7-A673-4AB63ED8B1B3}: NameServer = 194.65.100.117

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programas\IVT Corporation\BlueSoleil\BTNtService.exe

    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe

    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccProxy.exe

    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccPwdSvc.exe

    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccSetMgr.exe

    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Programas\Norton Internet Security\ISSVC.exe

    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programas\Norton Internet Security\Norton AntiVirus\navapsvc.exe

    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

    O23 - Service: SAVScan - Symantec Corporation - C:\Programas\Norton Internet Security\Norton AntiVirus\SAVScan.exe

    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHEI~1\SYMANT~1\SCRIPT~1\SBServ.exe

    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\SNDSrvc.exe

    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

    O23 - Service: Venturi2 Client (Venturi2) - Fourelle Systems, Inc - C:\Program Files\Venturi2\Client\ventc.exe

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Postado Originalmente por gatolica Postado em Hoje@ 15:32

    Tentei fazer o que me aconselhou, mas tive alguns problemas, porque não consegui encontras no Windows Explorer nenhum dos arquivos e pastas que me disse para apagar, não percebo porquê, porque habilitei o Windows para mostrar todos os arquivos.

    Não necessariamente deveria encontrar. Constava no log, por precaução foi sugerida a busca. Não encontrou, melhor ainda.

    1. Execute este scan on line no setor de detecção de vírus.

    2.Faça o download do ewido

    http://www.ewido.net/en/download/

    • Selecione "English" como idioma para a instalação

    • Clique em Next, I Agree, Next. Next. Desmarque a caixa Install background guard e clique em Install e depois Finish.

    • Na janela principal do ewido clique em Actualizar no menu esquerdo e então clique em Iniciar actualização.

    • Quando a atualização terminar, você verá a mensagem Actualizado com sucesso no canto inferior esquerdo

    • Saia do ewido e não rode um scan completo ainda

    Postado Originalmente por gatolica Postado em Ontem@ 12:44

    o meu antivirus tem detectado o MediaGateway e não me consigo livrar dele.

    3. Vá ao Painel de Controle -> Utilize Adicionar / Remover programas.

    Remova o MediaGateway

    Reinicie o computador no Modo de Segurança apertando F8 logo que iniciar até aparecer um menu onde você pode selecionar a opção "Modo Seguro" ou "Modo de Segurança".

    1. • Abra o ewido e clique em Verificar e então em Verificação Completa do Sistema

    • O ewido detecta alguns programas legítimos. Portanto, não marque a caixa que diz Executar a acção em todas as infecções. Se o ewido encontrar um arquivo que você acredita ser legítimo, por exemplo discadores, escolha a opção "Nenhuma" e clique em OK. Caso contrário, deixe em Remover e clique em OK.

    Ao término da varredura, localize o screen com nome de -> Save report

    • Quando o ewido terminar, feche-o.

    2. Execute o HijackThis, clique em Do a System Scan Only, marque

    somente as entradas abaixo e dê Fix Checked.

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php

    O4 - HKCU\..\Run: [NvCplScan] nvsc32.exe

    3. Via Windows Explorer apague a pasta se existir

    MediaGateway

    e todo seu conteúdo

    Reinicie em modo normal.

    Postar log do Ewido + log Symantec + novo log hijackthis sem as entradas marcadas.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Então cá vai isto mais uma vez.

    A symantec (penso eu) não gerou nenhum log, apenas apareceu uma mensagem a dizer que não tinha encontrado nenhuma ameaça.

    Quanto ao ewido foi complicado saber o que devia apagar ou não e alguma coisa correu mal, porque agora o office não consegue abrir...devo ter apagado algum ficheiro importante, se bem que não tenho a certeza se terá sido no ewido, pois no outro dia aconteceu o mesmo depois de apagar os itens do hijack this. Pode dizer-me o que correu mal e como resolver isto? Porque não queria agora fazer nada que pussesse em causa o trabalho que temos estado a ter. Muito obrigada.

    ---------------------------------------------------------

    ewido anti-malware - Relatório de verificação

    ---------------------------------------------------------

    + Criado em: 11:38:42, 02/09/2006

    + Relatório-Checksum: 1E8E5361

    + Resultado da verificação:

    HKLM\SOFTWARE\Classes\BHO.CSBHO -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\BHO.CSBHO\CLSID -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\BHO.CSBHO\CurVer -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\BHO.CSBHO.1 -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\CLSID\{804DB5C7-31E6-4885-850A-F1941B58A4C7} -> Adware.Generic : Limpo com backup

    HKLM\SOFTWARE\Classes\CLSID\{D240DC29-C093-4388-B71F-A7103C796B0C} -> Adware.Generic : Limpo com backup

