Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Entre para seguir isso  
K9_2009

Protecção de ecrã (Screensaver) do Avast acusa presença de vírus

Recommended Posts

K9_2009    0

Olá!

Inicialmente eu tinha a intenção de pedir ajuda sobre um log do ComboFix mas lendo as regras do fórum e especificamente as dos logs no seguinte link

http://forum.clubedohardware.com.br/leia-antes-postar/597599

decidi seguir as indicações, porém encontrei problemas logo ao inicio pois ao tentar aviar o arquivo dds.scr não acontecia o descrito nas instruções bem sim se abria o Bloco de Notas contendo as seguinte primeiras linhas:

:confused:

MZP ÿÿ ¸ @ º ´ Í!¸LÍ!This program must be run under Win32

:confused:

Se alguém me pode ajudar, agradeço imensamente!

OBs.: Eu uso um Desktop com Windows Vista Home Premiun SP2.

Editado por K9_2009

Compartilhar este post


Link para o post
Compartilhar em outros sites
RenatoMejias    1.041

Use o seguinte link para fazer download do DDS:

http://www.forospyware.com/sUBs/dds

Compartilhar este post


Link para o post
Compartilhar em outros sites
K9_2009    0
  • Autor do tópico
  • Obrigado RenatoMejias pela resposta, estava já pensando que não seria atendido.

    Tenho já o log do DDS que segue.

    Gostaria de descrever o meu problema: já da um tempo que suspeito de um vírus no meu computador porque começou a ficar lento (se bem não demasiadamente). Por este motivo rodei quase todos os antivírus Online conhecidos e de facto encontrei alguns arquivos infectados ou corroídos, mas nenhum activo (não eram executáveis). Usei o ComBofix mas não sabendo interpretar o log não resolveu nada (mas me recordo que não encontrou nenhum processo oculto).

    Estava já convencendo-me que o computador não tinha nada quando resolvi mudar as configurações de Protecção de Ecrã do Avast acrescentando entre as áreas a serem escaneadas a opção "Memória RAM do computador" e então me apareceu a seguinte mensagem:

    Protecção de ecrã do Avast!

    Ficheiro: Processo 988, bloco de memória 0x04B40000, tamanho do bloco 26214

    Número de ficheiros: 3744

    Foi encontrado o vírus JS:Agent-AV[EXPL], o teste foi interrompido!!!

    Deve ser um super vírus este JS:Agent-AV[EXPL] pois nenhum Antivírus o detecta, nem mesmo a escanção em Boot do Avast.

    Mas poderia também ser um falso positivo do Avast...

    Não sei, é por isso que vos peço ajuda. Porém digo já que receio usar o GMER porque já tentei roda-lo umas cinco (5) vezes e deu sempre a :eek:Tela Azul do Windows:eek:. Por isso posto o log do DDS e do HijackThis:

    DDS (Ver_09-09-24.01) - NTFSx86

    Run by Geral at 8:31:23,57 on 28-09-2009

    Internet Explorer: 8.0.6001.18813 BrowserJavaVersion: 1.6.0_14

    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.351.2070.18.3326.1785 [GMT 1:00]

    SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe

    C:\Windows\system32\lsm.exe

    C:\Windows\system32\svchost.exe -k DcomLaunch

    C:\Windows\system32\nvvsvc.exe

    C:\Windows\system32\svchost.exe -k rpcss

    C:\Windows\System32\svchost.exe -k secsvcs

    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

    C:\Windows\system32\svchost.exe -k netsvcs

    C:\Windows\system32\svchost.exe -k GPSvcGroup

    C:\Windows\system32\SLsvc.exe

    C:\Windows\system32\svchost.exe -k LocalService

    C:\Windows\system32\nvvsvc.exe

    C:\Windows\system32\svchost.exe -k NetworkService

    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

    C:\Program Files\Alwil Software\Avast4\ashServ.exe

    C:\Windows\System32\spoolsv.exe

    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

    C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe

    C:\Program Files\GNU\GnuPG\dirmngr.exe

    C:\Windows\system32\svchost.exe -k hpdevmgmt

    C:\Windows\System32\svchost.exe -k HPZ12

    C:\Windows\System32\svchost.exe -k HPZ12

    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

    C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

    C:\Windows\system32\svchost.exe -k imgsvc

    C:\Windows\System32\svchost.exe -k WerSvcGroup

    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

    C:\Windows\system32\SearchIndexer.exe

    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

    C:\Windows\system32\taskeng.exe

    C:\Windows\system32\Dwm.exe

    C:\Windows\system32\taskeng.exe

    C:\Program Files\Google\Update\GoogleUpdate.exe

    C:\Windows\Explorer.EXE

    C:\Program Files\ASUS\AASP\1.00.59\aaCenter.exe

    C:\Program Files\ASUS\Ai Suite\EnergySaving\PwSave.exe

    C:\Program Files\Babylon\Babylon-Pro\Babylon.exe

    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

    C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe

    C:\Program Files\Alwil Software\Avast4\ashDisp.exe

    C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    C:\Program Files\Skype\Phone\Skype.exe

