Janela "indiscreta"

[Paska]

Olá, pessoal. De uma hora para outra apareceu uma janela "indiscreta" que insiste em abrir, sem o meu consentimento, e as vezes se sobrepõe aos programas diversos. Já passei o AD-Aware, Ewido anti-Malware, Avast , mas o bicho continua a me infernizar. As vezes, aparece um ícone, do tal bicho, junto ao relógio do Windows. Alguém sabe de algum remédio para isso?

[JoseMelo]

- Faça o download do HijackThis

- Crie uma nova pasta em C:\ e coloque o programa dentro dela;

- Abra o HijackThis, clique em Do a system scan and save a logfile;

- Copie o log salvo na pasta HijackThis e cole na sua resposta.

[Paska]

Log do HijackThis!

Logfile of HijackThis v1.99.1

Scan saved at 13:24:03, on 9/3/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\lkcitdl.exe

C:\WINDOWS\system32\lkads.exe

C:\WINDOWS\system32\lktsrv.exe

C:\Arquivos de programas\National Instruments\MAX\nimxs.exe

C:\Arquivos de programas\National Instruments\Shared\Security\nidmsrv.exe

C:\WINDOWS\system32\nisvcloc.exe

C:\Arquivos de programas\National Instruments\Shared\Tagger\tagsrv.exe

C:\WINDOWS\system32\pctspk.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe

C:\WINDOWS\system32\keyhook.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\Arquivos de programas\DAEMON Tools\daemon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Hamachi\hamachi.exe

C:\Arquivos de programas\No-IP\DUC20.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Discador itelefonica\DiscadorCompitelefonica.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\ARQUIV~1\KOUNEN\TRADUZ~1\2.0p\bin\TRADUZ.EXE

c:\arquiv~1\arquiv~1\instal~1\update~1\isuspm.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\agent.exe

C:\Nova pasta\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.altavista.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.altavista.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: TraduzWeb - {2d43d3a0-ec29-11d2-8ade-0020182cecb3} - C:\Arquivos de programas\Kounen\TraduzWeb\2.0p\bin\TWeb.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: &iG - {7EEF1E3D-FD97-4401-BCDB-5827F2D11709} - C:\ARQUIV~1\IGV6\igshop.dll (file missing)

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Tradu&zWeb - {2d43d3a4-ec29-11d2-8ade-0020182cecb3} - C:\Arquivos de programas\Kounen\TraduzWeb\2.0p\bin\TWeb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

O4 - HKLM\..\Run: [DeviceDiscovery] C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [DicWink] "C:\Arquivos de programas\DicWink\DicWink.exe" tray

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe

O4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe

O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [Picasa Media Detector] C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sysBrand] "C:\ARQUIV~1\IGV6\sysbrand.exe"

O4 - HKCU\..\Run: [CorretorEuropa2k4] "C:\Arquivos de programas\CorretorPortugues\corretor.exe" minimize

O4 - HKCU\..\Run: [TraduzU.exe] C:\ARQUIV~1\KOUNEN\TRADUZ~1\2.0p\bin\TraduzU.exe

O4 - HKCU\..\Run: [instant Access] rundll32.exe EGACCESS4_1059.dll,InstantAccess

O4 - Startup: No-IP DUC.lnk = C:\Arquivos de programas\No-IP\DUC20.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: hamachi.lnk = C:\Arquivos de programas\Hamachi\hamachi.exe

O8 - Extra context menu item: &Google Search - res://c:\arquivos de programas\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZRxdm069YYBR

O8 - Extra context menu item: &Translate English Word - res://c:\arquivos de programas\google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\arquivos de programas\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\arquivos de programas\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Open with BitPump - C:\Arquivos de programas\AnalogX\BitPump\ieint.htm

O8 - Extra context menu item: Similar Pages - res://c:\arquivos de programas\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Tradu&zir - file://C:\Arquivos de programas\Kounen\TraduzWeb\2.0p\bin\tw.html

O8 - Extra context menu item: Translate Page into English - res://c:\arquivos de programas\google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O9 - Extra button: Barra do iG - {FD1672E0-AE0D-465B-B345-F7B0944A121D} - C:\ARQUIV~1\IGV6\igshop.dll (file missing)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: www.archiviosex.net

O15 - Trusted Zone: www.otherchance.com

O15 - Trusted Zone: www.playitalia.com

O15 - Trusted Zone: www.redfunny.com

O15 - Trusted Zone: www.superspots.biz

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{3F25691D-EC65-4191-84C1-A01EAB68C804}: NameServer = 200.204.0.138 200.204.0.10

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: FreezeScreenSaver - Unknown owner - C:\WINDOWS\system32\FreezeScreenSaver.exe

O23 - Service: hpdj - HP - C:\DOCUME~1\Paschoal\CONFIG~1\Temp\hpdj.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe

O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe

O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe

O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Arquivos de programas\National Instruments\MAX\nimxs.exe

O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Arquivos de programas\National Instruments\Shared\Security\nidmsrv.exe

O23 - Service: NILM License Manager (NILM License manager) - Macrovision Corporation - C:\Arquivos de programas\National Instruments\shared\License Manager\Bin\lmgrd.exe

O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe

O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments, Inc. - C:\Arquivos de programas\National Instruments\Shared\Tagger\tagsrv.exe

[JoseMelo]

- Faça o download do DelDomains

• Extraia o DelDomains no desktop, clique com o botão direito do mouse e escolha Instalar. Aparentemente nada irá acontecer.
  

- Faça o download do Brute Force Uninstaller

• Crie uma pasta própria em C:\ para o BFU e extraia o programa para ela;
  
• Dê um duplo clique sobre o BFU.exe
  
• Em Script file to execute, clique no ícone "verde";
• Em "Please enter the full URL to the script you want to download" cole o link: http://metallica.geekstogo.com/EGDACCESS.bfu e clique em Ok;
• Clique em Execute
  
• Quando aparecer a janela Completed script execution, clique em Ok e em Exit.
  

- Reinicie, gere novo log e cole na sua resposta.

[Paska]

