[Resolvido!] Found Registry

[carolpower 0]

Baixei o programa Bitcomet e agora meu Anispyware ta encontrando 9 "Found Registry".

 

desisntalei ele..

 

Ja até gerei o Log no Hijackthis..

 

 

Logfile of HijackThis v1.99.1

Scan saved at 20:47:14, on 13/2/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18372)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\LckFldService.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

C:\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Arovax AntiSpyware] C:\Arquivos de programas\Arovax AntiSpyware\arovaxantispyware.exe /s

O4 - HKCU\..\Run: [bitComet] C:\Arquivos de programas\BitComet\BitComet.exe /tray

O4 - Startup: Ferramenta de Verificação de Mídia do Picture Motion Browser.lnk = C:\Arquivos de programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International

O12 - Plugin for .pdf: C:\Arquivos de programas\Internet Explorer\PLUGINS\nppdf32.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1234525245812

O17 - HKLM\System\CCS\Services\Tcpip\..\{CA134B94-31A8-4ECC-A6D8-82586600BC37}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)

O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe

[DigRam 144]

Bom Dia! carolpower

 

<@> Faça um scan online em: < Kaspersky >

<@> Utilize para isso,o navegador Internet Explorer.

 

<!> Acesse o site,e clique em: < >

 

<@> Na próxima página,clique em: I Accept

<@> Isto,para que se instale o controle ActiveX e,em seguida,atualize o banco de dados.

<@> Na próxima página,clique em: My Computer e faça o scan.

<@> Tenha paciência!

<@> Aguarde a atualização da base de dados,e também do exame,que é demorado.

<@> Terminando,salve e poste o relatório.

<@> Clique em Save Report As... para salvar o log. ( Kaspersky_Online_Scanner_7_Report.txt )

<@> Salve o resultado como .txt,segundo a imagem abaixo:

 

 

<@> Poste,também,HijackThis atualizado.

 

Abraços!

[carolpower 0]

Olá!!!

.. cliquei em KASPERSKY ONLINE SCANNER e apareceu:

 

Attention: Kaspersky Online Scanner 7.0 may not run successfully while any other antivirus program is running. If you have another antivirus program installed, please turn it off before running Kaspersky Online Scanner 7.0.

 

pausei a proteção resisdente e msmo assim não deu certo.

[DigRam 144]

Olá!!!

.. cliquei em KASPERSKY ONLINE SCANNER e apareceu:

 

Attention: Kaspersky Online Scanner 7.0 may not run successfully while any other antivirus program is running. If you have another antivirus program installed, please turn it off before running Kaspersky Online Scanner 7.0.

 

pausei a proteção resisdente e msmo assim não deu certo.

-------------------------

Opa! carolpower

 

<!> Desabilite toda proteção residente,em seu PC. ( antispyware,firewall,etc... )

<!> Repita o procedimento,após todas as desabilitações.

 

Abraços!

[carolpower 0]

ainda continua.. :(

 

 

Attention: Kaspersky Online Scanner 7.0 may not run successfully while any other antivirus program is running. If you have another antivirus program installed, please turn it off before running Kaspersky Online Scanner 7.0.

 

 

Benefits:

 

 

Kaspersky Lab exceptional detection rates and thorough scan

Hourly database updates

Heuristic analysis to detect unknown malicious programs

One-click installation

 

 

 

Requirements and limitations:

 

In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command.

To begin using the program, you need to download and install the program files and the database of malware definitions. (The size of the program files depends on your operating system.) Later, Kaspersky Online Scanner 7.0 will check for the program and database updates every time you open or update the program window, and if available, it will download and install them automatically.

In Linux, Kaspersky Online Scanner 7.0 does not scan RAM, boot sectors and MBRs, so it cannot detect malicious programs located in these areas.

In Microsoft Windows Vista, if the language you use has a character set and fonts different from English, make sure that the language selected for your default system locale and the language to display dates, times, currency, and measurements (Current format) are the same as the language you use.

Kaspersky Online Scanner 7.0 only detects malicious programs that have already penetrated into your computer, so that you can delete them manually. It neither protects your computer against malicious code, nor prevents future infections. We recommend that you install a full-featured antivirus solution to protect your computer.

[DigRam 144]

Bom Dia! carolpower

 

<@> Baixe: < avz4en.zip > ou < avz_antiviral_toolkit >

<@> Salve-o em Arquivos de programas,e descompacte-o aí mesmo!

<@> Abra a pasta avz4 e execute o aplicativo,com um duplo-clique. <-- Ícone escudo e espada!

<@> Conecte-se à Internet,e atualize o Toolkit. --> "File" --> "Database Update".

<@> Terminando,não faça ainda nenhuma verificação.

<@> Na aba "Search range",marque todas as caixinhas.

<@> Em "File types",marque o botão "All files".

<@> Em "Actions",marque: "Perform healing"

<@> Nos campos,abaixo de "Perform healing",escolha "Report only",para todos os ítens.

<@> Abaixo de "RiskWare",marque a caixa "Copy suspicious files to Quarantine". <-- Somente esta caixa!

<@> No menu "Search parameters",maximize o ajuste "Heuristic analyses".

<@> Marque a caixa "Extended analysis". <-- Somente esta caixa!

<@> Por default,não desmarque as que estão assinaladas!

<@> Feche os programas que estejam abertos,e rode a ferramenta! <-- Clique em Start.

<@> Terminando o scan,clique no ícone "Save log",para dispormos do relatório. ( avz_log )

<@> Clique,também,no ícone dos "óculos".

<@> Clique em "Save as CSV".

<@> Salve,este relatório,no desktop! <-- Formato de texto. ( *.txt )

<@> Nomeie-o como: view_log

<@> Copie e poste: avz_log.txt + view_log.txt,na sua resposta.

 

Abraços!

[carolpower 0]

AVZ Antiviral Toolkit log; AVZ version is 4.30

Scanning started at 18/2/2009 23:11:42

Database loaded: signatures - 210609, NN profile(s) - 2, microprograms of healing - 56, signature database released 17.02.2009 21:43

Heuristic microprograms loaded: 372

SPV microprograms loaded: 9

Digital signatures of system files loaded: 96195

Heuristic analyzer mode: Maximum heuristics level

Healing mode: enabled

Windows version: 5.1.2600, Service Pack 2 ; AVZ is launched with administrator rights

System Restore: enabled

1. Searching for Rootkits and programs intercepting API functions

1.1 Searching for user-mode API hooks

Analysis: kernel32.dll, export table found in section .text

Analysis: ntdll.dll, export table found in section .text

Analysis: user32.dll, export table found in section .text

Analysis: advapi32.dll, export table found in section .text

Analysis: ws2_32.dll, export table found in section .text

Analysis: wininet.dll, export table found in section .text

Analysis: rasapi32.dll, export table found in section .text

Analysis: urlmon.dll, export table found in section .text

Analysis: netapi32.dll, export table found in section .text

1.2 Searching for kernel-mode API hooks

Driver loaded successfully

SDT found (RVA=082B80)

