mistic_girl
Power Member
Recebi hoje um e-mail de um amigo meu que tinha vírus, daqueles vírus que vêm pelo e-mail.
Felizmente usei o ponto de restauração e consegui desactivar o vírus, mas é óbvio que eu quero tirá-lo a 100% do computador.
Logfile of HijackThis v1.99.1
Scan saved at 16:07:44, on 18-06-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
I:\windows\System32\smss.exe
I:\windows\system32\winlogon.exe
I:\windows\system32\services.exe
I:\windows\system32\lsass.exe
I:\windows\system32\svchost.exe
I:\Programas\Windows Defender\MsMpEng.exe
I:\windows\System32\svchost.exe
I:\Programas\Ahead\InCD\InCDsrv.exe
I:\windows\Explorer.EXE
I:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe
I:\windows\system32\spoolsv.exe
I:\WINDOWS\ATKKBService.exe
I:\windows\system32\CTsvcCDA.exe
I:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
I:\Programas\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
I:\Programas\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
I:\windows\system32\nvsvc32.exe
I:\Programas\SiteAdvisor\6066\SAService.exe
I:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
I:\windows\system32\svchost.exe
I:\WINDOWS\system32\umonit.exe
I:\Programas\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
I:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe
I:\Programas\Java\jre1.6.0_01\bin\jusched.exe
I:\Programas\Windows Defender\MSASCui.exe
I:\Programas\SiteAdvisor\6066\SiteAdv.exe
I:\windows\system32\Rundll32.exe
I:\Programas\HP\HP Software Update\HPWuSchd2.exe
I:\windows\system32\RUNDLL32.EXE
I:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe
I:\windows\system32\ctfmon.exe
I:\Programas\Messenger\msmsgs.exe
I:\Programas\HP\Digital Imaging\bin\hpqtra08.exe
I:\Programas\Logitech\SetPoint\SetPoint.exe
I:\Programas\Ficheiros comuns\Logitech\KHAL\KHALMNPR.EXE
I:\Programas\HP\Digital Imaging\bin\hpqimzone.exe
I:\Programas\HP\Digital Imaging\bin\hpqSTE08.exe
I:\Programas\WinRAR\WinRAR.exe
I:\DOCUME~1\duelcore\DEFINI~1\Temp\Rar$EX00.360\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - I:\Programas\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: Flashget Catch Url Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - I:\Programas\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - I:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Programas\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - I:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - I:\Programas\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - I:\Programas\FlashGet\getflash.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - I:\Programas\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - I:\Programas\FlashGet\fgiebar.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - I:\Programas\SiteAdvisor\6066\SiteAdv.dll
O4 - HKLM\..\Run: [UMonit] I:\WINDOWS\system32\umonit.exe
O4 - HKLM\..\Run: [VolPanel] "I:\Programas\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [ccApp] I:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] I:\Programas\Ficheiros comuns\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "I:\Programas\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "I:\Programas\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] I:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SiteAdvisor] I:\Programas\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [HP Software Update] I:\Programas\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE I:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE I:\windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "I:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] I:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "I:\Programas\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "I:\Programas\Ahead\Nero BackItUp\NBJ.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = I:\Programas\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = I:\Programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = I:\Programas\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Inicialização rápida do HP Photosmart Premier.lnk = I:\Programas\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech SetPoint.lnk = I:\Programas\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Download All with FlashGet - I:\Programas\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - I:\Programas\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://I:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Programas\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Programas\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - I:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - I:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - I:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - I:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Programas\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1173108432234
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - I:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - I:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - I:\Programas\Ficheiros comuns\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - I:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - I:\Programas\SiteAdvisor\6066\SiteAdv.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - I:\PROGRA~1\FICHEI~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - I:\windows\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - I:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - I:\WINDOWS\ATKKBService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - I:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - I:\Programas\Ficheiros comuns\Symantec Shared\ccPwdSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - I:\windows\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - I:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - I:\Programas\Ahead\InCD\InCDsrv.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - I:\Programas\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - I:\Programas\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\windows\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - I:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - I:\PROGRA~1\FICHEI~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - I:\Programas\SiteAdvisor\6066\SAService.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - I:\Programas\Ficheiros comuns\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - I:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
Felizmente usei o ponto de restauração e consegui desactivar o vírus, mas é óbvio que eu quero tirá-lo a 100% do computador.