Novo Log

# For use with Merijn's Brute Force Uninstaller

# available from http://www.merijn.org/

#

# Script Name: EGDACCESS.BFU

# This script combines the old EGDACCESS.bfu and P2EClient.BFU

# Author: Pieter Arntz

#

# Thanks to ~Mark and Moe31 for their contributions

ProcessKill mailskinner.exe|1

ProcessKillIfContainsText %SYSDIR%\*.exe|qeu_ueAyqes_uew_te|0

ProcessKillIfContainsText %SYSDIR%\*.exe|WaXL5_jp0Ml

RegDeleteKey HKCR\egdhtml.egdialhtml

RegDeleteKey HKCR\egdhtml.egdialhtml.1

RegDeleteKey HKCR\egdialobject.egdial

RegDeleteKey HKCR\EGDialObject.EGDial.1

RegDeleteKey HKCR\eghtmldialer.htmldialer

RegDeleteKey HKCR\eghtmldialer.htmldialer.1

RegDeleteKey HKCR\ieaccess2.iedial

RegDeleteKey HKCR\ieaccess2.iedial.1

RegDeleteKey HKCR\P2ECOM.EGP2ECOM

RegDeleteKey HKCR\P2ECOM.EGP2ECOM.1

RegDeleteKey HKCR\EGAUTH.EGEGAUTH

RegDeleteKey HKCR\EGAUTH.EGEGAUTH.1

RegDeleteKey HKCR\EGCOMSERVICE.EGComSvc

RegDeleteKey HKCR\EGCOMSERVICE.EGComSvc.1

RegDeleteKey HKCR\EGCOMSERVICE2.EGComSvc2

RegDeleteKey HKCR\EGCOMSERVICE2.EGComSvc2.1

RegDeleteKey HKCR\EGCOMLIB.EGComLibrary

RegDeleteKey HKCR\EGCOMLIB.EGComLibrary.1

RegDeleteKey HKCR\Webcam2.VideoProducer

RegDeleteKey HKCR\Webcam2.VideoProducer.1

RegDeleteKey HKCR\CLSID\{01BE5BD7-B2DD-48B3-A759-59265A91E787}

RegDeleteKey HKCR\CLSID\{04CCFF26-7D52-4E42-BF6A-F8ECE0896EB7}

RegDeleteKey HKCR\CLSID\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}

RegDeleteKey HKCR\CLSID\{07C9CFC7-DE33-4A0C-9FFB-CDFBA843B157}

RegDeleteKey HKCR\CLSID\{093F9CF8-0DE1-491C-95D5-5EC257BD4CA3}

RegDeleteKey HKCR\CLSID\{0D1011B3-89C8-4F8E-8693-BB970E2E81E0}

RegDeleteKey HKCR\CLSID\{0DA910BC-6919-489E-B584-D9A4AAC7B8DE}

RegDeleteKey HKCR\CLSID\{0E79192A-C52C-4260-920F-639AC2296203}

RegDeleteKey HKCR\CLSID\{11F1D260-129E-4EB7-B37E-57E3D97A3DF1}

RegDeleteKey HKCR\CLSID\{14325268-79E0-4D2A-89A4-FFFC6E22741E}

RegDeleteKey HKCR\CLSID\{1604DF98-D1A5-44FE-844A-98D6FD0518D0}

RegDeleteKey HKCR\CLSID\{17BFC8DA-B4D6-4DB9-AA40-1CD32EDA9845}

RegDeleteKey HKCR\CLSID\{1CD49DC9-FD88-41FA-B892-47E037267D45}

RegDeleteKey HKCR\CLSID\{1EB17D1C-141D-4D9D-91CB-24D99215851D}

RegDeleteKey HKCR\CLSID\{201D3DA8-B495-4A3B-BEE8-6D8DDCCC5762}

RegDeleteKey HKCR\CLSID\{26D73573-F1B3-48C9-A989-E6CE071957A1}

RegDeleteKey HKCR\CLSID\{2ABE804B-4D3A-41BF-A172-304627874B45}

RegDeleteKey HKCR\CLSID\{2AEEAC34-FD74-4142-B891-4B05C0C03C87}

RegDeleteKey HKCR\CLSID\{2F668A6D-2EC7-4E3A-A485-819E210738D6}

RegDeleteKey HKCR\CLSID\{31DDC1FD-CEA3-4837-A6DC-87E67015ADC9}

RegDeleteKey HKCR\CLSID\{3446598E-00E4-4B5E-99A6-87ECCA8324A2}

RegDeleteKey HKCR\CLSID\{3616F4B5-F6AD-4E67-966A-C218673648A0}

RegDeleteKey HKCR\CLSID\{39EA2F6F-3F50-4F58-9C63-4B3D53B0926E}

RegDeleteKey HKCR\CLSID\{3CD945A2-E413-4956-B9D8-A67FB6A7CB66}

RegDeleteKey HKCR\CLSID\{3DAD912E-D2B9-4323-B7C9-7F2C5CC0C57B}

RegDeleteKey HKCR\CLSID\{469C7080-8EC8-43A6-AD97-45848113743C}

RegDeleteKey HKCR\CLSID\{486E48B5-ABF2-42BB-A327-2679DF3FB822}

RegDeleteKey HKCR\CLSID\{505098FD-5D61-4BC2-9B82-F969D0E932A2}

RegDeleteKey HKCR\CLSID\{50AD557E-3426-41FD-AFDD-2AF39BB1C387}

RegDeleteKey HKCR\CLSID\{54579C3D-A58D-4623-B5B5-465552BDA45B}

RegDeleteKey HKCR\CLSID\{54C75FB0-6B8B-4278-BF7B-77036F15A69E}

RegDeleteKey HKCR\CLSID\{624321F1-0581-49D8-99BD-2E952C2DF31B}

RegDeleteKey HKCR\CLSID\{6AA85413-165C-4200-8154-71166077B22E}

RegDeleteKey HKCR\CLSID\{6AA93DF6-6757-4338-9087-F7601DE18402}

RegDeleteKey HKCR\CLSID\{71CBDCD9-0830-4470-A890-35D364DA352C}

RegDeleteKey HKCR\CLSID\{7504F0D5-644A-4103-9D02-95488B6CB9A1}

RegDeleteKey HKCR\CLSID\{77EF6DBF-3929-4081-AF2E-178D387E211C}

RegDeleteKey HKCR\CLSID\{78F584DF-BBF5-4296-839C-31DE60914DBC}

RegDeleteKey HKCR\CLSID\{83F0D6AA-CD15-46B5-AA4E-BDB506B4AE53}

RegDeleteKey HKCR\CLSID\{8B3B8135-9DAA-40E7-8941-962795F9C1CB}

RegDeleteKey HKCR\CLSID\{8D8BAF56-B581-4B90-A549-C4AC6B03F1BB}

RegDeleteKey HKCR\CLSID\{94742E3F-D9A1-4780-9A87-2FFA43655DA2}

RegDeleteKey HKCR\CLSID\{95460ABD-946A-46FF-9F56-268718323EEE}

RegDeleteKey HKCR\CLSID\{9D6ADDBF-8227-4D36-AE46-116AFBDAFCA0}

RegDeleteKey HKCR\CLSID\{A02780C3-7F77-4E28-855B-28890F3CF37A}

RegDeleteKey HKCR\CLSID\{A1C392A2-B274-46DB-89BE-1FBD476B9C93}

RegDeleteKey HKCR\CLSID\{AFCF364F-F730-4B1E-B2D5-80F9172FBC44}

RegDeleteKey HKCR\CLSID\{B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13}

RegDeleteKey HKCR\CLSID\{B3A5878E-5B4C-4D12-9156-4D7FD8D0AF6C}

RegDeleteKey HKCR\CLSID\{B843DA96-2B2D-447E-90AB-B92929AA11AF}

RegDeleteKey HKCR\CLSID\{BA14D944-0D8C-4F16-A950-6E53EEBB558F}

RegDeleteKey HKCR\CLSID\{BA749BC1-143E-430D-B1DA-1D2AF67A3658}

RegDeleteKey HKCR\CLSID\{BD3653E4-884B-43C4-970B-670802501B7F}

RegDeleteKey HKCR\CLSID\{BE5A7132-329F-4319-B781-2A83BFE51534}

RegDeleteKey HKCR\CLSID\{BFC9677B-8006-4336-9D49-2C797AEFCB9E}

RegDeleteKey HKCR\CLSID\{C2481ED1-9896-4D49-AE90-69858DFDE446}

RegDeleteKey HKCR\CLSID\{C6760A07-A574-4705-B113-7856315922C3}

RegDeleteKey HKCR\CLSID\{CDD8BADE-B4C8-4E97-84B4-1DC9ABAD3EF3}

RegDeleteKey HKCR\CLSID\{CEFB7B49-9652-464F-8AFD-A577C0500F39}

RegDeleteKey HKCR\CLSID\{CF5F84EB-D3FC-4F98-BE3B-F5B56B962CED}

RegDeleteKey HKCR\CLSID\{D24A1963-9951-4153-A340-6648759EB77D}

RegDeleteKey HKCR\CLSID\{D7B59209-0ED9-4986-BD4A-527BE836C6B2}

RegDeleteKey HKCR\CLSID\{D8B94E9A-A34B-4253-BF48-C7CB7F2CFDB0}

RegDeleteKey HKCR\CLSID\{E114CD5B-17CE-4807-890E-7B1EDF9F2E5E}

RegDeleteKey HKCR\CLSID\{E19AB99F-AEC4-4B40-A5CA-F69D22522D77}

RegDeleteKey HKCR\CLSID\{E24E8472-89B7-479F-8AD8-BBD7206A6A02}

RegDeleteKey HKCR\CLSID\{E3943A24-2F83-4505-9AE5-F705E81B50CB}

RegDeleteKey HKCR\CLSID\{E7AE1661-EBEB-492B-AE0D-860DF24174C6}

RegDeleteKey HKCR\CLSID\{EC4AFBF3-4540-4306-AF10-4CAC509EA16B}

RegDeleteKey HKCR\CLSID\{EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1}