Kernel ntoskrnl.exe found in memory at address 804D7000

SDT = 80559B80

KiST = 804E2D20 (284)

Function NtClose (19) intercepted (805675D9->F66F36B8), hook C:\WINDOWS\System32\Drivers\aswSP.SYS, driver recognized as trusted

Function NtCreateKey (29) intercepted (8056F063->F66F3574), hook C:\WINDOWS\System32\Drivers\aswSP.SYS, driver recognized as trusted

Function NtDeleteValueKey (41) intercepted (80597430->F66F3A52), hook C:\WINDOWS\System32\Drivers\aswSP.SYS, driver recognized as trusted

Function NtDuplicateObject (44) intercepted (805743BE->F66F314C), hook C:\WINDOWS\System32\Drivers\aswSP.SYS, driver recognized as trusted

Function NtOpenKey (77) intercepted (805684D5->F66F364E), hook C:\WINDOWS\System32\Drivers\aswSP.SYS, driver recognized as trusted

Function NtOpenProcess (7A) intercepted (8057459E->F66F308C), hook C:\WINDOWS\System32\Drivers\aswSP.SYS, driver recognized as trusted

Function NtOpenThread (80) intercepted (80597C0A->F66F30F0), hook C:\WINDOWS\System32\Drivers\aswSP.SYS, driver recognized as trusted

Function NtQueryValueKey (B1) intercepted (8056B9A8->F66F376E), hook C:\WINDOWS\System32\Drivers\aswSP.SYS, driver recognized as trusted

Function NtRestoreKey (CC) intercepted (8064C3B0->F66F372E), hook C:\WINDOWS\System32\Drivers\aswSP.SYS, driver recognized as trusted

Function NtSetValueKey (F7) intercepted (80575527->F66F38AE), hook C:\WINDOWS\System32\Drivers\aswSP.SYS, driver recognized as trusted

Functions checked: 284, intercepted: 10, restored: 0

1.3 Checking IDT and SYSENTER

Analysis for CPU 1

Checking IDT and SYSENTER - complete

1.4 Searching for masking processes and drivers

Checking not performed: extended monitoring driver (AVZPM) is not installed

Driver loaded successfully

1.5 Checking of IRP handlers

Checking - complete

2. Scanning memory

Number of processes found: 33

Analyzer: process under analysis is 1584 C:\WINDOWS\system32\LckFldService.exe

[ES]:Application has no visible windows

[ES]:Located in system folder

Analyzer: process under analysis is 1636 C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

[ES]:Application has no visible windows

Number of modules loaded: 356

Scanning memory - complete

3. Scanning disks

C:\COMMAND.COM - PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

File quarantined succesfully (C:\COMMAND.COM)

Direct reading C:\WINDOWS\system32\config\AppEvent.Evt

Direct reading C:\WINDOWS\system32\config\SecEvent.Evt

Direct reading C:\WINDOWS\system32\config\SysEvent.Evt

Direct reading C:\WINDOWS\system32\config\Antivirus.Evt

Direct reading C:\WINDOWS\system32\config\DEFAULT

Direct reading C:\WINDOWS\system32\config\SECURITY

Direct reading C:\WINDOWS\system32\config\SOFTWARE

Direct reading C:\WINDOWS\system32\config\SYSTEM

Direct reading C:\WINDOWS\system32\config\SAM

Direct reading C:\WINDOWS\system32\config\Internet.evt

Direct reading C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA

Direct reading C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR

Direct reading C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP

Direct reading C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP

Direct reading C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb

Direct reading C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb

Direct reading C:\WINDOWS\system32\CatRoot2\edb.log

Direct reading C:\WINDOWS\system32\CatRoot2\tmp.edb

Direct reading C:\WINDOWS\Temp\Perflib_Perfdata_450.dat

Direct reading C:\WINDOWS\Temp\Perflib_Perfdata_614.dat

Direct reading C:\WINDOWS\Temp\Perflib_Perfdata_920.dat

Direct reading C:\WINDOWS\WindowsUpdate.log

Direct reading C:\WINDOWS\SchedLgU.Txt

Direct reading C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat

Direct reading C:\Documents and Settings\NetworkService\NTUSER.DAT

Direct reading C:\Documents and Settings\LocalService\Configurações locais\Histórico\History.IE5\index.dat

Direct reading C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\index.dat

Direct reading C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat

Direct reading C:\Documents and Settings\LocalService\Cookies\index.dat

Direct reading C:\Documents and Settings\LocalService\NTUSER.DAT

Direct reading C:\Documents and Settings\Carolina\NtUser.dat.LOG

Direct reading C:\Documents and Settings\Carolina\Configurações locais\Histórico\History.IE5\index.dat

Direct reading C:\Documents and Settings\Carolina\Configurações locais\Histórico\History.IE5\MSHist012009021820090219\index.dat

Direct reading C:\Documents and Settings\Carolina\Configurações locais\Temporary Internet Files\Content.IE5\index.dat

Direct reading C:\Documents and Settings\Carolina\Configurações locais\Temporary Internet Files\AntiPhishing\4069DF2E-0DD4-4F34-9DE6-67F136F30810.dat

Direct reading C:\Documents and Settings\Carolina\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat

Direct reading C:\Documents and Settings\Carolina\Configurações locais\Dados de aplicativos\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{A4F70244-FE28-11DD-881B-00016C3BB9B7}.dat

Direct reading C:\Documents and Settings\Carolina\Configurações locais\Dados de aplicativos\Microsoft\Internet Explorer\Recovery\Active\{A4F70245-FE28-11DD-881B-00016C3BB9B7}.dat

Direct reading C:\Documents and Settings\Carolina\Configurações locais\Dados de aplicativos\Microsoft\Internet Explorer\Recovery\Active\{9167D4A0-FE2C-11DD-881B-00016C3BB9B7}.dat

Direct reading C:\Documents and Settings\Carolina\Configurações locais\Dados de aplicativos\Microsoft\Internet Explorer\Recovery\Active\{86CD3DB2-FE2E-11DD-881B-00016C3BB9B7}.dat

Direct reading C:\Documents and Settings\Carolina\Configurações locais\Dados de aplicativos\Microsoft\Feeds Cache\index.dat

Direct reading C:\Documents and Settings\Carolina\Configurações locais\temp\~DFB37.tmp

Direct reading C:\Documents and Settings\Carolina\Configurações locais\temp\~DF115D.tmp

Direct reading C:\Documents and Settings\Carolina\Configurações locais\temp\~DFBDCA.tmp

Direct reading C:\Documents and Settings\Carolina\Configurações locais\temp\~DFAF13.tmp

Direct reading C:\Documents and Settings\Carolina\Cookies\index.dat

Direct reading C:\Documents and Settings\Carolina\IETldCache\index.dat

Direct reading C:\Documents and Settings\Carolina\PrivacIE\index.dat

Direct reading C:\Documents and Settings\Carolina\IECompatCache\index.dat

Direct reading C:\Documents and Settings\Carolina\ntuser.dat

Direct reading C:\Arquivos de programas\Alwil Software\Avast4\DATA\report\Proteção residente.txt