    HKLM\SOFTWARE\Classes\CometAppUtil.CometUIEvents -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\CometAppUtil.CometUIEvents\CLSID -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\CometAppUtil.CometUIEvents\CurVer -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\CometAppUtil.CometUIEvents.1 -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\CometIEToolbar.CometToolbar -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\CometIEToolbar.CometToolbar\CLSID -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\CometIEToolbar.CometToolbar\CurVer -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\CometIEToolbar.CometToolbar.1 -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\ComUtil.FCParam -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\ComUtil.FCParam\CLSID -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\ComUtil.FCParam\CurVer -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\ComUtil.FCParam.1 -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\ComUtil.FctCall -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\ComUtil.FctCall\CLSID -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\ComUtil.FctCall\CurVer -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\ComUtil.FctCall.1 -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\ContextParser.ContextProxy -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\ContextParser.ContextProxy\CLSID -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\ContextParser.ContextProxy\CurVer -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\ContextParser.ContextProxy.1 -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\ContextParser.ContextProxyMgr -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\ContextParser.ContextProxyMgr\CLSID -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\ContextParser.ContextProxyMgr\CurVer -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\ContextParser.ContextProxyMgr.1 -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\ContextParser.CSRegExp -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\ContextParser.CSRegExp\CLSID -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\ContextParser.CSRegExp\CurVer -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\ContextParser.CSRegExp.1 -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\ContextParser.URLContextParser -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\ContextParser.URLContextParser\CLSID -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\ContextParser.URLContextParser\CurVer -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\ContextParser.URLContextParser.1 -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\Core.BHO1 -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\Core.BHO1\CLSID -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\Core.BHO1\CurVer -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\Core.BHO1.1 -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\Core.BrowserAppProxy -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\Core.BrowserAppProxy\CLSID -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\Core.BrowserAppProxy\CurVer -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\Core.BrowserAppProxy.1 -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\Core.CometCursor -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\Core.CometCursor\CLSID -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\Core.CometCursor\CurVer -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\Core.CometCursor.1 -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\Core.CometFrame -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\Core.CometFrame\CLSID -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\Core.CometFrame\CurVer -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\Core.CometFrame.1 -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\Core.CometWindow -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\Core.CometWindow\CLSID -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\Core.CometWindow\CurVer -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\Core.CometWindow.1 -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\Core.CS15Cursor -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\Core.CS15Cursor\CLSID -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\Core.CS15Cursor\CurVer -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\Core.CS15Cursor.1 -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\Core.FileInfo -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\Core.FileInfo\CLSID -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\Core.FileInfo\CurVer -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\Core.FileInfo.1 -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\Core.HttpComm -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\Core.HttpComm\CLSID -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\Core.HttpComm\CurVer -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\Core.HttpComm.1 -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\Core.MyBrowser1 -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\Core.MyBrowser1\CLSID -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\Core.MyBrowser1\CurVer -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\Core.MyBrowser1.1 -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\Core.SelfUpdater -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\Core.SelfUpdater\CLSID -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\Core.SelfUpdater\CurVer -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\Core.SelfUpdater.1 -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\Core.System -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\Core.System\CLSID -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\Core.System\CurVer -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\Core.System.1 -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\Core.WindowProxy -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\Core.WindowProxy\CLSID -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\Core.WindowProxy\CurVer -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\Core.WindowProxy.1 -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\CSBand.HorizontalIEBand -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\CSBand.HorizontalIEBand\CLSID -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\CSBand.HorizontalIEBand\CurVer -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\CSBand.HorizontalIEBand.1 -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\CSBand.VerticalIEBand -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\CSBand.VerticalIEBand\CLSID -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\CSBand.VerticalIEBand\CurVer -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\CSBand.VerticalIEBand.1 -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\CSBRange.ByteRange -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\CSBRange.ByteRange\CLSID -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\CSBRange.ByteRange\CurVer -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\CSBRange.ByteRange.1 -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\CSEng.CSEngine -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\CSEng.CSEngine\CLSID -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\CSEng.CSEngine\CurVer -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\CSEng.CSEngine.1 -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\CSEng.CSHost -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\CSEng.CSHost\CLSID -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\CSEng.CSHost\CurVer -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\CSEng.CSHost.1 -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\CSEng.EvHandler -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\CSEng.EvHandler\CLSID -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\CSEng.EvHandler\CurVer -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\CSEng.EvHandler.1 -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\CSIP.CSCollection -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\CSIP.CSCollection\CLSID -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\CSIP.CSCollection\CurVer -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\CSIP.CSCollection.1 -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\CSIP.CSIPDispatch -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\CSIP.CSIPDispatch\CLSID -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\CSIP.CSIPDispatch\CurVer -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\CSIP.CSIPDispatch.1 -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\CSIP.CSIPPacket -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\CSIP.CSIPPacket\CLSID -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\CSIP.CSIPPacket\CurVer -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\CSIP.CSIPPacket.1 -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\SkinUI.ActiveWindow -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\SkinUI.ActiveWindow\CLSID -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\SkinUI.ActiveWindow\CurVer -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\SkinUI.ActiveWindow.1 -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\SkinUI.CSkinUI -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\SkinUI.CSkinUI\CLSID -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\SkinUI.CSkinUI\CurVer -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\SkinUI.CSkinUI.1 -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\SkinUI.WebBrowserSink -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\SkinUI.WebBrowserSink\CLSID -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\SkinUI.WebBrowserSink\CurVer -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\SkinUI.WebBrowserSink.1 -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\SkinUI.WindowsHelper -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\SkinUI.WindowsHelper\CLSID -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\SkinUI.WindowsHelper\CurVer -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\SkinUI.WindowsHelper.1 -> Adware.CometCursor : Limpo com backup

    HKLM\SOFTWARE\Classes\VacPro.internazionale_ver4 -> Dialer.Generic : Limpo com backup

