Ir ao conteúdo
  • Comunicados

    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Entre para seguir isso  
Paska

Janela "indiscreta"

Recommended Posts

Olá, pessoal. De uma hora para outra apareceu uma janela "indiscreta" que insiste em abrir, sem o meu consentimento, e as vezes se sobrepõe aos programas diversos. Já passei o AD-Aware, Ewido anti-Malware, Avast , mas o bicho continua a me infernizar. As vezes, aparece um ícone, do tal bicho, junto ao relógio do Windows. Alguém sabe de algum remédio para isso? :ahh::blink:

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Faça o download do HijackThis

- Crie uma nova pasta em C:\ e coloque o programa dentro dela;

- Abra o HijackThis, clique em Do a system scan and save a logfile;

- Copie o log salvo na pasta HijackThis e cole na sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • Log do HijackThis!

    Logfile of HijackThis v1.99.1

    Scan saved at 13:24:03, on 9/3/2006

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\lkcitdl.exe

    C:\WINDOWS\system32\lkads.exe

    C:\WINDOWS\system32\lktsrv.exe

    C:\Arquivos de programas\National Instruments\MAX\nimxs.exe

    C:\Arquivos de programas\National Instruments\Shared\Security\nidmsrv.exe

    C:\WINDOWS\system32\nisvcloc.exe

    C:\Arquivos de programas\National Instruments\Shared\Tagger\tagsrv.exe

    C:\WINDOWS\system32\pctspk.exe

    C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

    C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

    C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

    C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

    C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe

    C:\WINDOWS\system32\keyhook.exe

    C:\WINDOWS\SOUNDMAN.EXE

    C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe

    C:\Arquivos de programas\QuickTime\qttask.exe

    C:\Arquivos de programas\DAEMON Tools\daemon.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\WINDOWS\system32\rundll32.exe

    C:\Arquivos de programas\Hamachi\hamachi.exe

    C:\Arquivos de programas\No-IP\DUC20.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

    C:\Arquivos de programas\Discador itelefonica\DiscadorCompitelefonica.exe

    C:\Arquivos de programas\Internet Explorer\iexplore.exe

    C:\ARQUIV~1\KOUNEN\TRADUZ~1\2.0p\bin\TRADUZ.EXE

    c:\arquiv~1\arquiv~1\instal~1\update~1\isuspm.exe

    C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\agent.exe

    C:\Nova pasta\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.altavista.com/

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.altavista.com/

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    O2 - BHO: TraduzWeb - {2d43d3a0-ec29-11d2-8ade-0020182cecb3} - C:\Arquivos de programas\Kounen\TraduzWeb\2.0p\bin\TWeb.dll

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

    O3 - Toolbar: &iG - {7EEF1E3D-FD97-4401-BCDB-5827F2D11709} - C:\ARQUIV~1\IGV6\igshop.dll (file missing)

    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

    O3 - Toolbar: Tradu&zWeb - {2d43d3a4-ec29-11d2-8ade-0020182cecb3} - C:\Arquivos de programas\Kounen\TraduzWeb\2.0p\bin\TWeb.dll

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

    O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

    O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

    O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

    O4 - HKLM\..\Run: [DeviceDiscovery] C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

    O4 - HKLM\..\Run: [iSUSPM Startup] C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

    O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

    O4 - HKLM\..\Run: [DicWink] "C:\Arquivos de programas\DicWink\DicWink.exe" tray

    O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe

    O4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe

    O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

    O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [sysBrand] "C:\ARQUIV~1\IGV6\sysbrand.exe"

    O4 - HKCU\..\Run: [CorretorEuropa2k4] "C:\Arquivos de programas\CorretorPortugues\corretor.exe" minimize

    O4 - HKCU\..\Run: [TraduzU.exe] C:\ARQUIV~1\KOUNEN\TRADUZ~1\2.0p\bin\TraduzU.exe

    O4 - HKCU\..\Run: [instant Access] rundll32.exe EGACCESS4_1059.dll,InstantAccess

    O4 - Startup: No-IP DUC.lnk = C:\Arquivos de programas\No-IP\DUC20.exe

    O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

    O4 - Global Startup: hamachi.lnk = C:\Arquivos de programas\Hamachi\hamachi.exe

    O8 - Extra context menu item: &Google Search - res://c:\arquivos de programas\google\GoogleToolbar1.dll/cmsearch.html

    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZRxdm069YYBR

    O8 - Extra context menu item: &Translate English Word - res://c:\arquivos de programas\google\GoogleToolbar1.dll/cmwordtrans.html

    O8 - Extra context menu item: Backward Links - res://c:\arquivos de programas\google\GoogleToolbar1.dll/cmbacklinks.html

    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\arquivos de programas\google\GoogleToolbar1.dll/cmcache.html

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

    O8 - Extra context menu item: Open with BitPump - C:\Arquivos de programas\AnalogX\BitPump\ieint.htm

    O8 - Extra context menu item: Similar Pages - res://c:\arquivos de programas\google\GoogleToolbar1.dll/cmsimilar.html

    O8 - Extra context menu item: Tradu&zir - file://C:\Arquivos de programas\Kounen\TraduzWeb\2.0p\bin\tw.html

    O8 - Extra context menu item: Translate Page into English - res://c:\arquivos de programas\google\GoogleToolbar1.dll/cmtrans.html

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

    O9 - Extra button: Barra do iG - {FD1672E0-AE0D-465B-B345-F7B0944A121D} - C:\ARQUIV~1\IGV6\igshop.dll (file missing)

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O15 - Trusted Zone: www.archiviosex.net

    O15 - Trusted Zone: www.otherchance.com

    O15 - Trusted Zone: www.playitalia.com

    O15 - Trusted Zone: www.redfunny.com

    O15 - Trusted Zone: www.superspots.biz

    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

    O17 - HKLM\System\CCS\Services\Tcpip\..\{3F25691D-EC65-4191-84C1-A01EAB68C804}: NameServer = 200.204.0.138 200.204.0.10

    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

    O23 - Service: avast! Antivirus - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

    O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

    O23 - Service: FreezeScreenSaver - Unknown owner - C:\WINDOWS\system32\FreezeScreenSaver.exe

    O23 - Service: hpdj - HP - C:\DOCUME~1\Paschoal\CONFIG~1\Temp\hpdj.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe

    O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe

    O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe

    O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Arquivos de programas\National Instruments\MAX\nimxs.exe

    O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Arquivos de programas\National Instruments\Shared\Security\nidmsrv.exe

    O23 - Service: NILM License Manager (NILM License manager) - Macrovision Corporation - C:\Arquivos de programas\National Instruments\shared\License Manager\Bin\lmgrd.exe

    O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe

    O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments, Inc. - C:\Arquivos de programas\National Instruments\Shared\Tagger\tagsrv.exe

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    - Faça o download do DelDomains

    • Extraia o DelDomains no desktop, clique com o botão direito do mouse e escolha Instalar. Aparentemente nada irá acontecer.

    - Faça o download do Brute Force Uninstaller

    • Crie uma pasta própria em C:\ para o BFU e extraia o programa para ela;
    • Dê um duplo clique sobre o BFU.exe
    • Em Script file to execute, clique no ícone "verde";
    • Em "Please enter the full URL to the script you want to download" cole o link: http://metallica.geekstogo.com/EGDACCESS.bfu e clique em Ok;
    • Clique em Execute
    • Quando aparecer a janela Completed script execution, clique em Ok e em Exit.