Direct reading C:\Arquivos de programas\Alwil Software\Avast4\DATA\log\selfdef.log

Direct reading C:\Arquivos de programas\Alwil Software\Avast4\DATA\Avast4.db

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe.BAK - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\Arquivos de programas\MSN Messenger\msnmsgr.exe.BAK)

C:\System Volume Information\_restore{6438CBCA-6F5A-4278-A2AA-95E9E33729BD}\RP4\A0001906.com - PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

File quarantined succesfully (C:\System Volume Information\_restore{6438CBCA-6F5A-4278-A2AA-95E9E33729BD}\RP4\A0001906.com)

Direct reading C:\System Volume Information\_restore{6438CBCA-6F5A-4278-A2AA-95E9E33729BD}\RP12\change.log

4. Checking Winsock Layered Service Provider (SPI/LSP)

LSP settings checked. No errors detected

5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)

6. Searching for opened TCP/UDP ports used by malicious programs

Checking disabled by user

7. Heuristic system check

Checking - complete

8. Searching for vulnerabilities

>> Services: potentially dangerous service allowed: RemoteRegistry (Registro remoto)

>> Services: potentially dangerous service allowed: TermService (Serviços de terminal)

>> Services: potentially dangerous service allowed: SSDPSRV (Serviço de descoberta SSDP)

>> Services: potentially dangerous service allowed: Alerter (Alerta)

>> Services: potentially dangerous service allowed: Schedule (Agendador de tarefas)

>> Services: potentially dangerous service allowed: mnmsrvc (Compartilhamento remoto da área de trabalho do NetMeeting

)

>> Services: potentially dangerous service allowed: RDSessMgr (Gerenciador de sessão de ajuda de área de trabalho remota)

> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!

>> Security: disk drives' autorun is enabled

>> Security: administrative shares (C$, D$ ...) are enabled

>> Security: anonymous user access is enabled

>> Security: terminal connections to the PC are allowed

>> Security: sending Remote Assistant queries is enabled

Checking - complete

9. Troubleshooting wizard

>> HDD autorun are allowed

>> Autorun from network drives are allowed

>> Removable media autorun are allowed

Checking - complete

Files scanned: 242586, extracted from archives: 170715, malicious software found 0, suspicions - 0

Scanning finished at 19/2/2009 00:04:59

Time of scanning: 00:53:19

If you have a suspicion on presence of viruses or questions on the suspected objects,

you can address http://virusinfo.info conference

[carolpower 0]

C:\WINDOWS\System32\Drivers\aswSP.SYS 4 Kernel-mode hook

C:\COMMAND.COM 3 PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe.BAK 3 PE file with non-standard extension(dangerousness level is 5%)

C:\System Volume Information\_restore{6438CBCA-6F5A-4278-A2AA-95E9E33729BD}\RP4\A0001906.com 3 PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

 

 

 

Pronto ! Boa noite!

[DigRam 144]

Bom Dia! carolpower

 

<@> Abra o avz4 e clique em AVZGuard --> Enable AVZGuard --> OK.

<@> Clique em "File" --> "Custom scripts".

<@> Cole,no campo,em "Runing scripts",estas informações sob o CODE:

 

beginSetAVZGuardStatus(True);SearchRootkit(true, true);QuarantineFile('C:\COMMAND.COM','');QuarantineFile('C:\Arquivos de programas\MSN Messenger\msnmsgr.exe.BAK','');QuarantineFile('C:\System Volume Information\_restore{6438CBCA-6F5A-4278-A2AA-95E9E33729BD\RP4\A0001906.com','');DeleteFile('C:\System Volume Information\_restore{6438CBCA-6F5A-4278-A2AA-95E9E33729BD}\RP4\A0001906.com');DeleteFile('C:\Arquivos de programas\MSN Messenger\msnmsgr.exe.BAK');DeleteFile('C:\COMMAND.COM');BC_ImportDeletedList;ClearHostsFile;ExecuteSysClean;BC_Activate;RebootWindows(true);end.

<@> Busque erros de scripts,clicando em "Check syntax" --> OK.

<@> Não havendo erros,clique em Run. <-- Aguarde!

<@> Para completar as remoções,o computador irá reiniciar.

<@> Volte ao menu AVZGuard,e clique em "Disable AVZGuard" --> OK.

<@> Faça um novo scan,com o avz4 e poste o relatório. ( avz_log.txt )

 

Abraços!

[carolpower 0]

Boa tarde!!

 

 

AVZ Antiviral Toolkit log; AVZ version is 4.30

Scanning started at 19/2/2009 12:57:16

Database loaded: signatures - 210609, NN profile(s) - 2, microprograms of healing - 56, signature database released 17.02.2009 21:43

Heuristic microprograms loaded: 372

SPV microprograms loaded: 9

Digital signatures of system files loaded: 96195

Heuristic analyzer mode: Maximum heuristics level

Healing mode: enabled

Windows version: 5.1.2600, Service Pack 2 ; AVZ is launched with administrator rights

System Restore: enabled

1. Searching for Rootkits and programs intercepting API functions

1.1 Searching for user-mode API hooks

Analysis: kernel32.dll, export table found in section .text

Analysis: ntdll.dll, export table found in section .text

Analysis: user32.dll, export table found in section .text

Analysis: advapi32.dll, export table found in section .text

Analysis: ws2_32.dll, export table found in section .text

Analysis: wininet.dll, export table found in section .text

Analysis: rasapi32.dll, export table found in section .text

Analysis: urlmon.dll, export table found in section .text

Analysis: netapi32.dll, export table found in section .text

1.2 Searching for kernel-mode API hooks

Driver loaded successfully

SDT found (RVA=082B80)

Kernel ntoskrnl.exe found in memory at address 804D7000

SDT = 80559B80

KiST = 804E2D20 (284)

Function NtClose (19) intercepted (805675D9->F66F36B8), hook C:\WINDOWS\System32\Drivers\aswSP.SYS, driver recognized as trusted

Function NtCreateKey (29) intercepted (8056F063->F66F3574), hook C:\WINDOWS\System32\Drivers\aswSP.SYS, driver recognized as trusted

Function NtDeleteValueKey (41) intercepted (80597430->F66F3A52), hook C:\WINDOWS\System32\Drivers\aswSP.SYS, driver recognized as trusted

Function NtDuplicateObject (44) intercepted (805743BE->F66F314C), hook C:\WINDOWS\System32\Drivers\aswSP.SYS, driver recognized as trusted

Function NtOpenKey (77) intercepted (805684D5->F66F364E), hook C:\WINDOWS\System32\Drivers\aswSP.SYS, driver recognized as trusted

Function NtOpenProcess (7A) intercepted (8057459E->F66F308C), hook C:\WINDOWS\System32\Drivers\aswSP.SYS, driver recognized as trusted

Function NtOpenThread (80) intercepted (80597C0A->F66F30F0), hook C:\WINDOWS\System32\Drivers\aswSP.SYS, driver recognized as trusted

