Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Entre para seguir isso  
MariusPT

tanta invasao sera virus?

Recommended Posts

Boa noite.

Preciso da vossa ajuda, ultimamente a minha firewal tem bloqueado várias tentativas de invasão por minuto, uso a zonalarm, isto tem vindo acontecer desde que fui infectado com 1 cavalo de troia, peso que o tenha eliminado rolando 2 ou 3 antivirus, pelo menos agora não estão detectando nenhuma infecção. Não entendo muito de pc e agrdecia a vossa ajuda.

DDS (Ver_09-07-30.01) - NTFSx86

Run by tmn at 13:49:18,36 on 02-09-2009

Internet Explorer: 8.0.6001.18813

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.351.2070.18.3054.2146 [GMT 1:00]

SP: ZoneAlarm Anti-Spyware *enabled* (Outdated) {F245A209-1085-48B4-B927-35D56015EC60}

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskeng.exe

C:\Program Files\Hotkey_Driver\HotkeyDriver.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k hpdevmgmt

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\SiS VGA Utilities\SiSTray.exe

C:\Windows\RtHDVCpl.exe

C:\Windows\BisonCam\BisonHK.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\tmn\Desktop\dds.scr

C:\Windows\system32\conime.exe

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.pt/

BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll

BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Programa Auxiliar de Início de Sessão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [drivevideo] "c:\users\tmn\appdata\roaming\spoolsv.exe"

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [siSTray] %ProgramFiles%\SiS VGA Utilities\SiSTray.exe

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [bisonHK] c:\windows\bisoncam\BisonHK.exe

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: UacDisableNotify = 0 (0x0)

IE: E&xportar para o Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll

IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/pt-pt/wlscctrl2.cab

============= SERVICES / DRIVERS ===============

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-8-30 108289]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-8-29 1153368]

R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-3-26 113504]

R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8187B.sys [2008-5-8 290304]

R3 SiS6350;SiS6350;c:\windows\system32\drivers\SISGRKMD.sys [2008-5-8 572416]

R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\drivers\SiSGB6.sys [2008-5-8 48128]

=============== Created Last 30 ================

2009-09-01 23:44 <DIR> --d----- C:\LinhaDefensiva

2009-09-01 23:03 <DIR> --d----- c:\program files\Microsoft Windows OneCare Live

2009-09-01 21:12 <DIR> --d----- C:\FindyKill

2009-09-01 19:16 <DIR> --d----- c:\users\tmn\DoctorWeb

2009-08-31 23:39 <DIR> --dsh--- C:\$RECYCLE.BIN

2009-08-31 22:05 229,376 a------- c:\windows\PEV.exe

2009-08-31 22:05 161,792 a------- c:\windows\SWREG.exe

2009-08-31 22:05 98,816 a------- c:\windows\sed.exe

2009-08-31 00:23 <DIR> a-d----- c:\programdata\TEMP

2009-08-31 00:16 <DIR> --d----- c:\users\tmn\appdata\roaming\Malwarebytes

2009-08-31 00:16 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys

2009-08-31 00:16 19,096 a------- c:\windows\system32\drivers\mbam.sys

2009-08-31 00:16 <DIR> --d----- c:\programdata\Malwarebytes

2009-08-31 00:16 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware

2009-08-31 00:16 <DIR> --d----- c:\progra~2\Malwarebytes

2009-08-30 12:16 55,656 a------- c:\windows\system32\drivers\avgntflt.sys

2009-08-30 12:16 <DIR> --d----- c:\programdata\Avira

2009-08-30 12:16 <DIR> --d----- c:\program files\Avira

2009-08-30 12:16 <DIR> --d----- c:\progra~2\Avira

2009-08-30 11:59 <DIR> --d----- c:\program files\AskBarDis

2009-08-30 11:59 170,496 a------- c:\windows\system32\tcpipcfg.dll

2009-08-30 11:59 22,528 a------- c:\windows\system32\netiougc.exe

2009-08-30 11:58 1,221,512 a------- c:\windows\system32\zpeng25.dll

2009-08-30 11:58 <DIR> --d----- c:\program files\Zone Labs

2009-08-30 11:57 350,192 a---h--- c:\windows\system32\drivers\vsconfig.xml

2009-08-30 11:57 293,528 a------- c:\windows\system32\drivers\vsdatant.sys

2009-08-30 11:57 <DIR> --d----- c:\windows\system32\ZoneLabs

2009-08-30 11:56 <DIR> --d----- c:\programdata\CheckPoint

2009-08-30 11:56 <DIR> --d----- c:\progra~2\CheckPoint

2009-08-30 11:56 <DIR> --d----- c:\windows\Internet Logs

2009-08-30 02:42 <DIR> --d----- c:\users\tmn\appdata\roaming\uniblue

2009-08-30 02:41 <DIR> --d----- c:\program files\Uniblue

2009-08-30 00:04 130 a------- c:\windows\cfplogvw.INI

2009-08-29 22:26 <DIR> --d----- c:\programdata\Spybot - Search & Destroy

2009-08-29 22:26 <DIR> --d----- c:\program files\Spybot - Search & Destroy

2009-08-29 22:26 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy

2009-08-29 22:15 499,712 a------- c:\windows\system32\kerberos.dll

2009-08-29 22:15 175,104 a------- c:\windows\system32\wdigest.dll

2009-08-29 22:15 1,256,448 a------- c:\windows\system32\lsasrv.dll

2009-08-29 22:15 270,848 a------- c:\windows\system32\schannel.dll

2009-08-29 22:15 213,504 a------- c:\windows\system32\msv1_0.dll

2009-08-29 22:15 439,896 a------- c:\windows\system32\drivers\ksecdd.sys

2009-08-29 22:15 72,704 a------- c:\windows\system32\secur32.dll

2009-08-29 22:15 9,728 a------- c:\windows\system32\lsass.exe

2009-08-28 21:45 918,368 a------- c:\windows\system32\drivers\sfi.dat

2009-08-28 21:37 <DIR> --d----- c:\program files\COMODO

2009-08-28 21:30 2,048 a------- c:\windows\system32\tzres.dll

2009-08-18 22:04 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll

2009-08-18 22:04 97,800 a------- c:\windows\system32\infocardapi.dll

2009-08-18 22:04 622,080 a------- c:\windows\system32\icardagt.exe

2009-08-18 22:04 43,544 a------- c:\windows\system32\PresentationHostProxy.dll

2009-08-18 22:04 37,384 a------- c:\windows\system32\infocardcpl.cpl

2009-08-18 22:04 11,264 a------- c:\windows\system32\icardres.dll

2009-08-18 22:04 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll

2009-08-18 22:04 326,160 a------- c:\windows\system32\PresentationHost.exe

2009-08-18 21:57 96,760 a------- c:\windows\system32\dfshim.dll

2009-08-18 21:57 282,112 a------- c:\windows\system32\mscoree.dll

2009-08-18 21:57 41,984 a------- c:\windows\system32\netfxperf.dll

2009-08-18 21:57 158,720 a------- c:\windows\system32\mscorier.dll

2009-08-18 21:57 83,968 a------- c:\windows\system32\mscories.dll

2009-08-17 21:49 71,680 a------- c:\windows\system32\atl.dll

2009-08-17 21:49 160,256 a------- c:\windows\system32\wkssvc.dll

2009-08-17 21:49 2,066,432 a------- c:\windows\system32\mstscax.dll

2009-08-17 21:49 91,136 a------- c:\windows\system32\avifil32.dll

2009-08-17 21:49 313,344 a------- c:\windows\system32\wmpdxm.dll

2009-08-17 21:49 7,680 a------- c:\windows\system32\spwmp.dll

2009-08-17 21:48 4,096 a------- c:\windows\system32\msdxm.ocx

2009-08-17 21:48 4,096 a------- c:\windows\system32\dxmasf.dll

2009-08-17 21:48 8,147,456 a------- c:\windows\system32\wmploc.DLL

2009-08-17 21:48 43,520 a------- c:\windows\system32\msdxm.tlb

2009-08-17 21:48 18,432 a------- c:\windows\system32\amcompat.tlb

==================== Find3M ====================

2009-09-02 13:34 650,636 a------- c:\windows\system32\prfh0816.dat

2009-09-02 13:34 127,998 a------- c:\windows\system32\prfc0816.dat

2009-08-30 11:58 86,016 a------- c:\windows\inf\infstrng.dat

2009-08-30 11:58 51,200 a------- c:\windows\inf\infpub.dat

2009-08-30 11:58 86,016 a------- c:\windows\inf\infstor.dat

2009-07-21 22:52 915,456 a------- c:\windows\system32\wininet.dll

2009-07-21 22:47 109,056 a------- c:\windows\system32\iesysprep.dll

2009-07-21 22:47 71,680 a------- c:\windows\system32\iesetup.dll

2009-07-21 21:13 133,632 a------- c:\windows\system32\ieUnatt.exe

2009-07-06 17:28 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf

2009-06-29 00:00 150,739 a------- c:\windows\hpoins15.dat

2009-06-15 16:24 156,672 a------- c:\windows\system32\t2embed.dll

2009-06-15 16:20 72,704 a------- c:\windows\system32\fontsub.dll

2009-06-15 16:20 10,240 a------- c:\windows\system32\dciman32.dll

2009-06-15 13:52 289,792 a------- c:\windows\system32\atmfd.dll

2008-07-24 05:47 665,600 a------- c:\windows\inf\drvindex.dat

2008-01-21 07:20 332,682 a------- c:\windows\inf\perflib\0816\perfi.dat

2008-01-21 07:20 332,682 a------- c:\windows\inf\perflib\0816\perfh.dat

2008-01-21 07:20 39,514 a------- c:\windows\inf\perflib\0816\perfd.dat

2008-01-21 07:20 39,514 a------- c:\windows\inf\perflib\0816\perfc.dat

2008-01-21 03:43 174 a--sh--- c:\program files\desktop.ini

2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat

2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat

2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat

2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 13:49:47,85 ===============

GMER 1.0.15.15077 [gmer.exe] - http://www.gmer.net

Rootkit scan 2009-09-02 19:25:54

Windows 6.0.6001 Service Pack 1

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwAlpcConnectPort [0x8E061880]

SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwConnectPort [0x8E0614E0]

SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateFile [0x8E05E828]

SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateKey [0x8E074D9C]

SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreatePort [0x8E061C36]

SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcess [0x8E072AF8]

SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0x8E072D12]

SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateSection [0x8E076780]

SSDT 8ABC2C84 ZwCreateThread

SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0x8E061CDE]

SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteFile [0x8E05ED0A]

SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteKey [0x8E075698]

SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0x8E075414]

SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0x8E0724F8]

SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey [0x8E075BC6]

SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0x8E075C3E]

SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKeyEx [0x8E075D2E]

SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenFile [0x8E05EBA2]

SSDT 8ABC2C70 ZwOpenProcess

SSDT 8ABC2C75 ZwOpenThread

SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRenameKey [0x8E076370]

SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwReplaceKey [0x8E075DA6]

SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0x8E06116A]

SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRestoreKey [0x8E0761B0]

SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0x8E061680]

SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0x8E05EEF8]

SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetValueKey [0x8E07511A]

SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0x8E073486]

SSDT 8ABC2C7F ZwTerminateProcess

SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateUserProcess [0x8E072F30]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetTimerEx + 370 81EF7934 4 Bytes [80, 18, 06, 8E]

.text ntkrnlpa.exe!KeSetTimerEx + 3F4 81EF79B8 4 Bytes [E0, 14, 06, 8E]

.text ntkrnlpa.exe!KeSetTimerEx + 40C 81EF79D0 4 Bytes CALL 32F207DA

.text ntkrnlpa.exe!KeSetTimerEx + 41C 81EF79E0 4 Bytes [9C, 4D, 07, 8E]

.text ntkrnlpa.exe!KeSetTimerEx + 438 81EF79FC 12 Bytes [36, 1C, 06, 8E, F8, 2A, 07, ...]

.text ...

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[1840] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74C47BA4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1840] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74C898C5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1840] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [74C4D3C8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1840] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [74C3F527] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1840] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74C47599] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1840] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [74C3E43D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1840] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74C7B33D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1840] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [74C4D68A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1840] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74C4012E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1840] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74C40095] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1840] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74C371F3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1840] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [74CCD802] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1840] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [74C675E1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1840] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74C3DAE1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1840] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74C3668F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1840] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74C366BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1840] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74C41E45] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Gestor de Filtros de Sistema de Ficheiros da Microsoft/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001167bcd1aa

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00158315a1f9

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00158315a2ca

Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001167bcd1aa (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\00158315a1f9 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\00158315a2ca (not active ControlSet)

Reg HKLM\SOFTWARE\Classes\CLSID\{B6A930A0-A4F5-43A5-9B4E-6189A6C2B9E8}@j!m!t!e!\24!m!r!c!e!`!s!{!d!{!s!f! 19583823

---- EOF - GMER 1.0.15 ----

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • ok, obrigado Diego aqui vai...