    HKLM\SOFTWARE\Classes\VacPro.internazionale_ver4\Clsid -> Dialer.Generic : Limpo com backup

    HKLM\SOFTWARE\HbTools -> Adware.HotBar : Limpo com backup

    HKLM\SOFTWARE\HbTools\HbTools -> Adware.HotBar : Limpo com backup

    HKLM\SOFTWARE\HbTools\HbTools\PI -> Adware.HotBar : Limpo com backup

    HKLM\SOFTWARE\HbTools\HbTools\PI\3.2 -> Adware.HotBar : Limpo com backup

    HKLM\SOFTWARE\HbTools\Hotbar -> Adware.HotBar : Limpo com backup

    HKLM\SOFTWARE\HbTools\Hotbar\Install -> Adware.HotBar : Limpo com backup

    HKLM\SOFTWARE\ohbbackup -> Adware.EliteBar : Limpo com backup

    HKLM\SOFTWARE\ohbbackup\EliteToolBar -> Adware.EliteBar : Limpo com backup

    HKLM\SOFTWARE\WildMedia -> Adware.MidAddle : Limpo com backup

    HKLM\SOFTWARE\WildMedia\LicenseStores -> Adware.MidAddle : Limpo com backup

    HKU\S-1-5-21-597033282-3414962299-3841076184-1005\Software\IST -> Adware.ISTBar : Limpo com backup

    C:\Documents and Settings\LocalService\Menu Iniciar\Programas\Power Scan -> Adware.PowerScan : Limpo com backup

    C:\Documents and Settings\LocalService\Menu Iniciar\Programas\Power Scan\Power Scan.lnk -> Adware.PowerScan : Limpo com backup

    C:\Documents and Settings\Susana\Cookies\susana@2o7[2].txt -> TrackingCookie.2o7 : Limpo com backup

    C:\Documents and Settings\Susana\Cookies\susana@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Limpo com backup

    C:\Documents and Settings\Susana\Cookies\susana@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Limpo com backup

    C:\Documents and Settings\Susana\Cookies\susana@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Limpo com backup

    C:\Documents and Settings\Susana\Cookies\susana@ads18.bpath[1].txt -> TrackingCookie.Bpath : Limpo com backup

    C:\Documents and Settings\Susana\Cookies\susana@ads23.bpath[1].txt -> TrackingCookie.Bpath : Limpo com backup

    C:\Documents and Settings\Susana\Cookies\susana@adtech[2].txt -> TrackingCookie.Adtech : Limpo com backup

    C:\Documents and Settings\Susana\Cookies\susana@advertising[2].txt -> TrackingCookie.Advertising : Limpo com backup

    C:\Documents and Settings\Susana\Cookies\susana@as-eu.falkag[2].txt -> TrackingCookie.Falkag : Limpo com backup

    C:\Documents and Settings\Susana\Cookies\susana@as1.falkag[1].txt -> TrackingCookie.Falkag : Limpo com backup

    C:\Documents and Settings\Susana\Cookies\susana@atdmt[2].txt -> TrackingCookie.Atdmt : Limpo com backup

    C:\Documents and Settings\Susana\Cookies\susana@bfast[2].txt -> TrackingCookie.Bfast : Limpo com backup

    C:\Documents and Settings\Susana\Cookies\susana@bilbo.counted[2].txt -> TrackingCookie.Counted : Limpo com backup

    C:\Documents and Settings\Susana\Cookies\susana@bluestreak[1].txt -> TrackingCookie.Bluestreak : Limpo com backup

    C:\Documents and Settings\Susana\Cookies\susana@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Limpo com backup

    C:\Documents and Settings\Susana\Cookies\susana@burstnet[1].txt -> TrackingCookie.Burstnet : Limpo com backup

    C:\Documents and Settings\Susana\Cookies\susana@c.enhance[1].txt -> TrackingCookie.Enhance : Limpo com backup

    C:\Documents and Settings\Susana\Cookies\susana@c7.zedo[1].txt -> TrackingCookie.Zedo : Limpo com backup

    C:\Documents and Settings\Susana\Cookies\susana@casalemedia[2].txt -> TrackingCookie.Casalemedia : Limpo com backup

    C:\Documents and Settings\Susana\Cookies\susana@casinodelrio[2].txt -> TrackingCookie.Casinodelrio : Limpo com backup

    C:\Documents and Settings\Susana\Cookies\susana@centrport[1].txt -> TrackingCookie.Centrport : Limpo com backup

    C:\Documents and Settings\Susana\Cookies\susana@clickbank[2].txt -> TrackingCookie.Clickbank : Limpo com backup

    C:\Documents and Settings\Susana\Cookies\susana@counter16.sextracker[1].txt -> TrackingCookie.Sextracker : Limpo com backup

    C:\Documents and Settings\Susana\Cookies\susana@counter2.hitslink[2].txt -> TrackingCookie.Hitslink : Limpo com backup

    C:\Documents and Settings\Susana\Cookies\susana@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Limpo com backup

    C:\Documents and Settings\Susana\Cookies\susana@doubleclick[1].txt -> TrackingCookie.Doubleclick : Limpo com backup

    C:\Documents and Settings\Susana\Cookies\susana@ehg-autodesk.hitbox[2].txt -> TrackingCookie.Hitbox : Limpo com backup