Function NtQueryValueKey (B1) intercepted (8056B9A8->F66F376E), hook C:\WINDOWS\System32\Drivers\aswSP.SYS, driver recognized as trusted

Function NtRestoreKey (CC) intercepted (8064C3B0->F66F372E), hook C:\WINDOWS\System32\Drivers\aswSP.SYS, driver recognized as trusted

Function NtSetValueKey (F7) intercepted (80575527->F66F38AE), hook C:\WINDOWS\System32\Drivers\aswSP.SYS, driver recognized as trusted

Functions checked: 284, intercepted: 10, restored: 0

1.3 Checking IDT and SYSENTER

Analysis for CPU 1

Checking IDT and SYSENTER - complete

1.4 Searching for masking processes and drivers

Checking not performed: extended monitoring driver (AVZPM) is not installed

Driver loaded successfully

1.5 Checking of IRP handlers

Checking - complete

2. Scanning memory

Number of processes found: 33

Analyzer: process under analysis is 1824 C:\WINDOWS\system32\LckFldService.exe

[ES]:Application has no visible windows

[ES]:Located in system folder

Analyzer: process under analysis is 1904 C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

[ES]:Application has no visible windows

Number of modules loaded: 339

Scanning memory - complete

3. Scanning disks

Direct reading C:\WINDOWS\system32\config\AppEvent.Evt

Direct reading C:\WINDOWS\system32\config\SecEvent.Evt

Direct reading C:\WINDOWS\system32\config\SysEvent.Evt

Direct reading C:\WINDOWS\system32\config\Antivirus.Evt

Direct reading C:\WINDOWS\system32\config\DEFAULT

Direct reading C:\WINDOWS\system32\config\SECURITY

Direct reading C:\WINDOWS\system32\config\SOFTWARE

Direct reading C:\WINDOWS\system32\config\SYSTEM

Direct reading C:\WINDOWS\system32\config\SAM

Direct reading C:\WINDOWS\system32\config\Internet.evt

Direct reading C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA

Direct reading C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR

Direct reading C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP

Direct reading C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP

Direct reading C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb

Direct reading C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb

Direct reading C:\WINDOWS\system32\CatRoot2\edb.log

Direct reading C:\WINDOWS\system32\CatRoot2\tmp.edb

Direct reading C:\WINDOWS\Temp\Perflib_Perfdata_450.dat

Direct reading C:\WINDOWS\Temp\Perflib_Perfdata_700.dat

Direct reading C:\WINDOWS\Temp\Perflib_Perfdata_810.dat

Direct reading C:\WINDOWS\SchedLgU.Txt

Direct reading C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat

Direct reading C:\Documents and Settings\NetworkService\NTUSER.DAT

Direct reading C:\Documents and Settings\LocalService\Configurações locais\Histórico\History.IE5\index.dat

Direct reading C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\index.dat

Direct reading C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat

Direct reading C:\Documents and Settings\LocalService\Cookies\index.dat

Direct reading C:\Documents and Settings\LocalService\NTUSER.DAT

Direct reading C:\Documents and Settings\Carolina\Configurações locais\Histórico\History.IE5\index.dat

Direct reading C:\Documents and Settings\Carolina\Configurações locais\Histórico\History.IE5\MSHist012009021920090220\index.dat

Direct reading C:\Documents and Settings\Carolina\Configurações locais\Temporary Internet Files\Content.IE5\index.dat

Direct reading C:\Documents and Settings\Carolina\Configurações locais\Temporary Internet Files\AntiPhishing\4069DF2E-0DD4-4F34-9DE6-67F136F30810.dat

Direct reading C:\Documents and Settings\Carolina\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat

Direct reading C:\Documents and Settings\Carolina\Configurações locais\Dados de aplicativos\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{36946B82-FE9D-11DD-881E-00016C3BB9B7}.dat

Direct reading C:\Documents and Settings\Carolina\Configurações locais\Dados de aplicativos\Microsoft\Internet Explorer\Recovery\Active\{36946B83-FE9D-11DD-881E-00016C3BB9B7}.dat

Direct reading C:\Documents and Settings\Carolina\Configurações locais\Dados de aplicativos\Microsoft\Feeds Cache\index.dat

Direct reading C:\Documents and Settings\Carolina\Configurações locais\temp\~DF9654.tmp

Direct reading C:\Documents and Settings\Carolina\Configurações locais\temp\~DF9B59.tmp

Direct reading C:\Documents and Settings\Carolina\Cookies\index.dat

Direct reading C:\Documents and Settings\Carolina\IETldCache\index.dat

Direct reading C:\Documents and Settings\Carolina\PrivacIE\index.dat

Direct reading C:\Documents and Settings\Carolina\IECompatCache\index.dat

Direct reading C:\Documents and Settings\Carolina\ntuser.dat

Direct reading C:\Arquivos de programas\Alwil Software\Avast4\DATA\report\Proteção residente.txt

Direct reading C:\Arquivos de programas\Alwil Software\Avast4\DATA\log\selfdef.log

Direct reading C:\Arquivos de programas\Alwil Software\Avast4\DATA\Avast4.db

C:\System Volume Information\_restore{6438CBCA-6F5A-4278-A2AA-95E9E33729BD}\RP12\A0007083.COM - PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

File quarantined succesfully (C:\System Volume Information\_restore{6438CBCA-6F5A-4278-A2AA-95E9E33729BD}\RP12\A0007083.COM)

Direct reading C:\System Volume Information\_restore{6438CBCA-6F5A-4278-A2AA-95E9E33729BD}\RP12\change.log

4. Checking Winsock Layered Service Provider (SPI/LSP)

LSP settings checked. No errors detected

5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)

6. Searching for opened TCP/UDP ports used by malicious programs

Checking disabled by user

7. Heuristic system check

Checking - complete

8. Searching for vulnerabilities

>> Services: potentially dangerous service allowed: RemoteRegistry (Registro remoto)

>> Services: potentially dangerous service allowed: TermService (Serviços de terminal)

>> Services: potentially dangerous service allowed: SSDPSRV (Serviço de descoberta SSDP)

>> Services: potentially dangerous service allowed: Alerter (Alerta)

>> Services: potentially dangerous service allowed: Schedule (Agendador de tarefas)

>> Services: potentially dangerous service allowed: mnmsrvc (Compartilhamento remoto da área de trabalho do NetMeeting

)

>> Services: potentially dangerous service allowed: RDSessMgr (Gerenciador de sessão de ajuda de área de trabalho remota)

> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!

>> Security: disk drives' autorun is enabled

>> Security: administrative shares (C$, D$ ...) are enabled

>> Security: anonymous user access is enabled

>> Security: terminal connections to the PC are allowed

>> Security: sending Remote Assistant queries is enabled

Checking - complete

9. Troubleshooting wizard

>> HDD autorun are allowed

>> Autorun from network drives are allowed

>> Removable media autorun are allowed

Checking - complete

Files scanned: 238295, extracted from archives: 170639, malicious software found 0, suspicions - 0

Scanning finished at 19/2/2009 13:29:24

Time of scanning: 00:32:10

If you have a suspicion on presence of viruses or questions on the suspected objects,

you can address http://virusinfo.info conference

[carolpower 0]

C:\WINDOWS\System32\Drivers\aswSP.SYS 4 Kernel-mode hook

C:\System Volume Information\_restore{6438CBCA-6F5A-4278-A2AA-95E9E33729BD}\RP12\A0007083.COM 3 PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

[DigRam 144]

Boa Tarde! carolpower

 

<@> Baixe: < a-squared Free 4.0 >

 

<!> Link Opcional: < >

 

<@> Salve-o em Arquivos de programas.