    DDS (Ver_09-07-30.01) - NTFSx86

    Run by tmn at 21:13:33,15 on 04-09-2009

    Internet Explorer: 8.0.6001.18813

    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.351.2070.18.3054.2079 [GMT 1:00]

    SP: ZoneAlarm Anti-Spyware *enabled* (Outdated) {F245A209-1085-48B4-B927-35D56015EC60}

    SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

    FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe

    C:\Windows\system32\lsm.exe

    C:\Windows\system32\svchost.exe -k DcomLaunch

    C:\Windows\system32\svchost.exe -k rpcss

    C:\Windows\System32\svchost.exe -k secsvcs

    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

    C:\Windows\system32\svchost.exe -k netsvcs

    C:\Windows\system32\svchost.exe -k GPSvcGroup

    C:\Windows\system32\SLsvc.exe

    C:\Windows\system32\svchost.exe -k LocalService

    C:\Windows\system32\svchost.exe -k NetworkService

    C:\Windows\system32\Dwm.exe

    C:\Windows\Explorer.EXE

    C:\Windows\System32\spoolsv.exe

    C:\Windows\system32\taskeng.exe

    C:\Program Files\Avira\AntiVir Desktop\sched.exe

    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

    C:\Windows\system32\taskeng.exe

    C:\Program Files\Hotkey_Driver\HotkeyDriver.exe

    C:\Program Files\Avira\AntiVir Desktop\avguard.exe

    C:\Windows\system32\svchost.exe -k bthsvcs

    C:\Windows\system32\svchost.exe -k hpdevmgmt

    C:\Windows\System32\svchost.exe -k HPZ12

    C:\Windows\System32\svchost.exe -k HPZ12

    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

    C:\Windows\system32\svchost.exe -k imgsvc

    C:\Windows\System32\svchost.exe -k WerSvcGroup

    C:\Windows\system32\SearchIndexer.exe

    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

    C:\Windows\system32\WUDFHost.exe

    C:\Windows\system32\wbem\wmiprvse.exe

    C:\Windows\System32\mobsync.exe

    C:\Program Files\Windows Defender\MSASCui.exe

    C:\Program Files\SiS VGA Utilities\SiSTray.exe

    C:\Windows\RtHDVCpl.exe

    C:\Windows\BisonCam\BisonHK.exe

    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

    C:\Program Files\Windows Sidebar\sidebar.exe

    C:\Windows\ehome\ehtray.exe

    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

    C:\Windows\ehome\ehmsas.exe

    C:\Windows\system32\wbem\unsecapp.exe

    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

    \\?\C:\Windows\system32\wbem\WMIADAP.EXE

    C:\Windows\system32\DllHost.exe

    C:\Windows\system32\DllHost.exe

    C:\Users\tmn\Desktop\Remover Virus\dds.scr

    C:\Windows\system32\conime.exe

    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.pt/

    BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll

    BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll

    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll

    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll

    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

    BHO: Programa Auxiliar de Início de Sessão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

    TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll

    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

    uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

    uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

    uRun: [drivevideo] "c:\users\tmn\appdata\roaming\spoolsv.exe"

    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

    mRun: [siSTray] %ProgramFiles%\SiS VGA Utilities\SiSTray.exe

    mRun: [RtHDVCpl] RtHDVCpl.exe

    mRun: [bisonHK] c:\windows\bisoncam\BisonHK.exe

    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

    mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"

    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

    mPolicies-system: UacDisableNotify = 0 (0x0)

    IE: E&xportar para o Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

    IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll

    IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll

    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

    DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/pt-pt/wlscctrl2.cab

    ============= SERVICES / DRIVERS ===============

    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-8-30 108289]

    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-8-29 1153368]

    R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-3-26 113504]

    R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8187B.sys [2008-5-8 290304]

    R3 SiS6350;SiS6350;c:\windows\system32\drivers\SISGRKMD.sys [2008-5-8 572416]

    R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\drivers\SiSGB6.sys [2008-5-8 48128]

    =============== Created Last 30 ================

    2009-09-02 21:16 28,672 a------- c:\windows\system32\Apphlpdm.dll

    2009-09-02 21:16 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll

    2009-09-01 23:44 <DIR> --d----- C:\LinhaDefensiva

    2009-09-01 23:03 <DIR> --d----- c:\program files\Microsoft Windows OneCare Live

    2009-09-01 21:12 <DIR> --d----- C:\FindyKill

    2009-09-01 19:16 <DIR> --d----- c:\users\tmn\DoctorWeb

    2009-08-31 23:39 <DIR> --dsh--- C:\$RECYCLE.BIN

    2009-08-31 22:05 229,376 a------- c:\windows\PEV.exe

    2009-08-31 22:05 161,792 a------- c:\windows\SWREG.exe

    2009-08-31 22:05 98,816 a------- c:\windows\sed.exe

    2009-08-31 00:23 <DIR> a-d----- c:\programdata\TEMP

    2009-08-31 00:16 <DIR> --d----- c:\users\tmn\appdata\roaming\Malwarebytes

    2009-08-31 00:16 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys

    2009-08-31 00:16 19,096 a------- c:\windows\system32\drivers\mbam.sys

    2009-08-31 00:16 <DIR> --d----- c:\programdata\Malwarebytes

    2009-08-31 00:16 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware

    2009-08-31 00:16 <DIR> --d----- c:\progra~2\Malwarebytes

    2009-08-30 12:16 55,656 a------- c:\windows\system32\drivers\avgntflt.sys

    2009-08-30 12:16 <DIR> --d----- c:\programdata\Avira

    2009-08-30 12:16 <DIR> --d----- c:\program files\Avira

    2009-08-30 12:16 <DIR> --d----- c:\progra~2\Avira

    2009-08-30 11:59 <DIR> --d----- c:\program files\AskBarDis

    2009-08-30 11:59 170,496 a------- c:\windows\system32\tcpipcfg.dll

    2009-08-30 11:59 22,528 a------- c:\windows\system32\netiougc.exe

    2009-08-30 11:58 1,221,512 a------- c:\windows\system32\zpeng25.dll

    2009-08-30 11:58 <DIR> --d----- c:\program files\Zone Labs

    2009-08-30 11:57 350,192 a---h--- c:\windows\system32\drivers\vsconfig.xml

    2009-08-30 11:57 293,528 a------- c:\windows\system32\drivers\vsdatant.sys

    2009-08-30 11:57 <DIR> --d----- c:\windows\system32\ZoneLabs

    2009-08-30 11:56 <DIR> --d----- c:\programdata\CheckPoint

    2009-08-30 11:56 <DIR> --d----- c:\progra~2\CheckPoint

    2009-08-30 11:56 <DIR> --d----- c:\windows\Internet Logs

    2009-08-30 02:42 <DIR> --d----- c:\users\tmn\appdata\roaming\uniblue

    2009-08-30 02:41 <DIR> --d----- c:\program files\Uniblue

    2009-08-30 00:04 130 a------- c:\windows\cfplogvw.INI

    2009-08-29 22:26 <DIR> --d----- c:\programdata\Spybot - Search & Destroy

    2009-08-29 22:26 <DIR> --d----- c:\program files\Spybot - Search & Destroy

    2009-08-29 22:26 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy

    2009-08-29 22:15 499,712 a------- c:\windows\system32\kerberos.dll

    2009-08-29 22:15 175,104 a------- c:\windows\system32\wdigest.dll

    2009-08-29 22:15 1,256,448 a------- c:\windows\system32\lsasrv.dll

    2009-08-29 22:15 270,848 a------- c:\windows\system32\schannel.dll

    2009-08-29 22:15 213,504 a------- c:\windows\system32\msv1_0.dll

    2009-08-29 22:15 439,896 a------- c:\windows\system32\drivers\ksecdd.sys

    2009-08-29 22:15 72,704 a------- c:\windows\system32\secur32.dll

    2009-08-29 22:15 9,728 a------- c:\windows\system32\lsass.exe

    2009-08-28 21:45 918,368 a------- c:\windows\system32\drivers\sfi.dat

    2009-08-28 21:37 <DIR> --d----- c:\program files\COMODO

    2009-08-28 21:30 2,048 a------- c:\windows\system32\tzres.dll

    2009-08-18 22:04 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll

    2009-08-18 22:04 97,800 a------- c:\windows\system32\infocardapi.dll

    2009-08-18 22:04 622,080 a------- c:\windows\system32\icardagt.exe

    2009-08-18 22:04 43,544 a------- c:\windows\system32\PresentationHostProxy.dll

    2009-08-18 22:04 37,384 a------- c:\windows\system32\infocardcpl.cpl

    2009-08-18 22:04 11,264 a------- c:\windows\system32\icardres.dll

    2009-08-18 22:04 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll

    2009-08-18 22:04 326,160 a------- c:\windows\system32\PresentationHost.exe

    2009-08-18 21:57 96,760 a------- c:\windows\system32\dfshim.dll

    2009-08-18 21:57 282,112 a------- c:\windows\system32\mscoree.dll

    2009-08-18 21:57 41,984 a------- c:\windows\system32\netfxperf.dll

    2009-08-18 21:57 158,720 a------- c:\windows\system32\mscorier.dll

    2009-08-18 21:57 83,968 a------- c:\windows\system32\mscories.dll

    2009-08-17 21:49 71,680 a------- c:\windows\system32\atl.dll

    2009-08-17 21:49 160,256 a------- c:\windows\system32\wkssvc.dll

    2009-08-17 21:49 2,066,432 a------- c:\windows\system32\mstscax.dll

    2009-08-17 21:49 91,136 a------- c:\windows\system32\avifil32.dll

    2009-08-17 21:49 313,344 a------- c:\windows\system32\wmpdxm.dll

    2009-08-17 21:49 7,680 a------- c:\windows\system32\spwmp.dll

    2009-08-17 21:48 4,096 a------- c:\windows\system32\msdxm.ocx

    2009-08-17 21:48 4,096 a------- c:\windows\system32\dxmasf.dll

    2009-08-17 21:48 8,147,456 a------- c:\windows\system32\wmploc.DLL

    2009-08-17 21:48 43,520 a------- c:\windows\system32\msdxm.tlb

    2009-08-17 21:48 18,432 a------- c:\windows\system32\amcompat.tlb

    ==================== Find3M ====================

    2009-09-04 21:13 650,636 a------- c:\windows\system32\prfh0816.dat

    2009-09-04 21:13 127,998 a------- c:\windows\system32\prfc0816.dat

    2009-08-30 11:58 86,016 a------- c:\windows\inf\infstrng.dat

    2009-08-30 11:58 51,200 a------- c:\windows\inf\infpub.dat

    2009-08-30 11:58 86,016 a------- c:\windows\inf\infstor.dat

    2009-08-28 13:39 173,056 a------- c:\windows\apppatch\AcXtrnal.dll

    2009-08-28 13:38 2,153,984 a------- c:\windows\apppatch\AcGenral.dll

    2009-08-28 13:38 541,696 a------- c:\windows\apppatch\AcLayers.dll

    2009-08-28 13:38 459,776 a------- c:\windows\apppatch\AcSpecfc.dll

    2009-07-21 22:52 915,456 a------- c:\windows\system32\wininet.dll

    2009-07-21 22:47 109,056 a------- c:\windows\system32\iesysprep.dll

    2009-07-21 22:47 71,680 a------- c:\windows\system32\iesetup.dll

    2009-07-21 21:13 133,632 a------- c:\windows\system32\ieUnatt.exe

    2009-06-29 00:00 150,739 a------- c:\windows\hpoins15.dat

    2009-06-15 16:24 156,672 a------- c:\windows\system32\t2embed.dll

    2009-06-15 16:20 72,704 a------- c:\windows\system32\fontsub.dll

    2009-06-15 16:20 10,240 a------- c:\windows\system32\dciman32.dll

    2009-06-15 13:52 289,792 a------- c:\windows\system32\atmfd.dll

    2008-07-24 05:47 665,600 a------- c:\windows\inf\drvindex.dat

    2008-01-21 07:20 332,682 a------- c:\windows\inf\perflib\0816\perfi.dat

    2008-01-21 07:20 332,682 a------- c:\windows\inf\perflib\0816\perfh.dat

    2008-01-21 07:20 39,514 a------- c:\windows\inf\perflib\0816\perfd.dat

    2008-01-21 07:20 39,514 a------- c:\windows\inf\perflib\0816\perfc.dat

    2008-01-21 03:43 174 a--sh--- c:\program files\desktop.ini

    2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat

    2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat

    2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat

    2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

    ============= FINISH: 21:13:58,27 ===============

    GMER 1.0.15.15077 [gmer.exe] - http://www.gmer.net

    Rootkit scan 2009-09-04 21:53:30

    Windows 6.0.6001 Service Pack 1

    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwAlpcConnectPort [0x8E11B880]

    SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwConnectPort [0x8E11B4E0]

    SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateFile [0x8E118828]

    SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateKey [0x8E12ED9C]

    SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreatePort [0x8E11BC36]

    SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcess [0x8E12CAF8]

    SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0x8E12CD12]

    SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateSection [0x8E130780]

    SSDT B112822C ZwCreateThread

    SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0x8E11BCDE]

    SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteFile [0x8E118D0A]

    SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteKey [0x8E12F698]

    SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0x8E12F414]

    SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0x8E12C4F8]

    SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey [0x8E12FBC6]

    SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0x8E12FC3E]

    SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKeyEx [0x8E12FD2E]

    SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenFile [0x8E118BA2]

    SSDT B1128218 ZwOpenProcess

    SSDT B112821D ZwOpenThread

    SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRenameKey [0x8E130370]

    SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwReplaceKey [0x8E12FDA6]

    SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0x8E11B16A]

    SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRestoreKey [0x8E1301B0]

    SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0x8E11B680]

    SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0x8E118EF8]

    SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetValueKey [0x8E12F11A]

    SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0x8E12D486]

    SSDT B1128227 ZwTerminateProcess

    SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateUserProcess [0x8E12CF30]

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!KeSetTimerEx + 370 81EC0934 4 Bytes [80, B8, 11, 8E]

    .text ntkrnlpa.exe!KeSetTimerEx + 3F4 81EC09B8 4 Bytes [E0, B4, 11, 8E]

    .text ntkrnlpa.exe!KeSetTimerEx + 40C 81EC09D0 4 Bytes [28, 88, 11, 8E]

    .text ntkrnlpa.exe!KeSetTimerEx + 41C 81EC09E0 4 Bytes [9C, ED, 12, 8E]

    .text ntkrnlpa.exe!KeSetTimerEx + 438 81EC09FC 12 Bytes [36, BC, 11, 8E, F8, CA, 12, ...]