    C:\Documents and Settings\Susana\Cookies\susana@empnads.valuead[2].txt -> TrackingCookie.Valuead : Limpo com backup

    C:\Documents and Settings\Susana\Cookies\susana@estat[2].txt -> TrackingCookie.Estat : Limpo com backup

    C:\Documents and Settings\Susana\Cookies\susana@fastclick[1].txt -> TrackingCookie.Fastclick : Limpo com backup

    C:\Documents and Settings\Susana\Cookies\susana@fl01.ct2.comclick[1].txt -> TrackingCookie.Comclick : Limpo com backup

    C:\Documents and Settings\Susana\Cookies\susana@h.starware[2].txt -> TrackingCookie.Starware : Limpo com backup

    C:\Documents and Settings\Susana\Cookies\susana@hg1.hitbox[2].txt -> TrackingCookie.Hitbox : Limpo com backup

    C:\Documents and Settings\Susana\Cookies\susana@hitbox[1].txt -> TrackingCookie.Hitbox : Limpo com backup

    C:\Documents and Settings\Susana\Cookies\susana@ivwbox[1].txt -> TrackingCookie.Ivwbox : Limpo com backup

    C:\Documents and Settings\Susana\Cookies\susana@media.fastclick[2].txt -> TrackingCookie.Fastclick : Limpo com backup

    C:\Documents and Settings\Susana\Cookies\susana@mediaplex[1].txt -> TrackingCookie.Mediaplex : Limpo com backup

    C:\Documents and Settings\Susana\Cookies\susana@perf.overture[1].txt -> TrackingCookie.Overture : Limpo com backup

    C:\Documents and Settings\Susana\Cookies\susana@questionmarket[1].txt -> TrackingCookie.Questionmarket : Limpo com backup

    C:\Documents and Settings\Susana\Cookies\susana@revenue[2].txt -> TrackingCookie.Revenue : Limpo com backup

    C:\Documents and Settings\Susana\Cookies\susana@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Limpo com backup

    C:\Documents and Settings\Susana\Cookies\susana@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Limpo com backup

    C:\Documents and Settings\Susana\Cookies\susana@server3.web-stat[1].txt -> TrackingCookie.Web-stat : Limpo com backup

    C:\Documents and Settings\Susana\Cookies\susana@serving-sys[1].txt -> TrackingCookie.Serving-sys : Limpo com backup

    C:\Documents and Settings\Susana\Cookies\susana@sextracker[1].txt -> TrackingCookie.Sextracker : Limpo com backup

    C:\Documents and Settings\Susana\Cookies\susana@stat.onestat[2].txt -> TrackingCookie.Onestat : Limpo com backup

    C:\Documents and Settings\Susana\Cookies\susana@statcounter[1].txt -> TrackingCookie.Statcounter : Limpo com backup

    C:\Documents and Settings\Susana\Cookies\susana@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Limpo com backup

    C:\Documents and Settings\Susana\Cookies\susana@stats3.porntrack[2].txt -> TrackingCookie.Porntrack : Limpo com backup

    C:\Documents and Settings\Susana\Cookies\susana@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Limpo com backup

    C:\Documents and Settings\Susana\Cookies\susana@tacoda[1].txt -> TrackingCookie.Tacoda : Limpo com backup

    C:\Documents and Settings\Susana\Cookies\susana@targetnet[1].txt -> TrackingCookie.Targetnet : Limpo com backup

    C:\Documents and Settings\Susana\Cookies\susana@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Limpo com backup

    C:\Documents and Settings\Susana\Cookies\susana@trafficmp[2].txt -> TrackingCookie.Trafficmp : Limpo com backup

    C:\Documents and Settings\Susana\Cookies\susana@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Limpo com backup

    C:\Documents and Settings\Susana\Cookies\susana@valueclick[1].txt -> TrackingCookie.Valueclick : Limpo com backup

    C:\Documents and Settings\Susana\Cookies\susana@weborama[1].txt -> TrackingCookie.Weborama : Limpo com backup

    C:\Documents and Settings\Susana\Cookies\susana@webstat[1].txt -> TrackingCookie.Web-stat : Limpo com backup

    C:\Documents and Settings\Susana\Cookies\susana@www.herballife.com.18345.fb.dbbsrv[1].txt -> TrackingCookie.Dbbsrv : Limpo com backup

    C:\Documents and Settings\Susana\Cookies\susana@www.shopathomeselect[2].txt -> TrackingCookie.Shopathomeselect : Limpo com backup

    C:\Documents and Settings\Susana\Cookies\susana@www.sidefind[1].txt -> TrackingCookie.Sidefind : Limpo com backup

    C:\Documents and Settings\Susana\Cookies\susana@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Limpo com backup

    C:\Documents and Settings\Susana\Cookies\susana@www.starware[1].txt -> TrackingCookie.Starware : Limpo com backup

    C:\Documents and Settings\Susana\Cookies\susana@xxxtoolbar[2].txt -> TrackingCookie.Xxxtoolbar : Limpo com backup

    C:\Documents and Settings\Susana\Cookies\susana@z1.adserver[1].txt -> TrackingCookie.Adserver : Limpo com backup

    C:\Documents and Settings\Susana\Cookies\susana@zedo[2].txt -> TrackingCookie.Zedo : Limpo com backup