<@> Abra o antimalware e clique em: Atualizar agora --> Aguarde!

<@> Terminando,clique em: "Scan PC"

<@> Escolha a opção: "Inteligente" --> Clique,à seguir,em "Analisar".

<@> Terminando,marque as caixinhas dos ítens encontrados e clique em "Enviar marcados à Quarentena".

<@> Salve o relatório desta verificação,e poste-o na sua resposta.

 

Abraços!

[carolpower 0]

a-squared Free - Versão 4.0

Última atualização 20/2/2009 10:32:44

 

Configurações da análise:

 

Objetos: Memória, Rastros, Cookies, C:\WINDOWS\, C:\Arquivos de programas

Análise de arquivos: Ligado

Heurística: Ligado

Análise de ADS: Ligado

 

Início da análise: 20/2/2009 10:33:31

 

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run --> RelevantKnowledge detectado: Trace.Registry.RelevantKnowledge!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\K++ --> ApplicationName detectado: Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\K++ --> DebugShowRealPL detectado: Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\K++ --> DisablePort1214Listen detectado: Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\K++ --> FindMoreSourcesTimeLimit detectado: Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\K++ --> IpRangesFileName detectado: Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\K++ --> KazaaStartPage detectado: Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\K++ --> MaxFileSources detectado: Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\K++ --> NetworkName detectado: Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\K++ --> No.files detectado: Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\K++ --> NoExtraButtons detectado: Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\K++ --> NoKppaddon detectado: Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\K++ --> NoSysTrayIcon detectado: Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\K++ --> PL1000 detectado: Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\K++ --> PurgeSearchesOnExit detectado: Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\K++ --> RemoveBadIPs detectado: Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\K++ --> ScanForNewFilesTimeMilliSecs detectado: Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\K++ --> SupernodeForce detectado: Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\K++ --> UseBanIpFeature detectado: Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\K++ --> UsersCantCutInLine detectado: Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions --> AddToMainMenu detectado: Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions --> AskExit detectado: Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions --> ChangeDownloadMenu detectado: Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions --> ChangeFileManagerMenu detectado: Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions --> ChangeSystemBtn detectado: Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions --> ChangeToolbarBehave detectado: Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions --> ChangeTrayMenu detectado: Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions --> DefaultFileManagerAction detectado: Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions --> ForceCreation detectado: Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions --> HideAdBanner detectado: Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions --> IniTab detectado: Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions --> ShowAccelSttInTray detectado: Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions --> StartKLInTray detectado: Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions --> StatusWndMode detectado: Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\Accelerator --> ClearDownloads detectado: Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\Accelerator --> ClearUploads detectado: Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\Accelerator --> CyclesDelay detectado: Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\Accelerator --> ItemDelay detectado: Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\Accelerator --> KeepDownloads detectado: Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\Accelerator --> MinSpeed detectado: Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\Accelerator --> NoSearchingConnecting detectado: Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\Accelerator --> NumDownloadsMax detectado: Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\Accelerator --> NumDownloadsMin detectado: Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\Accelerator --> SearchResume detectado: Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\Accelerator --> SkipBySpeed detectado: Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\Accelerator --> SkipPaused detectado: Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\Accelerator --> SkipQueued detectado: Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\Accelerator --> TimesInSearchState detectado: Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\LastState --> Accelerator detectado: Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\LastState --> AlwaysOnTop detectado: Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\LastState --> AutoSearchMore detectado: Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\LastState --> AutoSearchMoreNum detectado: Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\LastState --> AutoSearchMoreUnit detectado: Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\LastState --> ConfigDlg detectado: Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\LastState --> SearchOptShow detectado: Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\LastState --> StatusDlg detectado: Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\LastState --> StatusWnd detectado: Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\Tools --> Cmd1 detectado: Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\Tools --> Cmd10 detectado: Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\Tools --> Cmd2 detectado: Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\Tools --> Cmd3 detectado: Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\Tools --> Cmd4 detectado: Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\Tools --> Cmd5 detectado: Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\Tools --> Cmd6 detectado: Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\Tools --> Cmd7 detectado: Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\Tools --> Cmd8 detectado: Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\Tools --> Cmd9 detectado: Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\Tools --> Preview1 detectado: Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\Tools --> Title1 detectado: Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\Tools --> Title10 detectado: Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\Tools --> Title2 detectado: Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\Tools --> Title3 detectado: Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\Tools --> Title4 detectado: Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\Tools --> Title5 detectado: Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\Tools --> Title6 detectado: Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\Tools --> Title7 detectado: Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\Tools --> Title8 detectado: Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\Tools --> Title9 detectado: Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\Tools --> Workdir1 detectado: Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\Tools --> Workdir10 detectado: Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\Tools --> Workdir2 detectado: Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\Tools --> Workdir3 detectado: Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\Tools --> Workdir4 detectado: Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\Tools --> Workdir5 detectado: Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\Tools --> Workdir6 detectado: Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\Tools --> Workdir7 detectado: Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\Tools --> Workdir8 detectado: Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\Tools --> Workdir9 detectado: Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\K-Sig --> ConfirmDownloadsInClient detectado: Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\K-Sig --> SendDirectlyToClient detectado: Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\K-Sig --> SleepBeforePassing detectado: Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\K-Sig --> UseAlternateMethod detectado: Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\K-Sig --> WindowClass detectado: Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Kazaa Lite Resurrection --> Order detectado: Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Popup0 detectado: Trace.Registry.DiscoveryLive!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Popup1 detectado: Trace.Registry.DiscoveryLive!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Popup10 detectado: Trace.Registry.DiscoveryLive!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Popup2 detectado: Trace.Registry.DiscoveryLive!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Popup3 detectado: Trace.Registry.DiscoveryLive!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Popup4 detectado: Trace.Registry.DiscoveryLive!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Popup5 detectado: Trace.Registry.DiscoveryLive!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Popup6 detectado: Trace.Registry.DiscoveryLive!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Popup7 detectado: Trace.Registry.DiscoveryLive!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Popup8 detectado: Trace.Registry.DiscoveryLive!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Popup9 detectado: Trace.Registry.DiscoveryLive!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Setting(2) detectado: Trace.Registry.DiscoveryLive!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Setting(7) detectado: Trace.Registry.DiscoveryLive!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\Matt Holwood\MessengerDiscovery Live --> MDLCap detectado: Trace.Registry.DiscoveryLive!A2

C:\Documents and Settings\Usuario\Cookies\usuario@ig.com[1].txt detectado: Trace.TrackingCookie.ig.com!A2

C:\Documents and Settings\Usuario\Cookies\usuario@adtech[1].txt detectado: Trace.TrackingCookie.adtech!A2