    .text ...

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Windows\Explorer.EXE[1952] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [743F7BA4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

    IAT C:\Windows\Explorer.EXE[1952] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [744398C5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

    IAT C:\Windows\Explorer.EXE[1952] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [743FD3C8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

    IAT C:\Windows\Explorer.EXE[1952] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [743EF527] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

    IAT C:\Windows\Explorer.EXE[1952] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [743F7599] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

    IAT C:\Windows\Explorer.EXE[1952] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [743EE43D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

    IAT C:\Windows\Explorer.EXE[1952] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [7442B33D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

    IAT C:\Windows\Explorer.EXE[1952] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [743FD68A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

    IAT C:\Windows\Explorer.EXE[1952] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [743F012E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

    IAT C:\Windows\Explorer.EXE[1952] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [743F0095] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

    IAT C:\Windows\Explorer.EXE[1952] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [743E71F3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

    IAT C:\Windows\Explorer.EXE[1952] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7447D802] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

    IAT C:\Windows\Explorer.EXE[1952] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [744175E1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

    IAT C:\Windows\Explorer.EXE[1952] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [743EDAE1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

    IAT C:\Windows\Explorer.EXE[1952] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [743E668F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

    IAT C:\Windows\Explorer.EXE[1952] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [743E66BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

    IAT C:\Windows\Explorer.EXE[1952] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [743F1E45] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Gestor de Filtros de Sistema de Ficheiros da Microsoft/Microsoft Corporation)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001167bcd1aa

    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00158315a1f9

    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00158315a2ca

    Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001167bcd1aa (not active ControlSet)

    Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00158315a1f9 (not active ControlSet)

    Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00158315a2ca (not active ControlSet)

    Reg HKLM\SOFTWARE\Classes\CLSID\{B6A930A0-A4F5-43A5-9B4E-6189A6C2B9E8}@j!m!t!e!\24!m!r!c!e!`!s!{!d!{!s!f! 19583823

    ---- EOF - GMER 1.0.15 ----

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caro MariusPT

    Leia as instruções contidas neste link:

    Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

    1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

    [*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).[*]Duplo clique no icone desktopicon.png que está no desktop.[*]Leia e aceite as condições, digitando 1 e enter.[*]Computadores com Windows XP deverão instalar o Console de Recuperação:

    • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
    • Clique em "OK" ao EULA.
    • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

    [*]O ComboFix será executado, por favor seja paciente e aguarde. [*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.[*]Poderá surgir o aviso que é necessário reiniciar o computador.

    NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

    NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

    • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
    • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
    • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • aqui vai..

    ComboFix 09-09-04.02 - tmn 05-09-2009 12:19.3.2 - NTFSx86

    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.351.2070.18.3054.2061 [GMT 1:00]

    Executando de: c:\users\tmn\Desktop\ComboFix.exe

    FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

    SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

    SP: ZoneAlarm Anti-Spyware *enabled* (Outdated) {F245A209-1085-48B4-B927-35D56015EC60}

    .

    (((((((((((((((( Arquivos/Ficheiros criados de 2009-08-05 to 2009-09-05 ))))))))))))))))))))))))))))

    .

    2009-09-05 11:22 . 2009-09-05 11:22 -------- d-----w- c:\users\Public\AppData\Local\temp

    2009-09-05 11:22 . 2009-09-05 11:22 -------- d-----w- c:\users\Default\AppData\Local\temp

    2009-09-02 20:16 . 2009-08-28 12:39 28672 ----a-w- c:\windows\system32\Apphlpdm.dll

    2009-09-02 20:16 . 2009-08-28 10:15 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

    2009-09-01 22:44 . 2009-09-01 22:45 -------- d-----w- C:\LinhaDefensiva

    2009-09-01 22:08 . 2009-09-01 22:08 -------- d-----w- c:\program files\Windows Live Safety Center

    2009-09-01 22:03 . 2009-09-01 22:03 -------- d-----w- c:\program files\Microsoft Windows OneCare Live

    2009-09-01 20:12 . 2009-09-01 21:59 -------- d-----w- C:\FindyKill

    2009-09-01 18:16 . 2009-09-01 18:16 -------- d-----w- c:\users\tmn\DoctorWeb

    2009-08-30 23:16 . 2009-08-30 23:16 -------- d-----w- c:\users\tmn\AppData\Roaming\Malwarebytes

    2009-08-30 23:16 . 2009-08-03 12:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

    2009-08-30 23:16 . 2009-08-30 23:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

    2009-08-30 23:16 . 2009-08-30 23:16 -------- d-----w- c:\programdata\Malwarebytes

    2009-08-30 23:16 . 2009-08-03 12:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

    2009-08-30 11:16 . 2009-07-28 15:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys

    2009-08-30 11:16 . 2009-03-30 09:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys

    2009-08-30 11:16 . 2009-08-30 11:16 -------- d-----w- c:\programdata\Avira

    2009-08-30 11:16 . 2009-08-30 11:16 -------- d-----w- c:\program files\Avira

    2009-08-30 10:59 . 2009-08-30 10:59 -------- d-----w- c:\program files\AskBarDis

    2009-08-30 10:59 . 2008-02-23 04:38 170496 ----a-w- c:\windows\system32\tcpipcfg.dll

    2009-08-30 10:59 . 2008-02-23 02:41 22528 ----a-w- c:\windows\system32\netiougc.exe

    2009-08-30 10:58 . 2009-02-15 23:10 69000 ----a-w- c:\windows\system32\zlcomm.dll

    2009-08-30 10:58 . 2009-02-15 23:10 103816 ----a-w- c:\windows\system32\zlcommdb.dll

    2009-08-30 10:58 . 2009-02-15 23:10 1221512 ----a-w- c:\windows\system32\zpeng25.dll

    2009-08-30 10:58 . 2009-08-30 10:58 -------- d-----w- c:\program files\Zone Labs

    2009-08-30 10:57 . 2009-08-30 10:58 -------- d-----w- c:\windows\system32\ZoneLabs

    2009-08-30 10:57 . 2009-02-15 23:11 293528 ----a-w- c:\windows\system32\drivers\vsdatant.sys

    2009-08-30 10:56 . 2009-08-30 10:56 -------- d-----w- c:\programdata\CheckPoint

    2009-08-30 10:56 . 2009-09-05 11:13 -------- d-----w- c:\windows\Internet Logs

    2009-08-30 01:42 . 2009-08-30 01:42 -------- d-----w- c:\users\tmn\AppData\Roaming\uniblue

    2009-08-30 01:41 . 2009-08-30 01:41 -------- d-----w- c:\program files\Uniblue

    2009-08-29 21:26 . 2009-09-01 12:25 -------- d-----w- c:\program files\Spybot - Search & Destroy

    2009-08-29 21:26 . 2009-08-29 22:18 -------- d-----w- c:\programdata\Spybot - Search & Destroy

    2009-08-29 21:15 . 2009-06-15 15:24 175104 ----a-w- c:\windows\system32\wdigest.dll

    2009-08-29 21:15 . 2009-06-15 15:21 499712 ----a-w- c:\windows\system32\kerberos.dll

    2009-08-29 21:15 . 2009-06-15 15:24 270848 ----a-w- c:\windows\system32\schannel.dll

    2009-08-29 21:15 . 2009-06-15 15:23 1256448 ----a-w- c:\windows\system32\lsasrv.dll

    2009-08-29 21:15 . 2009-06-15 15:22 213504 ----a-w- c:\windows\system32\msv1_0.dll

    2009-08-29 21:15 . 2009-06-15 18:20 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys

    2009-08-29 21:15 . 2009-06-15 15:24 72704 ----a-w- c:\windows\system32\secur32.dll

    2009-08-29 21:15 . 2009-06-15 12:57 9728 ----a-w- c:\windows\system32\lsass.exe

    2009-08-28 20:45 . 2009-08-30 11:05 918368 ----a-w- c:\windows\system32\drivers\sfi.dat

    2009-08-28 20:37 . 2009-08-28 20:37 74328 ----a-w- c:\windows\system32\drivers\inspect.sys

    2009-08-28 20:37 . 2009-08-30 11:05 -------- d-----w- c:\program files\COMODO

    2009-08-28 20:30 . 2009-06-22 10:22 2048 ----a-w- c:\windows\system32\tzres.dll

    2009-08-18 21:04 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll

    2009-08-18 21:04 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll

    2009-08-18 21:04 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll

    2009-08-18 21:04 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll

    2009-08-18 21:04 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe

    2009-08-18 21:04 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll

    2009-08-18 21:04 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe

    2009-08-18 20:57 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll

    2009-08-18 20:57 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll

    2009-08-18 20:57 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll

    2009-08-18 20:57 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll

    2009-08-18 20:57 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll

    2009-08-17 20:49 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll

    2009-08-17 20:49 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll

    2009-08-17 20:49 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll

    2009-08-17 20:49 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll

    2009-08-17 20:49 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll

    2009-08-17 20:49 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll

    2009-08-17 20:48 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll

    2009-08-17 20:48 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL

    .

    ((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2009-09-05 11:11 . 2009-08-30 10:57 350192 ---ha-w- c:\windows\system32\drivers\vsconfig.xml

    2009-09-05 10:01 . 2008-01-21 06:21 650636 ----a-w- c:\windows\system32\prfh0816.dat

    2009-09-05 10:01 . 2008-01-21 06:21 127998 ----a-w- c:\windows\system32\prfc0816.dat

    2009-09-05 01:57 . 2008-06-06 16:40 12 ----a-w- c:\windows\bthservsdp.dat

    2009-09-02 12:28 . 2008-05-09 00:53 55376 ----a-w- c:\users\tmn\AppData\Local\GDIPFONTCACHEV1.DAT

    2009-08-31 02:03 . 2008-05-10 00:20 -------- d-----w- c:\programdata\Microsoft Help

    2009-08-29 21:41 . 2008-05-10 00:23 -------- d-----w- c:\program files\Microsoft Works

    2009-08-28 21:13 . 2009-06-28 22:54 -------- d-----w- c:\programdata\HP Product Assistant

    2009-08-18 20:56 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

    2009-07-21 21:52 . 2009-08-31 21:51 915456 ----a-w- c:\windows\system32\wininet.dll

    2009-07-21 21:47 . 2009-08-31 21:51 109056 ----a-w- c:\windows\system32\iesysprep.dll

    2009-07-21 21:47 . 2009-08-31 21:51 71680 ----a-w- c:\windows\system32\iesetup.dll

    2009-07-21 20:13 . 2009-08-31 21:51 133632 ----a-w- c:\windows\system32\ieUnatt.exe

    2009-06-28 23:00 . 2009-06-28 22:49 150739 ----a-w- c:\windows\hpoins15.dat

    2009-06-15 15:24 . 2009-07-16 19:02 156672 ----a-w- c:\windows\system32\t2embed.dll

    2009-06-15 15:20 . 2009-07-16 19:02 72704 ----a-w- c:\windows\system32\fontsub.dll

    2009-06-15 15:20 . 2009-07-16 19:02 10240 ----a-w- c:\windows\system32\dciman32.dll

    2009-06-15 12:52 . 2009-07-16 19:02 289792 ----a-w- c:\windows\system32\atmfd.dll

    .

    ((((((((((((((((((((((((((((( SnapShot_2009-08-31_22.37.07 )))))))))))))))))))))))))))))))))))))))))

    .

    + 2009-09-02 20:16 . 2009-08-29 00:19 28672 c:\windows\winsxs\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6002.22213_none_846a2103770ca798\Apphlpdm.dll

    + 2009-09-02 20:16 . 2009-08-29 00:14 28672 c:\windows\winsxs\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6002.18101_none_83e953905de8b92f\Apphlpdm.dll

    + 2009-09-02 20:16 . 2009-08-28 12:24 28672 c:\windows\winsxs\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6001.22509_none_829480c379d8ce8d\Apphlpdm.dll

    + 2009-09-02 20:16 . 2009-08-28 12:39 28672 c:\windows\winsxs\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6001.18320_none_81ec3fa060d3856f\Apphlpdm.dll

    + 2009-09-02 20:16 . 2009-08-29 03:32 28672 c:\windows\winsxs\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6000.21117_none_80a147d97cbc5cfa\Apphlpdm.dll

    + 2009-09-02 20:16 . 2009-08-29 03:40 28672 c:\windows\winsxs\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6000.16917_none_8017d2ec639e89ee\Apphlpdm.dll

    + 2008-01-21 01:58 . 2009-09-05 09:56 36206 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

    + 2006-11-02 13:05 . 2009-09-04 20:08 83568 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

    - 2009-06-20 09:30 . 2009-08-31 22:22 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

    + 2009-06-20 09:30 . 2009-09-05 11:11 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

    + 2009-06-20 09:30 . 2009-09-05 11:11 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

    - 2009-06-20 09:30 . 2009-08-31 22:22 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

    - 2009-06-20 09:30 . 2009-08-31 22:22 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

    + 2009-06-20 09:30 . 2009-09-05 11:11 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

    - 2009-08-31 19:50 . 2009-08-31 19:50 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

    + 2009-08-31 19:50 . 2009-08-31 22:47 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

    + 2009-08-31 19:50 . 2009-08-31 22:47 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

    - 2009-08-31 19:50 . 2009-08-31 19:50 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

    - 2009-08-31 19:50 . 2009-08-31 19:50 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

    + 2009-08-31 19:50 . 2009-08-31 22:47 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

    + 2009-09-02 20:16 . 2009-08-29 00:24 2560 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6002.22213_none_0e8a7f670895bd4d\AcRes.dll

    + 2006-11-02 07:11 . 2006-11-02 07:11 2560 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6002.18101_none_0e09b1f3ef71cee4\AcRes.dll

