1. Este site usa cookies. Ao continuar a usar este site está a concordar com o nosso uso de cookies. Saber Mais.

Virtumonde

Discussão em 'Dúvidas e Suporte—Internet, Redes, Segurança' iniciada por Swat, 3 de Março de 2007. (Respostas: 13; Visualizações: 7019)

  1. Swat

    Swat I Folded Myself

    Pois é, apanhei um virus chamado virtumonde. >(
    Parece que se multiplica porque eu apago os dll's todos, mas voltam a aparecer outros com nomes diferentes.

    Ja tentei remover com o vundofix, com o ad-aware, com o AVG, com outras aplicações e não me consigo livrar disto.

    fica aqui o log do hijackthis:

    Logfile of HijackThis v1.99.1
    Scan saved at 20:44:58, on 03-03-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE
    C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
    C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe
    C:\Program Files\Creative\SBAudigy4\Entertainment Center\RcMan.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\System32\svchost.exe
    c:\program files\winamp\winamp.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Program Files\HijackThis\HijackThis.exe

    O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
    O1 - Hosts: 127.255.255.255 www.alcohol-soft.com
    O1 - Hosts: 127.255.255.255 images.alcohol-soft.com
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {28CE16CE-3C03-44A7-85A1-89B2B8FF5AD4} - C:\WINDOWS\system32\jkkjj.dll (file missing)
    O2 - BHO: (no name) - {C47A9554-195A-4769-9B13-04F15B450A39} - C:\WINDOWS\system32\mljjkjh.dll (file missing)
    O2 - BHO: (no name) - {D38439EC-4A7F-42b4-90C2-D810D7778FDD} - C:\WINDOWS\system32\dvhnttfj.dll (file missing)
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE"
    O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Outpost Firewall] C:\Program Files\Agnitum\Outpost Firewall\outpost.exe /waitservice
    O4 - HKLM\..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup
    O4 - HKCU\..\Run: [RemoteCenter] "C:\Program Files\Creative\SBAudigy4\Entertainment Center\RcMan.exe"
    O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Logitech SetPoint.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
    O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Program Files\Agnitum\Outpost Firewall\outpost.exe

    ----END----


    espero que me possam ajudar ;)
     
  2. WindWalker

    WindWalker Power Member

  3. luikki

    luikki Power Member

  4. Swat

    Swat I Folded Myself

    Obrigado pelas ajudas :) acho que ja consegui livrar-me deste bixo insuportável :D

    Vi um log mesmo parecido ao meu e segui as recomendações... apaguei os registos manualmente e utilizei o VundoFix para remove-los e depois em modo de segurança, usei o VirtumundoBeGone ;)
     
  5. eduardoneco

    eduardoneco Power Member

    Boas a todos.... Então é assim, não consigo tirar este dll (geeba.dll)....

    Já fiz o que diz aqui no topico e quando faço para limpar os dll´s que apanha (vundofix) o pc vai abaixo e aparece no ecran fundo azul que o pc encontrou um problema e vai ser encerrado para não danificar o computador....

    Mas penso que se formatar o pc (Windows XP) isto desaparece certo???? Já andava a pensar em formatar o pc há algum tempo....

    Mas acontece outro problema.... Na linha de comandos do DOS não dá.... Faço format c: e ele diz que o format não pode ser executado porque o volume está a ser utilizado por outro processo, só pode ser executado se o volume for desmontado primeiro....

    Precisava de ajuda para formatar o disco, mas só a unidade c: porque nas unidades D: e E: estão coisas que preciso.....

    Nota: tenho 2 Windows instalados o inglês e o português....
     
  6. eduardoneco

    eduardoneco Power Member

    alguma ajudinha????
     
  7. Pessoal, ja estou a desesperar :( todos os programas dizem que nao encontrarm o adware!
    mas o node32, esta sempre com um balao a dizer que ele esta a atacar! 1000 vezes por 10m!! >(

    Aqui fica o log...