    C:\Program Files\RocketDock\RocketDock.exe

    C:\Program Files\Windows Sidebar\sidebar.exe

    C:\Program Files\Windows Media Player\wmpnscfg.exe

    C:\Program Files\Windows Media Player\wmpnetwk.exe

    C:\Program Files\Babylon\Babylon-Pro\Agent\BabylonAgent.exe

    C:\Program Files\Skype\Plugin Manager\skypePM.exe

    C:\Windows\system32\rundll32.exe

    C:\Windows\system32\svchost.exe -k SDRSVC

    C:\Program Files\Windows Media Player\wmplayer.exe

    C:\Windows\system32\wbem\wmiprvse.exe

    C:\Program Files\Mozilla Firefox\firefox.exe

    C:\Windows\system32\SearchProtocolHost.exe

    C:\Windows\system32\SearchFilterHost.exe

    C:\Users\Geral\Desktop\dds.pif

    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com

    uSearch Page = hxxp://www.google.com

    mSearch Page = hxxp://www.shareware-pt.com/pt/index.php?rvs=hompag

    mStart Page = hxxp://www.shareware-pt.com/pt/index.php?rvs=hompag

    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

    mSearchAssistant = hxxp://www.google.com/ie

    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

    BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

    BHO: Programa Auxiliar de Início de Sessão do Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

    BHO: Babylon IE plugin: {9cfaccb6-2f3f-4177-94ea-0d2b72d384c1} - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll

    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

    TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File

    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

    uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

    uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

    uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"

    uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe

    mRun: [babylon Client] c:\program files\babylon\babylon-pro\Babylon.exe -AutoStart

    mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup

    mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe

    mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe

    mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"

    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

    mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"

    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

    mPolicies-system: EnableLUA = 0 (0x0)

    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

    IE: &Point&&Go - c:\program files\common files\expert system\pgplatform\PGPlatform.htm

    IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

    IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html

    IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

    IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html

    IE: E&xportar para o Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

    IE: Translate this web page with Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/ActionTU.htm

    IE: Translate with Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/Action.htm

    IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe

    IE: {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/ActionTU.htm

    IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

    LSP: c:\windows\system32\wpclsp.dll

    DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab

    DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/você/bin/AvSniff.cab

    DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

    DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

    DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

    AppInit_DLLs: c:\progra~1\google\google~1\GoogleDesktopNetwork3.dll

    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\geral\appdata\roaming\mozilla\firefox\profiles\8v5szns4.default\

    FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch

    FF - prefs.js: browser.search.selectedEngine - Google

    FF - prefs.js: browser.startup.homepage - www.google.pt

    FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

    FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

    FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll

    FF - plugin: c:\program files\microsoft\office live\npOLW.dll

    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

    ============= SERVICES / DRIVERS ===============

    R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-9-18 28544]

    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-9-23 114768]

    R1 bckd;bckd;c:\windows\system32\drivers\bckd.sys [2009-1-14 72992]

    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-9-23 20560]

    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-9-23 53328]

    R2 bckwfs;Blue Coat K9 Web Protection;c:\program files\blue coat k9 web protection\k9filter.exe [2009-1-14 1078560]

    R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-9-14 12672]

    R2 DirMngr;DirMngr;c:\program files\gnu\gnupg\dirmngr.exe [2009-8-7 242176]

    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-6-25 1153368]

    R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]

    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2009-7-14 239648]

    R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\common files\microsoft shared\windows live\WLIDSVC.EXE [2009-3-30 1533808]

    R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\drivers\athrusb.sys [2008-7-29 904192]

    S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-7-9 55280]

    S3 GoogleDesktopManager-060409-093314;Gerenciador do Google Desktop 5.9.906.4286;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-8-25 30192]

    S4 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\adobe\photoshop elements 6.0\PhotoshopElementsFileAgent.exe [2007-9-11 124832]

    S4 fsssvc;Segurança Familiar do Windows Live;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]

    S4 gupdate;Serviço Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-7-20 133104]

    S4 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\nero\nero8\incd\NBHRegInCDSrv.exe [2008-8-8 53032]

    S4 SeekService Service;SeekService Service; [x]