C:\Documents and Settings\Usuario\Cookies\usuario@google.com[3].txt detectado: Trace.TrackingCookie.google.com!A2

C:\Documents and Settings\Usuario\Cookies\usuario@google.com[1].txt detectado: Trace.TrackingCookie.google.com!A2

C:\Documents and Settings\Usuario\Cookies\usuario@atdmt[2].txt detectado: Trace.TrackingCookie.atdmt!A2

C:\Documents and Settings\Usuario\Cookies\usuario@www.lopes.com[1].txt detectado: Trace.TrackingCookie.www.lop!A2

C:\Documents and Settings\Usuario\Cookies\usuario@lopes.com[2].txt detectado: Trace.TrackingCookie.lop!A2

C:\Documents and Settings\Carolina\Cookies\carolina@google.com[2].txt detectado: Trace.TrackingCookie.google.com!A2

C:\Documents and Settings\Carolina\Cookies\carolina@zedo[2].txt detectado: Trace.TrackingCookie.zedo!A2

C:\Documents and Settings\Carolina\Cookies\carolina@atdmt[2].txt detectado: Trace.TrackingCookie.atdmt!A2

C:\Documents and Settings\Carolina\Cookies\carolina@adserver.dialhost.com[2].txt detectado: Trace.TrackingCookie.adserv!A2

C:\Documents and Settings\Carolina\Cookies\carolina@adserver.dialhost.com[2].txt detectado: Trace.TrackingCookie.adserver!A2

 

Analisado

 

Arquivos: 40773

Objetos: 667801

Cookies: 192

Processos: 34

 

Encontrado

 

Arquivos: 0

Objetos: 108

Cookies: 12

Processos: 0

Chaves do registro: 0

 

Fim da análise: 20/2/2009 11:07:12

Duração da análise: 0:33:41

 

C:\Documents and Settings\Carolina\Cookies\carolina@adserver.dialhost.com[2].txt Em quarentena Trace.TrackingCookie.adserver!A2

C:\Documents and Settings\Carolina\Cookies\carolina@adserver.dialhost.com[2].txt Em quarentena Trace.TrackingCookie.adserv!A2

C:\Documents and Settings\Carolina\Cookies\carolina@zedo[2].txt Em quarentena Trace.TrackingCookie.zedo!A2

C:\Documents and Settings\Usuario\Cookies\usuario@lopes.com[2].txt Em quarentena Trace.TrackingCookie.lop!A2

C:\Documents and Settings\Usuario\Cookies\usuario@www.lopes.com[1].txt Em quarentena Trace.TrackingCookie.www.lop!A2

C:\Documents and Settings\Usuario\Cookies\usuario@atdmt[2].txt Em quarentena Trace.TrackingCookie.atdmt!A2

C:\Documents and Settings\Carolina\Cookies\carolina@atdmt[2].txt Em quarentena Trace.TrackingCookie.atdmt!A2

C:\Documents and Settings\Usuario\Cookies\usuario@google.com[3].txt Em quarentena Trace.TrackingCookie.google.com!A2

C:\Documents and Settings\Usuario\Cookies\usuario@google.com[1].txt Em quarentena Trace.TrackingCookie.google.com!A2

C:\Documents and Settings\Carolina\Cookies\carolina@google.com[2].txt Em quarentena Trace.TrackingCookie.google.com!A2

C:\Documents and Settings\Usuario\Cookies\usuario@adtech[1].txt Em quarentena Trace.TrackingCookie.adtech!A2

C:\Documents and Settings\Usuario\Cookies\usuario@ig.com[1].txt Em quarentena Trace.TrackingCookie.ig.com!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Popup0 Em quarentena Trace.Registry.DiscoveryLive!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Popup1 Em quarentena Trace.Registry.DiscoveryLive!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Popup10 Em quarentena Trace.Registry.DiscoveryLive!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Popup2 Em quarentena Trace.Registry.DiscoveryLive!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Popup3 Em quarentena Trace.Registry.DiscoveryLive!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Popup4 Em quarentena Trace.Registry.DiscoveryLive!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Popup5 Em quarentena Trace.Registry.DiscoveryLive!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Popup6 Em quarentena Trace.Registry.DiscoveryLive!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Popup7 Em quarentena Trace.Registry.DiscoveryLive!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Popup8 Em quarentena Trace.Registry.DiscoveryLive!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Popup9 Em quarentena Trace.Registry.DiscoveryLive!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Setting(2) Em quarentena Trace.Registry.DiscoveryLive!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\Matt Holwood\MessengerDiscovery Live\Settings --> Setting(7) Em quarentena Trace.Registry.DiscoveryLive!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\Matt Holwood\MessengerDiscovery Live --> MDLCap Em quarentena Trace.Registry.DiscoveryLive!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\K++ --> ApplicationName Em quarentena Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\K++ --> DebugShowRealPL Em quarentena Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\K++ --> DisablePort1214Listen Em quarentena Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\K++ --> FindMoreSourcesTimeLimit Em quarentena Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\K++ --> IpRangesFileName Em quarentena Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\K++ --> KazaaStartPage Em quarentena Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\K++ --> MaxFileSources Em quarentena Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\K++ --> NetworkName Em quarentena Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\K++ --> No.files Em quarentena Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\K++ --> NoExtraButtons Em quarentena Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\K++ --> NoKppaddon Em quarentena Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\K++ --> NoSysTrayIcon Em quarentena Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\K++ --> PL1000 Em quarentena Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\K++ --> PurgeSearchesOnExit Em quarentena Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\K++ --> RemoveBadIPs Em quarentena Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\K++ --> ScanForNewFilesTimeMilliSecs Em quarentena Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\K++ --> SupernodeForce Em quarentena Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\K++ --> UseBanIpFeature Em quarentena Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\K++ --> UsersCantCutInLine Em quarentena Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions --> AddToMainMenu Em quarentena Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions --> AskExit Em quarentena Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions --> ChangeDownloadMenu Em quarentena Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions --> ChangeFileManagerMenu Em quarentena Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions --> ChangeSystemBtn Em quarentena Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions --> ChangeToolbarBehave Em quarentena Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions --> ChangeTrayMenu Em quarentena Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions --> DefaultFileManagerAction Em quarentena Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions --> ForceCreation Em quarentena Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions --> HideAdBanner Em quarentena Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions --> IniTab Em quarentena Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions --> ShowAccelSttInTray Em quarentena Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions --> StartKLInTray Em quarentena Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions --> StatusWndMode Em quarentena Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\Accelerator --> ClearDownloads Em quarentena Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\Accelerator --> ClearUploads Em quarentena Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\Accelerator --> CyclesDelay Em quarentena Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\Accelerator --> ItemDelay Em quarentena Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\Accelerator --> KeepDownloads Em quarentena Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\Accelerator --> MinSpeed Em quarentena Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\Accelerator --> NoSearchingConnecting Em quarentena Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\Accelerator --> NumDownloadsMax Em quarentena Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\Accelerator --> NumDownloadsMin Em quarentena Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\Accelerator --> SearchResume Em quarentena Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\Accelerator --> SkipBySpeed Em quarentena Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\Accelerator --> SkipPaused Em quarentena Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\Accelerator --> SkipQueued Em quarentena Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\Accelerator --> TimesInSearchState Em quarentena Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\LastState --> Accelerator Em quarentena Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\LastState --> AlwaysOnTop Em quarentena Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\LastState --> AutoSearchMore Em quarentena Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\LastState --> AutoSearchMoreNum Em quarentena Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\LastState --> AutoSearchMoreUnit Em quarentena Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\LastState --> ConfigDlg Em quarentena Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\LastState --> SearchOptShow Em quarentena Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\LastState --> StatusDlg Em quarentena Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\LastState --> StatusWnd Em quarentena Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\Tools --> Cmd1 Em quarentena Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\Tools --> Cmd10 Em quarentena Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\Tools --> Cmd2 Em quarentena Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\Tools --> Cmd3 Em quarentena Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\Tools --> Cmd4 Em quarentena Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\Tools --> Cmd5 Em quarentena Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\Tools --> Cmd6 Em quarentena Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\Tools --> Cmd7 Em quarentena Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\Tools --> Cmd8 Em quarentena Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\Tools --> Cmd9 Em quarentena Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\Tools --> Preview1 Em quarentena Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\Tools --> Title1 Em quarentena Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\Tools --> Title10 Em quarentena Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\Tools --> Title2 Em quarentena Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\Tools --> Title3 Em quarentena Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\Tools --> Title4 Em quarentena Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\Tools --> Title5 Em quarentena Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\Tools --> Title6 Em quarentena Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\Tools --> Title7 Em quarentena Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\Tools --> Title8 Em quarentena Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\Tools --> Title9 Em quarentena Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\Tools --> Workdir1 Em quarentena Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\Tools --> Workdir10 Em quarentena Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\Tools --> Workdir2 Em quarentena Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\Tools --> Workdir3 Em quarentena Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\Tools --> Workdir4 Em quarentena Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\Tools --> Workdir5 Em quarentena Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\Tools --> Workdir6 Em quarentena Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\Tools --> Workdir7 Em quarentena Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\Tools --> Workdir8 Em quarentena Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\KLExtensions\Tools --> Workdir9 Em quarentena Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\K-Sig --> ConfirmDownloadsInClient Em quarentena Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\K-Sig --> SendDirectlyToClient Em quarentena Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\K-Sig --> SleepBeforePassing Em quarentena Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\K-Sig --> UseAlternateMethod Em quarentena Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\K-Sig --> WindowClass Em quarentena Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Kazaa Lite Resurrection --> Order Em quarentena Trace.Registry.Kazaa Lite Resurrection!A2