    C:\Documents and Settings\Susana\Definições locais\Temp\swtbinst.exe/csbho.dll -> Adware.Comet : Limpo com backup

    C:\Documents and Settings\Susana\Definições locais\Temp\swtbinst.exe/cscore.dll -> Adware.Comet : Limpo com backup

    C:\Documents and Settings\Susana\Definições locais\Temp\swtbinst.exe/csietb.dll -> Adware.Comet : Limpo com backup

    C:\Documents and Settings\Susana\Definições locais\Temp\swtbinst.exe/comet.exe -> Adware.Comet : Limpo com backup

    C:\Documents and Settings\Susana\Definições locais\Temp\swtbinst.exe/fileutil.dll -> Adware.Comet : Limpo com backup

    C:\Documents and Settings\Susana\Definições locais\Temp\swtbinst.exe/csutil.dll -> Adware.Comet : Limpo com backup

    C:\Documents and Settings\Susana\Definições locais\Temp\swtbinst.exe/csinst.dll -> Adware.Comet : Limpo com backup

    C:\Documents and Settings\Susana\Definições locais\Temp\swtbinst.exe/cstray.exe -> Adware.Comet : Limpo com backup

    C:\Documents and Settings\Susana\Definições locais\Temp\swtbinst.exe/csadzap.dll -> Adware.Comet : Limpo com backup

    C:\Documents and Settings\Susana\Definições locais\Temp\swtbinst.exe/csbho.dll -> Adware.Comet : Limpo com backup

    C:\Documents and Settings\Susana\Definições locais\Temp\swtbinst.exe/cscore.dll -> Adware.Comet : Limpo com backup

    C:\Documents and Settings\Susana\Definições locais\Temp\swtbinst.exe/csietb.dll -> Adware.Comet : Limpo com backup

    C:\Documents and Settings\Susana\Definições locais\Temp\swtbinst.exe/comet.exe -> Adware.Comet : Limpo com backup

    C:\Documents and Settings\Susana\Definições locais\Temp\swtbinst.exe/fileutil.dll -> Adware.Comet : Limpo com backup

    C:\Documents and Settings\Susana\Definições locais\Temp\swtbinst.exe/csutil.dll -> Adware.Comet : Limpo com backup

    C:\Documents and Settings\Susana\Definições locais\Temp\swtbinst.exe/csinst.dll -> Adware.Comet : Limpo com backup

    C:\Documents and Settings\Susana\Definições locais\Temp\swtbinst.exe/cstray.exe -> Adware.Comet : Limpo com backup

    C:\Documents and Settings\Susana\Definições locais\Temp\swtbinst.exe/csadzap.dll -> Adware.Comet : Limpo com backup

    C:\Documents and Settings\Susana\Definições locais\Temporary Internet Files\Content.IE5\XPYEQX5O\bridge-c18[1].cab/MediaGatewayX.dll -> Adware.WinAD : Limpo com backup

    C:\Documents and Settings\Susana\Menu Iniciar\Programas\Power Scan -> Adware.PowerScan : Limpo com backup

    C:\Documents and Settings\Susana\Menu Iniciar\Programas\Power Scan\Power Scan.lnk -> Adware.PowerScan : Limpo com backup

    C:\Programas\Ficheiros comuns\Oem Common\robj1.dll -> Adware.Nomeh : Limpo com backup

    C:\RECYCLER\S-1-5-21-597033282-3414962299-3841076184-1005\Dc48\Toolbar\PopupBlocker\OemjiPopupBlocker.exe -> Adware.Nomeh : Limpo com backup

    C:\WINDOWS\sideb.exe -> Adware.EliteBar : Limpo com backup

    C:\WINDOWS\system32\work.exe -> Adware.MDH : Limpo com backup

    C:\WINDOWS\thin-143-1-x-x.exe -> Adware.BetterInternet : Limpo com backup

    ::Fim do Relatório

    Logfile of HijackThis v1.99.1

    Scan saved at 11:46:23, on 02/09/2006

    Platform: Windows XP SP1 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Programas\Ficheiros comuns\Symantec Shared\ccProxy.exe

    C:\Programas\Ficheiros comuns\Symantec Shared\ccSetMgr.exe

    C:\Programas\Norton Internet Security\ISSVC.exe

    C:\Programas\Ficheiros comuns\Symantec Shared\SNDSrvc.exe

    C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Programas\IVT Corporation\BlueSoleil\BTNtService.exe

    C:\Programas\ewido anti-malware\ewidoctrl.exe

    C:\Programas\Norton Internet Security\Norton AntiVirus\navapsvc.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Programas\Ficheiros comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