    Agradecia uma ajuda :(

    Deckard's System Scanner v20071014.68
    Extra logfile - please post this as an attachment with your post.
    --------------------------------------------------------------------------------

    -- System Information ----------------------------------------------------------

    Microsoft Windows XP Professional (build 2600) SP 2.0
    Architecture: X86; Language: Portuguese

    CPU 0: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
    CPU 1: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
    CPU 2: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
    CPU 3: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
    Percentage of Memory in Use: 22%
    Physical Memory (total/avail): 3071.04 MiB / 2381.24 MiB
    Pagefile Memory (total/avail): 4956.43 MiB / 4449.88 MiB
    Virtual Memory (total/avail): 2047.88 MiB / 1930.97 MiB

    A: is Removable (No Media)
    C: is Fixed (NTFS) - 465.75 GiB total, 364.01 GiB free.
    D: is CDROM (No Media)
    E: is CDROM (No Media)
    F: is Removable (No Media)
    G: is Removable (No Media)
    H: is Removable (No Media)
    I: is Removable (No Media)
    J: is CDROM (No Media)

    \\.\PHYSICALDRIVE0 - WDC WD5000AAKS-00YGA0 - 465.76 GiB - 1 partition
    \PARTITION0 (bootable) - Sistema de ficheiros instalável - 465.75 GiB - C:

    \\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

    \\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

    \\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

    \\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device



    -- Security Center -------------------------------------------------------------

    AUOptions is scheduled to auto-install.
    Windows Internal Firewall is enabled.

    FirstRunDisabled is set.
    AntivirusOverride is set.

    AV: AVG 7.5.486 v7.5.486 (GRISOFT) Outdated
    AV: ESET NOD32 Antivirus 3.0 v3.0 (ESET, spol. s r. o.) Disabled

    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Programas\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Programas\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Programas\\Windows Live\\Messenger\\livecall.exe"="C:\\Programas\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Programas\\Grisoft\\AVG7\\avginet.exe"="C:\\Programas\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
    "C:\\Programas\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Programas\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
    "C:\\Programas\\Grisoft\\AVG7\\avgcc.exe"="C:\\Programas\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
    "C:\\Programas\\Grisoft\\AVG7\\avgemc.exe"="C:\\Programas\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
    "C:\\Programas\\Bonjour\\mDNSResponder.exe"="C:\\Programas\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
    "C:\\Programas\\Avant Browser\\avant.exe"="C:\\Programas\\Avant Browser\\avant.exe:*:Enabled:Avant Browser"
    "C:\\Programas\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Programas\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Programas\\Windows Live\\Messenger\\livecall.exe"="C:\\Programas\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "C:\\Programas\\BTuga Revolution\\btuga.exe"="C:\\Programas\\BTuga Revolution\\btuga.exe:*:Enabled:btuga"
    "C:\\Programas\\Azureus\\Azureus.exe"="C:\\Programas\\Azureus\\Azureus.exe:*:Enabled:Azureus"
    "C:\\Programas\\LimeWire\\LimeWire.exe"="C:\\Programas\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
    "C:\\Programas\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"="C:\\Programas\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008"
    "C:\\Programas\\uTorrent\\uTorrent.exe"="C:\\Programas\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
    "C:\\Programas\\Mozilla Firefox\\firefox.exe"="C:\\Programas\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
    "C:\\Programas\\Real\\RealPlayer\\realplay.exe"="C:\\Programas\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
    "C:\\Programas\\DreMule\\emule.exe"="C:\\Programas\\DreMule\\emule.exe:*:Enabled:Dreamule"
    "C:\\Programas\\Resolume 2.41\\resolume.exe"="C:\\Programas\\Resolume 2.41\\resolume.exe:*:Enabled:Resolume 2.41"
    "C:\\Programas\\Vodafone\\Vodafone web phone\\DesktopPhone.exe"="C:\\Programas\\Vodafone\\Vodafone web phone\\DesktopPhone.exe:*:Enabled:DesktopPhone"