    =============== Created Last 30 ================

    2009-09-28 05:21 22 a------- c:\windows\S.dirmngr

    2009-09-27 16:22 <DIR> --dsh--- C:\$RECYCLE.BIN

    2009-09-27 16:14 <DIR> --d----- C:\ComboFix

    2009-09-25 21:38 <DIR> --d----- c:\program files\SpywareBlaster

    2009-09-25 18:45 <DIR> --d----- c:\program files\Marcos Velasco Security

    2009-09-25 14:32 3,318,538 a----r-- C:\ComboFix.exe

    2009-09-25 14:20 <DIR> --d----- c:\program files\Quicksys

    2009-09-25 10:53 401,720 a------- C:\HijackThis.exe

    2009-09-24 20:12 <DIR> --d-h--- c:\windows\PIF

    2009-09-23 20:22 53,328 a------- c:\windows\system32\drivers\aswMonFlt.sys

    2009-09-23 18:48 229,888 a------- c:\windows\PEV.exe

    2009-09-23 18:48 161,792 a------- c:\windows\SWREG.exe

    2009-09-23 18:48 98,816 a------- c:\windows\sed.exe

    2009-09-22 13:18 <DIR> --d----- c:\users\geral\.kde

    2009-09-21 22:09 <DIR> --d----- c:\users\geral\appdata\roaming\gnupg

    2009-09-21 22:09 <DIR> --d----- c:\programdata\GNU

    2009-09-21 22:09 <DIR> --d----- c:\progra~2\GNU

    2009-09-21 22:09 <DIR> --d----- c:\program files\GNU

    2009-09-21 20:32 102,664 a------- c:\windows\system32\drivers\tmcomm.sys

    2009-09-21 20:31 <DIR> --d----- c:\users\geral\.housecall6.6

    2009-09-20 11:49 <DIR> --d----- c:\users\geral\appdata\roaming\Uniblue

    2009-09-19 10:36 <DIR> --d----- c:\program files\ESET

    2009-09-18 23:23 28,544 a------- c:\windows\system32\drivers\pavboot.sys

    2009-09-18 23:22 <DIR> --d----- c:\program files\Panda Security

    2009-09-18 23:21 <DIR> --d----- c:\programdata\F-Secure

    2009-09-18 23:21 <DIR> --d----- c:\progra~2\F-Secure

    2009-09-17 20:58 <DIR> --d----- c:\program files\Chami

    2009-09-17 19:58 <DIR> --d----- c:\users\geral\appdata\roaming\Nvu

    2009-09-17 19:58 <DIR> --d----- c:\program files\Nvu

    2009-09-17 19:20 <DIR> --d----- c:\users\geral\amaya

    2009-09-17 19:20 <DIR> --d----- c:\program files\Amaya

    2009-09-17 12:46 <DIR> --d----- C:\Os meus Sites

    2009-09-17 10:52 <DIR> --d----- c:\programdata\WindowsSearch

    2009-09-14 22:37 12,672 a------- c:\windows\system32\drivers\cpuz132_x32.sys

    2009-09-14 18:40 <DIR> --d----- c:\program files\SpeedFan

    2009-09-14 18:40 45 a------- c:\windows\system32\initdebug.nfo

    2009-09-14 18:37 27,136 a------- c:\windows\system32\PCWizard.cpl

    2009-09-14 18:37 <DIR> --d----- c:\windows\Java

    2009-09-14 18:37 <DIR> --d----- c:\program files\CPUID

    2009-09-14 14:16 <DIR> --d----- c:\programdata\McAfee

    2009-09-14 13:42 <DIR> --d----- c:\programdata\McAfee Security Scan

    2009-09-14 13:42 <DIR> --d----- c:\progra~2\McAfee Security Scan

    2009-09-10 11:50 <DIR> --d----- c:\program files\RocketDock

    2009-09-09 10:04 2,868,224 a------- c:\windows\system32\mf.dll

    2009-09-08 14:13 <DIR> --d----- c:\programdata\Windows Genuine Advantage

    2009-09-06 13:33 <DIR> --d----- c:\program files\Windows Installer Clean Up

    2009-09-03 18:47 262,144 a------- c:\progra~2\ntuser.dat

    2009-09-03 18:23 <DIR> --d----- c:\programdata\HP Product Assistant

    2009-09-03 18:22 <DIR> --d----- c:\program files\common files\HP

    2009-09-03 18:11 175,268 a------- c:\windows\hpoins21.dat

    2009-09-03 18:11 7,262 -------- c:\windows\hpomdl21.dat

    2009-09-03 18:11 729,088 a------- c:\windows\system32\hpowiax5.dll

    2009-09-03 18:11 364,544 a------- c:\windows\system32\hppldcoi.dll

    2009-09-03 18:11 303,104 a------- c:\windows\system32\hpovst12.dll

    2009-09-03 18:11 970,752 a------- c:\windows\system32\hpotiop5.dll

    2009-09-03 18:11 309,760 a------- c:\windows\system32\difxapi.dll

    2009-09-03 05:10 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll

    2009-09-03 05:10 28,672 a------- c:\windows\system32\Apphlpdm.dll

    2009-09-01 14:30 <DIR> --d----- c:\program files\WinHTTrack

    2009-09-01 10:51 <DIR> --d----- c:\users\geral\appdata\roaming\HpUpdate

    2009-09-01 10:48 <DIR> --d----- c:\windows\Hewlett-Packard

    ==================== Find3M ====================