    - Reinicie, gere novo log e cole na sua resposta.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Novo Log

    # For use with Merijn's Brute Force Uninstaller

    # available from http://www.merijn.org/

    #

    # Script Name: EGDACCESS.BFU

    # This script combines the old EGDACCESS.bfu and P2EClient.BFU

    # Author: Pieter Arntz

    #

    # Thanks to ~Mark and Moe31 for their contributions

    ProcessKill mailskinner.exe|1

    ProcessKillIfContainsText %SYSDIR%\*.exe|qeu_ueAyqes_uew_te|0

    ProcessKillIfContainsText %SYSDIR%\*.exe|WaXL5_jp0Ml

    RegDeleteKey HKCR\egdhtml.egdialhtml

    RegDeleteKey HKCR\egdhtml.egdialhtml.1

    RegDeleteKey HKCR\egdialobject.egdial

    RegDeleteKey HKCR\EGDialObject.EGDial.1

    RegDeleteKey HKCR\eghtmldialer.htmldialer

    RegDeleteKey HKCR\eghtmldialer.htmldialer.1

    RegDeleteKey HKCR\ieaccess2.iedial

    RegDeleteKey HKCR\ieaccess2.iedial.1

    RegDeleteKey HKCR\P2ECOM.EGP2ECOM

    RegDeleteKey HKCR\P2ECOM.EGP2ECOM.1

    RegDeleteKey HKCR\EGAUTH.EGEGAUTH

    RegDeleteKey HKCR\EGAUTH.EGEGAUTH.1

    RegDeleteKey HKCR\EGCOMSERVICE.EGComSvc

    RegDeleteKey HKCR\EGCOMSERVICE.EGComSvc.1

    RegDeleteKey HKCR\EGCOMSERVICE2.EGComSvc2

    RegDeleteKey HKCR\EGCOMSERVICE2.EGComSvc2.1

    RegDeleteKey HKCR\EGCOMLIB.EGComLibrary

    RegDeleteKey HKCR\EGCOMLIB.EGComLibrary.1

    RegDeleteKey HKCR\Webcam2.VideoProducer

    RegDeleteKey HKCR\Webcam2.VideoProducer.1

    RegDeleteKey HKCR\CLSID\{01BE5BD7-B2DD-48B3-A759-59265A91E787}

    RegDeleteKey HKCR\CLSID\{04CCFF26-7D52-4E42-BF6A-F8ECE0896EB7}

    RegDeleteKey HKCR\CLSID\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}

    RegDeleteKey HKCR\CLSID\{07C9CFC7-DE33-4A0C-9FFB-CDFBA843B157}

    RegDeleteKey HKCR\CLSID\{093F9CF8-0DE1-491C-95D5-5EC257BD4CA3}

    RegDeleteKey HKCR\CLSID\{0D1011B3-89C8-4F8E-8693-BB970E2E81E0}

    RegDeleteKey HKCR\CLSID\{0DA910BC-6919-489E-B584-D9A4AAC7B8DE}

    RegDeleteKey HKCR\CLSID\{0E79192A-C52C-4260-920F-639AC2296203}

    RegDeleteKey HKCR\CLSID\{11F1D260-129E-4EB7-B37E-57E3D97A3DF1}

    RegDeleteKey HKCR\CLSID\{14325268-79E0-4D2A-89A4-FFFC6E22741E}

    RegDeleteKey HKCR\CLSID\{1604DF98-D1A5-44FE-844A-98D6FD0518D0}

    RegDeleteKey HKCR\CLSID\{17BFC8DA-B4D6-4DB9-AA40-1CD32EDA9845}

    RegDeleteKey HKCR\CLSID\{1CD49DC9-FD88-41FA-B892-47E037267D45}

    RegDeleteKey HKCR\CLSID\{1EB17D1C-141D-4D9D-91CB-24D99215851D}

    RegDeleteKey HKCR\CLSID\{201D3DA8-B495-4A3B-BEE8-6D8DDCCC5762}

    RegDeleteKey HKCR\CLSID\{26D73573-F1B3-48C9-A989-E6CE071957A1}

    RegDeleteKey HKCR\CLSID\{2ABE804B-4D3A-41BF-A172-304627874B45}

    RegDeleteKey HKCR\CLSID\{2AEEAC34-FD74-4142-B891-4B05C0C03C87}

    RegDeleteKey HKCR\CLSID\{2F668A6D-2EC7-4E3A-A485-819E210738D6}

    RegDeleteKey HKCR\CLSID\{31DDC1FD-CEA3-4837-A6DC-87E67015ADC9}

    RegDeleteKey HKCR\CLSID\{3446598E-00E4-4B5E-99A6-87ECCA8324A2}

    RegDeleteKey HKCR\CLSID\{3616F4B5-F6AD-4E67-966A-C218673648A0}

    RegDeleteKey HKCR\CLSID\{39EA2F6F-3F50-4F58-9C63-4B3D53B0926E}

    RegDeleteKey HKCR\CLSID\{3CD945A2-E413-4956-B9D8-A67FB6A7CB66}

    RegDeleteKey HKCR\CLSID\{3DAD912E-D2B9-4323-B7C9-7F2C5CC0C57B}

    RegDeleteKey HKCR\CLSID\{469C7080-8EC8-43A6-AD97-45848113743C}

    RegDeleteKey HKCR\CLSID\{486E48B5-ABF2-42BB-A327-2679DF3FB822}

    RegDeleteKey HKCR\CLSID\{505098FD-5D61-4BC2-9B82-F969D0E932A2}

    RegDeleteKey HKCR\CLSID\{50AD557E-3426-41FD-AFDD-2AF39BB1C387}

    RegDeleteKey HKCR\CLSID\{54579C3D-A58D-4623-B5B5-465552BDA45B}

    RegDeleteKey HKCR\CLSID\{54C75FB0-6B8B-4278-BF7B-77036F15A69E}

    RegDeleteKey HKCR\CLSID\{624321F1-0581-49D8-99BD-2E952C2DF31B}

    RegDeleteKey HKCR\CLSID\{6AA85413-165C-4200-8154-71166077B22E}

    RegDeleteKey HKCR\CLSID\{6AA93DF6-6757-4338-9087-F7601DE18402}

    RegDeleteKey HKCR\CLSID\{71CBDCD9-0830-4470-A890-35D364DA352C}

    RegDeleteKey HKCR\CLSID\{7504F0D5-644A-4103-9D02-95488B6CB9A1}

    RegDeleteKey HKCR\CLSID\{77EF6DBF-3929-4081-AF2E-178D387E211C}

    RegDeleteKey HKCR\CLSID\{78F584DF-BBF5-4296-839C-31DE60914DBC}

    RegDeleteKey HKCR\CLSID\{83F0D6AA-CD15-46B5-AA4E-BDB506B4AE53}

    RegDeleteKey HKCR\CLSID\{8B3B8135-9DAA-40E7-8941-962795F9C1CB}

    RegDeleteKey HKCR\CLSID\{8D8BAF56-B581-4B90-A549-C4AC6B03F1BB}

    RegDeleteKey HKCR\CLSID\{94742E3F-D9A1-4780-9A87-2FFA43655DA2}

    RegDeleteKey HKCR\CLSID\{95460ABD-946A-46FF-9F56-268718323EEE}

    RegDeleteKey HKCR\CLSID\{9D6ADDBF-8227-4D36-AE46-116AFBDAFCA0}

    RegDeleteKey HKCR\CLSID\{A02780C3-7F77-4E28-855B-28890F3CF37A}

    RegDeleteKey HKCR\CLSID\{A1C392A2-B274-46DB-89BE-1FBD476B9C93}

    RegDeleteKey HKCR\CLSID\{AFCF364F-F730-4B1E-B2D5-80F9172FBC44}

    RegDeleteKey HKCR\CLSID\{B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13}

    RegDeleteKey HKCR\CLSID\{B3A5878E-5B4C-4D12-9156-4D7FD8D0AF6C}

    RegDeleteKey HKCR\CLSID\{B843DA96-2B2D-447E-90AB-B92929AA11AF}

    RegDeleteKey HKCR\CLSID\{BA14D944-0D8C-4F16-A950-6E53EEBB558F}

    RegDeleteKey HKCR\CLSID\{BA749BC1-143E-430D-B1DA-1D2AF67A3658}

    RegDeleteKey HKCR\CLSID\{BD3653E4-884B-43C4-970B-670802501B7F}

    RegDeleteKey HKCR\CLSID\{BE5A7132-329F-4319-B781-2A83BFE51534}

    RegDeleteKey HKCR\CLSID\{BFC9677B-8006-4336-9D49-2C797AEFCB9E}

    RegDeleteKey HKCR\CLSID\{C2481ED1-9896-4D49-AE90-69858DFDE446}

    RegDeleteKey HKCR\CLSID\{C6760A07-A574-4705-B113-7856315922C3}

    RegDeleteKey HKCR\CLSID\{CDD8BADE-B4C8-4E97-84B4-1DC9ABAD3EF3}

    RegDeleteKey HKCR\CLSID\{CEFB7B49-9652-464F-8AFD-A577C0500F39}

    RegDeleteKey HKCR\CLSID\{CF5F84EB-D3FC-4F98-BE3B-F5B56B962CED}

    RegDeleteKey HKCR\CLSID\{D24A1963-9951-4153-A340-6648759EB77D}

    RegDeleteKey HKCR\CLSID\{D7B59209-0ED9-4986-BD4A-527BE836C6B2}

    RegDeleteKey HKCR\CLSID\{D8B94E9A-A34B-4253-BF48-C7CB7F2CFDB0}

    RegDeleteKey HKCR\CLSID\{E114CD5B-17CE-4807-890E-7B1EDF9F2E5E}

    RegDeleteKey HKCR\CLSID\{E19AB99F-AEC4-4B40-A5CA-F69D22522D77}

    RegDeleteKey HKCR\CLSID\{E24E8472-89B7-479F-8AD8-BBD7206A6A02}

    RegDeleteKey HKCR\CLSID\{E3943A24-2F83-4505-9AE5-F705E81B50CB}

    RegDeleteKey HKCR\CLSID\{E7AE1661-EBEB-492B-AE0D-860DF24174C6}

    RegDeleteKey HKCR\CLSID\{EC4AFBF3-4540-4306-AF10-4CAC509EA16B}

    RegDeleteKey HKCR\CLSID\{EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1}