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run --> RelevantKnowledge Em quarentena Trace.Registry.RelevantKnowledge!A2

 

Em quarentena

 

Arquivos: 0

Objetos: 108

Cookies: 12

[carolpower 0]

Bom dia !

scaniei o pc usando meu AntiSpyware e agora foram detectados 10 "Found Registry" (não mais 9).

=/

 

abraços

[DigRam 144]

Bom dia !

scaniei o pc usando meu AntiSpyware e agora foram detectados 10 "Found Registry" (não mais 9).

=/

 

abraços

<><><><><><><><>

Opa! carolpower

 

<@> Abra o AVZ Antiviral Toolkit.

<@> Clique no menu "Service" --> "Registry Search"

<@> Cole em Pattern,o valor: BitComet

<@> Em "Search parameters",marque todas as caixinhas.

<@> Clique em "Start" --> Aguarde a finalização da busca.

<@> Terminando,clique em "Keys found" --> "Create REG file with selected keys"

<@> Salve-o no Desktop! <-- ( Export.reg ) <-- backup!

<@> Salve,também,o relatório e poste-o na sua resposta. ( Export.txt )

<@> Ainda em "Keys found",marque todas as caixinhas e clique em "Delete selected keys".

<><><><><><><><>

<@> Vá em Iniciar --> Executar --> Digite: cmd.exe --> Clique Ok.

 

<@> No prompt,digite:

 

dir /s /a "c:\*BitComet*.*" > c:\find.txt && notepad c:\find.txt

 

<@> Ps: Cuidado ao digitar,procure respeitar os espaçamentos ou aspas.

<@> Se o BitComet foi instalado em outra unidade,substitua c:\ por x:\,na linha de comando.

<@> Aperte Enter.

<@> Aguarde o término do scan,aonde surgirão informações em um Bloco de Notas.

<@> Copie para este tópico,o seu conteúdo.

 

Abraços!

[carolpower 0]

Bom diaaaaaaaaa!

 

 

Registry Data Searching Module, Zaitsev Oleg, 2004., http://z-oleg.com/secur

Searching for keys containing "bitcomet"

-- Searching in HKEY_LOCAL_MACHINE --

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bc!\ = BitCometUnfinishedFile

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bc\DefaultIcon\ = "C:\Arquivos de programas\BitComet\BitComet.exe",1

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bc\shell\open\command\ = "C:\Arquivos de programas\BitComet\BitComet.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bc\shell\open\ddeexec\Application\ = BitComet

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bc\ = URL: BitComet Transfer Protocol

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bctp\DefaultIcon\ = "C:\Arquivos de programas\BitComet\BitComet.exe",1

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bctp\shell\open\command\ = "C:\Arquivos de programas\BitComet\BitComet.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bctp\shell\open\ddeexec\Application\ = BitComet

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bctp\ = URL: BitComet Transfer Protocol

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BitCometUnfinishedFile\ =

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BitCometUnfinishedFile\shell\ =

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BitCometUnfinishedFile\shell\open\ =

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BitCometUnfinishedFile\shell\open\command\ =

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BitCometUnfinishedFile\shell\open\command\ = "C:\Arquivos de programas\BitComet\BitComet.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BitCometUnfinishedFile\shell\open\ddeexec\ =

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BitCometUnfinishedFile\shell\open\ddeexec\Application\ =

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BitCometUnfinishedFile\shell\open\ddeexec\Application\ = BitComet

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BitCometUnfinishedFile\shell\open\ddeexec\Topic\ =

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BitCometUnfinishedFile\ = Arquivo Temporário do BitComet

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bittorrent\DefaultIcon\ = "C:\Arquivos de programas\BitComet\BitComet.exe",1

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bittorrent\shell\open\command\ = "C:\Arquivos de programas\BitComet\BitComet.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bittorrent\ = BitComet File

-- Searching in HKEY_CURRENT_USER --

HKEY_CURRENT_USER\Software\BitComet\ =

HKEY_CURRENT_USER\Software\BitComet\BitComet\ =

HKEY_CURRENT_USER\Software\BitComet\BitComet\IEMenuExt\ =

HKEY_CURRENT_USER\Software\BitComet\BitComet\IEMenuExt\ID_EXTMENU1\ =

HKEY_CURRENT_USER\Software\BitComet\BitComet\IEMenuExt\ID_EXTMENU1\ID_DOWNLOAD_FLASH\ =

HKEY_CURRENT_USER\Software\BitComet\BitComet\IEMenuExt\ID_EXTMENU1\ID_DOWNLOAD_PICTURE\ =

HKEY_CURRENT_USER\Software\BitComet\BitComet\IEMenuExt\ID_EXTMENU1\ID_DOWNLOAD_PICTURE_LINK\ =