    -- Environment Variables -------------------------------------------------------

    ALLUSERSPROFILE=C:\Documents and Settings\All Users
    APPDATA=C:\Documents and Settings\0\Application Data
    CLASSPATH=.;C:\Programas\Java\jre1.6.0_02\lib\ext\QTJava.zip
    CLIENTNAME=Console
    CommonProgramFiles=C:\Programas\Ficheiros comuns
    COMPUTERNAME=0-DC9E3299BCD14
    ComSpec=C:\WINDOWS\system32\cmd.exe
    FP_NO_HOST_CHECK=NO
    HOMEDRIVE=C:
    HOMEPATH=\Documents and Settings\0
    LOGONSERVER=\\0-DC9E3299BCD14
    NUMBER_OF_PROCESSORS=4
    OS=Windows_NT
    Path=C:\Programas\PC Connectivity Solution\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Programas\QuickTime\QTSystem\
    PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    PROCESSOR_ARCHITECTURE=x86
    PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 11, GenuineIntel
    PROCESSOR_LEVEL=6
    PROCESSOR_REVISION=0f0b
    ProgramFiles=C:\Programas
    PROMPT=$P$G
    QTJAVA=C:\Programas\Java\jre1.6.0_02\lib\ext\QTJava.zip
    SESSIONNAME=Console
    SystemDrive=C:
    SystemRoot=C:\WINDOWS
    TEMP=C:\DOCUME~1\0\DEFINI~1\Temp
    TMP=C:\DOCUME~1\0\DEFINI~1\Temp
    USERDOMAIN=0-DC9E3299BCD14
    USERNAME=0
    USERPROFILE=C:\Documents and Settings\0
    windir=C:\WINDOWS


    -- User Profiles ---------------------------------------------------------------

    0 (admin)