    RegDeleteKey HKCR\CLSID\{EF4DCD99-D26B-44A4-BA77-CFDCC97E7291}

    RegDeleteKey HKCR\CLSID\{EFB23983-5803-4914-ADA3-C0EA2CFBDC37}

    RegDeleteKey HKCR\CLSID\{F4653484-F38C-455F-BB15-1175E527754E}

    RegDeleteKey HKCR\CLSID\{F72BC3F0-6C20-4793-9DDA-258589D8A907}

    RegDeleteKey HKCR\CLSID\{FA83E942-B796-46DE-9155-1632ECC5473B}

    RegDeleteKey HKCR\CLSID\{FF521631-31DA-48AC-B4E9-390A7694C906}

    RegDeleteKey HKCR\TypeLib\{06EC63CC-4823-4836-ABB8-AB5F3971FA5C}

    RegDeleteKey HKCR\TypeLib\{0E594D22-ACE6-43A2-BCDA-BB7C65D3FE8C}

    RegDeleteKey HKCR\TypeLib\{1F445F82-42C0-46F3-9A2E-6ADB79046D41}

    RegDeleteKey HKCR\TypeLib\{7699AEF9-F83A-44FA-B374-AA02CEDF247D}

    RegDeleteKey HKCR\TypeLib\{83F0D6AA-CD15-46B5-AA4E-BDB506B4AE53}

    RegDeleteKey HKCR\TypeLib\{AD9B275B-E42D-4C7F-9FFB-29B5FB81688B}

    RegDeleteKey HKCR\TypeLib\{E8C88115-4951-425B-8C45-4DFC5A5540EE}

    RegDeleteKey HKCR\TypeLib\{F3A257E6-FA04-4B30-A1B6-6B89EB814544}

    RegDeleteKey HKCR\Interface\{2E30AC01-99D7-4E9C-B13E-94E1701B0AC9}

    RegDeleteKey HKCR\Interface\{2F668A6D-2EC7-4E3A-A485-819E210738D6}

    RegDeleteKey HKCR\Interface\{3947AC1D-DB09-4353-BBCC-55B97F5035EF}

    RegDeleteKey HKCR\Interface\{62BFAEC2-82A5-4117-A98B-FEA89413D924}

    RegDeleteKey HKCR\Interface\{81C2F7F3-F930-455E-9AA5-0876D387C787}

    RegDeleteKey HKCR\Interface\{8F0A06F6-DF4D-4D54-B8CA-E8EEDBAE6DDB}

    RegDeleteKey HKCR\Interface\{901166A5-F137-4B27-BC4C-CA611DEBDCED}

    RegDeleteKey HKCR\Interface\{A58F3D09-4543-4396-8BE7-105F14DD6ED5}

    RegDeleteKey HKCR\Interface\{A7B323DA-0D0C-4298-8DE0-4F2AC4773284}

    RegDeleteKey HKCR\Interface\{C13FA88A-D264-4BC8-92ED-52EB8181E209}

    RegDeleteKey HKCR\Interface\{F8ACA5A0-060A-478A-8368-1407780D2251}

    RegDeleteKey HKCU\Software\livesvc

    RegDeleteKey HKCU\Software\EGDHTML

    RegDeleteKey HKCU\Software\egroup

    RegDeleteKey HKCU\Software\P2EClient

    RegDeleteKey HKCU\software\egdhtml

    RegDeleteKey HKCU\software\mc

    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{01BE5BD7-B2DD-48B3-A759-59265A91E787}

    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{04CCFF26-7D52-4E42-BF6A-F8ECE0896EB7}

    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}

    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{07C9CFC7-DE33-4A0C-9FFB-CDFBA843B157}

    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{093F9CF8-0DE1-491C-95D5-5EC257BD4CA3}

    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0D1011B3-89C8-4F8E-8693-BB970E2E81E0}

    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0DA910BC-6919-489E-B584-D9A4AAC7B8DE}

    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0E79192A-C52C-4260-920F-639AC2296203}

    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{11F1D260-129E-4EB7-B37E-57E3D97A3DF1}

    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{14325268-79E0-4D2A-89A4-FFFC6E22741E}

    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1604DF98-D1A5-44FE-844A-98D6FD0518D0}

    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{17BFC8DA-B4D6-4DB9-AA40-1CD32EDA9845}

    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1CD49DC9-FD88-41FA-B892-47E037267D45}

    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1EB17D1C-141D-4D9D-91CB-24D99215851D}

    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{201D3DA8-B495-4A3B-BEE8-6D8DDCCC5762}

    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{26D73573-F1B3-48C9-A989-E6CE071957A1}

    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2A3DFC59-8A87-49A1-85D1-42903410911F}

    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2ABE804B-4D3A-41BF-A172-304627874B45}

    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2AEEAC34-FD74-4142-B891-4B05C0C03C87}

    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2F668A6D-2EC7-4E3A-A485-819E210738D6}

    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{31DDC1FD-CEA3-4837-A6DC-87E67015ADC9}

    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{3446598E-00E4-4B5E-99A6-87ECCA8324A2}

    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{3616F4B5-F6AD-4E67-966A-C218673648A0}

    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{39EA2F6F-3F50-4F58-9C63-4B3D53B0926E}

    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{3DAD912E-D2B9-4323-B7C9-7F2C5CC0C57B}

    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{469C7080-8EC8-43A6-AD97-45848113743C}

    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{486E48B5-ABF2-42BB-A327-2679DF3FB822}

    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{505098FD-5D61-4BC2-9B82-F969D0E932A2}

    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{50AD557E-3426-41FD-AFDD-2AF39BB1C387}

    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{54579C3D-A58D-4623-B5B5-465552BDA45B}

    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{54C75FB0-6B8B-4278-BF7B-77036F15A69E}

    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{624321F1-0581-49D8-99BD-2E952C2DF31B}

    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6AA85413-165C-4200-8154-71166077B22E}

    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6AA93DF6-6757-4338-9087-F7601DE18402}

    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{71CBDCD9-0830-4470-A890-35D364DA352C}

    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7504F0D5-644A-4103-9D02-95488B6CB9A1}

    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{77EF6DBF-3929-4081-AF2E-178D387E211C}

    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{78F584DF-BBF5-4296-839C-31DE60914DBC}

    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{83F0D6AA-CD15-46B5-AA4E-BDB506B4AE53}

    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{87C1805D-C5AE-4455-AB39-E245BB516136}

    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8B3B8135-9DAA-40E7-8941-962795F9C1CB}

    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8D8BAF56-B581-4B90-A549-C4AC6B03F1BB}

    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{94742E3F-D9A1-4780-9A87-2FFA43655DA2}

    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{95460ABD-946A-46FF-9F56-268718323EEE}

    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{A02780C3-7F77-4E28-855B-28890F3CF37A}

    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{A1C392A2-B274-46DB-89BE-1FBD476B9C93}

    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{AFCF364F-F730-4B1E-B2D5-80F9172FBC44}

    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13}

    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{B3A5878E-5B4C-4D12-9156-4D7FD8D0AF6C}

    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{BA14D944-0D8C-4F16-A950-6E53EEBB558F}

    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{BA749BC1-143E-430D-B1DA-1D2AF67A3658}

    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{BD3653E4-884B-43C4-970B-670802501B7F}

    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{BE5A7132-329F-4319-B781-2A83BFE51534}

    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{BFC9677B-8006-4336-9D49-2C797AEFCB9E}