HKEY_CURRENT_USER\Software\BitComet\BitComet\IEMenuExt\ID_EXTMENU1\ID_DOWNLOAD_VIDEO\ =

HKEY_CURRENT_USER\Software\BitComet\BitComet\IEMenuExt\ID_EXTMENU1\Display = &D&ownload específico usando o BitComet

HKEY_CURRENT_USER\Software\BitComet\ = C:\Arquivos de programas\BitComet

HKEY_CURRENT_USER\Software\BitComet\DesktopShortcut = BitComet

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\BitComet =

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\BitComet = C:\Arquivos de programas\BitComet\BitComet.exe /tray

-- Searching in HKEY_CLASSES_ROOT --

HKEY_CLASSES_ROOT\.bc!\ = BitCometUnfinishedFile

HKEY_CLASSES_ROOT\bc\DefaultIcon\ = "C:\Arquivos de programas\BitComet\BitComet.exe",1

HKEY_CLASSES_ROOT\bc\shell\open\command\ = "C:\Arquivos de programas\BitComet\BitComet.exe"

HKEY_CLASSES_ROOT\bc\shell\open\ddeexec\Application\ = BitComet

HKEY_CLASSES_ROOT\bc\ = URL: BitComet Transfer Protocol

HKEY_CLASSES_ROOT\bctp\DefaultIcon\ = "C:\Arquivos de programas\BitComet\BitComet.exe",1

HKEY_CLASSES_ROOT\bctp\shell\open\command\ = "C:\Arquivos de programas\BitComet\BitComet.exe"

HKEY_CLASSES_ROOT\bctp\shell\open\ddeexec\Application\ = BitComet

HKEY_CLASSES_ROOT\bctp\ = URL: BitComet Transfer Protocol

HKEY_CLASSES_ROOT\BitCometUnfinishedFile\ =

HKEY_CLASSES_ROOT\BitCometUnfinishedFile\shell\ =

HKEY_CLASSES_ROOT\BitCometUnfinishedFile\shell\open\ =

HKEY_CLASSES_ROOT\BitCometUnfinishedFile\shell\open\command\ =

HKEY_CLASSES_ROOT\BitCometUnfinishedFile\shell\open\command\ = "C:\Arquivos de programas\BitComet\BitComet.exe"

HKEY_CLASSES_ROOT\BitCometUnfinishedFile\shell\open\ddeexec\ =

HKEY_CLASSES_ROOT\BitCometUnfinishedFile\shell\open\ddeexec\Application\ =

HKEY_CLASSES_ROOT\BitCometUnfinishedFile\shell\open\ddeexec\Application\ = BitComet

HKEY_CLASSES_ROOT\BitCometUnfinishedFile\shell\open\ddeexec\Topic\ =

HKEY_CLASSES_ROOT\BitCometUnfinishedFile\ = Arquivo Temporário do BitComet

HKEY_CLASSES_ROOT\bittorrent\DefaultIcon\ = "C:\Arquivos de programas\BitComet\BitComet.exe",1

HKEY_CLASSES_ROOT\bittorrent\shell\open\command\ = "C:\Arquivos de programas\BitComet\BitComet.exe"

HKEY_CLASSES_ROOT\bittorrent\ = BitComet File

-- Searching in HKEY_USERS --

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Arquivos de programas\BitComet\BitComet.exe =

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Arquivos de programas\BitComet\BitComet.exe = BitComet - a BitTorrent Client

HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1006\Software\BitComet\ =

HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1006\Software\BitComet\BitComet\ =

HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1006\Software\BitComet\BitComet\IEMenuExt\ =

HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1006\Software\BitComet\BitComet\IEMenuExt\ID_EXTMENU1\ =

HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1006\Software\BitComet\BitComet\IEMenuExt\ID_EXTMENU1\ID_DOWNLOAD_FLASH\ =

HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1006\Software\BitComet\BitComet\IEMenuExt\ID_EXTMENU1\ID_DOWNLOAD_PICTURE\ =

HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1006\Software\BitComet\BitComet\IEMenuExt\ID_EXTMENU1\ID_DOWNLOAD_PICTURE_LINK\ =

HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1006\Software\BitComet\BitComet\IEMenuExt\ID_EXTMENU1\ID_DOWNLOAD_VIDEO\ =

HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1006\Software\BitComet\BitComet\IEMenuExt\ID_EXTMENU1\Display = &D&ownload específico usando o BitComet

HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1006\Software\BitComet\ = C:\Arquivos de programas\BitComet

HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1006\Software\BitComet\DesktopShortcut = BitComet

HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Run\BitComet =

HKEY_USERS\S-1-5-21-1993962763-329068152-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Run\BitComet = C:\Arquivos de programas\BitComet\BitComet.exe /tray

HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Arquivos de programas\BitComet\BitComet.exe =

HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Arquivos de programas\BitComet\BitComet.exe = BitComet - a BitTorrent Client

-- Searching complete --

Keys viewed: 174569

[carolpower 0]

O que eu faço com Export.reg??

 

 

e executei o promp mas no bloco de notas não deu nada.

[DigRam 144]

O que eu faço com Export.reg??

 

 

e executei o promp mas no bloco de notas não deu nada.

<><><><><><><><>

Opa! carolpower

 

<!> Era isso mesmo que estava aguardando,pois o segundo procedimento,era apenas para confirmar a limpeza do avz ao registro. ( "Delete selected keys" )

<!> Quanto ao Export.reg,deixe guardado aí mesmo,no desktop,pois trata-se de um arquivo de backups.

<!> Posteriormente,estando tudo ok,pode deletá-lo.

<!> Como está o computador? O antispyware,ainda,acusa o Found Registry?

 

Abraços!

[carolpower 0]

Boa noite

então.. ainda continua os 9 "found registry" :(

 

 

bom, agora so vou acessar a internet na quarta feira.

 

 

espero que aja um jeito de remover isso...se ainda puderem me ajudar.

 

obrigada!

e bom feriado.

 

:]

[DigRam 144]

Bom Dia! carolpower

 

<@> Baixe: < > ( ...by sUBs )

<@> Salve-o no desktop!

<@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

<@> Feche todas as janelas e execute a ferramenta!

<@> Na solicitação: "Negação de garantia de software" --> Clique em Sim!

<@> Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!

 

<!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.

<!> Salve-a no desktop,renomeada como: Kombo.exe

<!> Ps: Nomeie durante o salvamento,e não após salvá-la!

<!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em Modo de Segurança. <-- Link!

<!> Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

<!> Ps: Evite executar,voluntariamente,esta ferramenta!Siga,àcima,todas as recomendações propostas.

<@> Abrir-se-á a janela Auto Scan. --> Aguarde!

<@> Àfim de completar as remoções,o ComboFix poderá reiniciar o computador.

<@> Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!

<@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

<@> Para parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter!

<><><><><><><><><><><><>

<@> Terminando,poste os relatórios: C:\ComboFix\ComboFix.txt + HijackThis,atualizado.

 

Abraços!