    -- Add/Remove Programs ---------------------------------------------------------

    --> "C:\Programas\InstallShield Installation Information\{F37167DD-4436-4641-90B6-329D60632DDA}\Setup.exe" REMOVEALL --u:{F37167DD-4436-4641-90B6-329D60632DDA}
    --> C:\Programas\Ficheiros comuns\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    --> C:\Programas\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
    --> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
    --> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
    --> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
    --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
    --> C:\WINDOWS\UNRecode.exe /UNINSTALL
    --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    Actualização de segurança para Windows XP (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB921503) --> "C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
    Actualização de Segurança para Windows XP (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB933729) --> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB936021) --> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB937894) --> "C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB938127) --> "C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB938829) --> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB939653) --> "C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB941202) --> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB941568) --> "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
    Actualização de Segurança para Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB941644) --> "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB941693) --> "C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB942615) --> "C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB943055) --> "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB943460) --> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB943485) --> "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB944338) --> "C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB944533) --> "C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB944653) --> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB945553) --> "C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB946026) --> "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB947864) --> "C:\WINDOWS\$NtUninstallKB947864$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB948590) --> "C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB948881) --> "C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
    Actualização para Windows XP (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
    Actualização para Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
    Actualização para Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
    Actualização para Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
    Actualização para Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
    Actualização para Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
    Actualização para Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
    Actualização para Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
    Actualização para Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
    Actualização para Windows XP (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
    Actualização para Windows XP (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
    Actualização para Windows XP (KB933360) --> "C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
    Actualização para Windows XP (KB936357) --> "C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
    Actualização para Windows XP (KB938828) --> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
    Actualização para Windows XP (KB942763) --> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
    Actualização para Windows XP (KB942840) --> "C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
    Actualização para Windows XP (KB946627) --> "C:\WINDOWS\$NtUninstallKB946627$\spuninst\spuninst.exe"
    Add or Remove Adobe Creative Suite 3 Design Premium --> C:\Programas\Ficheiros comuns\Adobe\Installers\c14ac4070fd9614ffe63f4bb533db2c\Setup.exe
    Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
    Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
    Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
    Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
    Adobe BridgeTalk Plugin CS3 --> MsiExec.exe /I{B7F560B3-6EFF-4026-A982-843895A41149}
    Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
    Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
    Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
    Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
    Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
    Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
    Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
    Adobe Creative Suite 3 Design Premium --> MsiExec.exe /I{D1C18EDD-571A-4BDD-BE7B-1DD86027D7FF}
    Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
    Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
    Adobe ExtendScript Toolkit 2 --> C:\Programas\Ficheiros comuns\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
    Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{77D2A9D3-5800-43E3-B274-87841BC87DB2}
    Adobe Extension Manager CS3 --> MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
    Adobe Flash Player 9 ActiveX --> MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}
    Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
    Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
    Adobe InDesign CS3 --> MsiExec.exe /I{CB3F8375-B600-4B9F-83C9-238ED1E583FD}
    Adobe InDesign CS3 Icon Handler --> MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}
    Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
    Adobe MotionPicture Color Files --> MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
    Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
    Adobe Photoshop CS3 --> MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
    Adobe Premiere Pro 1.5 --> RunDll32 "C:\Programas\Ficheiros comuns\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Programas\InstallShield Installation Information\{A14F7508-B784-40B8-B11A-E0E2EEB7229F}\setup.exe" -l0x0009
    Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81100000003}
    Adobe Setup --> MsiExec.exe /I{09E2111C-16B1-4DDF-BF0D-F994C9A12350}
    Adobe Setup --> MsiExec.exe /I{8AE03988-8C8C-40EE-BDC7-76781BEF1B1D}
    Adobe Shockwave Player 11 --> C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
    Adobe SING CS3 --> MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2}
    Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
    Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
    Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
    Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
    Adobe WAS CS3 --> MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}
    Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
    Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
    AHV content for Acrobat and Flash --> MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
    Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
    Arquivo do WinRAR --> C:\Programas\WinRAR\uninstall.exe
    µTorrent --> "C:\Programas\uTorrent\uTorrent.exe" /UNINSTALL