    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C2481ED1-9896-4D49-AE90-69858DFDE446}

    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C6760A07-A574-4705-B113-7856315922C3}

    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CDD8BADE-B4C8-4E97-84B4-1DC9ABAD3EF3}

    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CEFB7B49-9652-464F-8AFD-A577C0500F39}

    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CF5F84EB-D3FC-4F98-BE3B-F5B56B962CED}

    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D7B59209-0ED9-4986-BD4A-527BE836C6B2}

    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D8B94E9A-A34B-4253-BF48-C7CB7F2CFDB0}

    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E19AB99F-AEC4-4B40-A5CA-F69D22522D77}

    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E114CD5B-17CE-4807-890E-7B1EDF9F2E5E}

    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E24E8472-89B7-479F-8AD8-BBD7206A6A02}

    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E3943A24-2F83-4505-9AE5-F705E81B50CB}

    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E3943A24-2F83-4505-9AE5-F705E81B50CB}

    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E7AE1661-EBEB-492B-AE0D-860DF24174C6}

    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{EC4AFBF3-4540-4306-AF10-4CAC509EA16B}

    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1}

    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{EF4DCD99-D26B-44A4-BA77-CFDCC97E7291}

    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{EFB23983-5803-4914-ADA3-C0EA2CFBDC37}

    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{F4653484-F38C-455F-BB15-1175E527754E}

    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{F72BC3F0-6C20-4793-9DDA-258589D8A907}

    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{FA83E942-B796-46DE-9155-1632ECC5473B}

    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{FF521631-31DA-48AC-B4E9-390A7694C906}

    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{01BE5BD7-B2DD-48B3-A759-59265A91E787}|Compatibility Flags|1024

    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{04CCFF26-7D52-4E42-BF6A-F8ECE0896EB7}|Compatibility Flags|1024

    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}|Compatibility Flags|1024

    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{07C9CFC7-DE33-4A0C-9FFB-CDFBA843B157}|Compatibility Flags|1024

    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{093F9CF8-0DE1-491C-95D5-5EC257BD4CA3}|Compatibility Flags|1024

    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0D1011B3-89C8-4F8E-8693-BB970E2E81E0}|Compatibility Flags|1024

    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0DA910BC-6919-489E-B584-D9A4AAC7B8DE}|Compatibility Flags|1024

    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0E79192A-C52C-4260-920F-639AC2296203}|Compatibility Flags|1024

    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{11F1D260-129E-4EB7-B37E-57E3D97A3DF1}|Compatibility Flags|1024

    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{14325268-79E0-4D2A-89A4-FFFC6E22741E}|Compatibility Flags|1024

    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1604DF98-D1A5-44FE-844A-98D6FD0518D0}|Compatibility Flags|1024

    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{17BFC8DA-B4D6-4DB9-AA40-1CD32EDA9845}|Compatibility Flags|1024

    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1CD49DC9-FD88-41FA-B892-47E037267D45}|Compatibility Flags|1024

    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1EB17D1C-141D-4D9D-91CB-24D99215851D}|Compatibility Flags|1024

    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{201D3DA8-B495-4A3B-BEE8-6D8DDCCC5762}|Compatibility Flags|1024

    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{26D73573-F1B3-48C9-A989-E6CE071957A1}|Compatibility Flags|1024

    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2A3DFC59-8A87-49A1-85D1-42903410911F}|Compatibility Flags|1024

    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2ABE804B-4D3A-41BF-A172-304627874B45}|Compatibility Flags|1024

    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2AEEAC34-FD74-4142-B891-4B05C0C03C87}|Compatibility Flags|1024

    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2F668A6D-2EC7-4E3A-A485-819E210738D6}|Compatibility Flags|1024

    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{31DDC1FD-CEA3-4837-A6DC-87E67015ADC9}|Compatibility Flags|1024

    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3446598E-00E4-4B5E-99A6-87ECCA8324A2}|Compatibility Flags|1024

    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3616F4B5-F6AD-4E67-966A-C218673648A0}|Compatibility Flags|1024

    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{39EA2F6F-3F50-4F58-9C63-4B3D53B0926E}|Compatibility Flags|1024

    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3DAD912E-D2B9-4323-B7C9-7F2C5CC0C57B}|Compatibility Flags|1024

    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{469C7080-8EC8-43A6-AD97-45848113743C}|Compatibility Flags|1024

    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{486E48B5-ABF2-42BB-A327-2679DF3FB822}|Compatibility Flags|1024

    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{505098FD-5D61-4BC2-9B82-F969D0E932A2}|Compatibility Flags|1024

    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{50AD557E-3426-41FD-AFDD-2AF39BB1C387}|Compatibility Flags|1024

    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{54579C3D-A58D-4623-B5B5-465552BDA45B}|Compatibility Flags|1024

    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{54C75FB0-6B8B-4278-BF7B-77036F15A69E}|Compatibility Flags|1024

    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{624321F1-0581-49D8-99BD-2E952C2DF31B}|Compatibility Flags|1024

    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6AA85413-165C-4200-8154-71166077B22E}|Compatibility Flags|1024

    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6AA93DF6-6757-4338-9087-F7601DE18402}|Compatibility Flags|1024

    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{71CBDCD9-0830-4470-A890-35D364DA352C}|Compatibility Flags|1024

    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7504F0D5-644A-4103-9D02-95488B6CB9A1}|Compatibility Flags|1024

    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{77EF6DBF-3929-4081-AF2E-178D387E211C}|Compatibility Flags|1024

    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{78F584DF-BBF5-4296-839C-31DE60914DBC}|Compatibility Flags|1024

    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{83F0D6AA-CD15-46B5-AA4E-BDB506B4AE53}|Compatibility Flags|1024

    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{87C1805D-C5AE-4455-AB39-E245BB516136}|Compatibility Flags|1024

    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8B3B8135-9DAA-40E7-8941-962795F9C1CB}|Compatibility Flags|1024

    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8D8BAF56-B581-4B90-A549-C4AC6B03F1BB}|Compatibility Flags|1024

    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{94742E3F-D9A1-4780-9A87-2FFA43655DA2}|Compatibility Flags|1024

    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{95460ABD-946A-46FF-9F56-268718323EEE}|Compatibility Flags|1024

    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A02780C3-7F77-4E28-855B-28890F3CF37A}|Compatibility Flags|1024

    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A1C392A2-B274-46DB-89BE-1FBD476B9C93}|Compatibility Flags|1024

    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{AFCF364F-F730-4B1E-B2D5-80F9172FBC44}|Compatibility Flags|1024

    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13}|Compatibility Flags|1024

    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B3A5878E-5B4C-4D12-9156-4D7FD8D0AF6C}|Compatibility Flags|1024

    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{BA14D944-0D8C-4F16-A950-6E53EEBB558F}|Compatibility Flags|1024

    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{BA749BC1-143E-430D-B1DA-1D2AF67A3658}|Compatibility Flags|1024

    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{BD3653E4-884B-43C4-970B-670802501B7F}|Compatibility Flags|1024

    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{BE5A7132-329F-4319-B781-2A83BFE51534}|Compatibility Flags|1024

    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{BFC9677B-8006-4336-9D49-2C797AEFCB9E}|Compatibility Flags|1024

    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C2481ED1-9896-4D49-AE90-69858DFDE446}|Compatibility Flags|1024

    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C6760A07-A574-4705-B113-7856315922C3}|Compatibility Flags|1024

    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CDD8BADE-B4C8-4E97-84B4-1DC9ABAD3EF3}|Compatibility Flags|1024

    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CEFB7B49-9652-464F-8AFD-A577C0500F39}|Compatibility Flags|1024

    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CF5F84EB-D3FC-4F98-BE3B-F5B56B962CED}|Compatibility Flags|1024

    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D7B59209-0ED9-4986-BD4A-527BE836C6B2}|Compatibility Flags|1024

    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D8B94E9A-A34B-4253-BF48-C7CB7F2CFDB0}|Compatibility Flags|1024

    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E114CD5B-17CE-4807-890E-7B1EDF9F2E5E}|Compatibility Flags|1024

    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E19AB99F-AEC4-4B40-A5CA-F69D22522D77}|Compatibility Flags|1024

    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E24E8472-89B7-479F-8AD8-BBD7206A6A02}|Compatibility Flags|1024

    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E3943A24-2F83-4505-9AE5-F705E81B50CB}|Compatibility Flags|1024

    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E7AE1661-EBEB-492B-AE0D-860DF24174C6}|Compatibility Flags|1024