Logfile of HijackThis v1.99.1
Scan saved at 16:07:44, on 18-06-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
I:\windows\System32\smss.exe
I:\windows\system32\winlogon.exe
I:\windows\system32\services.exe
I:\windows\system32\lsass.exe
I:\windows\system32\svchost.exe
I:\Programas\Windows Defender\MsMpEng.exe
I:\windows\System32\svchost.exe
I:\Programas\Ahead\InCD\InCDsrv.exe
I:\windows\Explorer.EXE
I:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe
I:\windows\system32\spoolsv.exe
I:\WINDOWS\ATKKBService.exe
I:\windows\system32\CTsvcCDA.exe
I:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
I:\Programas\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
I:\Programas\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
I:\windows\system32\nvsvc32.exe
I:\Programas\SiteAdvisor\6066\SAService.exe
I:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
I:\windows\system32\svchost.exe
I:\WINDOWS\system32\umonit.exe
I:\Programas\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
I:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe
I:\Programas\Java\jre1.6.0_01\bin\jusched.exe
I:\Programas\Windows Defender\MSASCui.exe
I:\Programas\SiteAdvisor\6066\SiteAdv.exe
I:\windows\system32\Rundll32.exe
I:\Programas\HP\HP Software Update\HPWuSchd2.exe
I:\windows\system32\RUNDLL32.EXE
I:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe
I:\windows\system32\ctfmon.exe
I:\Programas\Messenger\msmsgs.exe
I:\Programas\HP\Digital Imaging\bin\hpqtra08.exe
I:\Programas\Logitech\SetPoint\SetPoint.exe
I:\Programas\Ficheiros comuns\Logitech\KHAL\KHALMNPR.EXE
I:\Programas\HP\Digital Imaging\bin\hpqimzone.exe
I:\Programas\HP\Digital Imaging\bin\hpqSTE08.exe
I:\Programas\WinRAR\WinRAR.exe
I:\DOCUME~1\duelcore\DEFINI~1\Temp\Rar$EX00.360\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - I:\Programas\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: Flashget Catch Url Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - I:\Programas\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - I:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Programas\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - I:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - I:\Programas\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - I:\Programas\FlashGet\getflash.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - I:\Programas\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - I:\Programas\FlashGet\fgiebar.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - I:\Programas\SiteAdvisor\6066\SiteAdv.dll
O4 - HKLM\..\Run: [UMonit] I:\WINDOWS\system32\umonit.exe
O4 - HKLM\..\Run: [VolPanel] "I:\Programas\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [ccApp] I:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] I:\Programas\Ficheiros comuns\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "I:\Programas\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "I:\Programas\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] I:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SiteAdvisor] I:\Programas\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [HP Software Update] I:\Programas\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE I:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE I:\windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "I:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] I:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "I:\Programas\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "I:\Programas\Ahead\Nero BackItUp\NBJ.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = I:\Programas\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = I:\Programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = I:\Programas\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Inicialização rápida do HP Photosmart Premier.lnk = I:\Programas\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech SetPoint.lnk = I:\Programas\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Download All with FlashGet - I:\Programas\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - I:\Programas\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://I:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Programas\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Programas\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - I:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - I:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - I:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - I:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Programas\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1173108432234
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - I:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - I:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - I:\Programas\Ficheiros comuns\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - I:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - I:\Programas\SiteAdvisor\6066\SiteAdv.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - I:\PROGRA~1\FICHEI~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - I:\windows\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - I:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - I:\WINDOWS\ATKKBService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - I:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - I:\Programas\Ficheiros comuns\Symantec Shared\ccPwdSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - I:\windows\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - I:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - I:\Programas\Ahead\InCD\InCDsrv.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - I:\Programas\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - I:\Programas\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\windows\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - I:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - I:\PROGRA~1\FICHEI~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - I:\Programas\SiteAdvisor\6066\SAService.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - I:\Programas\Ficheiros comuns\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - I:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
e se recebeste um viros por email, é obvio que é daqueles que vêm por e-mail (j/k)