    C:\Program Files\Venturi2\Client\ventc.exe

    C:\WINDOWS\Explorer.EXE

    C:\Programas\QuickTime\qttask.exe

    C:\WINDOWS\SOUNDMAN.EXE

    C:\Programas\HP\hpcoretech\hpcmpmgr.exe

    C:\WINDOWS\System32\rundll32.exe

    C:\Programas\Microsoft AntiSpyware\gcasServ.exe

    C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe

    C:\Programas\Ficheiros comuns\Symantec Shared\Security Center\UsrPrmpt.exe

    C:\Programas\HP\HP Software Update\HPWuSchd2.exe

    C:\Programas\Real\RealPlayer\RealPlay.exe

    C:\WINDOWS\System32\ctfmon.exe

    C:\Programas\Messenger\msmsgs.exe

    C:\Programas\SAPO Messenger\sapoim.exe

    C:\Programas\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe

    C:\Programas\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe

    C:\Programas\HP\hpcoretech\comp\hptskmgr.exe

    C:\Programas\MSN Messenger\msnmsgr.exe

    C:\Programas\Microsoft AntiSpyware\gcasDtServ.exe

    C:\Programas\IVT Corporation\BlueSoleil\BlueSoleil.exe

    C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe

    C:\Program Files\Venturi2\Configurator\ventcfg.exe

    C:\Programas\OpenOffice.org 1.9.130\program\soffice.exe

    C:\Programas\OpenOffice.org 1.9.130\program\soffice.BIN

    C:\Programas\Internet Explorer\iexplore.exe

    C:\Programas\HP\Digital Imaging\bin\hpqgalry.exe

    C:\Documents and Settings\Susana\Definições locais\Temp\Directório temporário 2 para hijackthis.zip\HijackThis.exe

    C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sapo.pt/

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.clix.pt/

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

    R3 - Default URLSearchHook is missing

    F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe

    O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programas\Ficheiros comuns\Symantec Shared\AdBlocking\NISShExt.dll

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programas\google\googletoolbar1.dll

    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programas\Norton Internet Security\Norton AntiVirus\NavShExt.dll

    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programas\Ficheiros comuns\Symantec Shared\AdBlocking\NISShExt.dll

    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programas\Norton Internet Security\Norton AntiVirus\NavShExt.dll

    O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programas\google\googletoolbar1.dll

    O4 - HKLM\..\Run: [siS KHooker] C:\WINDOWS\System32\khooker.exe

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

    O4 - HKLM\..\Run: [HP Component Manager] "C:\Programas\HP\hpcoretech\hpcmpmgr.exe"

    O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar

    O4 - HKLM\..\Run: [gcasServ] "C:\Programas\Microsoft AntiSpyware\gcasServ.exe"

    O4 - HKLM\..\Run: [ccApp] "C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe"

    O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Programas\Ficheiros comuns\Symantec Shared\Security Center\UsrPrmpt.exe

    O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe

    O4 - HKLM\..\Run: [HP Software Update] "C:\Programas\HP\HP Software Update\HPWuSchd2.exe"

    O4 - HKLM\..\Run: [RealTray] C:\Programas\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

    O4 - HKCU\..\Run: [MSMSGS] "C:\Programas\Messenger\msmsgs.exe" /background

    O4 - HKCU\..\Run: [Registry Cleaner] "C:\Programas\Registry Cleaner Trial\regclean.exe"

    O4 - HKCU\..\Run: [sAPO Messenger] "C:\Programas\SAPO Messenger\sapoim.exe" /silent

    O4 - HKCU\..\Run: [instantTray] C:\Programas\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe

    O4 - HKCU\..\Run: [iW_Drop_Icon] C:\Programas\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /dropdisc

    O4 - HKCU\..\Run: [MessengerPlus3] "\" /WinStart

    O4 - HKCU\..\Run: [msnmsgr] "C:\Programas\MSN Messenger\msnmsgr.exe" /background

    O4 - Startup: OpenOffice.org 1.9.130.lnk = C:\Programas\OpenOffice.org 1.9.130\program\quickstart.exe

    O4 - Global Startup: BlueSoleil.lnk = ?

    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe

    O4 - Global Startup: Inicialização rápida do HP Image Zone.lnk = C:\Programas\HP\Digital Imaging\bin\hpqthb08.exe

    O4 - Global Startup: Lembretes Corel Family & Friends.LNK = C:\Programas\Corel\Print House Magic\cffrem.exe

    O4 - Global Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office10\OSA.EXE

    O4 - Global Startup: Venturi 2.lnk = ?

    O8 - Extra context menu item: &Búsqueda en Google - res://c:\programas\google\GoogleToolbar1.dll/cmsearch.html

    O8 - Extra context menu item: &Traducir palabra inglesa - res://c:\programas\google\GoogleToolbar1.dll/cmwordtrans.html

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

    O8 - Extra context menu item: Instantánea de caché de la página - res://c:\programas\google\GoogleToolbar1.dll/cmcache.html

    O8 - Extra context menu item: Páginas similares - res://c:\programas\google\GoogleToolbar1.dll/cmsimilar.html

    O8 - Extra context menu item: Páginas vinculadas - res://c:\programas\google\GoogleToolbar1.dll/cmbacklinks.html

    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\MSMSGS.EXE

    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\MSMSGS.EXE

    O12 - Plugin for .spop: C:\Programas\Internet Explorer\Plugins\NPDocBox.dll

    O14 - IERESET.INF: START_PAGE_URL=http://www.clix.pt/

    O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab

    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by13fd.bay13.hotmail.msn.com/resources/MsnPUpld.cab

    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

    O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Programas\Autodesk Map 5\AcDcToday.ocx

    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

    O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Programas\Autodesk Map 5\InstBanr.ocx

    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab

    O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Programas\Autodesk Map 5\InstFred.ocx

    O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Programas\Autodesk Map 5\AcPreview.ocx