    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{EC4AFBF3-4540-4306-AF10-4CAC509EA16B}|Compatibility Flags|1024

    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1}|Compatibility Flags|1024

    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{EF4DCD99-D26B-44A4-BA77-CFDCC97E7291}|Compatibility Flags|1024

    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{EFB23983-5803-4914-ADA3-C0EA2CFBDC37}|Compatibility Flags|1024

    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F4653484-F38C-455F-BB15-1175E527754E}|Compatibility Flags|1024

    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F72BC3F0-6C20-4793-9DDA-258589D8A907}|Compatibility Flags|1024

    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FA83E942-B796-46DE-9155-1632ECC5473B}|Compatibility Flags|1024

    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FF521631-31DA-48AC-B4E9-390A7694C906}|Compatibility Flags|1024

    RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Instant Access

    RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Instant Access

    RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|msupd

    RegSetStringValue HKLM\SYSTEM\CurrentControlSet\Services\Winsock\Autodial|AutodialDllName32|wininet.dll

    RegSetStringValue HKLM\SYSTEM\CurrentControlSet\Services\Winsock\Autodial|AutodialFcnName32|InternetAutodialCallback

    RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Instant Access

    DllUnregister %SYSDIR%\MSWBM32.DLL|1

    ProcessKillIfContainsText %SYSDIR%\*.exe|qeu_ueAyqes_uew_te|0

    ProcessKillIfContainsText %SYSDIR%\*.exe|WaXL5_jp0Ml

    FileDelete %SYSTEMDRIVE%\dfuck.ico

    FileDelete %SYSTEMDRIVE%\Video Party.ico

    FileDelete %ALLUSERSDESKTOP%\Instant Access.lnk

    FileDelete %ALLUSERSDESKTOP%\NoCreditCard.lnk

    FileDelete %ALLUSERSSTARTMENU%\Instant access.lnk

    FileDelete %ALLUSERSSTARTMENU%\NoCreditCard.lnk

    FileDelete %WINDIR%\Downloaded Program Files\dhtmlaccess.inf

    FileDelete %WINDIR%\Downloaded Program Files\dtc32.inf

    FileDelete %WINDIR%\Downloaded Program Files\EGAUTH.inf

    FileDelete %WINDIR%\Downloaded Program Files\EGDACCESS.inf

    FileDelete %WINDIR%\Downloaded Program Files\EGDACCESS_ASPIV4.inf

    FileDelete %WINDIR%\Downloaded Program Files\EGCOMSERVICE_pack.inf

    FileDelete %WINDIR%\Downloaded Program Files\egdhtml.inf

    FileDelete %WINDIR%\Downloaded Program Files\egdial.dll

    FileDelete %WINDIR%\Downloaded Program Files\egdhtml_****.dll

    FileDelete %WINDIR%\Downloaded Program Files\egdhtml_pack.inf

    FileDelete %WINDIR%\Downloaded Program Files\eghtmldialer.inf

    FileDelete %WINDIR%\Downloaded Program Files\eghtmldialer.dll

    FileDelete %WINDIR%\Downloaded Program Files\eglivecam_****.dll

    FileDelete %WINDIR%\Downloaded Program Files\eglivecam.dll

    FileDelete %WINDIR%\Downloaded Program Files\ia.inf

    FileDelete %WINDIR%\Downloaded Program Files\ieaccess2.inf

    FileDelete %WINDIR%\Downloaded Program Files\ieaccess2.dll

    FileDelete %WINDIR%\Downloaded Program Files\netcmp32.inf

    FileDelete %WINDIR%\Downloaded Program Files\netia32.inf

    FileDelete %WINDIR%\Downloaded Program Files\Netslv32.inf

    FileDelete %WINDIR%\Downloaded Program Files\Netslv32.dll

    FileDelete %WINDIR%\Downloaded Program Files\netpe32.inf

    FileDelete %WINDIR%\Downloaded Program Files\nethv32.inf

    FileDelete %WINDIR%\Downloaded Program Files\LiveService.inf

    FileDelete %WINDIR%\Downloaded Program Files\one2oneSvc.inf

    FileDelete %WINDIR%\Downloaded Program Files\sysnetsvc32.inf

    FileDelete %WINDIR%\Downloaded Program Files\syswbsvc32.inf

    FileDelete %WINDIR%\Downloaded Program Files\sysinetsvc32.inf

    FileDelete %WINDIR%\Downloaded Program Files\sysiasvc32.inf

    FileDelete %WINDIR%\access.exe

    FileDelete %WINDIR%\dialx.exe

    FileDelete %WINDIR%\ExeDialer.exe

    FileDelete %WINDIR%\msupd.exe

    FileDelete %WINDIR%\tmlpcert2005

    FileDelete %WINDIR%\tmlpcert2007

    FileDelete %WINDIR%\eg_auth_*.dll

    FileDelete %WINDIR%\eg_auth_srv_10*.dll

    FileDelete %WINDIR%\eg_auth_srv_mut0*.dll

    FileDelete %WINDIR%\ieaccess2.dll

    FileDelete %WINDIR%\system\eghtmldialer.dll

    FileDelete %WINDIR%\System\ieaccess2.dll

    FileDelete %WINDIR%\System\egdial.dll

    FileDelete %WINDIR%\p2esocks_10*.dll

    FileDelete %SYSDIR%\authclient.exe

    FileDelete %SYSDIR%\dhtmlexe.exe

    FileDelete %SYSDIR%\eglivecam.exe

    FileDelete %SYSDIR%\P2EClient.exe

    FileDelete %SYSDIR%\EGACCESS.dll

    FileDelete %SYSDIR%\EGACCESS*.dll

    FileDelete %SYSDIR%\egaccess4_10*.dll

    FileDelete %SYSDIR%\EGDACCESS_*10*.dll

    FileDelete %SYSDIR%\EGDACCESS.dll

    FileDelete %SYSDIR%\EGDACCESS*.inf

    FileDelete %SYSDIR%\EGDHTML2.DLL

    FileDelete %SYSDIR%\EGDHTML_*.dll

    FileDelete %SYSDIR%\EGAUTH.dll

    FileDelete %SYSDIR%\eg_auth_srv_10*.dll

    FileDelete %SYSDIR%\EGCOMLIB*.dll

    FileDelete %SYSDIR%\EGCOMSERVICE2.dll

    FileDelete %SYSDIR%\EGCOMSERVICE_*.dll

    FileDelete %SYSDIR%\EGLIVECAM_10*.DLL

    FileDelete %SYSDIR%\egdial.dll

    FileDelete %SYSDIR%\eglivecam.dll

    FileDelete %SYSDIR%\ia.dll

    FileDelete %SYSDIR%\ieaccess2.dll

    FileDelete %SYSDIR%\LiveService_*.dll

    FileDelete %SYSDIR%\msegcompid.dll

    FileDelete %SYSDIR%\msclock32.dll

    FileDelete %SYSDIR%\msclock32*.dll

    FileDelete %SYSDIR%\mservice.dll

    FileDelete %SYSDIR%\msplock32.dll

    FileDelete %SYSDIR%\msplock32*.dll

    FileDelete %SYSDIR%\mswbm32.dll

    FileDelete %SYSDIR%\mseggrpid.dll

    FileDelete %SYSDIR%\netia32.dll

    FileDelete %SYSDIR%\nethv32.dll

    FileDelete %SYSDIR%\Netslv32.dll

    FileDelete %SYSDIR%\One2OneService.dll

    FileDelete %SYSDIR%\one2oneSvc.dll

    FileDelete %SYSDIR%\p2esocks_*.dll

    FileDelete %SYSDIR%\P2ECOM.dll

    FileDelete %SYSDIR%\syswbsvc32.dll

    FileDelete %SYSDIR%\sysiasvc32.dll

    FileDelete %SYSDIR%\sysinetsvc32.dll

    FileDelete %SYSDIR%\svcsysnet32.dll

    FileDelete %SYSDIR%\sysnetsvc32.dll

    FileDelete %SYSDIR%\backgrd.jpg

    FolderDelete %PROGRAMFILES%\dialpass

    FolderDelete %PROGRAMFILES%\eghtmldialer

    FolderDelete %PROGRAMFILES%\egroup

    FolderDelete %PROGRAMFILES%\Instant Access

    # mslagent block

    DllUnregister %WINDIR%\mslagent\2_mslagent.dll|1

    DllUnregister %WINDIR%\navmpc\2_navmpc.dll|1

    RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|mslagent

    RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|mslagent

    RegDeleteKey HKCR\CLSID\{4A6FA2EB-F381-4503-87D0-BE4CC57DEB8E}

    RegDeleteKey HKCR\CLSID\{75A603E7-8BB7-4272-ABBE-9846FF1241C1}

    RegDeleteKey HKCR\CLSID\{DE614603-6320-4046-A7A7-6A69CEC26F14}

    RegDeleteKey HKCR\CLSID\{D7A82A12-05F5-42D8-B30D-6EF995075D2D}

    RegDeleteKey HKCR\Interface\{1EF28CC5-8D97-4310-B71B-CA34EE15B897}

    RegDeleteKey HKCR\Interface\{43CDAD65-AA0D-4701-8108-117F86613B69}

    RegDeleteKey HKCR\Interface\{510C3373-4842-4944-8729-0AFF6725A132}

    RegDeleteKey HKCR\Interface\{6D3F48F4-B40A-4C3F-A95C-85E23C3A8A91}

    RegDeleteKey HKCR\TypeLib\{5630B768-1C09-4105-9E03-E35985E36B0B}

    RegDeleteKey HKCR\TypeLib\{82C0673C-F1D1-47BA-B904-AB0DE82300BC}

    RegDeleteKey HKCR\TypeLib\{BA49BD6A-039C-428E-AF33-8C1288D75A7B}

    RegDeleteKey HKCR\TypeLib\{CA72BD3D-6044-4429-8C9A-76D90F4B29A8}

    RegDeleteKey HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{021BB032-80A8-4FB6-B3D5-CF27B1553B95}

    RegDeleteKey HKCR\MagicControl.MagicComponent

    RegDeleteKey HKCR\MagicControl.MagicComponent.1

    RegDeleteKey HKCR\mslagent.3

    RegDeleteKey HKCR\mslagent.3.1

    RegDeleteKey HKCR\NaviHelper.NaviHelperObject