    + 2009-09-02 20:16 . 2009-08-28 10:09 2560 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.22509_none_0cb4df270b61e442\AcRes.dll

    + 2008-06-06 15:23 . 2008-03-08 01:58 2560 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.18320_none_0c0c9e03f25c9b24\AcRes.dll

    + 2009-09-02 20:16 . 2009-08-28 23:11 2560 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.21117_none_0ac1a63d0e4572af\AcRes.dll

    + 2009-09-02 20:16 . 2009-08-28 23:15 2560 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.16917_none_0a38314ff5279fa3\AcRes.dll

    + 2009-06-21 11:17 . 2009-09-01 21:16 5534 c:\windows\System32\WDI\ERCQueuedResolutions.dat

    + 2009-06-21 12:25 . 2009-09-04 20:08 6804 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4228793233-428093369-926697994-1000_UserData.bin

    + 2009-09-05 09:54 . 2009-09-05 09:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

    - 2009-08-31 21:55 . 2009-08-31 21:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

    + 2009-09-05 09:54 . 2009-09-05 09:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

    - 2009-08-31 21:55 . 2009-08-31 21:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

    + 2009-09-02 20:16 . 2009-08-29 02:46 173056 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6002.22213_none_0e8e808f089222a9\AcXtrnal.dll

    + 2009-09-02 20:16 . 2009-08-29 02:46 542720 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6002.22213_none_0e8e808f089222a9\AcLayers.dll

    + 2009-09-02 20:16 . 2009-08-29 02:30 173056 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6002.18101_none_0e0db31bef6e3440\AcXtrnal.dll

    + 2009-09-02 20:16 . 2009-08-29 02:30 542720 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6002.18101_none_0e0db31bef6e3440\AcLayers.dll

    + 2009-09-02 20:16 . 2009-08-28 12:24 173056 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.22509_none_0cb8e04f0b5e499e\AcXtrnal.dll

    + 2009-09-02 20:16 . 2009-08-28 12:24 541696 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.22509_none_0cb8e04f0b5e499e\AcLayers.dll

    + 2009-09-02 20:16 . 2009-08-28 12:39 173056 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.18320_none_0c109f2bf2590080\AcXtrnal.dll

    + 2009-09-02 20:16 . 2009-08-28 12:38 541696 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.18320_none_0c109f2bf2590080\AcLayers.dll

    + 2009-09-02 20:16 . 2009-08-29 03:31 173056 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.21117_none_0ac5a7650e41d80b\AcXtrnal.dll

    + 2009-09-02 20:16 . 2009-08-29 03:31 537600 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.21117_none_0ac5a7650e41d80b\AcLayers.dll

    + 2009-09-02 20:16 . 2009-08-29 03:40 173056 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16917_none_0a3c3277f52404ff\AcXtrnal.dll

    + 2009-09-02 20:16 . 2009-08-29 03:40 537600 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16917_none_0a3c3277f52404ff\AcLayers.dll

    + 2009-09-02 20:16 . 2009-08-29 02:46 458752 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6002.22213_none_0e8d804508930952\AcSpecfc.dll

    + 2009-09-02 20:16 . 2009-08-29 02:30 458752 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6002.18101_none_0e0cb2d1ef6f1ae9\AcSpecfc.dll

    + 2009-09-02 20:16 . 2009-08-28 12:24 459776 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.22509_none_0cb7e0050b5f3047\AcSpecfc.dll

    + 2009-09-02 20:16 . 2009-08-28 12:38 459776 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.18320_none_0c0f9ee1f259e729\AcSpecfc.dll

    + 2009-09-02 20:16 . 2009-08-29 03:31 450560 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.21117_none_0ac4a71b0e42beb4\AcSpecfc.dll

    + 2009-09-02 20:16 . 2009-08-29 03:40 449024 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.16917_none_0a3b322df524eba8\AcSpecfc.dll

    + 2008-05-08 16:34 . 2009-09-04 22:15 256712 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin

    + 2006-11-02 10:33 . 2009-09-05 10:01 587178 c:\windows\System32\perfh009.dat

    - 2006-11-02 10:33 . 2009-08-31 22:02 587178 c:\windows\System32\perfh009.dat

    + 2006-11-02 10:33 . 2009-09-05 10:01 101250 c:\windows\System32\perfc009.dat

    - 2006-11-02 10:33 . 2009-08-31 22:02 101250 c:\windows\System32\perfc009.dat

    - 2006-11-02 12:47 . 2009-08-29 22:20 261176 c:\windows\System32\FNTCACHE.DAT

    + 2006-11-02 12:47 . 2009-09-02 23:39 261176 c:\windows\System32\FNTCACHE.DAT

    - 2009-08-31 21:58 . 2009-08-31 22:05 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

    + 2009-08-31 21:58 . 2009-09-04 23:57 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

    + 2009-09-02 20:16 . 2009-08-28 12:39 173056 c:\windows\AppPatch\AcXtrnal.dll

    - 2009-06-20 10:46 . 2008-11-01 03:44 173056 c:\windows\AppPatch\AcXtrnal.dll

    + 2009-09-02 20:16 . 2009-08-28 12:38 459776 c:\windows\AppPatch\AcSpecfc.dll

    - 2009-06-20 10:47 . 2008-11-01 03:44 541696 c:\windows\AppPatch\AcLayers.dll

    + 2009-09-02 20:16 . 2009-08-28 12:38 541696 c:\windows\AppPatch\AcLayers.dll

    + 2009-09-02 20:16 . 2009-08-29 00:34 4240384 c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.22213_none_4468964bd78652fb\GameUXLegacyGDFs.dll

    + 2009-09-02 20:16 . 2009-08-29 02:47 1696256 c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.22213_none_4468964bd78652fb\gameux.dll

    + 2009-09-02 20:16 . 2009-08-29 00:27 4240384 c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.18101_none_43e7c8d8be626492\GameUXLegacyGDFs.dll

    + 2009-09-02 20:16 . 2009-04-11 06:28 1696768 c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.18101_none_43e7c8d8be626492\gameux.dll

    + 2009-09-02 20:16 . 2009-08-28 10:19 4240384 c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22509_none_4292f60bda5279f0\GameUXLegacyGDFs.dll

    + 2009-09-02 20:16 . 2009-08-28 12:25 1695744 c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22509_none_4292f60bda5279f0\gameux.dll

    + 2009-09-02 20:16 . 2009-08-28 10:15 4240384 c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18320_none_41eab4e8c14d30d2\GameUXLegacyGDFs.dll

    + 2008-06-06 15:23 . 2008-03-08 04:21 1695744 c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18320_none_41eab4e8c14d30d2\gameux.dll

    + 2009-09-02 20:16 . 2009-08-28 23:26 4247552 c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.21117_none_409fbd21dd36085d\GameUXLegacyGDFs.dll

    + 2009-09-02 20:16 . 2009-08-29 03:33 1686528 c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.21117_none_409fbd21dd36085d\gameux.dll

    + 2009-09-02 20:16 . 2009-08-28 23:31 4247552 c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16917_none_40164834c4183551\GameUXLegacyGDFs.dll

    + 2009-09-02 20:16 . 2009-08-29 03:41 1686528 c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16917_none_40164834c4183551\gameux.dll

    + 2009-09-02 20:16 . 2009-08-29 02:46 2159616 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6002.22213_none_0e8c7ffb0893effb\AcGenral.dll

    + 2009-09-02 20:16 . 2009-08-29 02:30 2159616 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6002.18101_none_0e0bb287ef700192\AcGenral.dll

    + 2009-09-02 20:16 . 2009-08-28 12:24 2157056 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.22509_none_0cb6dfbb0b6016f0\AcGenral.dll

    + 2009-09-02 20:16 . 2009-08-28 12:38 2153984 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.18320_none_0c0e9e97f25acdd2\AcGenral.dll

    + 2009-09-02 20:16 . 2009-08-29 03:31 2144768 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.21117_none_0ac3a6d10e43a55d\AcGenral.dll

    + 2009-09-02 20:16 . 2009-08-29 03:40 2143744 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.16917_none_0a3a31e3f525d251\AcGenral.dll

    - 2006-11-02 10:22 . 2009-08-31 21:56 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat

    + 2006-11-02 10:22 . 2009-09-02 23:37 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat

    + 2009-09-02 20:16 . 2009-08-28 12:38 2153984 c:\windows\AppPatch\AcGenral.dll

    .

    -- Snapshot resetado para data atual --

    .

    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

    .

    .

    *Nota* entradas vazias e legítimas por defeito não são mostradas.

    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]

    2008-10-16 17:22 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

    "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-16 333192]

    [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

    [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

    "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-16 333192]

    [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

    [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]

    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

    "drivevideo"="c:\users\tmn\AppData\Roaming\spoolsv.exe" [bU]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]

    "SiSTray"="c:\program files\SiS VGA Utilities\SiSTray.exe" [2008-02-27 552960]

    "BisonHK"="c:\windows\BisonCam\BisonHK.exe" [2008-03-25 77824]

    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]

    "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384]

    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

    "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-02-26 4939776]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "EnableUIADesktopToggle"= 0 (0x0)

    "UacDisableNotify"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

    "aux"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

    @="Service"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

    "SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

    "FirewallOverride"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4228793233-428093369-926697994-1000]

    "EnableNotifications"=dword:00000001

    "EnableNotificationsRef"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4228793233-428093369-926697994-500]

    "EnableNotifications"=dword:00000001

    "EnableNotificationsRef"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

    "TCP Query User{CBA89E9C-9FD5-4451-ADE3-1173D3C201BF}c:\\program files\\sapo\\sapo messenger\\sapoim.exe"= UDP:c:\program files\sapo\sapo messenger\sapoim.exe:Sapo Messenger

    "UDP Query User{1A18579C-0B42-4215-9B9C-3522AB7FA907}c:\\program files\\sapo\\sapo messenger\\sapoim.exe"= TCP:c:\program files\sapo\sapo messenger\sapoim.exe:Sapo Messenger

    "{5CBA4683-C009-48C9-BEA5-8177293277C3}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

    "EnableFirewall"= 0 (0x0)

    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [30-08-2009 12:16 108289]

    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [29-08-2009 22:26 1153368]

    R3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [26-03-2009 11:57 113504]

    R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\System32\drivers\rtl8187B.sys [08-05-2008 23:41 290304]

    R3 SiS6350;SiS6350;c:\windows\System32\drivers\SISGRKMD.sys [08-05-2008 05:19 572416]

    R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\System32\drivers\SiSGB6.sys [08-05-2008 05:49 48128]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

    bthsvcs REG_MULTI_SZ BthServ

    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

    "c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

    .

    - - - - ORFÃOS REMOVIDOS - - - -

    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

    .

    ------- Scan Suplementar -------

    .

    uStart Page = hxxp://www.google.pt/

    IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2009-09-05 12:22

    Windows 6.0.6001 Service Pack 1 NTFS

    Procurando processos ocultos ...

    Procurando entradas auto inicializáveis ocultas ...

    Procurando ficheiros/arquivos ocultos ...

    Varredura completada com sucesso

    arquivos/ficheiros ocultos: 0

    **************************************************************************

    .

    Tempo para conclusão: 2009-09-05 12:24

    ComboFix-quarantined-files.txt 2009-09-05 11:24

    ComboFix2.txt 2009-08-31 22:41

    ComboFix3.txt 2009-08-31 21:47

    Pré-execução: 396.675.784.704 bytes livres

    Pós execução: 396.593.188.864 bytes livres

    284 --- E O F --- 2009-09-04 20:59

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caro MariusPT

    Etapa nº 1 #

    Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

    Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Código":

    File::
    c:\users\tmn\AppData\Roaming\spoolsv.exe

    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "drivevideo"=-

    Salve este arquivo como: CFScript.txt

    2872959479_997d4500c4_o.gif

    Tal com exemplificado na foto acima, arraste o arquivo CFScript.txt para dentro do ComboFix.exe. Quando a ferramenta terminar de rodar, gerará um log. Poste esse arquivo C:\ComboFix.txt.

    Etapa nº 2 #

    >>>> Encontra-se instalado em seu computador o Toolbar Ask; toolbars recolhem informações do usuário sem consentimento, fazendo também downloads de plugins sem premissão... Não é considerado malware, mas deixo você decidir o que fazer com ele. Caso opte pela desinstalação não a faça ainda, apenas me informe :)

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • ok eu vou desinstalar essa tal Toolbar Ask quando disseres que posso..

    Obrigado..

    ComboFix 09-09-06.06 - tmn 07-09-2009 19:44.4.2 - NTFSx86

    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.351.2070.18.3054.2037 [GMT 1:00]

    Executando de: c:\users\tmn\Desktop\XXProtectXX\ComboFix.exe

    Comandos utilizados :: c:\users\tmn\Desktop\CFScript.txt.txt

    FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

    SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}

    SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

    SP: ZoneAlarm Anti-Spyware *enabled* (Outdated) {F245A209-1085-48B4-B927-35D56015EC60}

    FILE ::

    "c:\users\tmn\AppData\Roaming\spoolsv.exe"

    .

    (((((((((((((((( Arquivos/Ficheiros criados de 2009-08-07 to 2009-09-07 ))))))))))))))))))))))))))))

    .