    Attansic Ethernet Utility --> RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{1F698102-5739-441E-96F0-74F4EA540F06}\setup.exe" -l0x9 -removeonly
    Attansic L1 Gigabit Ethernet Driver --> rundll32.exe C:\WINDOWS\system32\Attansic\L1\atcInst.dll,AtcUninst C:\WINDOWS\system32\Attansic\L1 x86 1969 1048 L1
    AVG 7.5 --> C:\Programas\Grisoft\AVG7\setup.exe /UNINSTALL
    Azureus Vuze --> C:\Programas\Azureus\uninstall.exe
    Betfair Poker --> MsiExec.exe /X{D4A6F05B-D32D-4EA3-B288-05894E803225}
    BTuga Revolution --> C:\Programas\BTuga Revolution\Desinstalar.exe
    BurnInTest v5.3 Standard --> "C:\Programas\BurnInTest\unins000.exe"
    bwin Poker (remove only) --> "C:\Programas\bwin\uninstall.exe"
    Camtasia Studio 5 --> MsiExec.exe /I{7EADB65C-70E8-4C94-AD0A-221462D41A85}
    CCleaner (remove only) --> "C:\Programas\CCleaner\uninst.exe"
    Core FTP LE 2.0 --> C:\PROGRA~1\CoreFTP\UNWISE.EXE C:\PROGRA~1\CoreFTP\INSTALL.LOG
    Сµç --> "C:\WINDOWS\Сµç\uninstall.exe" "/U:C:\Programas\Сµç\Uninstall\uninstall.xml"
    Dreamule 3.0 --> "C:\Programas\DreMule\unins000.exe"
    DVD Shrink 3.2 --> "C:\Programas\DVD Shrink\unins000.exe"
    dvdSanta 3.43 --> C:\Programas\dvdSanta\unins000.exe
    EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
    ESET NOD32 Antivirus --> MsiExec.exe /I{86A6E235-C08F-4A14-B14C-793C7D8844A0}
    FLV Player 1.3.3 --> "C:\Programas\FLVPlayer\uninstall.exe"
    FLV Player 2.0, build 23 --> C:\Programas\FLV Player\uninst.exe
    Free FLV to AVI Converter V1.5 --> "C:\Programas\Free FLV to AVI Converter\unins000.exe"
    Freez FLV to AVI/MPEG/WMV Converter --> "C:\Programas\Smallvideosoft\Freez FLV to AVI MPEG WMV Converter\unins000.exe"
    Full Tilt Poker --> "C:\Programas\InstallShield Installation Information\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}\setup.exe" -runfromtemp -l0x0416 -removeonly
    High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
    Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
    Hotfix para Windows XP (KB935448) --> "C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"
    InterVideo WinDVD 7 --> "C:\Programas\InstallShield Installation Information\{90885A82-9673-49EA-AB39-AF776639C67C}\setup.exe" REMOVEALL
    Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
    Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
    KalipseMail 5000 --> C:\Programas\KalipseMail 5000\uninstall.exe
    LimeWire 4.14.10 --> "C:\Programas\LimeWire\uninstall.exe"
    Macromedia Dreamweaver MX --> RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{8B4AB829-DFD3-436D-B808-D9733D76C590}\Setup.exe" -l0x9 mmUninstall
    Macromedia Extension Manager --> RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x9 mmUninstall
    Macromedia FreeHand MXa --> RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{939740B5-0064-4779-854A-8C1086181C05}\Setup.exe" -l0x9 UNINSTALL
    Messenger Plus! 3 --> "C:\Programas\MessengerPlus! 3\MsgPlus.exe" /Remove
    Messenger Plus! Live --> "C:\Programas\Messenger Plus! Live\Uninstall.exe"
    Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
    Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110816-6000-11D3-8CFE-0150048383C9}
    Microsoft RTC Client API v1.3 --> MsiExec.exe /X{C0CC8CF4-2B66-40F3-9F87-EA60DB2FAC0C}
    Microsoft User-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
    Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Mozilla Firefox (2.0.0.14) --> C:\Programas\Mozilla Firefox\uninstall\helper.exe
    MSVC80_x86 --> MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
    Nero 7 Ultra Edition --> MsiExec.exe /I{FC98FBE9-E931-494C-8717-497185372070}
    Nokia Connectivity Cable Driver --> MsiExec.exe /X{0A3D3C54-2EC0-4D67-B265-FF17926E6D67}
    Nokia PC Suite --> C:\Documents and Settings\All Users\Application Data\Installations\{29466F9C-7C6A-419C-B301-F440FAF78760}\Nokia_PC_Suite_rel_6_85_14_1_por_web.exe
    Nokia PC Suite --> MsiExec.exe /I{29466F9C-7C6A-419C-B301-F440FAF78760}
    Nokia themes for your device --> MsiExec.exe /I{77F5816C-64A6-4FBE-BBE5-52EFE5EB84E8}
    NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
    Pacote de controladores do Windows - Nokia Modem (02/15/2007 3.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_8B37DC72918CCD58A6EC20373AF6242B037A293B\pccs_bluetooth.inf
    Pacote de controladores do Windows - Nokia Modem (02/15/2007 3.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_F12A08B6F776984A95553486F64C541356F86E38\pccs_bluetooth.inf
    Pacote de controladores do Windows - Nokia Modem (08/03/2007 6.84.0.2) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_1EB5F2E6F54A6BEDE9F436D1BA5D830FC71739BE\nokbtmdm.inf
    Pacote de controladores do Windows - Nokia Modem (10/12/2007 3.6) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_0A5D98F754C6588B2E3DDE89DDEF097075ADFFB7\nokia_bluetooth.inf
    PC Connectivity Solution --> MsiExec.exe /I{BA084E7C-8ABA-4670-BDE8-B85E689A5C1B}
    PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
    Pro Evolution Soccer 2008 --> C:\Programas\InstallShield Installation Information\{2FDFD600-7338-4738-90D5-FC4ACA08DC36}\setup.exe -runfromtemp -l0x0816
    QuickTime --> MsiExec.exe /I{5B09BD67-4C99-46A1-8161-B7208CE18121}
    RealPlayer --> C:\Programas\Ficheiros comuns\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x816 -removeonly
    Recover My Files --> "C:\Programas\GetData\Recover My Files\unins000.exe"
    RER MOV Converter --> "C:\WINDOWS\RER MOV Converter\uninstall.exe" "/U:C:\Programas\RER MOV Converter\Uninstall\uninstall.xml"
    Resolume 2.41 --> "C:\Programas\Resolume 2.41\unins000.exe"
    Sothink SWF Converter --> "C:\Programas\SourceTec\Sothink FLV Converter\unins000.exe"
    Sothink SWF Decompiler --> "C:\Programas\SourceTec\Sothink SWF Decompiler\unins000.exe"
    SpeedTouch USB Software --> RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}\Setup.exe" /l0416 -Control_Panel
    SWF & FLV Toolbox 3.5 (build 3.5.17.252) --> "C:\Programas\Eltima Software\SWF & FLV Toolbox\unins000.exe"
    The3Dpoker --> "C:\Programas\The3Dpoker\uninstall.exe"
    TuneUp Utilities 2007 --> MsiExec.exe /I{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}
    Virtual Earth 3D (Beta) --> MsiExec.exe /I{39CE3C17-846D-4D9B-8B3E-C01A4B90FB73}
    Vodafone Toolbar --> C:\Programas\Vodafone\Vodafone Toolbar\uninstall.exe
    Vodafone web phone --> C:\Programas\Vodafone\Vodafone web phone\uninstall.exe
    Webcam Simulator 4.1 --> "C:\Programas\Webcam Simulator\unins000.exe"
    Win32 --> MsiExec.exe /I{A47CC380-5C96-4542-98EA-23884ECB42C6}
    Winamp --> "C:\Programas\Winamp\UninstWA.exe"
    Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
    Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
    Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
    Windows Live Writer --> MsiExec.exe /X{9176251A-4CC1-4DDB-B343-B487195EB397}
    Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
    WinZip --> "C:\Programas\WinZip\WINZIP32.EXE" /uninstall
    XP Codec Pack --> C:\Programas\XP Codec Pack\Uninstall.exe
    YouSendIt Express --> C:\Programas\InstallShield Installation Information\{F5927344-079F-44CC-A1E7-8A0226C614B2}\setup.exe -runfromtemp -l0x0409
    YouTUBE (TM) movie downloader --> MsiExec.exe /X{2F8BE445-D14C-40E2-AF62-E43539FD1500}
    YouTube Download Manager Pro 6.0.5 --> "C:\Programas\Easiestutils\YouTube Download Manager Pro\unins000.exe"