    RegDeleteKey HKCR\NaviHelper.NaviHelperObject.1

    RegDeleteKey HKCR\NaviPromo.EGNaviScoring

    RegDeleteKey HKCR\NaviPromo.EGNaviScoring.1

    RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\mslagent

    RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\navmpc

    FolderDelete %WINDIR%\mslagent

    FolderDelete %WINDIR%\navmpc

    FileDelete %SYSDIR%\msklive.dll

    SystemEmptyTempFolder

    OptionUseRecycleBin

    FileDeleteIfContains Text%SYSDIR%\*.exe|qeu_ueAyqes_uew_te

    FileDeleteIfContains Text%SYSDIR%\*.exe|WaXL5_jp0Ml

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Aqui está,

    Logfile of HijackThis v1.99.1

    Scan saved at 12:29:33, on 10/3/2006

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\Explorer.EXE

    C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

    C:\WINDOWS\system32\pctspk.exe

    C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

    C:\WINDOWS\system32\lkcitdl.exe

    C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

    C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

    C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

    C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe

    C:\WINDOWS\system32\lkads.exe

    C:\WINDOWS\system32\keyhook.exe

    C:\WINDOWS\system32\lktsrv.exe

    C:\WINDOWS\SOUNDMAN.EXE

    C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe

    C:\Arquivos de programas\QuickTime\qttask.exe

    C:\Arquivos de programas\National Instruments\MAX\nimxs.exe

    C:\Arquivos de programas\DAEMON Tools\daemon.exe

    C:\Arquivos de programas\National Instruments\Shared\Security\nidmsrv.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\WINDOWS\system32\nisvcloc.exe

    C:\Arquivos de programas\National Instruments\Shared\Tagger\tagsrv.exe

    C:\Arquivos de programas\Hamachi\hamachi.exe

    C:\Arquivos de programas\No-IP\DUC20.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

    c:\arquiv~1\arquiv~1\instal~1\update~1\isuspm.exe

    C:\Arquivos de programas\Discador itelefonica\DiscadorCompitelefonica.exe

    C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\agent.exe

    C:\Arquivos de programas\Internet Explorer\iexplore.exe

    C:\ARQUIV~1\KOUNEN\TRADUZ~1\2.0p\bin\TRADUZ.EXE

    C:\Nova pasta\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.altavista.com/

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.altavista.com/

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    O2 - BHO: TraduzWeb - {2d43d3a0-ec29-11d2-8ade-0020182cecb3} - C:\Arquivos de programas\Kounen\TraduzWeb\2.0p\bin\TWeb.dll

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

    O3 - Toolbar: &iG - {7EEF1E3D-FD97-4401-BCDB-5827F2D11709} - C:\ARQUIV~1\IGV6\igshop.dll (file missing)

    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

    O3 - Toolbar: Tradu&zWeb - {2d43d3a4-ec29-11d2-8ade-0020182cecb3} - C:\Arquivos de programas\Kounen\TraduzWeb\2.0p\bin\TWeb.dll

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

    O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

    O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

    O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

    O4 - HKLM\..\Run: [DeviceDiscovery] C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

    O4 - HKLM\..\Run: [iSUSPM Startup] C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

    O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

    O4 - HKLM\..\Run: [DicWink] "C:\Arquivos de programas\DicWink\DicWink.exe" tray

    O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe

    O4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe

    O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

    O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [sysBrand] "C:\ARQUIV~1\IGV6\sysbrand.exe"

    O4 - HKCU\..\Run: [CorretorEuropa2k4] "C:\Arquivos de programas\CorretorPortugues\corretor.exe" minimize

    O4 - HKCU\..\Run: [TraduzU.exe] C:\ARQUIV~1\KOUNEN\TRADUZ~1\2.0p\bin\TraduzU.exe

    O4 - Startup: No-IP DUC.lnk = C:\Arquivos de programas\No-IP\DUC20.exe

    O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

    O4 - Global Startup: hamachi.lnk = C:\Arquivos de programas\Hamachi\hamachi.exe

    O8 - Extra context menu item: &Google Search - res://c:\arquivos de programas\google\GoogleToolbar1.dll/cmsearch.html

    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZRxdm069YYBR

    O8 - Extra context menu item: &Translate English Word - res://c:\arquivos de programas\google\GoogleToolbar1.dll/cmwordtrans.html

    O8 - Extra context menu item: Backward Links - res://c:\arquivos de programas\google\GoogleToolbar1.dll/cmbacklinks.html

    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\arquivos de programas\google\GoogleToolbar1.dll/cmcache.html

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

    O8 - Extra context menu item: Open with BitPump - C:\Arquivos de programas\AnalogX\BitPump\ieint.htm

    O8 - Extra context menu item: Similar Pages - res://c:\arquivos de programas\google\GoogleToolbar1.dll/cmsimilar.html

    O8 - Extra context menu item: Tradu&zir - file://C:\Arquivos de programas\Kounen\TraduzWeb\2.0p\bin\tw.html

    O8 - Extra context menu item: Translate Page into English - res://c:\arquivos de programas\google\GoogleToolbar1.dll/cmtrans.html

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

    O9 - Extra button: Barra do iG - {FD1672E0-AE0D-465B-B345-F7B0944A121D} - C:\ARQUIV~1\IGV6\igshop.dll (file missing)

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

    O17 - HKLM\System\CCS\Services\Tcpip\..\{3F25691D-EC65-4191-84C1-A01EAB68C804}: NameServer = 200.204.0.138 200.204.0.10

    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

    O23 - Service: avast! Antivirus - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

    O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

    O23 - Service: FreezeScreenSaver - Unknown owner - C:\WINDOWS\system32\FreezeScreenSaver.exe

    O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\Paschoal\CONFIG~1\Temp\hpdj.exe (file missing)

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe

    O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe

    O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe

    O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Arquivos de programas\National Instruments\MAX\nimxs.exe

    O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Arquivos de programas\National Instruments\Shared\Security\nidmsrv.exe

    O23 - Service: NILM License Manager (NILM License manager) - Macrovision Corporation - C:\Arquivos de programas\National Instruments\shared\License Manager\Bin\lmgrd.exe

    O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe

    O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments, Inc. - C:\Arquivos de programas\National Instruments\Shared\Tagger\tagsrv.exe

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    - Abra o HijackThis, clique em Do a system scan only, marque a entrada abaixo e clique em Fix checked:

    • O8 - Extra context menu item: &Search -
    http://bar.mywebsearch.com/menusearch.html?p=ZRxdm069YYBR

    - No mais o log está limpo;

    - Desative e ative novamente a Restauração do Sistema. Abra o Painel de Controle > Sistema > Restauração do Sistema. Marque: Desativar a restauração do sistema, clique em Aplicar e Ok. Em seguida desmarque novamente a opção e clique em Aplicar e Ok;

    - Leia o artigo Proteja seu PC para mais informações sobre como evitar infecções.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Cacetada,meu. Josemelo, o bicho continua lá! e agora?