    O17 - HKLM\System\CCS\Services\Tcpip\..\{09C8F677-B989-48D7-A673-4AB63ED8B1B3}: NameServer = 194.65.100.117

    O17 - HKLM\System\CS3\Services\Tcpip\..\{09C8F677-B989-48D7-A673-4AB63ED8B1B3}: NameServer = 194.65.100.117

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programas\IVT Corporation\BlueSoleil\BTNtService.exe

    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe

    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccProxy.exe

    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccPwdSvc.exe

    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccSetMgr.exe

    O23 - Service: ewido security suite control - ewido networks - C:\Programas\ewido anti-malware\ewidoctrl.exe

    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Programas\Norton Internet Security\ISSVC.exe

    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programas\Norton Internet Security\Norton AntiVirus\navapsvc.exe

    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

    O23 - Service: SAVScan - Symantec Corporation - C:\Programas\Norton Internet Security\Norton AntiVirus\SAVScan.exe

    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHEI~1\SYMANT~1\SCRIPT~1\SBServ.exe

    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\SNDSrvc.exe

    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

    O23 - Service: Venturi2 Client (Venturi2) - Fourelle Systems, Inc - C:\Program Files\Venturi2\Client\ventc.exe

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Quanto ao ewido foi complicado saber o que devia apagar ou não e alguma coisa correu mal

    O ewido tem problemas com alguns discadores, mas vendo ai somente apagou arquivos malwares.

    porque agora o office não consegue abrir...devo ter apagado algum ficheiro importante, se bem que não tenho a certeza se terá sido no ewido, pois no outro dia aconteceu o mesmo depois de apagar os itens do hijack this.

    Acho q não .. veja os logs e as entradas Office... estão preservadas.

    Logfile of HijackThis v1.99.1
    Scan saved at 14:37:52, on 02/06/2006

    O4 - Startup: OpenOffice.org 1.9.130.lnk = C:\Programas\OpenOffice.org 1.9.130\program\quickstart.exe

    O4 - Global Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office10\OSA.EXE

    Logfile of HijackThis v1.99.1
    Scan saved at 17:27:46, on 02/07/2006

    O4 - Startup: OpenOffice.org 1.9.130.lnk = C:\Programas\OpenOffice.org 1.9.130\program\quickstart.exe

    O4 - Global Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office10\OSA.EXE

    Logfile of HijackThis v1.99.1
    Scan saved at 11:46:23, on 02/09/2006

    O4 - Startup: OpenOffice.org 1.9.130.lnk = C:\Programas\OpenOffice.org 1.9.130\program\quickstart.exe

    O4 - Global Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office10\OSA.EXE

    Se desconfia que apagou alguma entrada q não devia, a hijackthis possibilita o restore da entrada que voce marcou por engano.

    Pode dizer-me o que correu mal e como resolver isto?

    No Office, você tem que ver em qual dos aplicativos está ocorrendo o erro, se for o caso existe a possibilidade de voce reparar o problema indo ao Painel de Controle. Talvez precise do CD.

    A symantec (penso eu) não gerou nenhum log, apenas apareceu uma mensagem a dizer que não tinha encontrado nenhuma ameaça.

    Isto é bom. Agora vendo Seu log hijackthis não apresenta nenhuma entrada suspeita.

    Desabilite e reabilite a Restauração do Sistema:

    http://linhadefensiva.uol.com.br/docs/rest...cao-do-sistema/

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Mensagem encaminhada de David Mendes

    oi, meu computador não consegue mais rodar oAD_ADWARE.ele chega ate um certo registro e trava..o pc esta perdendo a configuração do IDE.,e ficando mais lento.

    por favor alguem analise este log para mim, não sei o que fazer!!!

    Logfile of HijackThis v1.99.1

    Scan saved at 11:43:03, on 2/2/2006

    Platform: Windows 2000 SP4 (WinNT 5.00.2195)

    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:

    C:\WINNT\System32\smss.exe

    C:\WINNT\system32\winlogon.exe

    C:\WINNT\system32\services.exe

    C:\WINNT\system32\lsass.exe

    C:\WINNT\system32\svchost.exe

    C:\WINNT\system32\spoolsv.exe

    C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

    C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

    C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

    C:\WINNT\System32\svchost.exe

    C:\WINNT\system32\regsvc.exe

    C:\WINNT\system32\MSTask.exe

    C:\WINNT\System32\drivers\trcboot.exe

    C:\WINNT\System32\WBEM\WinMgmt.exe

    C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe

    C:\WINNT\system32\svchost.exe

    C:\Arquivos de programas\Personal Communications\PCS_AGNT.EXE

    C:\WINNT\Explorer.EXE

    C:\WINNT\Mixer.exe

    C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe

    C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb05.exe

    C:\Arquivos de programas\K-Lite Codec Pack\Real\Update_OB\realsched.exe

    C:\WINNT\system32\internat.exe

    C:\ARQUIV~1\Cacheman\Cacheman.exe

    C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe

    C:\Arquivos de programas\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

    C:\Program Files\FinePixViewer\QuickDCF.exe

    C:\Arquivos de programas\Microsoft Office\Office\OSA.EXE

    C:\Arquivos de programas\Microsoft Office\Office\FINDFAST.EXE

    C:\Arquivos de programas\Palm\HOTSYNC.EXE

    C:\Arquivos de programas\Corel\Graphics9\Register\Remind32.exe

    C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktopIndex.exe

    C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktopCrawl.exe

    C:\Arquivos de programas\Microsoft Office\Office\OUTLOOK.EXE

    C:\Arquivos de programas\Microsoft Office\Office\EXCEL.EXE

    S:\#Ferramentas\Anti Virus\hijackthis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = &http://home.microsoft.com/intl/br/access/allinone.asp