RegDeleteKey HKCR\CLSID\{EF4DCD99-D26B-44A4-BA77-CFDCC97E7291}

RegDeleteKey HKCR\CLSID\{EFB23983-5803-4914-ADA3-C0EA2CFBDC37}

RegDeleteKey HKCR\CLSID\{F4653484-F38C-455F-BB15-1175E527754E}

RegDeleteKey HKCR\CLSID\{F72BC3F0-6C20-4793-9DDA-258589D8A907}

RegDeleteKey HKCR\CLSID\{FA83E942-B796-46DE-9155-1632ECC5473B}

RegDeleteKey HKCR\CLSID\{FF521631-31DA-48AC-B4E9-390A7694C906}

RegDeleteKey HKCR\TypeLib\{06EC63CC-4823-4836-ABB8-AB5F3971FA5C}

RegDeleteKey HKCR\TypeLib\{0E594D22-ACE6-43A2-BCDA-BB7C65D3FE8C}

RegDeleteKey HKCR\TypeLib\{1F445F82-42C0-46F3-9A2E-6ADB79046D41}

RegDeleteKey HKCR\TypeLib\{7699AEF9-F83A-44FA-B374-AA02CEDF247D}

RegDeleteKey HKCR\TypeLib\{83F0D6AA-CD15-46B5-AA4E-BDB506B4AE53}

RegDeleteKey HKCR\TypeLib\{AD9B275B-E42D-4C7F-9FFB-29B5FB81688B}

RegDeleteKey HKCR\TypeLib\{E8C88115-4951-425B-8C45-4DFC5A5540EE}

RegDeleteKey HKCR\TypeLib\{F3A257E6-FA04-4B30-A1B6-6B89EB814544}

RegDeleteKey HKCR\Interface\{2E30AC01-99D7-4E9C-B13E-94E1701B0AC9}

RegDeleteKey HKCR\Interface\{2F668A6D-2EC7-4E3A-A485-819E210738D6}

RegDeleteKey HKCR\Interface\{3947AC1D-DB09-4353-BBCC-55B97F5035EF}

RegDeleteKey HKCR\Interface\{62BFAEC2-82A5-4117-A98B-FEA89413D924}

RegDeleteKey HKCR\Interface\{81C2F7F3-F930-455E-9AA5-0876D387C787}

RegDeleteKey HKCR\Interface\{8F0A06F6-DF4D-4D54-B8CA-E8EEDBAE6DDB}

RegDeleteKey HKCR\Interface\{901166A5-F137-4B27-BC4C-CA611DEBDCED}

RegDeleteKey HKCR\Interface\{A58F3D09-4543-4396-8BE7-105F14DD6ED5}

RegDeleteKey HKCR\Interface\{A7B323DA-0D0C-4298-8DE0-4F2AC4773284}

RegDeleteKey HKCR\Interface\{C13FA88A-D264-4BC8-92ED-52EB8181E209}

RegDeleteKey HKCR\Interface\{F8ACA5A0-060A-478A-8368-1407780D2251}

RegDeleteKey HKCU\Software\livesvc

RegDeleteKey HKCU\Software\EGDHTML

RegDeleteKey HKCU\Software\egroup

RegDeleteKey HKCU\Software\P2EClient

RegDeleteKey HKCU\software\egdhtml

RegDeleteKey HKCU\software\mc

RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{01BE5BD7-B2DD-48B3-A759-59265A91E787}

RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{04CCFF26-7D52-4E42-BF6A-F8ECE0896EB7}

RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}

RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{07C9CFC7-DE33-4A0C-9FFB-CDFBA843B157}

RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{093F9CF8-0DE1-491C-95D5-5EC257BD4CA3}

RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0D1011B3-89C8-4F8E-8693-BB970E2E81E0}

RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0DA910BC-6919-489E-B584-D9A4AAC7B8DE}

RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0E79192A-C52C-4260-920F-639AC2296203}

RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{11F1D260-129E-4EB7-B37E-57E3D97A3DF1}

RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{14325268-79E0-4D2A-89A4-FFFC6E22741E}

RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1604DF98-D1A5-44FE-844A-98D6FD0518D0}

RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{17BFC8DA-B4D6-4DB9-AA40-1CD32EDA9845}

RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1CD49DC9-FD88-41FA-B892-47E037267D45}

RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1EB17D1C-141D-4D9D-91CB-24D99215851D}

RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{201D3DA8-B495-4A3B-BEE8-6D8DDCCC5762}

RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{26D73573-F1B3-48C9-A989-E6CE071957A1}

RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2A3DFC59-8A87-49A1-85D1-42903410911F}

RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2ABE804B-4D3A-41BF-A172-304627874B45}

RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2AEEAC34-FD74-4142-B891-4B05C0C03C87}

RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2F668A6D-2EC7-4E3A-A485-819E210738D6}

RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{31DDC1FD-CEA3-4837-A6DC-87E67015ADC9}

RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{3446598E-00E4-4B5E-99A6-87ECCA8324A2}

RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{3616F4B5-F6AD-4E67-966A-C218673648A0}

RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{39EA2F6F-3F50-4F58-9C63-4B3D53B0926E}

RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{3DAD912E-D2B9-4323-B7C9-7F2C5CC0C57B}

RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{469C7080-8EC8-43A6-AD97-45848113743C}

RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{486E48B5-ABF2-42BB-A327-2679DF3FB822}

RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{505098FD-5D61-4BC2-9B82-F969D0E932A2}

RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{50AD557E-3426-41FD-AFDD-2AF39BB1C387}

RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{54579C3D-A58D-4623-B5B5-465552BDA45B}

RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{54C75FB0-6B8B-4278-BF7B-77036F15A69E}

RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{624321F1-0581-49D8-99BD-2E952C2DF31B}

RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6AA85413-165C-4200-8154-71166077B22E}

RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6AA93DF6-6757-4338-9087-F7601DE18402}

RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{71CBDCD9-0830-4470-A890-35D364DA352C}

RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7504F0D5-644A-4103-9D02-95488B6CB9A1}

RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{77EF6DBF-3929-4081-AF2E-178D387E211C}

RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{78F584DF-BBF5-4296-839C-31DE60914DBC}

RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{83F0D6AA-CD15-46B5-AA4E-BDB506B4AE53}

RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{87C1805D-C5AE-4455-AB39-E245BB516136}

RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8B3B8135-9DAA-40E7-8941-962795F9C1CB}

RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8D8BAF56-B581-4B90-A549-C4AC6B03F1BB}

RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{94742E3F-D9A1-4780-9A87-2FFA43655DA2}

RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{95460ABD-946A-46FF-9F56-268718323EEE}

RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{A02780C3-7F77-4E28-855B-28890F3CF37A}

RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{A1C392A2-B274-46DB-89BE-1FBD476B9C93}

RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{AFCF364F-F730-4B1E-B2D5-80F9172FBC44}

RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13}

RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{B3A5878E-5B4C-4D12-9156-4D7FD8D0AF6C}

RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{BA14D944-0D8C-4F16-A950-6E53EEBB558F}

RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{BA749BC1-143E-430D-B1DA-1D2AF67A3658}

RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{BD3653E4-884B-43C4-970B-670802501B7F}

RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{BE5A7132-329F-4319-B781-2A83BFE51534}

RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{BFC9677B-8006-4336-9D49-2C797AEFCB9E}

RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C2481ED1-9896-4D49-AE90-69858DFDE446}

RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C6760A07-A574-4705-B113-7856315922C3}

RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CDD8BADE-B4C8-4E97-84B4-1DC9ABAD3EF3}

RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CEFB7B49-9652-464F-8AFD-A577C0500F39}

RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CF5F84EB-D3FC-4F98-BE3B-F5B56B962CED}

RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D7B59209-0ED9-4986-BD4A-527BE836C6B2}

RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D8B94E9A-A34B-4253-BF48-C7CB7F2CFDB0}

RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E19AB99F-AEC4-4B40-A5CA-F69D22522D77}

RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E114CD5B-17CE-4807-890E-7B1EDF9F2E5E}

RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E24E8472-89B7-479F-8AD8-BBD7206A6A02}

RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E3943A24-2F83-4505-9AE5-F705E81B50CB}

RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E3943A24-2F83-4505-9AE5-F705E81B50CB}

RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E7AE1661-EBEB-492B-AE0D-860DF24174C6}

RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{EC4AFBF3-4540-4306-AF10-4CAC509EA16B}

RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1}

RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{EF4DCD99-D26B-44A4-BA77-CFDCC97E7291}

RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{EFB23983-5803-4914-ADA3-C0EA2CFBDC37}

RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{F4653484-F38C-455F-BB15-1175E527754E}

RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{F72BC3F0-6C20-4793-9DDA-258589D8A907}

RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{FA83E942-B796-46DE-9155-1632ECC5473B}

RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{FF521631-31DA-48AC-B4E9-390A7694C906}

RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{01BE5BD7-B2DD-48B3-A759-59265A91E787}|Compatibility Flags|1024

RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{04CCFF26-7D52-4E42-BF6A-F8ECE0896EB7}|Compatibility Flags|1024

RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}|Compatibility Flags|1024

RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{07C9CFC7-DE33-4A0C-9FFB-CDFBA843B157}|Compatibility Flags|1024

RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{093F9CF8-0DE1-491C-95D5-5EC257BD4CA3}|Compatibility Flags|1024

RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0D1011B3-89C8-4F8E-8693-BB970E2E81E0}|Compatibility Flags|1024

RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0DA910BC-6919-489E-B584-D9A4AAC7B8DE}|Compatibility Flags|1024

RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0E79192A-C52C-4260-920F-639AC2296203}|Compatibility Flags|1024

RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{11F1D260-129E-4EB7-B37E-57E3D97A3DF1}|Compatibility Flags|1024

RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{14325268-79E0-4D2A-89A4-FFFC6E22741E}|Compatibility Flags|1024

RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1604DF98-D1A5-44FE-844A-98D6FD0518D0}|Compatibility Flags|1024

RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{17BFC8DA-B4D6-4DB9-AA40-1CD32EDA9845}|Compatibility Flags|1024

RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1CD49DC9-FD88-41FA-B892-47E037267D45}|Compatibility Flags|1024

RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1EB17D1C-141D-4D9D-91CB-24D99215851D}|Compatibility Flags|1024

RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{201D3DA8-B495-4A3B-BEE8-6D8DDCCC5762}|Compatibility Flags|1024

RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{26D73573-F1B3-48C9-A989-E6CE071957A1}|Compatibility Flags|1024

RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2A3DFC59-8A87-49A1-85D1-42903410911F}|Compatibility Flags|1024

RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2ABE804B-4D3A-41BF-A172-304627874B45}|Compatibility Flags|1024

RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2AEEAC34-FD74-4142-B891-4B05C0C03C87}|Compatibility Flags|1024

RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2F668A6D-2EC7-4E3A-A485-819E210738D6}|Compatibility Flags|1024

RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{31DDC1FD-CEA3-4837-A6DC-87E67015ADC9}|Compatibility Flags|1024

RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3446598E-00E4-4B5E-99A6-87ECCA8324A2}|Compatibility Flags|1024

RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3616F4B5-F6AD-4E67-966A-C218673648A0}|Compatibility Flags|1024

RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{39EA2F6F-3F50-4F58-9C63-4B3D53B0926E}|Compatibility Flags|1024

RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3DAD912E-D2B9-4323-B7C9-7F2C5CC0C57B}|Compatibility Flags|1024

RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{469C7080-8EC8-43A6-AD97-45848113743C}|Compatibility Flags|1024

RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{486E48B5-ABF2-42BB-A327-2679DF3FB822}|Compatibility Flags|1024

RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{505098FD-5D61-4BC2-9B82-F969D0E932A2}|Compatibility Flags|1024

RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{50AD557E-3426-41FD-AFDD-2AF39BB1C387}|Compatibility Flags|1024

RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{54579C3D-A58D-4623-B5B5-465552BDA45B}|Compatibility Flags|1024

RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{54C75FB0-6B8B-4278-BF7B-77036F15A69E}|Compatibility Flags|1024

RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{624321F1-0581-49D8-99BD-2E952C2DF31B}|Compatibility Flags|1024

RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6AA85413-165C-4200-8154-71166077B22E}|Compatibility Flags|1024

RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6AA93DF6-6757-4338-9087-F7601DE18402}|Compatibility Flags|1024

RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{71CBDCD9-0830-4470-A890-35D364DA352C}|Compatibility Flags|1024

RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7504F0D5-644A-4103-9D02-95488B6CB9A1}|Compatibility Flags|1024

RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{77EF6DBF-3929-4081-AF2E-178D387E211C}|Compatibility Flags|1024

RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{78F584DF-BBF5-4296-839C-31DE60914DBC}|Compatibility Flags|1024

RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{83F0D6AA-CD15-46B5-AA4E-BDB506B4AE53}|Compatibility Flags|1024

RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{87C1805D-C5AE-4455-AB39-E245BB516136}|Compatibility Flags|1024

RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8B3B8135-9DAA-40E7-8941-962795F9C1CB}|Compatibility Flags|1024

RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8D8BAF56-B581-4B90-A549-C4AC6B03F1BB}|Compatibility Flags|1024

RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{94742E3F-D9A1-4780-9A87-2FFA43655DA2}|Compatibility Flags|1024

RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{95460ABD-946A-46FF-9F56-268718323EEE}|Compatibility Flags|1024

RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A02780C3-7F77-4E28-855B-28890F3CF37A}|Compatibility Flags|1024

RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A1C392A2-B274-46DB-89BE-1FBD476B9C93}|Compatibility Flags|1024

RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{AFCF364F-F730-4B1E-B2D5-80F9172FBC44}|Compatibility Flags|1024

RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13}|Compatibility Flags|1024

RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B3A5878E-5B4C-4D12-9156-4D7FD8D0AF6C}|Compatibility Flags|1024

RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{BA14D944-0D8C-4F16-A950-6E53EEBB558F}|Compatibility Flags|1024

RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{BA749BC1-143E-430D-B1DA-1D2AF67A3658}|Compatibility Flags|1024

RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{BD3653E4-884B-43C4-970B-670802501B7F}|Compatibility Flags|1024

RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{BE5A7132-329F-4319-B781-2A83BFE51534}|Compatibility Flags|1024

RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{BFC9677B-8006-4336-9D49-2C797AEFCB9E}|Compatibility Flags|1024

RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C2481ED1-9896-4D49-AE90-69858DFDE446}|Compatibility Flags|1024

RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C6760A07-A574-4705-B113-7856315922C3}|Compatibility Flags|1024

RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CDD8BADE-B4C8-4E97-84B4-1DC9ABAD3EF3}|Compatibility Flags|1024

RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CEFB7B49-9652-464F-8AFD-A577C0500F39}|Compatibility Flags|1024

RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CF5F84EB-D3FC-4F98-BE3B-F5B56B962CED}|Compatibility Flags|1024

RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D7B59209-0ED9-4986-BD4A-527BE836C6B2}|Compatibility Flags|1024

RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D8B94E9A-A34B-4253-BF48-C7CB7F2CFDB0}|Compatibility Flags|1024

RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E114CD5B-17CE-4807-890E-7B1EDF9F2E5E}|Compatibility Flags|1024

RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E19AB99F-AEC4-4B40-A5CA-F69D22522D77}|Compatibility Flags|1024

RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E24E8472-89B7-479F-8AD8-BBD7206A6A02}|Compatibility Flags|1024

RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E3943A24-2F83-4505-9AE5-F705E81B50CB}|Compatibility Flags|1024

RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E7AE1661-EBEB-492B-AE0D-860DF24174C6}|Compatibility Flags|1024

RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{EC4AFBF3-4540-4306-AF10-4CAC509EA16B}|Compatibility Flags|1024

RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1}|Compatibility Flags|1024

RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{EF4DCD99-D26B-44A4-BA77-CFDCC97E7291}|Compatibility Flags|1024

RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{EFB23983-5803-4914-ADA3-C0EA2CFBDC37}|Compatibility Flags|1024

RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F4653484-F38C-455F-BB15-1175E527754E}|Compatibility Flags|1024

RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F72BC3F0-6C20-4793-9DDA-258589D8A907}|Compatibility Flags|1024

RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FA83E942-B796-46DE-9155-1632ECC5473B}|Compatibility Flags|1024

RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FF521631-31DA-48AC-B4E9-390A7694C906}|Compatibility Flags|1024

RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Instant Access

RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Instant Access

RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|msupd

RegSetStringValue HKLM\SYSTEM\CurrentControlSet\Services\Winsock\Autodial|AutodialDllName32|wininet.dll

RegSetStringValue HKLM\SYSTEM\CurrentControlSet\Services\Winsock\Autodial|AutodialFcnName32|InternetAutodialCallback

RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Instant Access

DllUnregister %SYSDIR%\MSWBM32.DLL|1

ProcessKillIfContainsText %SYSDIR%\*.exe|qeu_ueAyqes_uew_te|0

ProcessKillIfContainsText %SYSDIR%\*.exe|WaXL5_jp0Ml

FileDelete %SYSTEMDRIVE%\dfuck.ico

FileDelete %SYSTEMDRIVE%\Video Party.ico

FileDelete %ALLUSERSDESKTOP%\Instant Access.lnk

FileDelete %ALLUSERSDESKTOP%\NoCreditCard.lnk

FileDelete %ALLUSERSSTARTMENU%\Instant access.lnk

FileDelete %ALLUSERSSTARTMENU%\NoCreditCard.lnk

FileDelete %WINDIR%\Downloaded Program Files\dhtmlaccess.inf

FileDelete %WINDIR%\Downloaded Program Files\dtc32.inf

FileDelete %WINDIR%\Downloaded Program Files\EGAUTH.inf

FileDelete %WINDIR%\Downloaded Program Files\EGDACCESS.inf

FileDelete %WINDIR%\Downloaded Program Files\EGDACCESS_ASPIV4.inf

FileDelete %WINDIR%\Downloaded Program Files\EGCOMSERVICE_pack.inf

FileDelete %WINDIR%\Downloaded Program Files\egdhtml.inf

FileDelete %WINDIR%\Downloaded Program Files\egdial.dll

FileDelete %WINDIR%\Downloaded Program Files\egdhtml_****.dll

FileDelete %WINDIR%\Downloaded Program Files\egdhtml_pack.inf

FileDelete %WINDIR%\Downloaded Program Files\eghtmldialer.inf

FileDelete %WINDIR%\Downloaded Program Files\eghtmldialer.dll

FileDelete %WINDIR%\Downloaded Program Files\eglivecam_****.dll

FileDelete %WINDIR%\Downloaded Program Files\eglivecam.dll

FileDelete %WINDIR%\Downloaded Program Files\ia.inf

FileDelete %WINDIR%\Downloaded Program Files\ieaccess2.inf

FileDelete %WINDIR%\Downloaded Program Files\ieaccess2.dll

FileDelete %WINDIR%\Downloaded Program Files\netcmp32.inf

FileDelete %WINDIR%\Downloaded Program Files\netia32.inf

FileDelete %WINDIR%\Downloaded Program Files\Netslv32.inf

FileDelete %WINDIR%\Downloaded Program Files\Netslv32.dll

FileDelete %WINDIR%\Downloaded Program Files\netpe32.inf

FileDelete %WINDIR%\Downloaded Program Files\nethv32.inf

FileDelete %WINDIR%\Downloaded Program Files\LiveService.inf

FileDelete %WINDIR%\Downloaded Program Files\one2oneSvc.inf

FileDelete %WINDIR%\Downloaded Program Files\sysnetsvc32.inf

FileDelete %WINDIR%\Downloaded Program Files\syswbsvc32.inf

FileDelete %WINDIR%\Downloaded Program Files\sysinetsvc32.inf

FileDelete %WINDIR%\Downloaded Program Files\sysiasvc32.inf

FileDelete %WINDIR%\access.exe

FileDelete %WINDIR%\dialx.exe

FileDelete %WINDIR%\ExeDialer.exe

FileDelete %WINDIR%\msupd.exe

FileDelete %WINDIR%\tmlpcert2005

FileDelete %WINDIR%\tmlpcert2007

FileDelete %WINDIR%\eg_auth_*.dll

FileDelete %WINDIR%\eg_auth_srv_10*.dll

FileDelete %WINDIR%\eg_auth_srv_mut0*.dll

FileDelete %WINDIR%\ieaccess2.dll

FileDelete %WINDIR%\system\eghtmldialer.dll

FileDelete %WINDIR%\System\ieaccess2.dll

FileDelete %WINDIR%\System\egdial.dll

FileDelete %WINDIR%\p2esocks_10*.dll

FileDelete %SYSDIR%\authclient.exe

FileDelete %SYSDIR%\dhtmlexe.exe

FileDelete %SYSDIR%\eglivecam.exe

FileDelete %SYSDIR%\P2EClient.exe

FileDelete %SYSDIR%\EGACCESS.dll

FileDelete %SYSDIR%\EGACCESS*.dll

FileDelete %SYSDIR%\egaccess4_10*.dll

FileDelete %SYSDIR%\EGDACCESS_*10*.dll

FileDelete %SYSDIR%\EGDACCESS.dll

FileDelete %SYSDIR%\EGDACCESS*.inf

FileDelete %SYSDIR%\EGDHTML2.DLL

FileDelete %SYSDIR%\EGDHTML_*.dll

FileDelete %SYSDIR%\EGAUTH.dll

FileDelete %SYSDIR%\eg_auth_srv_10*.dll

FileDelete %SYSDIR%\EGCOMLIB*.dll

FileDelete %SYSDIR%\EGCOMSERVICE2.dll

FileDelete %SYSDIR%\EGCOMSERVICE_*.dll

FileDelete %SYSDIR%\EGLIVECAM_10*.DLL

FileDelete %SYSDIR%\egdial.dll

FileDelete %SYSDIR%\eglivecam.dll

FileDelete %SYSDIR%\ia.dll

FileDelete %SYSDIR%\ieaccess2.dll

FileDelete %SYSDIR%\LiveService_*.dll

FileDelete %SYSDIR%\msegcompid.dll

FileDelete %SYSDIR%\msclock32.dll

FileDelete %SYSDIR%\msclock32*.dll

FileDelete %SYSDIR%\mservice.dll

FileDelete %SYSDIR%\msplock32.dll

FileDelete %SYSDIR%\msplock32*.dll

FileDelete %SYSDIR%\mswbm32.dll

FileDelete %SYSDIR%\mseggrpid.dll

FileDelete %SYSDIR%\netia32.dll

FileDelete %SYSDIR%\nethv32.dll

FileDelete %SYSDIR%\Netslv32.dll

FileDelete %SYSDIR%\One2OneService.dll

FileDelete %SYSDIR%\one2oneSvc.dll

FileDelete %SYSDIR%\p2esocks_*.dll

FileDelete %SYSDIR%\P2ECOM.dll

FileDelete %SYSDIR%\syswbsvc32.dll

FileDelete %SYSDIR%\sysiasvc32.dll

FileDelete %SYSDIR%\sysinetsvc32.dll

FileDelete %SYSDIR%\svcsysnet32.dll

FileDelete %SYSDIR%\sysnetsvc32.dll

FileDelete %SYSDIR%\backgrd.jpg

FolderDelete %PROGRAMFILES%\dialpass

FolderDelete %PROGRAMFILES%\eghtmldialer

FolderDelete %PROGRAMFILES%\egroup

FolderDelete %PROGRAMFILES%\Instant Access

# mslagent block

DllUnregister %WINDIR%\mslagent\2_mslagent.dll|1

DllUnregister %WINDIR%\navmpc\2_navmpc.dll|1

RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|mslagent

RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|mslagent

RegDeleteKey HKCR\CLSID\{4A6FA2EB-F381-4503-87D0-BE4CC57DEB8E}

RegDeleteKey HKCR\CLSID\{75A603E7-8BB7-4272-ABBE-9846FF1241C1}

RegDeleteKey HKCR\CLSID\{DE614603-6320-4046-A7A7-6A69CEC26F14}

RegDeleteKey HKCR\CLSID\{D7A82A12-05F5-42D8-B30D-6EF995075D2D}

RegDeleteKey HKCR\Interface\{1EF28CC5-8D97-4310-B71B-CA34EE15B897}

RegDeleteKey HKCR\Interface\{43CDAD65-AA0D-4701-8108-117F86613B69}

RegDeleteKey HKCR\Interface\{510C3373-4842-4944-8729-0AFF6725A132}

RegDeleteKey HKCR\Interface\{6D3F48F4-B40A-4C3F-A95C-85E23C3A8A91}

RegDeleteKey HKCR\TypeLib\{5630B768-1C09-4105-9E03-E35985E36B0B}

RegDeleteKey HKCR\TypeLib\{82C0673C-F1D1-47BA-B904-AB0DE82300BC}

RegDeleteKey HKCR\TypeLib\{BA49BD6A-039C-428E-AF33-8C1288D75A7B}

RegDeleteKey HKCR\TypeLib\{CA72BD3D-6044-4429-8C9A-76D90F4B29A8}

RegDeleteKey HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{021BB032-80A8-4FB6-B3D5-CF27B1553B95}

RegDeleteKey HKCR\MagicControl.MagicComponent

RegDeleteKey HKCR\MagicControl.MagicComponent.1

RegDeleteKey HKCR\mslagent.3

RegDeleteKey HKCR\mslagent.3.1

RegDeleteKey HKCR\NaviHelper.NaviHelperObject

RegDeleteKey HKCR\NaviHelper.NaviHelperObject.1

RegDeleteKey HKCR\NaviPromo.EGNaviScoring

RegDeleteKey HKCR\NaviPromo.EGNaviScoring.1

RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\mslagent

RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\navmpc

FolderDelete %WINDIR%\mslagent

FolderDelete %WINDIR%\navmpc

FileDelete %SYSDIR%\msklive.dll

SystemEmptyTempFolder

OptionUseRecycleBin

FileDeleteIfContains Text%SYSDIR%\*.exe|qeu_ueAyqes_uew_te

FileDeleteIfContains Text%SYSDIR%\*.exe|WaXL5_jp0Ml

[JoseMelo]

Ok, por favor, cole um novo log do HijackThis na sua resposta.

[Paska]

Aqui está,

Logfile of HijackThis v1.99.1

Scan saved at 12:29:33, on 10/3/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\pctspk.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\lkcitdl.exe

C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe

C:\WINDOWS\system32\lkads.exe

C:\WINDOWS\system32\keyhook.exe

C:\WINDOWS\system32\lktsrv.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\Arquivos de programas\National Instruments\MAX\nimxs.exe

C:\Arquivos de programas\DAEMON Tools\daemon.exe

C:\Arquivos de programas\National Instruments\Shared\Security\nidmsrv.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\nisvcloc.exe

C:\Arquivos de programas\National Instruments\Shared\Tagger\tagsrv.exe

C:\Arquivos de programas\Hamachi\hamachi.exe

C:\Arquivos de programas\No-IP\DUC20.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

c:\arquiv~1\arquiv~1\instal~1\update~1\isuspm.exe

C:\Arquivos de programas\Discador itelefonica\DiscadorCompitelefonica.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\agent.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\ARQUIV~1\KOUNEN\TRADUZ~1\2.0p\bin\TRADUZ.EXE

C:\Nova pasta\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.altavista.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.altavista.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: TraduzWeb - {2d43d3a0-ec29-11d2-8ade-0020182cecb3} - C:\Arquivos de programas\Kounen\TraduzWeb\2.0p\bin\TWeb.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: &iG - {7EEF1E3D-FD97-4401-BCDB-5827F2D11709} - C:\ARQUIV~1\IGV6\igshop.dll (file missing)

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Tradu&zWeb - {2d43d3a4-ec29-11d2-8ade-0020182cecb3} - C:\Arquivos de programas\Kounen\TraduzWeb\2.0p\bin\TWeb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

O4 - HKLM\..\Run: [DeviceDiscovery] C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [DicWink] "C:\Arquivos de programas\DicWink\DicWink.exe" tray

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe

O4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe

O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [Picasa Media Detector] C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sysBrand] "C:\ARQUIV~1\IGV6\sysbrand.exe"

O4 - HKCU\..\Run: [CorretorEuropa2k4] "C:\Arquivos de programas\CorretorPortugues\corretor.exe" minimize

O4 - HKCU\..\Run: [TraduzU.exe] C:\ARQUIV~1\KOUNEN\TRADUZ~1\2.0p\bin\TraduzU.exe

O4 - Startup: No-IP DUC.lnk = C:\Arquivos de programas\No-IP\DUC20.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: hamachi.lnk = C:\Arquivos de programas\Hamachi\hamachi.exe

O8 - Extra context menu item: &Google Search - res://c:\arquivos de programas\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZRxdm069YYBR

O8 - Extra context menu item: &Translate English Word - res://c:\arquivos de programas\google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\arquivos de programas\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\arquivos de programas\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Open with BitPump - C:\Arquivos de programas\AnalogX\BitPump\ieint.htm

O8 - Extra context menu item: Similar Pages - res://c:\arquivos de programas\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Tradu&zir - file://C:\Arquivos de programas\Kounen\TraduzWeb\2.0p\bin\tw.html

O8 - Extra context menu item: Translate Page into English - res://c:\arquivos de programas\google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O9 - Extra button: Barra do iG - {FD1672E0-AE0D-465B-B345-F7B0944A121D} - C:\ARQUIV~1\IGV6\igshop.dll (file missing)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{3F25691D-EC65-4191-84C1-A01EAB68C804}: NameServer = 200.204.0.138 200.204.0.10