    -- Application Event Log -------------------------------------------------------

    Event Record #/Type24561 / Success
    Event Submitted/Written: 04/29/2008 05:32:00 PM
    Event ID/Source: 12001 / usnjsvc
    Event Description:
    The Messenger Sharing USN Journal Reader service started successfully.

    Event Record #/Type24553 / Error
    Event Submitted/Written: 04/29/2008 04:57:20 PM
    Event ID/Source: 3 / Adobe Version Cue CS3
    Event Description:
    AssetServicesCS3class vcfoundation::base::VCIllegalState: IVCPipeServer already closed
    Trace: (null)

    Event Record #/Type24552 / Error
    Event Submitted/Written: 04/29/2008 04:57:20 PM
    Event ID/Source: 3 / Adobe Version Cue CS3
    Event Description:
    AssetServicesCS3class vcfoundation::base::VCIllegalState: IVCPipeServer already closed
    Trace: (null)

    Event Record #/Type24551 / Error
    Event Submitted/Written: 04/29/2008 04:57:20 PM
    Event ID/Source: 3 / Adobe Version Cue CS3
    Event Description:
    AssetServicesCS3class vcfoundation::base::VCIllegalState: IVCPipeServer already closed
    Trace: (null)

    Event Record #/Type24550 / Error
    Event Submitted/Written: 04/29/2008 04:57:20 PM
    Event ID/Source: 3 / Adobe Version Cue CS3
    Event Description:
    AssetServicesCS3class vcfoundation::base::VCIllegalState: IVCPipeServer already closed
    Trace: (null)



    -- Security Event Log ----------------------------------------------------------

    No Errors/Warnings found.


    -- System Event Log ------------------------------------------------------------

    Event Record #/Type14155 / Error
    Event Submitted/Written: 04/29/2008 05:36:52 PM
    Event ID/Source: 7031 / Service Control Manager
    Event Description:
    O serviço Eset Service terminou inesperadamente. Já o fez 1 vez(es). Será efectuada a seguinte acção correctiva em 0 milissegundos: Reiniciar o serviço.

    Event Record #/Type14154 / Error
    Event Submitted/Written: 04/29/2008 05:36:38 PM
    Event ID/Source: 7034 / Service Control Manager
    Event Description:
    O serviço AVG E-mail Scanner terminou inesperadamente. Isto aconteceu 1 vez(es).

    Event Record #/Type14153 / Error
    Event Submitted/Written: 04/29/2008 05:36:23 PM
    Event ID/Source: 7034 / Service Control Manager
    Event Description:
    O serviço NVIDIA Display Driver Service terminou inesperadamente. Isto aconteceu 1 vez(es).