    2009-09-07 18:51 . 2009-09-07 18:51 -------- d-----w- c:\users\Public\AppData\Local\temp

    2009-09-07 18:51 . 2009-09-07 18:51 -------- d-----w- c:\users\Default\AppData\Local\temp

    2009-09-05 23:12 . 2008-05-05 13:31 103936 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys

    2009-09-05 23:12 . 2008-05-05 13:31 103936 ----a-w- c:\windows\system32\drivers\ZTEusbnmeaext.sys

    2009-09-05 23:12 . 2008-05-05 13:31 103936 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys

    2009-09-05 23:12 . 2008-05-05 13:30 103936 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys

    2009-09-05 23:12 . 2009-09-06 13:17 -------- d-----w- c:\program files\banda larga tmn

    2009-09-05 23:11 . 2009-09-05 23:21 -------- d-----w- c:\windows\system32\SupportAppPT

    2009-09-05 21:43 . 2009-02-15 23:10 69000 ----a-w- c:\windows\system32\zlcomm.dll

    2009-09-05 21:43 . 2009-02-15 23:10 103816 ----a-w- c:\windows\system32\zlcommdb.dll

    2009-09-05 21:43 . 2009-02-15 23:10 1221512 ----a-w- c:\windows\system32\zpeng25.dll

    2009-09-05 21:42 . 2009-09-05 21:43 -------- d-----w- c:\windows\system32\ZoneLabs

    2009-09-05 21:42 . 2009-02-15 23:11 293528 ----a-w- c:\windows\system32\drivers\vsdatant.sys

    2009-09-05 21:29 . 2009-09-05 21:29 -------- dc----w- c:\windows\system32\DRVSTORE

    2009-09-05 21:29 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys

    2009-09-05 21:28 . 2009-09-05 21:28 -------- dc-h--w- c:\programdata\{EF63305C-BAD7-4144-9208-D65528260864}

    2009-09-05 21:28 . 2009-09-05 21:29 -------- d-----w- c:\programdata\Lavasoft

    2009-09-05 21:28 . 2009-09-05 21:28 -------- d-----w- c:\program files\Lavasoft

    2009-09-02 20:16 . 2009-08-28 12:39 28672 ----a-w- c:\windows\system32\Apphlpdm.dll

    2009-09-02 20:16 . 2009-08-28 10:15 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

    2009-09-01 22:44 . 2009-09-01 22:45 -------- d-----w- C:\LinhaDefensiva

    2009-09-01 22:08 . 2009-09-01 22:08 -------- d-----w- c:\program files\Windows Live Safety Center

    2009-09-01 22:03 . 2009-09-01 22:03 -------- d-----w- c:\program files\Microsoft Windows OneCare Live

    2009-09-01 20:12 . 2009-09-01 21:59 -------- d-----w- C:\FindyKill

    2009-09-01 18:16 . 2009-09-01 18:16 -------- d-----w- c:\users\tmn\DoctorWeb

    2009-08-30 23:16 . 2009-08-30 23:16 -------- d-----w- c:\users\tmn\AppData\Roaming\Malwarebytes

    2009-08-30 23:16 . 2009-08-30 23:16 -------- d-----w- c:\programdata\Malwarebytes

    2009-08-30 11:16 . 2009-07-28 15:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys

    2009-08-30 11:16 . 2009-03-30 09:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys

    2009-08-30 11:16 . 2009-08-30 11:16 -------- d-----w- c:\programdata\Avira

    2009-08-30 11:16 . 2009-08-30 11:16 -------- d-----w- c:\program files\Avira

    2009-08-30 10:59 . 2009-09-05 21:44 -------- d-----w- c:\program files\AskBarDis

    2009-08-30 10:59 . 2008-02-23 04:38 170496 ----a-w- c:\windows\system32\tcpipcfg.dll

    2009-08-30 10:59 . 2008-02-23 02:41 22528 ----a-w- c:\windows\system32\netiougc.exe

    2009-08-30 10:58 . 2009-08-30 10:58 -------- d-----w- c:\program files\Zone Labs

    2009-08-30 10:56 . 2009-08-30 10:56 -------- d-----w- c:\programdata\CheckPoint

    2009-08-30 10:56 . 2009-09-07 18:16 -------- d-----w- c:\windows\Internet Logs

    2009-08-30 01:42 . 2009-08-30 01:42 -------- d-----w- c:\users\tmn\AppData\Roaming\uniblue

    2009-08-30 01:41 . 2009-08-30 01:41 -------- d-----w- c:\program files\Uniblue

    2009-08-29 21:26 . 2009-09-01 12:25 -------- d-----w- c:\program files\Spybot - Search & Destroy

    2009-08-29 21:26 . 2009-08-29 22:18 -------- d-----w- c:\programdata\Spybot - Search & Destroy

    2009-08-29 21:15 . 2009-06-15 15:24 175104 ----a-w- c:\windows\system32\wdigest.dll

    2009-08-29 21:15 . 2009-06-15 15:21 499712 ----a-w- c:\windows\system32\kerberos.dll

    2009-08-29 21:15 . 2009-06-15 15:24 270848 ----a-w- c:\windows\system32\schannel.dll

    2009-08-29 21:15 . 2009-06-15 15:23 1256448 ----a-w- c:\windows\system32\lsasrv.dll

    2009-08-29 21:15 . 2009-06-15 15:22 213504 ----a-w- c:\windows\system32\msv1_0.dll

    2009-08-29 21:15 . 2009-06-15 18:20 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys

    2009-08-29 21:15 . 2009-06-15 15:24 72704 ----a-w- c:\windows\system32\secur32.dll

    2009-08-29 21:15 . 2009-06-15 12:57 9728 ----a-w- c:\windows\system32\lsass.exe

    2009-08-28 20:45 . 2009-08-30 11:05 918368 ----a-w- c:\windows\system32\drivers\sfi.dat

    2009-08-28 20:37 . 2009-08-28 20:37 74328 ----a-w- c:\windows\system32\drivers\inspect.sys

    2009-08-28 20:37 . 2009-08-30 11:05 -------- d-----w- c:\program files\COMODO

    2009-08-28 20:30 . 2009-06-22 10:22 2048 ----a-w- c:\windows\system32\tzres.dll

    2009-08-18 21:04 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll

    2009-08-18 21:04 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll

    2009-08-18 21:04 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll

    2009-08-18 21:04 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll

    2009-08-18 21:04 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe

    2009-08-18 21:04 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll

    2009-08-18 21:04 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe

    2009-08-18 20:57 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll

    2009-08-18 20:57 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll

    2009-08-18 20:57 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll

    2009-08-18 20:57 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll

    2009-08-18 20:57 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll

    2009-08-17 20:49 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll

    2009-08-17 20:49 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll

    2009-08-17 20:49 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll

    2009-08-17 20:49 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll

    2009-08-17 20:49 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll

    2009-08-17 20:49 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll

    2009-08-17 20:48 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll

    2009-08-17 20:48 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL

    .

    ((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2009-09-07 18:21 . 2008-01-21 06:21 650636 ----a-w- c:\windows\system32\prfh0816.dat

    2009-09-07 18:21 . 2008-01-21 06:21 127998 ----a-w- c:\windows\system32\prfc0816.dat

    2009-09-07 18:14 . 2009-09-05 21:42 350192 ---ha-w- c:\windows\system32\drivers\vsconfig.xml

    2009-09-06 13:19 . 2008-06-06 16:40 12 ----a-w- c:\windows\bthservsdp.dat

    2009-09-05 23:11 . 2008-05-08 04:29 -------- d--h--w- c:\program files\InstallShield Installation Information

    2009-09-02 12:28 . 2008-05-09 00:53 55376 ----a-w- c:\users\tmn\AppData\Local\GDIPFONTCACHEV1.DAT

    2009-08-31 02:03 . 2008-05-10 00:20 -------- d-----w- c:\programdata\Microsoft Help

    2009-08-29 21:41 . 2008-05-10 00:23 -------- d-----w- c:\program files\Microsoft Works

    2009-08-28 21:13 . 2009-06-28 22:54 -------- d-----w- c:\programdata\HP Product Assistant

    2009-08-18 20:56 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

    2009-07-21 21:52 . 2009-08-31 21:51 915456 ----a-w- c:\windows\system32\wininet.dll

    2009-07-21 21:47 . 2009-08-31 21:51 109056 ----a-w- c:\windows\system32\iesysprep.dll

    2009-07-21 21:47 . 2009-08-31 21:51 71680 ----a-w- c:\windows\system32\iesetup.dll

    2009-07-21 20:13 . 2009-08-31 21:51 133632 ----a-w- c:\windows\system32\ieUnatt.exe

    2009-06-28 23:00 . 2009-06-28 22:49 150739 ----a-w- c:\windows\hpoins15.dat

    2009-06-15 15:24 . 2009-07-16 19:02 156672 ----a-w- c:\windows\system32\t2embed.dll

    2009-06-15 15:20 . 2009-07-16 19:02 72704 ----a-w- c:\windows\system32\fontsub.dll

    2009-06-15 15:20 . 2009-07-16 19:02 10240 ----a-w- c:\windows\system32\dciman32.dll

    2009-06-15 12:52 . 2009-07-16 19:02 289792 ----a-w- c:\windows\system32\atmfd.dll

    .

    ((((((((((((((((((((((((((((( SnapShot_2009-09-05_11.22.51 )))))))))))))))))))))))))))))))))))))))))

    .

    + 2009-09-05 21:43 . 2009-02-15 23:10 97672 c:\windows\System32\ZoneLabs\zlquarantine.dll

    - 2009-08-30 10:58 . 2009-02-15 23:10 97672 c:\windows\System32\ZoneLabs\zlquarantine.dll

    - 2009-08-30 10:57 . 2008-11-29 08:19 65424 c:\windows\System32\ZoneLabs\vsdrinst.exe

    + 2009-09-05 21:42 . 2008-11-29 08:19 65424 c:\windows\System32\ZoneLabs\vsdrinst.exe

    - 2009-08-30 10:58 . 2009-02-15 23:10 94088 c:\windows\System32\ZoneLabs\lib\zvpn.zip.dll

    + 2009-09-05 21:43 . 2009-02-15 23:10 94088 c:\windows\System32\ZoneLabs\lib\zvpn.zip.dll

    + 2009-09-05 21:43 . 2009-02-15 23:10 20360 c:\windows\System32\ZoneLabs\lib\zsys.zip.dll

    - 2009-08-30 10:58 . 2009-02-15 23:10 20360 c:\windows\System32\ZoneLabs\lib\zsys.zip.dll

    + 2009-09-05 21:43 . 2009-02-15 23:10 59272 c:\windows\System32\ZoneLabs\lib\zpdp.zip.dll

    - 2009-08-30 10:58 . 2009-02-15 23:10 59272 c:\windows\System32\ZoneLabs\lib\zpdp.zip.dll

    - 2009-08-30 10:58 . 2009-02-15 23:10 14216 c:\windows\System32\ZoneLabs\lib\zmenu.zip.dll

    + 2009-09-05 21:43 . 2009-02-15 23:10 14216 c:\windows\System32\ZoneLabs\lib\zmenu.zip.dll

    - 2009-08-30 10:58 . 2009-02-15 23:10 24968 c:\windows\System32\ZoneLabs\lib\zic.zip.dll

    + 2009-09-05 21:43 . 2009-02-15 23:10 24968 c:\windows\System32\ZoneLabs\lib\zic.zip.dll

    + 2009-09-05 21:43 . 2009-02-15 23:10 84872 c:\windows\System32\ZoneLabs\lib\ZAlert.zip.dll

    - 2009-08-30 10:58 . 2009-02-15 23:10 84872 c:\windows\System32\ZoneLabs\lib\ZAlert.zip.dll

    + 2009-09-05 21:43 . 2009-02-15 23:10 34696 c:\windows\System32\ZoneLabs\lib\UpdateUI.zip.dll

    - 2009-08-30 10:58 . 2009-02-15 23:10 34696 c:\windows\System32\ZoneLabs\lib\UpdateUI.zip.dll

    - 2009-08-30 10:58 . 2009-02-15 23:10 17800 c:\windows\System32\ZoneLabs\lib\oem_1466.zip.dll

    + 2009-09-05 21:43 . 2009-02-15 23:10 17800 c:\windows\System32\ZoneLabs\lib\oem_1466.zip.dll

    - 2009-08-30 10:58 . 2009-02-15 23:10 10120 c:\windows\System32\ZoneLabs\lib\oem_1454.zip.dll

    + 2009-09-05 21:43 . 2009-02-15 23:10 10120 c:\windows\System32\ZoneLabs\lib\oem_1454.zip.dll

    + 2009-09-05 21:43 . 2009-02-15 23:10 10632 c:\windows\System32\ZoneLabs\lib\oem_1445.zip.dll

    - 2009-08-30 10:58 . 2009-02-15 23:10 10632 c:\windows\System32\ZoneLabs\lib\oem_1445.zip.dll

    - 2009-08-30 10:58 . 2009-02-15 23:10 13704 c:\windows\System32\ZoneLabs\lib\oem_1440.zip.dll

    + 2009-09-05 21:43 . 2009-02-15 23:10 13704 c:\windows\System32\ZoneLabs\lib\oem_1440.zip.dll

    - 2009-08-30 10:58 . 2009-02-15 23:10 11656 c:\windows\System32\ZoneLabs\lib\oem_1413.zip.dll

    + 2009-09-05 21:43 . 2009-02-15 23:10 11656 c:\windows\System32\ZoneLabs\lib\oem_1413.zip.dll

    - 2009-08-30 10:58 . 2009-02-15 23:10 11144 c:\windows\System32\ZoneLabs\lib\oem_1010.zip.dll

    + 2009-09-05 21:43 . 2009-02-15 23:10 11144 c:\windows\System32\ZoneLabs\lib\oem_1010.zip.dll

    - 2009-08-30 10:58 . 2009-02-15 23:10 29576 c:\windows\System32\ZoneLabs\lib\NavBar.zip.dll

    + 2009-09-05 21:43 . 2009-02-15 23:10 29576 c:\windows\System32\ZoneLabs\lib\NavBar.zip.dll

    + 2009-09-05 21:43 . 2009-02-15 23:10 12168 c:\windows\System32\ZoneLabs\lib\MainLoop.zip.dll