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)

    O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\ARQUIV~1\FRESHD~1\FRESHD~1\fdcatch.dll

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

    O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINNT\Downloaded Program Files\gbiehabn.dll

    O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\WINNT\Downloaded Program Files\gbiehuni.dll

    O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

    O3 - Toolbar: FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - C:\ARQUIV~1\FRESHD~1\FRESHD~1\fdiebar.dll

    O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup

    O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe

    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb05.exe

    O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\K-Lite Codec Pack\Real\Update_OB\realsched.exe" -osboot

    O4 - HKLM\..\Run: [REGSHAVE] C:\Arquivos de programas\REGSHAVE\REGSHAVE.EXE /AUTORUN

    O4 - HKCU\..\Run: [internat.exe] internat.exe

    O4 - HKCU\..\Run: [Cacheman] C:\ARQUIV~1\Cacheman\Cacheman.exe

    O4 - HKCU\..\Run: [Google Desktop Search] "C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" /startup

    O4 - Startup: Gerenciador do HotSync.lnk = C:\Arquivos de programas\Palm\HOTSYNC.EXE

    O4 - Startup: Registro da Corel.lnk = C:\Arquivos de programas\Corel\Graphics9\Register\Remind32.exe

    O4 - Global Startup: Acrobat Assistant.lnk = C:\Arquivos de programas\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

    O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe

    O4 - Global Startup: Inicialização do Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA.EXE

    O4 - Global Startup: Localização acelerada da Microsoft.lnk = C:\Arquivos de programas\Microsoft Office\Office\FINDFAST.EXE

    O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE

    O8 - Extra context menu item: &Pesquisa do Google - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmsearch.html

    O8 - Extra context menu item: &Traduzir palavra em inglês - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmwordtrans.html

    O8 - Extra context menu item: Instantâneo da página em cache - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmcache.html

    O8 - Extra context menu item: Links para esta página - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmbacklinks.html

    O8 - Extra context menu item: Páginas semelhantes - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmsimilar.html

    O9 - Extra button: FreshDownload - {0D358EB3-3F5B-42B4-AE38-234CB9D81C00} - C:\Arquivos de programas\FreshDevices\FreshDownload\fd.exe

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {266B9238-31A5-4B53-9039-272FE846DF9D} (DiameterTransfer Control) - http://www.sis.com/download/SISTransfer.cab

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1132925372652

    O16 - DPF: {6F7864F9-DB33-11D3-8166-0060B0F885E6} (VSPTA Class) - https://wwws.nossacaixa.com.br/VSApps/vspta3.cab

    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

    O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

    O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlug...GbPluginUni.cab

    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab

    O17 - HKLM\System\CCS\Services\Tcpip\..\{2C9B31AA-3426-460B-8E01-D43EC9962AF6}: NameServer = 200.177.250.10,200.176.2.10

    O17 - HKLM\System\CS1\Services\Tcpip\..\{2C9B31AA-3426-460B-8E01-D43EC9962AF6}: NameServer = 200.177.250.10,200.176.2.10

    O17 - HKLM\System\CS2\Services\Tcpip\..\{2C9B31AA-3426-460B-8E01-D43EC9962AF6}: NameServer = 200.177.250.10,200.176.2.10

    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

    O23 - Service: Serviço administrativo do gerenciador de disco lógico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

    O23 - Service: TrcBoot - Unknown owner - C:\WINNT\System32\drivers\trcboot.exe

    O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Bem, o problema do office já resolvi e funciona direito, agora a minha questão é se antes de fazer esse passo que me indicou relativamente ao restauro do sistema não será melhor resolver a questão da pasta do disco C, que se abre sózinha sempre que inicio o PC? Se o computador está livre de ameaças, depois de todos esses passos, qual será o problema? Será que devo postar esta duvida em outra secção deste forum? Mais uma vez agradeço a sua e disponibilidade.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Postado Originalmente por gatolica Postado em 09 de fevereiro de 2006+ 15:29 -->
    será melhor resolver a questão da pasta do disco C, que se abre sózinha sempre que inicio o PC?

    ok. voce tem razão.

    gatolica Postado em 09 de fevereiro de 2006@ 15:29

    Será que devo postar esta duvida em outra secção deste forum?

    No fórum XP

    Meu XP inicia (msconfig) abrindo a Pasta C:/ (fiz scan on line e log hijackthis limpo e n deu nada de virus). Como resolver e executar uma inicialização limpa no Windows XP?

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Postado Originalmente por David Mendes Postado em 09 de fevereiro de 2006@ 10:45

    computador não consegue mais rodar oAD_ADWARE.ele chega ate um certo registro e trava..o pc esta perdendo a configuração do IDE.,e ficando mais lento

    Seu log não apresenta entrada ruim.

    Há relatos com outros users x ad aware. Este problema é conhecido do Ad Aware. Tente fazer sua varredura no modo seguro.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Entre para seguir isso  





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×