    Event Record #/Type14128 / Error
    Event Submitted/Written: 04/29/2008 05:30:36 PM
    Event ID/Source: 7023 / Service Control Manager
    Event Description:
    O serviço Actualizações automáticas terminou com o seguinte erro:
    %%3228369022

    Event Record #/Type14124 / Error
    Event Submitted/Written: 04/29/2008 05:29:11 PM
    Event ID/Source: 10005 / DCOM
    Event Description:
    O DCOM obteve o erro "%%1084" ao tentar iniciar o serviço EventSystem com os argumentos ""
    de forma a executar o servidor:
    {1BE1F766-5536-11D1-B726-00C04FB926AF}



    -- End of Deckard's System Scanner: finished at 2008-04-29 17:41:02 ------------

    Grande abraço
     
  8. DekkeR

    DekkeR Power Member

    ilion,

    O log que deves postar não é esse.
    esta thread e segue os passos
     
  9. Ando à semanas a tentar resolver isto!! e nao consigo!! ja fui ao site, segui todos os passos, e mesmo assim continua la!

    Alguem me pode dar uma ajuda? aqui esta o log.

    Muito obrigado desde já!

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:14:12, on 10-05-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Programas\Bonjour\mDNSResponder.exe
    C:\Programas\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe
    C:\Programas\ESET\ESET NOD32 Antivirus\egui.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\Programas\Windows Live\Messenger\msnmsgr.exe
    C:\Programas\Vodafone\Vodafone web phone\AppStart.exe
    C:\Programas\Nokia\Nokia PC Suite 6\PCSuite.exe
    C:\Programas\Vodafone\Vodafone web phone\DesktopPhone.exe
    C:\Programas\PC Connectivity Solution\ServiceLayer.exe
    C:\Programas\PC Connectivity Solution\Transports\NclUSBSrv.exe
    C:\Programas\PC Connectivity Solution\Transports\NclRSSrv.exe
    C:\Programas\Windows Live\Messenger\msnmsgr.exe
    C:\Programas\Mozilla Firefox\firefox.exe
    C:\Programas\Windows Live\Messenger\usnsvc.exe
    C:\Documents and Settings\0\Ambiente de trabalho\PROGRAMAS\HiJackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
    R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: (no name) - {05CAC652-81DF-4D8C-BC53-B024CF7A5DE2} - C:\WINDOWS\system32\cbXpMDvW.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programas\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_03\bin\ssv.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [egui] "C:\Programas\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [BMd7e937cf] Rundll32.exe "C:\WINDOWS\system32\xucnryli.dll",s
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programas\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [msnmsgr] "C:\Programas\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [DesktopPhone] C:\Programas\Vodafone\Vodafone web phone\AppStart.exe
    O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programas\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVIÇO LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Enviar por &Mensagem SMS / MMS - C:\Programas\Vodafone\Vodafone Toolbar\SendText.html
    O8 - Extra context menu item: Enviar por Mensagem MMS - C:\Programas\Vodafone\Vodafone Toolbar\SendImage.html
    O8 - Extra context menu item: Sothink SWF Catcher - C:\Programas\Ficheiros comuns\SourceTec\SWF Catcher\InternetExplorer.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programas\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programas\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programas\Ficheiros comuns\SourceTec\SWF Catcher\InternetExplorer.htm
    O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programas\Ficheiros comuns\SourceTec\SWF Catcher\InternetExplorer.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9C4855F7-37D6-450E-A063-79AB65C1AAE9}: NameServer = 212.55.154.174
    O23 - Service: Adobe LM Service - Unknown owner - C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programas\Bonjour\mDNSResponder.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Programas\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Programas\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programas\Ficheiros comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programas\Ficheiros comuns\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NBService - Nero AG - C:\Programas\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Programas\Ficheiros comuns\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Programas\PC Connectivity Solution\ServiceLayer.exe

    --
    End of file - 8013 bytes
     
  10. zegato70

    zegato70 Suspenso

    Tb andei doido com isso, nem spybot, nem spydoctor, nod32 apaga e depois aparecia outra vez

    tratamento :

    http://www.superantispyware.com

    é free e resulta
     
  11. vou já testar!! :003:
     

  12. resultoooou!!

    muito obrigado :)
     
  13. VolvoSaab

    VolvoSaab Power Member

    Também tive o memso problema com o virtumonde, SUPER antispyware foi o único que funcionou, limpou à primeira, mas sugiro depois de fazer o download do SUPER desligar o computador da net e desactivar os pontos de restore, qunado apanehi o Virtumonde criou um ponto de restauro próprio apaganto todos os que existiam e desactivou as actualizações automáticas entre outras coisas.
     

Partilhar esta Página