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: FreezeScreenSaver - Unknown owner - C:\WINDOWS\system32\FreezeScreenSaver.exe

O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\Paschoal\CONFIG~1\Temp\hpdj.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe

O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe

O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe

O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Arquivos de programas\National Instruments\MAX\nimxs.exe

O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Arquivos de programas\National Instruments\Shared\Security\nidmsrv.exe

O23 - Service: NILM License Manager (NILM License manager) - Macrovision Corporation - C:\Arquivos de programas\National Instruments\shared\License Manager\Bin\lmgrd.exe

O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe

O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments, Inc. - C:\Arquivos de programas\National Instruments\Shared\Tagger\tagsrv.exe

[JoseMelo]

- Abra o HijackThis, clique em Do a system scan only, marque a entrada abaixo e clique em Fix checked:

• O8 - Extra context menu item: &Search -

http://bar.mywebsearch.com/menusearch.html?p=ZRxdm069YYBR

- No mais o log está limpo;

- Desative e ative novamente a Restauração do Sistema. Abra o Painel de Controle > Sistema > Restauração do Sistema. Marque: Desativar a restauração do sistema, clique em Aplicar e Ok. Em seguida desmarque novamente a opção e clique em Aplicar e Ok;

- Leia o artigo Proteja seu PC para mais informações sobre como evitar infecções.

[Paska]

Cacetada,meu. Josemelo, o bicho continua lá! e agora?

Obrigado.

[JoseMelo]

Por favor, cole um novo log do HijackThis na sua resposta.

[Paska]

Ai está

Logfile of HijackThis v1.99.1

Scan saved at 20:51:11, on 10/3/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\lkcitdl.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\lkads.exe

C:\WINDOWS\system32\lktsrv.exe

C:\Arquivos de programas\National Instruments\MAX\nimxs.exe

C:\Arquivos de programas\National Instruments\Shared\Security\nidmsrv.exe

C:\WINDOWS\system32\nisvcloc.exe

C:\Arquivos de programas\National Instruments\Shared\Tagger\tagsrv.exe

C:\WINDOWS\system32\pctspk.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe

C:\WINDOWS\system32\keyhook.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Hamachi\hamachi.exe

C:\Arquivos de programas\No-IP\DUC20.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Discador itelefonica\DiscadorCompitelefonica.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\ARQUIV~1\KOUNEN\TRADUZ~1\2.0p\bin\TRADUZ.EXE

C:\Nova pasta\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.altavista.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.altavista.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: TraduzWeb - {2d43d3a0-ec29-11d2-8ade-0020182cecb3} - C:\Arquivos de programas\Kounen\TraduzWeb\2.0p\bin\TWeb.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: &iG - {7EEF1E3D-FD97-4401-BCDB-5827F2D11709} - C:\ARQUIV~1\IGV6\igshop.dll (file missing)

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Tradu&zWeb - {2d43d3a4-ec29-11d2-8ade-0020182cecb3} - C:\Arquivos de programas\Kounen\TraduzWeb\2.0p\bin\TWeb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

O4 - HKLM\..\Run: [DeviceDiscovery] C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [DicWink] "C:\Arquivos de programas\DicWink\DicWink.exe" tray

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe

O4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe

O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [Picasa Media Detector] C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sysBrand] "C:\ARQUIV~1\IGV6\sysbrand.exe"

O4 - HKCU\..\Run: [CorretorEuropa2k4] "C:\Arquivos de programas\CorretorPortugues\corretor.exe" minimize

O4 - HKCU\..\Run: [TraduzU.exe] C:\ARQUIV~1\KOUNEN\TRADUZ~1\2.0p\bin\TraduzU.exe

O4 - Startup: No-IP DUC.lnk = C:\Arquivos de programas\No-IP\DUC20.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: hamachi.lnk = C:\Arquivos de programas\Hamachi\hamachi.exe

O8 - Extra context menu item: &Google Search - res://c:\arquivos de programas\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\arquivos de programas\google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\arquivos de programas\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\arquivos de programas\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Open with BitPump - C:\Arquivos de programas\AnalogX\BitPump\ieint.htm

O8 - Extra context menu item: Similar Pages - res://c:\arquivos de programas\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Tradu&zir - file://C:\Arquivos de programas\Kounen\TraduzWeb\2.0p\bin\tw.html

O8 - Extra context menu item: Translate Page into English - res://c:\arquivos de programas\google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O9 - Extra button: Barra do iG - {FD1672E0-AE0D-465B-B345-F7B0944A121D} - C:\ARQUIV~1\IGV6\igshop.dll (file missing)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{3F25691D-EC65-4191-84C1-A01EAB68C804}: NameServer = 200.204.0.138 200.204.0.10

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: FreezeScreenSaver - Unknown owner - C:\WINDOWS\system32\FreezeScreenSaver.exe

O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\Paschoal\CONFIG~1\Temp\hpdj.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe

O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe

O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe

O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Arquivos de programas\National Instruments\MAX\nimxs.exe

O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Arquivos de programas\National Instruments\Shared\Security\nidmsrv.exe

O23 - Service: NILM License Manager (NILM License manager) - Macrovision Corporation - C:\Arquivos de programas\National Instruments\shared\License Manager\Bin\lmgrd.exe

O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe

O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments, Inc. - C:\Arquivos de programas\National Instruments\Shared\Tagger\tagsrv.exe

[JoseMelo]

- Faça o download do Killbox e execute-o, marque a opção Delete on Reboot. Em Full Path of File to Delete, coloque:

• • C:\WINDOWS\system32\FreezeScreenSaver.exe

• Clique no X e em Não.
  

- Reinicie o computador em modo seguro (pressione F8 durante a inicialização);

- Digite no Executar services.msc, localize o serviço FreezeScreenSaver, dê um duplo clique e escolha Desativado. Clique também em Parar;

- Abra o HijackThis, clique em Open the Misc Tools Section e em Delete an NT Services..., coloque o serviço FreezeScreenSaver e clique em Ok. Quando perguntado se deseja reiniciar agora, clique em Não;

- Reinicie, gere novo log e cole na sua resposta.

[Paska]

Novo Log

Logfile of HijackThis v1.99.1

Scan saved at 23:42:13, on 10/3/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\lkcitdl.exe

C:\WINDOWS\system32\lkads.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\lktsrv.exe

C:\Arquivos de programas\National Instruments\MAX\nimxs.exe

C:\Arquivos de programas\National Instruments\Shared\Security\nidmsrv.exe

C:\WINDOWS\system32\nisvcloc.exe

C:\Arquivos de programas\National Instruments\Shared\Tagger\tagsrv.exe

C:\WINDOWS\system32\pctspk.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe

C:\WINDOWS\system32\keyhook.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\WINDOWS\system32\ctfmon.exe

C:\ARQUIV~1\KOUNEN\TRADUZ~1\2.0p\bin\TraduzU.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Arquivos de programas\Hamachi\hamachi.exe

C:\Arquivos de programas\No-IP\DUC20.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\KOUNEN\TRADUZ~1\2.0p\bin\TRADUZ.EXE

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Nova pasta\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.altavista.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.altavista.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: TraduzWeb - {2d43d3a0-ec29-11d2-8ade-0020182cecb3} - C:\Arquivos de programas\Kounen\TraduzWeb\2.0p\bin\TWeb.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: &iG - {7EEF1E3D-FD97-4401-BCDB-5827F2D11709} - C:\ARQUIV~1\IGV6\igshop.dll (file missing)

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Tradu&zWeb - {2d43d3a4-ec29-11d2-8ade-0020182cecb3} - C:\Arquivos de programas\Kounen\TraduzWeb\2.0p\bin\TWeb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