    - 2009-08-30 10:58 . 2009-02-15 23:10 12168 c:\windows\System32\ZoneLabs\lib\MainLoop.zip.dll

    + 2009-09-05 21:43 . 2009-02-15 23:10 35720 c:\windows\System32\ZoneLabs\lib\Alert.zip.dll

    - 2009-08-30 10:58 . 2009-02-15 23:10 35720 c:\windows\System32\ZoneLabs\lib\Alert.zip.dll

    + 2009-09-05 21:43 . 2009-02-15 23:10 38280 c:\windows\System32\ZoneLabs\featuremap.dll

    - 2009-08-30 10:58 . 2009-02-15 23:10 38280 c:\windows\System32\ZoneLabs\featuremap.dll

    + 2009-09-05 21:43 . 2009-02-15 23:10 98184 c:\windows\System32\ZoneLabs\fbl.dll

    - 2009-08-30 10:58 . 2009-02-15 23:10 98184 c:\windows\System32\ZoneLabs\fbl.dll

    + 2009-09-05 21:43 . 2009-02-15 23:10 74632 c:\windows\System32\ZoneLabs\camupd.dll

    - 2009-08-30 10:58 . 2009-02-15 23:10 74632 c:\windows\System32\ZoneLabs\camupd.dll

    + 2008-01-21 01:58 . 2009-09-07 18:16 38510 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

    + 2006-11-02 13:05 . 2009-09-07 18:16 84312 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

    - 2009-08-30 10:58 . 2009-02-15 23:10 35208 c:\windows\System32\vswmi.dll

    + 2009-09-05 21:43 . 2009-02-15 23:10 35208 c:\windows\System32\vswmi.dll

    + 2009-09-05 21:43 . 2009-02-15 23:10 58248 c:\windows\System32\vsregexp.dll

    - 2009-08-30 10:58 . 2009-02-15 23:10 58248 c:\windows\System32\vsregexp.dll

    + 2009-09-05 23:11 . 2008-08-06 10:47 86016 c:\windows\System32\SupportAppPT\ztemon_cd.exe

    + 2009-09-05 23:12 . 2008-08-06 10:43 94208 c:\windows\System32\SupportAppPT\UninstallServiceTool.exe

    + 2009-09-05 23:12 . 2009-01-06 15:49 55296 c:\windows\System32\SupportAppPT\KillProcess.exe

    + 2009-09-05 23:12 . 2008-08-06 08:42 70656 c:\windows\System32\SupportAppPT\file_aut.exe

    + 2008-06-05 23:47 . 2008-08-06 10:48 53248 c:\windows\System32\SupportAppPT\cdserv_cd.dll

    + 2009-09-05 21:29 . 2009-07-03 14:49 64160 c:\windows\System32\DRVSTORE\lbd_4C6E0193F967021F4DECA024CA3950BECD8BF864\Lbd.sys

    + 2009-06-20 09:30 . 2009-09-07 18:20 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

    - 2009-06-20 09:30 . 2009-09-05 11:11 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

    + 2009-06-20 09:30 . 2009-09-07 18:20 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

    - 2009-06-20 09:30 . 2009-09-05 11:11 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

    + 2009-06-20 09:30 . 2009-09-07 18:20 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

    - 2009-06-20 09:30 . 2009-09-05 11:11 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

    + 2009-09-05 23:26 . 2009-09-05 23:26 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

    + 2009-09-05 23:26 . 2009-09-05 23:26 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

    + 2009-09-05 23:26 . 2009-09-05 23:26 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

    - 2006-11-02 10:25 . 2009-08-30 10:58 86016 c:\windows\inf\infstrng.dat

    + 2006-11-02 10:25 . 2009-09-05 23:14 86016 c:\windows\inf\infstrng.dat

    - 2006-11-02 10:25 . 2009-08-30 10:58 86016 c:\windows\inf\infstor.dat

    + 2006-11-02 10:25 . 2009-09-05 23:14 86016 c:\windows\inf\infstor.dat

    + 2006-11-02 10:25 . 2009-09-05 23:14 51200 c:\windows\inf\infpub.dat

    - 2006-11-02 10:25 . 2009-08-30 10:58 51200 c:\windows\inf\infpub.dat

    - 2009-08-30 10:58 . 2009-02-15 23:10 9608 c:\windows\System32\ZoneLabs\lib\oem_1460.zip.dll

    + 2009-09-05 21:43 . 2009-02-15 23:10 9608 c:\windows\System32\ZoneLabs\lib\oem_1460.zip.dll

    + 2009-06-21 12:25 . 2009-09-07 18:16 7382 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4228793233-428093369-926697994-1000_UserData.bin

    + 2009-09-05 23:25 . 2009-09-05 23:25 9560 c:\windows\System32\networklist\icons\{3108F59F-BB87-43E1-9867-190F8A6ED35E}_48.bin

    + 2009-09-05 23:25 . 2009-09-05 23:25 4280 c:\windows\System32\networklist\icons\{3108F59F-BB87-43E1-9867-190F8A6ED35E}_32.bin

    + 2009-09-05 23:25 . 2009-09-05 23:25 2456 c:\windows\System32\networklist\icons\{3108F59F-BB87-43E1-9867-190F8A6ED35E}_24.bin

    + 2009-09-07 18:14 . 2009-09-07 18:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

    - 2009-09-05 09:54 . 2009-09-05 09:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

    + 2009-09-07 18:14 . 2009-09-07 18:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

    - 2009-09-05 09:54 . 2009-09-05 09:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

    + 2009-09-05 21:43 . 2009-02-15 23:10 108424 c:\windows\System32\ZoneLabs\zlupdate.dll

    - 2009-08-30 10:58 . 2009-02-15 23:10 108424 c:\windows\System32\ZoneLabs\zlupdate.dll

    + 2009-09-05 21:43 . 2009-02-15 23:10 302472 c:\windows\System32\ZoneLabs\zlsre.dll

    - 2009-08-30 10:58 . 2009-02-15 23:10 302472 c:\windows\System32\ZoneLabs\zlsre.dll

    + 2009-09-05 21:43 . 2009-02-15 23:10 178568 c:\windows\System32\ZoneLabs\zlparser.dll

    - 2009-08-30 10:58 . 2009-02-15 23:10 178568 c:\windows\System32\ZoneLabs\zlparser.dll

    - 2009-08-30 10:58 . 2009-02-15 23:10 172936 c:\windows\System32\ZoneLabs\vsvault.dll

    + 2009-09-05 21:43 . 2009-02-15 23:10 172936 c:\windows\System32\ZoneLabs\vsvault.dll

    - 2009-08-30 10:56 . 2009-02-15 23:10 108424 c:\windows\System32\ZoneLabs\vsdb.dll

    + 2009-09-05 21:40 . 2009-02-15 23:10 108424 c:\windows\System32\ZoneLabs\vsdb.dll

    + 2009-09-05 21:42 . 2009-02-15 23:11 293528 c:\windows\System32\ZoneLabs\vsdatant.sys

    - 2009-08-30 10:57 . 2009-02-15 23:11 293528 c:\windows\System32\ZoneLabs\vsdatant.sys

    - 2009-08-30 10:58 . 2009-02-15 23:10 176520 c:\windows\System32\ZoneLabs\updclient.exe

    + 2009-09-05 21:43 . 2009-02-15 23:10 176520 c:\windows\System32\ZoneLabs\updclient.exe

    - 2009-08-30 10:58 . 2007-10-11 15:51 832984 c:\windows\System32\ZoneLabs\updating.dll

    + 2009-09-05 21:43 . 2007-10-11 15:51 832984 c:\windows\System32\ZoneLabs\updating.dll

    + 2009-09-05 21:43 . 2009-02-15 23:10 431496 c:\windows\System32\ZoneLabs\ssleay32.dll

    - 2009-08-30 10:58 . 2009-02-15 23:10 431496 c:\windows\System32\ZoneLabs\ssleay32.dll

    + 2009-09-05 21:43 . 2009-02-15 23:10 134536 c:\windows\System32\ZoneLabs\scheduler.dll

    - 2009-08-30 10:58 . 2009-02-15 23:10 134536 c:\windows\System32\ZoneLabs\scheduler.dll

    + 2009-09-05 21:43 . 2008-11-17 01:23 796128 c:\windows\System32\ZoneLabs\qrsrecl.dll

    - 2009-08-30 10:58 . 2008-11-17 01:23 796128 c:\windows\System32\ZoneLabs\qrsrecl.dll

    + 2009-09-05 21:43 . 2008-11-17 01:23 722400 c:\windows\System32\ZoneLabs\qrbase.dll

    - 2009-08-30 10:58 . 2008-11-17 01:23 722400 c:\windows\System32\ZoneLabs\qrbase.dll

    + 2009-09-05 21:43 . 2009-02-15 23:10 118664 c:\windows\System32\ZoneLabs\lib\zui.zip.dll

    - 2009-08-30 10:58 . 2009-02-15 23:10 118664 c:\windows\System32\ZoneLabs\lib\zui.zip.dll

    + 2009-09-05 21:43 . 2009-02-15 23:10 151944 c:\windows\System32\ZoneLabs\lib\ztv.zip.dll

    - 2009-08-30 10:58 . 2009-02-15 23:10 151944 c:\windows\System32\ZoneLabs\lib\ztv.zip.dll

    - 2009-08-30 10:58 . 2009-02-15 23:10 188808 c:\windows\System32\ZoneLabs\lib\Overview.zip.dll

    + 2009-09-05 21:43 . 2009-02-15 23:10 188808 c:\windows\System32\ZoneLabs\lib\Overview.zip.dll

    - 2009-08-30 10:58 . 2009-02-15 23:10 344968 c:\windows\System32\ZoneLabs\lib\LicenseUI.zip.dll

    + 2009-09-05 21:43 . 2009-02-15 23:10 344968 c:\windows\System32\ZoneLabs\lib\LicenseUI.zip.dll

    - 2009-08-30 10:58 . 2009-02-15 23:10 136584 c:\windows\System32\ZoneLabs\lib\DashBoard.zip.dll

    + 2009-09-05 21:43 . 2009-02-15 23:10 136584 c:\windows\System32\ZoneLabs\lib\DashBoard.zip.dll

    + 2009-09-05 21:43 . 2009-02-15 23:10 344456 c:\windows\System32\ZoneLabs\lib\ConfigWizard.zip.dll

    - 2009-08-30 10:58 . 2009-02-15 23:10 344456 c:\windows\System32\ZoneLabs\lib\ConfigWizard.zip.dll

    + 2009-09-05 21:40 . 2009-02-04 17:27 548128 c:\windows\System32\ZoneLabs\icslta.dll

    - 2009-08-30 10:56 . 2009-02-04 17:27 548128 c:\windows\System32\ZoneLabs\icslta.dll

    - 2009-08-30 10:58 . 2009-02-15 23:10 159112 c:\windows\System32\ZoneLabs\httpblocker.dll

    + 2009-09-05 21:43 . 2009-02-15 23:10 159112 c:\windows\System32\ZoneLabs\httpblocker.dll

    - 2009-08-30 10:58 . 2008-03-17 15:52 813568 c:\windows\System32\ZoneLabs\dbghelp.dll

    + 2009-09-05 21:43 . 2008-03-17 15:52 813568 c:\windows\System32\ZoneLabs\dbghelp.dll

    + 2008-05-08 16:34 . 2009-09-05 18:55 256944 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin

    + 2009-09-05 21:43 . 2009-02-15 23:10 109960 c:\windows\System32\vsxml.dll

    - 2009-08-30 10:58 . 2009-02-15 23:10 109960 c:\windows\System32\vsxml.dll

    - 2009-08-30 10:56 . 2009-02-15 23:10 482184 c:\windows\System32\vsutil.dll

    + 2009-09-05 21:40 . 2009-02-15 23:10 482184 c:\windows\System32\vsutil.dll

    - 2009-08-30 10:58 . 2009-02-15 23:10 309128 c:\windows\System32\vspubapi.dll

    + 2009-09-05 21:43 . 2009-02-15 23:10 309128 c:\windows\System32\vspubapi.dll

    + 2009-09-05 21:43 . 2009-02-15 23:10 107912 c:\windows\System32\vsmonapi.dll

    - 2009-08-30 10:58 . 2009-02-15 23:10 107912 c:\windows\System32\vsmonapi.dll

    - 2009-08-30 10:56 . 2009-02-15 23:10 229256 c:\windows\System32\vsinit.dll

    + 2009-09-05 21:40 . 2009-02-15 23:10 229256 c:\windows\System32\vsinit.dll

    - 2009-08-30 10:58 . 2009-02-15 23:10 110472 c:\windows\System32\vsdata.dll

    + 2009-09-05 21:43 . 2009-02-15 23:10 110472 c:\windows\System32\vsdata.dll

    + 2009-09-05 23:14 . 2009-02-03 21:01 372736 c:\windows\System32\SupportAppPT\Setup\setup.exe

    + 2009-09-05 23:14 . 2007-04-19 03:06 535552 c:\windows\System32\SupportAppPT\Setup\ISSetup.dll

    + 2009-09-05 23:14 . 2007-04-27 19:06 332744 c:\windows\System32\SupportAppPT\Setup\_Setup.dll

    + 2009-09-05 23:12 . 2007-01-26 16:34 204800 c:\windows\System32\SupportAppPT\EXETimer.exe

    - 2006-11-02 10:33 . 2009-09-05 10:01 587178 c:\windows\System32\perfh009.dat

    + 2006-11-02 10:33 . 2009-09-07 18:21 587178 c:\windows\System32\perfh009.dat

    - 2006-11-02 10:33 . 2009-09-05 10:01 101250 c:\windows\System32\perfc009.dat

    + 2006-11-02 10:33 . 2009-09-07 18:21 101250 c:\windows\System32\perfc009.dat

    + 2009-09-05 23:12 . 2008-05-05 13:31 103936 c:\windows\System32\DriverStore\FileRepository\zteusbnmeaext.inf_5fd11221\ZTEusbnmeaext.sys