    Obrigado. :muro::ahh:

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Ai está

    Logfile of HijackThis v1.99.1

    Scan saved at 20:51:11, on 10/3/2006

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

    C:\WINDOWS\system32\lkcitdl.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\lkads.exe

    C:\WINDOWS\system32\lktsrv.exe

    C:\Arquivos de programas\National Instruments\MAX\nimxs.exe

    C:\Arquivos de programas\National Instruments\Shared\Security\nidmsrv.exe

    C:\WINDOWS\system32\nisvcloc.exe

    C:\Arquivos de programas\National Instruments\Shared\Tagger\tagsrv.exe

    C:\WINDOWS\system32\pctspk.exe

    C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

    C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

    C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

    C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

    C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe

    C:\WINDOWS\system32\keyhook.exe

    C:\WINDOWS\SOUNDMAN.EXE

    C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe

    C:\Arquivos de programas\QuickTime\qttask.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Arquivos de programas\Hamachi\hamachi.exe

    C:\Arquivos de programas\No-IP\DUC20.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

    C:\Arquivos de programas\Discador itelefonica\DiscadorCompitelefonica.exe

    C:\Arquivos de programas\Internet Explorer\iexplore.exe

    C:\ARQUIV~1\KOUNEN\TRADUZ~1\2.0p\bin\TRADUZ.EXE

    C:\Nova pasta\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.altavista.com/

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.altavista.com/

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    O2 - BHO: TraduzWeb - {2d43d3a0-ec29-11d2-8ade-0020182cecb3} - C:\Arquivos de programas\Kounen\TraduzWeb\2.0p\bin\TWeb.dll

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

    O3 - Toolbar: &iG - {7EEF1E3D-FD97-4401-BCDB-5827F2D11709} - C:\ARQUIV~1\IGV6\igshop.dll (file missing)

    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

    O3 - Toolbar: Tradu&zWeb - {2d43d3a4-ec29-11d2-8ade-0020182cecb3} - C:\Arquivos de programas\Kounen\TraduzWeb\2.0p\bin\TWeb.dll

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

    O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

    O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

    O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

    O4 - HKLM\..\Run: [DeviceDiscovery] C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

    O4 - HKLM\..\Run: [iSUSPM Startup] C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

    O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

    O4 - HKLM\..\Run: [DicWink] "C:\Arquivos de programas\DicWink\DicWink.exe" tray

    O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe

    O4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe

    O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

    O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [sysBrand] "C:\ARQUIV~1\IGV6\sysbrand.exe"

    O4 - HKCU\..\Run: [CorretorEuropa2k4] "C:\Arquivos de programas\CorretorPortugues\corretor.exe" minimize

    O4 - HKCU\..\Run: [TraduzU.exe] C:\ARQUIV~1\KOUNEN\TRADUZ~1\2.0p\bin\TraduzU.exe

    O4 - Startup: No-IP DUC.lnk = C:\Arquivos de programas\No-IP\DUC20.exe

    O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

    O4 - Global Startup: hamachi.lnk = C:\Arquivos de programas\Hamachi\hamachi.exe

    O8 - Extra context menu item: &Google Search - res://c:\arquivos de programas\google\GoogleToolbar1.dll/cmsearch.html

    O8 - Extra context menu item: &Translate English Word - res://c:\arquivos de programas\google\GoogleToolbar1.dll/cmwordtrans.html

    O8 - Extra context menu item: Backward Links - res://c:\arquivos de programas\google\GoogleToolbar1.dll/cmbacklinks.html

    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\arquivos de programas\google\GoogleToolbar1.dll/cmcache.html

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

    O8 - Extra context menu item: Open with BitPump - C:\Arquivos de programas\AnalogX\BitPump\ieint.htm

    O8 - Extra context menu item: Similar Pages - res://c:\arquivos de programas\google\GoogleToolbar1.dll/cmsimilar.html

    O8 - Extra context menu item: Tradu&zir - file://C:\Arquivos de programas\Kounen\TraduzWeb\2.0p\bin\tw.html

    O8 - Extra context menu item: Translate Page into English - res://c:\arquivos de programas\google\GoogleToolbar1.dll/cmtrans.html

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

    O9 - Extra button: Barra do iG - {FD1672E0-AE0D-465B-B345-F7B0944A121D} - C:\ARQUIV~1\IGV6\igshop.dll (file missing)

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

    O17 - HKLM\System\CCS\Services\Tcpip\..\{3F25691D-EC65-4191-84C1-A01EAB68C804}: NameServer = 200.204.0.138 200.204.0.10

    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

    O23 - Service: avast! Antivirus - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

    O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

    O23 - Service: FreezeScreenSaver - Unknown owner - C:\WINDOWS\system32\FreezeScreenSaver.exe

    O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\Paschoal\CONFIG~1\Temp\hpdj.exe (file missing)

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe

    O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe

    O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe

    O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Arquivos de programas\National Instruments\MAX\nimxs.exe

    O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Arquivos de programas\National Instruments\Shared\Security\nidmsrv.exe

    O23 - Service: NILM License Manager (NILM License manager) - Macrovision Corporation - C:\Arquivos de programas\National Instruments\shared\License Manager\Bin\lmgrd.exe

    O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe

    O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments, Inc. - C:\Arquivos de programas\National Instruments\Shared\Tagger\tagsrv.exe

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    - Faça o download do Killbox e execute-o, marque a opção Delete on Reboot. Em Full Path of File to Delete, coloque:

      • C:\WINDOWS\system32\FreezeScreenSaver.exe

    • Clique no X e em Não.

    - Reinicie o computador em modo seguro (pressione F8 durante a inicialização);

    - Digite no Executar services.msc, localize o serviço FreezeScreenSaver, dê um duplo clique e escolha Desativado. Clique também em Parar;

    - Abra o HijackThis, clique em Open the Misc Tools Section e em Delete an NT Services..., coloque o serviço FreezeScreenSaver e clique em Ok. Quando perguntado se deseja reiniciar agora, clique em Não;

    - Reinicie, gere novo log e cole na sua resposta.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Novo Log

    Logfile of HijackThis v1.99.1

    Scan saved at 23:42:13, on 10/3/2006

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

    C:\WINDOWS\system32\lkcitdl.exe

    C:\WINDOWS\system32\lkads.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\lktsrv.exe

    C:\Arquivos de programas\National Instruments\MAX\nimxs.exe

    C:\Arquivos de programas\National Instruments\Shared\Security\nidmsrv.exe

    C:\WINDOWS\system32\nisvcloc.exe

    C:\Arquivos de programas\National Instruments\Shared\Tagger\tagsrv.exe

    C:\WINDOWS\system32\pctspk.exe

    C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

    C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

    C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

    C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

    C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe

    C:\WINDOWS\system32\keyhook.exe

    C:\WINDOWS\SOUNDMAN.EXE

    C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe

    C:\Arquivos de programas\QuickTime\qttask.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\ARQUIV~1\KOUNEN\TRADUZ~1\2.0p\bin\TraduzU.exe

    C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

    C:\Arquivos de programas\Hamachi\hamachi.exe

    C:\Arquivos de programas\No-IP\DUC20.exe

    C:\WINDOWS\system32\svchost.exe

    C:\ARQUIV~1\KOUNEN\TRADUZ~1\2.0p\bin\TRADUZ.EXE

    C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\Nova pasta\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.altavista.com/

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.altavista.com/

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    O2 - BHO: TraduzWeb - {2d43d3a0-ec29-11d2-8ade-0020182cecb3} - C:\Arquivos de programas\Kounen\TraduzWeb\2.0p\bin\TWeb.dll

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

    O3 - Toolbar: &iG - {7EEF1E3D-FD97-4401-BCDB-5827F2D11709} - C:\ARQUIV~1\IGV6\igshop.dll (file missing)

    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

    O3 - Toolbar: Tradu&zWeb - {2d43d3a4-ec29-11d2-8ade-0020182cecb3} - C:\Arquivos de programas\Kounen\TraduzWeb\2.0p\bin\TWeb.dll