O4 - HKLM\..\Run: [DeviceDiscovery] C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [DicWink] "C:\Arquivos de programas\DicWink\DicWink.exe" tray

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe

O4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe

O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [Picasa Media Detector] C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sysBrand] "C:\ARQUIV~1\IGV6\sysbrand.exe"

O4 - HKCU\..\Run: [CorretorEuropa2k4] "C:\Arquivos de programas\CorretorPortugues\corretor.exe" minimize

O4 - HKCU\..\Run: [TraduzU.exe] C:\ARQUIV~1\KOUNEN\TRADUZ~1\2.0p\bin\TraduzU.exe

O4 - Startup: No-IP DUC.lnk = C:\Arquivos de programas\No-IP\DUC20.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: hamachi.lnk = C:\Arquivos de programas\Hamachi\hamachi.exe

O8 - Extra context menu item: &Google Search - res://c:\arquivos de programas\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\arquivos de programas\google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\arquivos de programas\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\arquivos de programas\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Open with BitPump - C:\Arquivos de programas\AnalogX\BitPump\ieint.htm

O8 - Extra context menu item: Similar Pages - res://c:\arquivos de programas\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Tradu&zir - file://C:\Arquivos de programas\Kounen\TraduzWeb\2.0p\bin\tw.html

O8 - Extra context menu item: Translate Page into English - res://c:\arquivos de programas\google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O9 - Extra button: Barra do iG - {FD1672E0-AE0D-465B-B345-F7B0944A121D} - C:\ARQUIV~1\IGV6\igshop.dll (file missing)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\Paschoal\CONFIG~1\Temp\hpdj.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe

O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe

O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe

O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Arquivos de programas\National Instruments\MAX\nimxs.exe

O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Arquivos de programas\National Instruments\Shared\Security\nidmsrv.exe

O23 - Service: NILM License Manager (NILM License manager) - Macrovision Corporation - C:\Arquivos de programas\National Instruments\shared\License Manager\Bin\lmgrd.exe

O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe

O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments, Inc. - C:\Arquivos de programas\National Instruments\Shared\Tagger\tagsrv.exe

Obrigado

[Paska]

Josemelo, como eu não entendo muito desse negócio chamado "Computador", eu cliquei, com o botão direito do mouse, e em propriedades eu anotei isso: Protocolo HTTP

Endereço: http://scripts.dlv4.com/common/module.php?

Url: login=672125&brokerid=&extlogin=&customid=4253&n

Não sei se isso ajuda em alguma coisa, mas...

Obrigado

[JoseMelo]

O log está limpo. O problema ainda ocorre?

[Paska]

Sim, Josemelo. Veja, ao abrir este quadro para lhe responder já fui invadido pela PopUp.

Obrigado.

[JoseMelo]

Faça o download do F-Secure Blacklight:

http://www.europe.f-secure.com/exclude/blacklight/blbeta.exe

Salve-o na área de trabalho e execute-o. Aceite o acordo.

Se ele encontrar qualquer arquivo, ignore. Queremos apenas o log.

Ao final do scan, cole o arquivo fsb-xxxxx.log (onde xxx são números) na sua resposta.

[Paska]

Josemelo, estou em dúvida. Você falou números?

No bloco de notas fsbl- 20060311162305 - está ai.

03/11/06 13:23:05 [info]: BlackLight Engine 1.0.33 initialized

03/11/06 13:23:05 [info]: OS: 5.1 build 2600 (Service Pack 2)

03/11/06 13:23:05 [Note]: 7019 4

03/11/06 13:23:05 [Note]: 7005 0

03/11/06 13:23:13 [Note]: 7006 0

03/11/06 13:23:13 [Note]: 7011 1332

03/11/06 13:23:13 [Note]: 7024 3

03/11/06 13:23:13 [info]: Hidden process: C:\windows\system32\etucoxygl.exe

03/11/06 13:23:14 [Note]: FSRAW library version 1.7.1015

03/11/06 13:23:20 [info]: Hidden file: C:\WINDOWS\SYSTEM32\MSCLOC~1.DLL

03/11/06 13:23:20 [info]: Hidden file: C:\WINDOWS\SYSTEM32\ETUCOX~1.EXE

03/11/06 13:23:20 [info]: Hidden file: C:\WINDOWS\SYSTEM32\ETUCOX~1.DAT

03/11/06 13:23:21 [info]: Hidden file: C:\WINDOWS\SYSTEM32\ETUCOX~2.DAT

03/11/06 13:23:21 [info]: Hidden file: C:\WINDOWS\SYSTEM32\MSPLOC~1.DLL

03/11/06 13:23:21 [info]: Hidden file: C:\WINDOWS\SYSTEM32\ET72D7~1.DAT

03/11/06 13:24:12 [Note]: 7007 0

[JoseMelo]

- Execute o Killbox:

• Marque a opção Delete on Reboot. Copie a lista abaixo para área de transferência (selecione e clique em Editar > Copiar ou pressione Ctrl + C).
  

• • C:\windows\system32\etucoxygl.exe
    C:\WINDOWS\SYSTEM32\MSCLOC~1.DLL
    C:\WINDOWS\SYSTEM32\ETUCOX~1.EXE
    C:\WINDOWS\SYSTEM32\ETUCOX~1.DAT
    C:\WINDOWS\SYSTEM32\ETUCOX~2.DAT
    C:\WINDOWS\SYSTEM32\MSPLOC~1.DLL
    C:\WINDOWS\SYSTEM32\ET72D7~1.DAT

• Volte ao KillBox. Clique em File > Paste from clipboard. Clique no botão All Files.
  
• Clique no X e responda Não à pergunta.
  

- Reinicie e veja se o problema ainda ocorre.

[Paska]

Infelizmente, continua o problema. Obrigado

[JoseMelo]

Faça um novo scan com o F-Secure Blacklight e cole o log na sua resposta.

[Paska]

Aqui está

03/11/06 21:06:51 [info]: BlackLight Engine 1.0.33 initialized

03/11/06 21:06:51 [info]: OS: 5.1 build 2600 (Service Pack 2)

03/11/06 21:06:51 [Note]: 7019 4

03/11/06 21:06:51 [Note]: 7005 0

03/11/06 21:06:54 [Note]: 7006 0

03/11/06 21:06:54 [Note]: 7011 1496

03/11/06 21:06:55 [Note]: FSRAW library version 1.7.1015

03/11/06 21:07:45 [Note]: 7007 0

[JoseMelo]

- Os arquivos que estavam escondidos foram excluídos.

- Faça um scan no link abaixo, salve o resultado e poste aqui, juntamente com um log do HijackThis:

http://www.pandasoftware.com/activescan/

[Paska]

Olá, Josemelo. Pela 4ª vez, tentei executar o PandaActiveScan, mas meu anti-virus (Avast) detectou virus, e interrompeu a operação. (Malware - Win32:Ctx - Versão 0610-2 de 10/03/06.

Independente disso, veja o que está acontecendo. Notei que nesses dois últimos dias, o "Invasor" deixou de atuar. Não está mais aparecendo as PopUp invasoras. Porém, eu percebi que o meu anti-virus, quando indica que escaneou 16.000, dá uma travada. As vezes, a tela de descanso, (Marine Aquarium) também para. Dou um Ctrl+Alt+Delete e volta a funcionar. No mais não notei nada de diferente. Você acha que eu devo desinstalar o Avast e reinstala-lo?

Obrigado.

[JoseMelo]

- Para que você possa executar o scan online deverá permitir a instalação dos controles activeX. Alguns antivírus detectam os controles como malwares mas os arquivos são seguros.

- Os malwares que estavam atuando no seu PC atuavam como rootkits e talvez tenham comprometido o antivírus. Faça a desinstalação e uma nova instalação.