    + 2009-09-05 23:12 . 2008-05-05 13:31 103936 c:\windows\System32\DriverStore\FileRepository\zteusbnmea.inf_0c24a03c\ZTEusbnmea.sys

    + 2009-09-05 23:12 . 2008-05-05 13:30 103936 c:\windows\System32\DriverStore\FileRepository\zteusbmodem.inf_dd110ad2\ZTEusbmdm6k.sys

    + 2009-09-05 23:12 . 2008-05-05 13:31 103936 c:\windows\System32\DriverStore\FileRepository\zteusbdiag.inf_d1499ec6\ZTEusbser6k.sys

    - 2009-08-30 10:57 . 2009-02-15 23:11 293528 c:\windows\System32\DriverStore\FileRepository\vsdatant.inf_da471b56\vsdatant.sys

    + 2009-09-05 21:42 . 2009-02-15 23:11 293528 c:\windows\System32\DriverStore\FileRepository\vsdatant.inf_da471b56\vsdatant.sys

    - 2009-08-31 21:58 . 2009-09-04 23:57 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

    + 2009-08-31 21:58 . 2009-09-06 01:39 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

    + 2009-09-05 23:26 . 2009-09-05 23:26 245760 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

    + 2009-09-05 21:43 . 2009-02-15 23:10 1648520 c:\windows\System32\ZoneLabs\vsruledb.dll

    - 2009-08-30 10:58 . 2009-02-15 23:10 1648520 c:\windows\System32\ZoneLabs\vsruledb.dll

    - 2009-08-30 10:58 . 2009-02-15 23:10 2402184 c:\windows\System32\ZoneLabs\vsmon.exe

    + 2009-09-05 21:43 . 2009-02-15 23:10 2402184 c:\windows\System32\ZoneLabs\vsmon.exe

    - 2009-08-30 10:58 . 2008-11-17 01:23 1512928 c:\windows\System32\ZoneLabs\srescan.dll

    + 2009-09-05 21:43 . 2008-11-17 01:23 1512928 c:\windows\System32\ZoneLabs\srescan.dll

    - 2009-08-30 10:58 . 2009-02-15 23:10 1536392 c:\windows\System32\ZoneLabs\lib\zpy.zip.dll

    + 2009-09-05 21:43 . 2009-02-15 23:10 1536392 c:\windows\System32\ZoneLabs\lib\zpy.zip.dll

    + 2009-09-05 23:12 . 2007-01-26 16:25 1412608 c:\windows\System32\SupportAppPT\cc3260.dll

    + 2009-09-05 21:28 . 2009-09-05 21:28 1859072 c:\windows\Installer\1c2e73c.msi

    - 2009-08-30 10:58 . 2008-12-15 00:11 10465257 c:\windows\System32\ZoneLabs\zlasdbup.dat

    + 2009-09-05 21:43 . 2008-12-15 00:11 10465257 c:\windows\System32\ZoneLabs\zlasdbup.dat

    + 2009-09-05 21:43 . 2008-12-15 00:11 10465257 c:\windows\System32\ZoneLabs\spyware.dat

    - 2009-08-30 10:58 . 2008-12-15 00:11 10465257 c:\windows\System32\ZoneLabs\spyware.dat

    .

    -- Snapshot resetado para data atual --

    .

    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

    .

    .

    *Nota* entradas vazias e legítimas por defeito não são mostradas.

    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]

    2008-10-16 17:22 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar2.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

    "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar2.dll" [2008-10-16 333192]

    [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

    [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

    "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar2.dll" [2008-10-16 333192]

    [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

    [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]

    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]

    "SiSTray"="c:\program files\SiS VGA Utilities\SiSTray.exe" [2008-02-27 552960]

    "BisonHK"="c:\windows\BisonCam\BisonHK.exe" [2008-03-25 77824]

    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]

    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

    "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384]

    "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-02-26 4939776]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "EnableUIADesktopToggle"= 0 (0x0)

    "UacDisableNotify"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

    "aux"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

    @="Service"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

    "SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

    "FirewallOverride"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4228793233-428093369-926697994-1000]

    "EnableNotifications"=dword:00000001

    "EnableNotificationsRef"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4228793233-428093369-926697994-500]

    "EnableNotifications"=dword:00000001

    "EnableNotificationsRef"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

    "TCP Query User{CBA89E9C-9FD5-4451-ADE3-1173D3C201BF}c:\\program files\\sapo\\sapo messenger\\sapoim.exe"= UDP:c:\program files\sapo\sapo messenger\sapoim.exe:Sapo Messenger

    "UDP Query User{1A18579C-0B42-4215-9B9C-3522AB7FA907}c:\\program files\\sapo\\sapo messenger\\sapoim.exe"= TCP:c:\program files\sapo\sapo messenger\sapoim.exe:Sapo Messenger

    "{5CBA4683-C009-48C9-BEA5-8177293277C3}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

    "EnableFirewall"= 0 (0x0)

    R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [05-09-2009 22:29 64160]

    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [30-08-2009 12:16 108289]

    R2 Automatic CDROM Monitor;Automatic CDROM Monitor;c:\windows\System32\SupportAppPT\ztemon_cd.exe [06-09-2009 00:11 86016]

    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [03-07-2009 15:49 1029456]

    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [29-08-2009 22:26 1153368]

    R3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [26-03-2009 11:57 113504]

    R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\System32\drivers\rtl8187B.sys [08-05-2008 23:41 290304]

    R3 SiS6350;SiS6350;c:\windows\System32\drivers\SISGRKMD.sys [08-05-2008 05:19 572416]

    R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\System32\drivers\SiSGB6.sys [08-05-2008 05:49 48128]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

    bthsvcs REG_MULTI_SZ BthServ

    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

    "c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

    .

    Conteúdo da pasta 'Tarefas Agendadas'

    2009-09-05 c:\windows\Tasks\Ad-Aware Update (Weekly).job

    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]

    2009-09-06 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job

    - c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2009-08-29 14:31]

    2009-09-05 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job

    - c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2009-08-29 14:31]

    .

    .

    ------- Scan Suplementar -------

    .

    uStart Page = hxxp://www.google.pt/

    IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2009-09-07 19:51

    Windows 6.0.6001 Service Pack 1 NTFS

    Procurando processos ocultos ...

    Procurando entradas auto inicializáveis ocultas ...

    Procurando ficheiros/arquivos ocultos ...

    Varredura completada com sucesso

    arquivos/ficheiros ocultos: 0

    **************************************************************************

    .

    --------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

    @Denied: (A) (Users)

    @Denied: (A) (Everyone)

    @Allowed: (B 1 2 3 4 5) (S-1-5-20)

    "BlindDial"=dword:00000000

    .

    Tempo para conclusão: 2009-09-07 19:54

    ComboFix-quarantined-files.txt 2009-09-07 18:54

    ComboFix2.txt 2009-09-05 11:24

    ComboFix3.txt 2009-08-31 22:41

    ComboFix4.txt 2009-08-31 21:47

    Pré-execução: 397.561.962.496 bytes livres

    Pós execução: 397.468.622.848 bytes livres

    394 --- E O F --- 2009-09-07 18:21

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caro MariusPT

    Etapa nº 1 #

    Acesse o Painel de Controle -> Adicionar/Remover Programas; e remova o seguinte programa:

    • Ask ToolBar

    Etapa nº 2 #
    Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).
    Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Código":
    Folder::
    c:\program files\AskBarDis

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
    [-HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
    [-HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"=-

    RegLock::
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]


    Salve este arquivo como: CFScript.txt
    2872959479_997d4500c4_o.gif
    Tal com exemplificado na foto acima, arraste o arquivo CFScript.txt para dentro do ComboFix.exe. Quando a ferramenta terminar de rodar, gerará um log. Poste esse arquivo C:\ComboFix.txt.
    Etapa nº 3 #
    Faça um Online Scan em kaspersky Virusscanner

    • Clique em Clipboard01-1.jpg
    • Clique em accept.
    • Surgirá uma janela, clique em Run.
    • O programa será instalado e depois começará a fazer as atualizações (updates). Aguarde...
    • Quando completar as atualizações (100%), clique no botão 3507611311_825f7c7183_o.jpg
    • Verifique, no painel à direita, se estão marcados as seguintes caixas:
    • Em: Detect malicious programs of the following categories:
      • Viruses, Worms, Trojan Horses, Rootkits (por default já vem selecionada)
      • Spyware, Adware, Dialers, and other potentially dangerous programs

      [*]Em: Scan compound files (doesn't apply to the File scan area):

      • Archives
      • Mail databases
    • Clique em My Computer para começar o scan. Aguarde...
    • Ao fim do scan clique no link View scan report.
    • Clique no botão 3508421676_e090b1e383_o.jpg
    • Na janela que abrir em Files of type escolha a extensão Text file (.txt), escolha um local e dê um nome para o arquivo.
    • Pode fechar a página do Kaspersky.
    • Abra o arquivo em que salvou o relatório, selecione todo o conteúdo (ctr + a), copie (ctrl + c) e cole (ctrl + v) em sua próxima resposta.

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • ComboFix 09-09-06.06 - tmn 08-09-2009 13:32.5.2 - NTFSx86

    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.351.2070.18.3054.1941 [GMT 1:00]

    Executando de: c:\users\tmn\Desktop\XXProtectXX\ComboFix.exe

    Comandos utilizados :: c:\users\tmn\Desktop\CFScript.txt

    FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

    SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}

    SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

    SP: ZoneAlarm Anti-Spyware *enabled* (Outdated) {F245A209-1085-48B4-B927-35D56015EC60}

    .

    (((((((((((((((( Arquivos/Ficheiros criados de 2009-08-08 to 2009-09-08 ))))))))))))))))))))))))))))

    .

    2009-09-08 12:39 . 2009-09-08 12:39 -------- d-----w- c:\users\Public\AppData\Local\temp

    2009-09-08 12:39 . 2009-09-08 12:39 -------- d-----w- c:\users\Default\AppData\Local\temp

    2009-09-05 23:12 . 2008-05-05 13:31 103936 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys

    2009-09-05 23:12 . 2008-05-05 13:31 103936 ----a-w- c:\windows\system32\drivers\ZTEusbnmeaext.sys

    2009-09-05 23:12 . 2008-05-05 13:31 103936 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys

    2009-09-05 23:12 . 2008-05-05 13:30 103936 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys

    2009-09-05 23:12 . 2009-09-06 13:17 -------- d-----w- c:\program files\banda larga tmn

    2009-09-05 23:11 . 2009-09-05 23:21 -------- d-----w- c:\windows\system32\SupportAppPT

    2009-09-05 21:43 . 2009-02-15 23:10 69000 ----a-w- c:\windows\system32\zlcomm.dll

    2009-09-05 21:43 . 2009-02-15 23:10 103816 ----a-w- c:\windows\system32\zlcommdb.dll

    2009-09-05 21:43 . 2009-02-15 23:10 1221512 ----a-w- c:\windows\system32\zpeng25.dll

    2009-09-05 21:42 . 2009-09-05 21:43 -------- d-----w- c:\windows\system32\ZoneLabs

    2009-09-05 21:42 . 2009-02-15 23:11 293528 ----a-w- c:\windows\system32\drivers\vsdatant.sys

    2009-09-05 21:29 . 2009-09-05 21:29 -------- dc----w- c:\windows\system32\DRVSTORE

    2009-09-05 21:29 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys

    2009-09-05 21:28 . 2009-09-05 21:28 -------- dc-h--w- c:\programdata\{EF63305C-BAD7-4144-9208-D65528260864}

    2009-09-05 21:28 . 2009-09-05 21:29 -------- d-----w- c:\programdata\Lavasoft

    2009-09-05 21:28 . 2009-09-05 21:28 -------- d-----w- c:\program files\Lavasoft

    2009-09-02 20:16 . 2009-08-28 12:39 28672 ----a-w- c:\windows\system32\Apphlpdm.dll

    2009-09-02 20:16 . 2009-08-28 10:15 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

    2009-09-01 22:44 . 2009-09-01 22:45 -------- d-----w- C:\LinhaDefensiva

    2009-09-01 22:08 . 2009-09-01 22:08 -------- d-----w- c:\program files\Windows Live Safety Center

    2009-09-01 22:03 . 2009-09-01 22:03 -------- d-----w- c:\program files\Microsoft Windows OneCare Live

    2009-09-01 20:12 . 2009-09-01 21:59 -------- d-----w- C:\FindyKill

    2009-09-01 18:16 . 2009-09-01 18:16 -------- d-----w- c:\users\tmn\DoctorWeb

    2009-08-30 23:16 . 2009-08-30 23:16 -------- d-----w- c:\users\tmn\AppData\Roaming\Malwarebytes

    2009-08-30 23:16 . 2009-08-30 23:16 -------- d-----w- c:\programdata\Malwarebytes

    2009-08-30 11:16 . 2009-07-28 15:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys

    2009-08-30 11:16 . 2009-03-30 09:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys

    2009-08-30 11:16 . 2009-08-30 11:16 -------- d-----w- c:\programdata\Avira

    2009-08-30 11:16 . 2009-08-30 11:16 -------- d-----w- c:\program files\Avira

    2009-08-30 10:59 . 2008-02-23 04:38 170496 ----a-w- c:\windows\system32\tcpipcfg.dll

    2009-08-30 10:59 . 2008-02-23 02:41 22528 ----a-w- c:\windows\system32\netiougc.exe