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

    O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

    O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

    O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

    O4 - HKLM\..\Run: [DeviceDiscovery] C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

    O4 - HKLM\..\Run: [iSUSPM Startup] C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

    O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

    O4 - HKLM\..\Run: [DicWink] "C:\Arquivos de programas\DicWink\DicWink.exe" tray

    O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe

    O4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe

    O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

    O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [sysBrand] "C:\ARQUIV~1\IGV6\sysbrand.exe"

    O4 - HKCU\..\Run: [CorretorEuropa2k4] "C:\Arquivos de programas\CorretorPortugues\corretor.exe" minimize

    O4 - HKCU\..\Run: [TraduzU.exe] C:\ARQUIV~1\KOUNEN\TRADUZ~1\2.0p\bin\TraduzU.exe

    O4 - Startup: No-IP DUC.lnk = C:\Arquivos de programas\No-IP\DUC20.exe

    O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

    O4 - Global Startup: hamachi.lnk = C:\Arquivos de programas\Hamachi\hamachi.exe

    O8 - Extra context menu item: &Google Search - res://c:\arquivos de programas\google\GoogleToolbar1.dll/cmsearch.html

    O8 - Extra context menu item: &Translate English Word - res://c:\arquivos de programas\google\GoogleToolbar1.dll/cmwordtrans.html

    O8 - Extra context menu item: Backward Links - res://c:\arquivos de programas\google\GoogleToolbar1.dll/cmbacklinks.html

    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\arquivos de programas\google\GoogleToolbar1.dll/cmcache.html

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

    O8 - Extra context menu item: Open with BitPump - C:\Arquivos de programas\AnalogX\BitPump\ieint.htm

    O8 - Extra context menu item: Similar Pages - res://c:\arquivos de programas\google\GoogleToolbar1.dll/cmsimilar.html

    O8 - Extra context menu item: Tradu&zir - file://C:\Arquivos de programas\Kounen\TraduzWeb\2.0p\bin\tw.html

    O8 - Extra context menu item: Translate Page into English - res://c:\arquivos de programas\google\GoogleToolbar1.dll/cmtrans.html

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

    O9 - Extra button: Barra do iG - {FD1672E0-AE0D-465B-B345-F7B0944A121D} - C:\ARQUIV~1\IGV6\igshop.dll (file missing)

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

    O23 - Service: avast! Antivirus - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

    O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

    O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\Paschoal\CONFIG~1\Temp\hpdj.exe (file missing)

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe

    O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe

    O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe

    O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Arquivos de programas\National Instruments\MAX\nimxs.exe

    O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Arquivos de programas\National Instruments\Shared\Security\nidmsrv.exe

    O23 - Service: NILM License Manager (NILM License manager) - Macrovision Corporation - C:\Arquivos de programas\National Instruments\shared\License Manager\Bin\lmgrd.exe

    O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe

    O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments, Inc. - C:\Arquivos de programas\National Instruments\Shared\Tagger\tagsrv.exe

    Obrigado

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Josemelo, como eu não entendo muito desse negócio chamado "Computador", eu cliquei, com o botão direito do mouse, e em propriedades eu anotei isso: Protocolo HTTP

    Endereço: http://scripts.dlv4.com/common/module.php?

    Url: login=672125&brokerid=&extlogin=&customid=4253&n

    Não sei se isso ajuda em alguma coisa, mas...

    Obrigado

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Sim, Josemelo. Veja, ao abrir este quadro para lhe responder já fui invadido pela PopUp.

    Obrigado. :muro:

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Faça o download do F-Secure Blacklight:

    http://www.europe.f-secure.com/exclude/blacklight/blbeta.exe

    Salve-o na área de trabalho e execute-o. Aceite o acordo.

    Se ele encontrar qualquer arquivo, ignore. Queremos apenas o log.

    Ao final do scan, cole o arquivo fsb-xxxxx.log (onde xxx são números) na sua resposta.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Josemelo, estou em dúvida. Você falou números?

    No bloco de notas fsbl- 20060311162305 - está ai.

    03/11/06 13:23:05 [info]: BlackLight Engine 1.0.33 initialized

    03/11/06 13:23:05 [info]: OS: 5.1 build 2600 (Service Pack 2)

    03/11/06 13:23:05 [Note]: 7019 4

    03/11/06 13:23:05 [Note]: 7005 0

    03/11/06 13:23:13 [Note]: 7006 0

    03/11/06 13:23:13 [Note]: 7011 1332

    03/11/06 13:23:13 [Note]: 7024 3

    03/11/06 13:23:13 [info]: Hidden process: C:\windows\system32\etucoxygl.exe

    03/11/06 13:23:14 [Note]: FSRAW library version 1.7.1015

    03/11/06 13:23:20 [info]: Hidden file: C:\WINDOWS\SYSTEM32\MSCLOC~1.DLL

    03/11/06 13:23:20 [info]: Hidden file: C:\WINDOWS\SYSTEM32\ETUCOX~1.EXE

    03/11/06 13:23:20 [info]: Hidden file: C:\WINDOWS\SYSTEM32\ETUCOX~1.DAT

    03/11/06 13:23:21 [info]: Hidden file: C:\WINDOWS\SYSTEM32\ETUCOX~2.DAT

    03/11/06 13:23:21 [info]: Hidden file: C:\WINDOWS\SYSTEM32\MSPLOC~1.DLL

    03/11/06 13:23:21 [info]: Hidden file: C:\WINDOWS\SYSTEM32\ET72D7~1.DAT

    03/11/06 13:24:12 [Note]: 7007 0

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    - Execute o Killbox:

    • Marque a opção Delete on Reboot. Copie a lista abaixo para área de transferência (selecione e clique em Editar > Copiar ou pressione Ctrl + C).

      • C:\windows\system32\etucoxygl.exe
        C:\WINDOWS\SYSTEM32\MSCLOC~1.DLL
        C:\WINDOWS\SYSTEM32\ETUCOX~1.EXE
        C:\WINDOWS\SYSTEM32\ETUCOX~1.DAT
        C:\WINDOWS\SYSTEM32\ETUCOX~2.DAT
        C:\WINDOWS\SYSTEM32\MSPLOC~1.DLL
        C:\WINDOWS\SYSTEM32\ET72D7~1.DAT

    • Volte ao KillBox. Clique em File > Paste from clipboard. Clique no botão All Files.
    • Clique no X e responda Não à pergunta.

    - Reinicie e veja se o problema ainda ocorre.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Infelizmente, continua o problema. Obrigado

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Faça um novo scan com o F-Secure Blacklight e cole o log na sua resposta.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Aqui está

    03/11/06 21:06:51 [info]: BlackLight Engine 1.0.33 initialized

    03/11/06 21:06:51 [info]: OS: 5.1 build 2600 (Service Pack 2)

    03/11/06 21:06:51 [Note]: 7019 4

    03/11/06 21:06:51 [Note]: 7005 0

    03/11/06 21:06:54 [Note]: 7006 0

    03/11/06 21:06:54 [Note]: 7011 1496

    03/11/06 21:06:55 [Note]: FSRAW library version 1.7.1015

    03/11/06 21:07:45 [Note]: 7007 0

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Olá, Josemelo. Pela 4ª vez, tentei executar o PandaActiveScan, mas meu anti-virus (Avast) detectou virus, e interrompeu a operação. (Malware - Win32:Ctx - Versão 0610-2 de 10/03/06.

    Independente disso, veja o que está acontecendo. Notei que nesses dois últimos dias, o "Invasor" deixou de atuar. Não está mais aparecendo as PopUp invasoras. Porém, eu percebi que o meu anti-virus, quando indica que escaneou 16.000, dá uma travada. As vezes, a tela de descanso, (Marine Aquarium) também para. Dou um Ctrl+Alt+Delete e volta a funcionar. No mais não notei nada de diferente. Você acha que eu devo desinstalar o Avast e reinstala-lo?

    Obrigado. :priv:

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    - Para que você possa executar o scan online deverá permitir a instalação dos controles activeX. Alguns antivírus detectam os controles como malwares mas os arquivos são seguros.

    - Os malwares que estavam atuando no seu PC atuavam como rootkits e talvez tenham comprometido o antivírus. Faça a desinstalação e uma nova instalação.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Crie uma conta ou entre para comentar

    Você precisar ser um membro para fazer um comentário

    Entre para seguir isso  





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×