    2009-08-30 10:58 . 2009-08-30 10:58 -------- d-----w- c:\program files\Zone Labs

    2009-08-30 10:56 . 2009-08-30 10:56 -------- d-----w- c:\programdata\CheckPoint

    2009-08-30 10:56 . 2009-09-07 21:51 -------- d-----w- c:\windows\Internet Logs

    2009-08-30 01:42 . 2009-08-30 01:42 -------- d-----w- c:\users\tmn\AppData\Roaming\uniblue

    2009-08-30 01:41 . 2009-08-30 01:41 -------- d-----w- c:\program files\Uniblue

    2009-08-29 21:26 . 2009-09-01 12:25 -------- d-----w- c:\program files\Spybot - Search & Destroy

    2009-08-29 21:26 . 2009-08-29 22:18 -------- d-----w- c:\programdata\Spybot - Search & Destroy

    2009-08-29 21:15 . 2009-06-15 15:24 175104 ----a-w- c:\windows\system32\wdigest.dll

    2009-08-29 21:15 . 2009-06-15 15:21 499712 ----a-w- c:\windows\system32\kerberos.dll

    2009-08-29 21:15 . 2009-06-15 15:24 270848 ----a-w- c:\windows\system32\schannel.dll

    2009-08-29 21:15 . 2009-06-15 15:23 1256448 ----a-w- c:\windows\system32\lsasrv.dll

    2009-08-29 21:15 . 2009-06-15 15:22 213504 ----a-w- c:\windows\system32\msv1_0.dll

    2009-08-29 21:15 . 2009-06-15 18:20 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys

    2009-08-29 21:15 . 2009-06-15 15:24 72704 ----a-w- c:\windows\system32\secur32.dll

    2009-08-29 21:15 . 2009-06-15 12:57 9728 ----a-w- c:\windows\system32\lsass.exe

    2009-08-28 20:45 . 2009-08-30 11:05 918368 ----a-w- c:\windows\system32\drivers\sfi.dat

    2009-08-28 20:37 . 2009-08-28 20:37 74328 ----a-w- c:\windows\system32\drivers\inspect.sys

    2009-08-28 20:37 . 2009-08-30 11:05 -------- d-----w- c:\program files\COMODO

    2009-08-28 20:30 . 2009-06-22 10:22 2048 ----a-w- c:\windows\system32\tzres.dll

    2009-08-18 21:04 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll

    2009-08-18 21:04 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll

    2009-08-18 21:04 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll

    2009-08-18 21:04 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll

    2009-08-18 21:04 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe

    2009-08-18 21:04 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll

    2009-08-18 21:04 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe

    2009-08-18 20:57 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll

    2009-08-18 20:57 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll

    2009-08-18 20:57 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll

    2009-08-18 20:57 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll

    2009-08-18 20:57 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll

    2009-08-17 20:49 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll

    2009-08-17 20:49 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll

    2009-08-17 20:49 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll

    2009-08-17 20:49 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll

    2009-08-17 20:49 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll

    2009-08-17 20:49 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll

    2009-08-17 20:48 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll

    2009-08-17 20:48 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL

    .

    ((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2009-09-08 12:32 . 2008-01-21 06:21 648984 ----a-w- c:\windows\system32\prfh0816.dat

    2009-09-08 12:32 . 2008-01-21 06:21 126346 ----a-w- c:\windows\system32\prfc0816.dat

    2009-09-08 12:25 . 2009-09-05 21:42 350192 ---ha-w- c:\windows\system32\drivers\vsconfig.xml

    2009-09-08 12:24 . 2008-06-06 16:40 12 ----a-w- c:\windows\bthservsdp.dat

    2009-09-05 23:11 . 2008-05-08 04:29 -------- d--h--w- c:\program files\InstallShield Installation Information

    2009-09-02 12:28 . 2008-05-09 00:53 55376 ----a-w- c:\users\tmn\AppData\Local\GDIPFONTCACHEV1.DAT

    2009-08-31 02:03 . 2008-05-10 00:20 -------- d-----w- c:\programdata\Microsoft Help

    2009-08-29 21:41 . 2008-05-10 00:23 -------- d-----w- c:\program files\Microsoft Works

    2009-08-28 21:13 . 2009-06-28 22:54 -------- d-----w- c:\programdata\HP Product Assistant

    2009-08-18 20:56 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

    2009-07-21 21:52 . 2009-08-31 21:51 915456 ----a-w- c:\windows\system32\wininet.dll

    2009-07-21 21:47 . 2009-08-31 21:51 109056 ----a-w- c:\windows\system32\iesysprep.dll

    2009-07-21 21:47 . 2009-08-31 21:51 71680 ----a-w- c:\windows\system32\iesetup.dll

    2009-07-21 20:13 . 2009-08-31 21:51 133632 ----a-w- c:\windows\system32\ieUnatt.exe

    2009-06-28 23:00 . 2009-06-28 22:49 150739 ----a-w- c:\windows\hpoins15.dat

    2009-06-15 15:24 . 2009-07-16 19:02 156672 ----a-w- c:\windows\system32\t2embed.dll

    2009-06-15 15:20 . 2009-07-16 19:02 72704 ----a-w- c:\windows\system32\fontsub.dll

    2009-06-15 15:20 . 2009-07-16 19:02 10240 ----a-w- c:\windows\system32\dciman32.dll

    2009-06-15 12:52 . 2009-07-16 19:02 289792 ----a-w- c:\windows\system32\atmfd.dll

    .

    ((((((((((((((((((((((((((((( SnapShot_2009-09-07_18.51.13 )))))))))))))))))))))))))))))))))))))))))

    .

    + 2008-01-21 01:58 . 2009-09-08 12:27 38812 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

    + 2006-11-02 13:05 . 2009-09-08 12:27 84344 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

    + 2006-11-02 10:33 . 2009-09-08 12:32 99598 c:\windows\System32\perfc009.dat

    + 2009-06-20 09:30 . 2009-09-08 12:25 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

    - 2009-06-20 09:30 . 2009-09-07 18:20 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

    - 2009-06-20 09:30 . 2009-09-07 18:20 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

    + 2009-06-20 09:30 . 2009-09-08 12:25 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

    + 2009-06-20 09:30 . 2009-09-08 12:25 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

    - 2009-06-20 09:30 . 2009-09-07 18:20 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

    + 2009-08-31 19:50 . 2009-09-07 21:37 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

    - 2009-08-31 19:50 . 2009-08-31 22:47 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

    + 2009-08-31 19:50 . 2009-09-07 21:37 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

    - 2009-08-31 19:50 . 2009-08-31 22:47 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

    - 2009-08-31 19:50 . 2009-08-31 22:47 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

    + 2009-08-31 19:50 . 2009-09-07 21:37 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

    + 2009-06-21 12:25 . 2009-09-08 12:27 7382 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4228793233-428093369-926697994-1000_UserData.bin

    - 2009-06-21 12:25 . 2009-09-07 18:16 7382 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4228793233-428093369-926697994-1000_UserData.bin

    + 2009-09-08 12:25 . 2009-09-08 12:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

    - 2009-09-07 18:14 . 2009-09-07 18:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

    + 2009-09-08 12:25 . 2009-09-08 12:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

    - 2009-09-07 18:14 . 2009-09-07 18:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

    + 2008-05-08 16:34 . 2009-09-08 12:17 257450 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin

    + 2006-11-02 10:33 . 2009-09-08 12:32 585526 c:\windows\System32\perfh009.dat

    - 2009-08-31 21:58 . 2009-09-06 01:39 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

    + 2009-08-31 21:58 . 2009-09-07 18:58 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

    .

    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

    .

    .

    *Nota* entradas vazias e legítimas por defeito não são mostradas.

    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]

    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]

    "SiSTray"="c:\program files\SiS VGA Utilities\SiSTray.exe" [2008-02-27 552960]

    "BisonHK"="c:\windows\BisonCam\BisonHK.exe" [2008-03-25 77824]

    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]

    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

    "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384]

    "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-02-26 4939776]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "EnableUIADesktopToggle"= 0 (0x0)

    "UacDisableNotify"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

    "aux"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

    @="Service"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

    "SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

    "FirewallOverride"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4228793233-428093369-926697994-1000]

    "EnableNotifications"=dword:00000001

    "EnableNotificationsRef"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4228793233-428093369-926697994-500]

    "EnableNotifications"=dword:00000001

    "EnableNotificationsRef"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

    "TCP Query User{CBA89E9C-9FD5-4451-ADE3-1173D3C201BF}c:\\program files\\sapo\\sapo messenger\\sapoim.exe"= UDP:c:\program files\sapo\sapo messenger\sapoim.exe:Sapo Messenger

    "UDP Query User{1A18579C-0B42-4215-9B9C-3522AB7FA907}c:\\program files\\sapo\\sapo messenger\\sapoim.exe"= TCP:c:\program files\sapo\sapo messenger\sapoim.exe:Sapo Messenger

    "{5CBA4683-C009-48C9-BEA5-8177293277C3}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

    "EnableFirewall"= 0 (0x0)

    R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [05-09-2009 22:29 64160]

    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [30-08-2009 12:16 108289]

    R2 Automatic CDROM Monitor;Automatic CDROM Monitor;c:\windows\System32\SupportAppPT\ztemon_cd.exe [06-09-2009 00:11 86016]

    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [03-07-2009 15:49 1029456]

    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [29-08-2009 22:26 1153368]

    R3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [26-03-2009 11:57 113504]

    R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\System32\drivers\rtl8187B.sys [08-05-2008 23:41 290304]

    R3 SiS6350;SiS6350;c:\windows\System32\drivers\SISGRKMD.sys [08-05-2008 05:19 572416]

    R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\System32\drivers\SiSGB6.sys [08-05-2008 05:49 48128]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

    bthsvcs REG_MULTI_SZ BthServ

    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

    "c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

    .

    Conteúdo da pasta 'Tarefas Agendadas'

    2009-09-05 c:\windows\Tasks\Ad-Aware Update (Weekly).job

    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]

    2009-09-06 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job

    - c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2009-08-29 14:31]

    2009-09-05 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job

    - c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2009-08-29 14:31]

    .

    .

    ------- Scan Suplementar -------

    .

    uStart Page = hxxp://www.google.pt/

    IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2009-09-08 13:39

    Windows 6.0.6001 Service Pack 1 NTFS

    Procurando processos ocultos ...

    Procurando entradas auto inicializáveis ocultas ...

    Procurando ficheiros/arquivos ocultos ...

    Varredura completada com sucesso

    arquivos/ficheiros ocultos: 0

    **************************************************************************

    .

    Tempo para conclusão: 2009-09-08 13:42

    ComboFix-quarantined-files.txt 2009-09-08 12:42

    ComboFix2.txt 2009-09-07 18:54

    ComboFix3.txt 2009-09-05 11:24

    ComboFix4.txt 2009-08-31 22:41

    ComboFix5.txt 2009-09-08 12:31

    Pré-execução: 397.702.635.520 bytes livres

    Pós execução: 397.638.180.864 bytes livres

    233 --- E O F --- 2009-09-07 18:21

    --------------------------------------------------------------------------------

    KASPERSKY ONLINE SCANNER 7.0: scan report

    Tuesday, September 8, 2009

    Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)

    Kaspersky Online Scanner version: 7.0.26.13

    Last database update: Tuesday, September 08, 2009 14:59:49

    Records in database: 2760537

    --------------------------------------------------------------------------------

    Scan settings:

    scan using the following database: extended

    Scan archives: yes

    Scan e-mail databases: yes

    Scan area - My Computer:

    C:\

    D:\

    E:\

    Scan statistics:

    Objects scanned: 74801

    Threats found: 0

    Infected objects found: 0

    Suspicious objects found: 0

    Scan duration: 01:01:50

    No threats found. Scanned area is clean.

    Selected area has been scanned.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caro MariusPT

    Log limpo :)

    >>>> Como está o computador?

    Etapa nº 1 #

    Vamos desinstalar o ComboFix:

    Vá em,

    iniciar > executar e digite Combofix /u e clique OK, na janela que aparecer clique em executar e aguarde o programa ser removido!

    Etapa nº 2 #

    Faça download do OTCleanIt by OldTimer

    • Salve no seu desktop (área/ambiente de trabalho).
    • Duplo-clique no icone otcleanitdesktopicon.png
    • Clique no botão "Cleanup" 8gehxg0.gif
    • Permita que o seu computador seja reiniciado.

    Etapa nº 3 #

    Service Pack 2

    Atualize o Service Pack (SP) do windows Vista.

    Download Aqui

    Etapa nº 4 #

    <<@>> Instale o CCleaner

    O CCleaner é um excelente utilitário de limpeza para o computador, que lhe ajudará no desempenho do computador.

    Faça o download dele aqui CCleaner


    • IMPORTANTE: Após a instalação vá até o local onde o programa foi instalado, C:\Arquivos de programas\CCleaner, clique duas vezes na pasta, numa área vazia desta janela, clique com o botão direito do mouse e escolha Novo > pasta e crie uma nova pasta; coloque o nome de backups!
    • Abra o programa e clique em Executar Limpeza;
    • clique no botão Registro > Procurar Erros > Corrigir erro(s) seleciona(s)...
      Obs: Não se esqueça de aceitar o backup das correções, e salvá-los nas pasta criada acima!

    <<@>> Mantenha sempre seu Windows atualizado; mantenha uma vigilância constante com o firewall e antivírus e por fim, lembre-se que, a melhor forma de prevenir começa pelas nossas atitudes!

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • boas Diego. Na realidade ele ta um bocado lento... mas vou fazer isso tudo que tu disseste aí.. pode ser que melhore... valeu aí por tudo Diego..

    Obrigadão a serio.

    continuem, vocês ajudam mt pessoas como eu que não pescam mt de pc..

    Abraço

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com a moderação solicitando o desbloqueio.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Visitante
    Este tópico está impedido de receber novos posts.
    Entre para seguir isso  





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×