    2009-09-28 08:30 1,142,602 a------- c:\windows\system32\prfh0816.dat

    2009-09-28 08:30 597,530 a------- c:\windows\system32\prfc0816.dat

    2009-09-28 06:59 32,879 a------- c:\programdata\nvModes.dat

    2009-09-28 06:59 32,879 a------- c:\progra~2\nvModes.dat

    2009-09-03 18:51 19,539 a------- c:\windows\hpqins13.dat

    2009-09-03 18:19 86,016 a------- c:\windows\inf\infstor.dat

    2009-09-03 18:19 51,200 a------- c:\windows\inf\infpub.dat

    2009-09-03 18:19 143,360 a------- c:\windows\inf\infstrng.dat

    2009-09-03 17:17 99,858 a------- c:\windows\hpqins05.dat

    2009-08-29 03:30 173,056 a------- c:\windows\apppatch\AcXtrnal.dll

    2009-08-29 03:30 458,752 a------- c:\windows\apppatch\AcSpecfc.dll

    2009-08-29 03:30 2,159,616 a------- c:\windows\apppatch\AcGenral.dll

    2009-08-29 03:30 542,720 a------- c:\windows\apppatch\AcLayers.dll

    2009-08-25 09:43 103,424 a------- c:\windows\system32\PowerUp3_nat.dll

    2009-08-14 17:27 904,776 a------- c:\windows\system32\drivers\tcpip.sys

    2009-08-14 16:53 17,920 a------- c:\windows\system32\netevent.dll

    2009-08-14 14:49 9,728 a------- c:\windows\system32\TCPSVCS.EXE

    2009-08-14 14:49 17,920 a------- c:\windows\system32\ROUTE.EXE

    2009-08-14 14:49 11,264 a------- c:\windows\system32\MRINFO.EXE

    2009-08-14 14:49 27,136 a------- c:\windows\system32\NETSTAT.EXE

    2009-08-14 14:49 19,968 a------- c:\windows\system32\ARP.EXE

    2009-08-14 14:49 8,704 a------- c:\windows\system32\HOSTNAME.EXE

    2009-08-14 14:49 10,240 a------- c:\windows\system32\finger.exe

    2009-08-14 14:48 30,720 a------- c:\windows\system32\drivers\tcpipreg.sys

    2009-08-14 14:48 105,984 a------- c:\windows\system32\netiohlp.dll

    2009-08-14 04:22 665,600 a------- c:\windows\inf\drvindex.dat

    2009-07-21 22:52 915,456 a------- c:\windows\system32\wininet.dll

    2009-07-21 22:47 109,056 a------- c:\windows\system32\iesysprep.dll

    2009-07-21 22:47 71,680 a------- c:\windows\system32\iesetup.dll

    2009-07-21 21:13 133,632 a------- c:\windows\system32\ieUnatt.exe

    2009-07-17 14:54 71,680 a------- c:\windows\system32\atl.dll

    2009-07-16 23:12 44,544 a------- c:\windows\system32\msxml4a.dll

    2009-07-15 13:40 8,147,456 a------- c:\windows\system32\wmploc.DLL

    2009-07-15 13:39 313,344 a------- c:\windows\system32\wmpdxm.dll

    2009-07-15 13:39 4,096 a------- c:\windows\system32\dxmasf.dll

    2009-07-15 13:39 7,680 a------- c:\windows\system32\spwmp.dll

    2009-07-14 19:54 10,854,400 a------- c:\windows\system32\nvoglv32.dll

    2009-07-14 19:54 7,565,824 a------- c:\windows\system32\nvd3dum.dll

    2009-07-14 19:54 3,287,040 a------- c:\windows\system32\nvwgf2um.dll

    2009-07-14 19:54 2,169,376 a------- c:\windows\system32\nvcuvid.dll

    2009-07-14 19:54 1,983,488 a------- c:\windows\system32\nvcuda.dll

    2009-07-14 19:54 1,706,528 a------- c:\windows\system32\nvcuvenc.dll

    2009-07-14 19:54 1,044,992 a------- c:\windows\system32\nvapi.dll

    2009-07-14 19:54 485,920 a------- c:\windows\system32\nvudisp.exe

    2009-07-14 19:54 151,552 a------- c:\windows\system32\nvcod157.dll

    2009-07-14 19:54 151,552 a------- c:\windows\system32\nvcod.dll

    2009-07-11 20:01 513,536 a------- c:\windows\system32\wlansvc.dll

    2009-07-11 20:01 302,592 a------- c:\windows\system32\wlansec.dll

    2009-07-11 20:01 293,376 a------- c:\windows\system32\wlanmsm.dll

    2009-07-11 20:01 65,024 a------- c:\windows\system32\wlanapi.dll

    2009-07-11 18:03 127,488 a------- c:\windows\system32\L2SecHC.dll

    2009-07-10 07:01 485,920 a------- c:\windows\system32\nvuninst.exe

    2009-07-08 20:26 117,769 a------- c:\windows\hpqins00.dat

    2008-07-17 17:48 174 a--sh--- c:\program files\desktop.ini

    2007-01-18 05:46 332,682 a------- c:\windows\inf\perflib\0816\perfi.dat

    2007-01-18 05:46 332,682 a------- c:\windows\inf\perflib\0816\perfh.dat

    2007-01-18 05:46 39,514 a------- c:\windows\inf\perflib\0816\perfd.dat

    2007-01-18 05:46 39,514 a------- c:\windows\inf\perflib\0816\perfc.dat

    2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat

    2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat

    2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat

    2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

    2000-12-12 11:17 100,432 -------- c:\program files\Win2000PPAHotfix.exe

    ============= FINISH: 8:32:26,77 ===============

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 10:28:20, on 28-09-2009

    Platform: Windows Vista SP2 (WinNT 6.00.1906)

    MSIE: Internet Explorer v8.00 (8.00.6001.18813)

    Boot mode: Normal

    Running processes:

    C:\Windows\system32\Dwm.exe

    C:\Windows\system32\taskeng.exe

    C:\Windows\Explorer.EXE

    C:\Program Files\ASUS\AASP\1.00.59\aaCenter.exe

    C:\Program Files\ASUS\Ai Suite\EnergySaving\PwSave.exe

    C:\Program Files\Babylon\Babylon-Pro\Babylon.exe

    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

    C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe

    C:\Program Files\Alwil Software\Avast4\ashDisp.exe

    C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    C:\Program Files\Skype\Phone\Skype.exe

    C:\Program Files\RocketDock\RocketDock.exe

    C:\Program Files\Windows Sidebar\sidebar.exe

    C:\Program Files\Windows Media Player\wmpnscfg.exe

    C:\Program Files\Babylon\Babylon-Pro\Agent\BabylonAgent.exe

    C:\Program Files\Skype\Plugin Manager\skypePM.exe

    C:\Windows\system32\rundll32.exe

    C:\Windows\system32\SearchFilterHost.exe

    C:\Program Files\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.shareware-pt.com/pt/index.php?rvs=hompag

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.shareware-pt.com/pt/index.php?rvs=hompag

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

    R3 - Default URLSearchHook is missing

    O1 - Hosts: ::1 localhost

    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

    O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll

    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

    O4 - HKLM\..\Run: [babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart

    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

    O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

    O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

    O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

    O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"

    O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe

    O8 - Extra context menu item: &Point&&Go - C:\Program Files\Common Files\Expert System\PGPlatform\PGPlatform.htm

    O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

    O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

    O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

    O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm

    O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm

    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe

    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

    O9 - Extra button: Seleção HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll

    O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll

    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

    O16 - DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab

    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/você/bin/AvSniff.cab

    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

    O23 - Service: Blue Coat K9 Web Protection (bckwfs) - Unknown owner - C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe

    O23 - Service: DirMngr - Unknown owner - C:\Program Files\GNU\GnuPG\dirmngr.exe

    O23 - Service: Gerenciador do Google Desktop 5.9.906.4286 (GoogleDesktopManager-060409-093314) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

    --

    End of file - 9620 bytes

    Editado por K9_2009

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    RenatoMejias    1.041

    Não é recomendado usar o ComboFix por conta própria.

    Poste o log gerado por ele em C:\ComboFix.txt

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    K9_2009    0
  • Autor do tópico
  • ComboFix 09-09-22.03 - Geral 27-09-2009 16:15.3.4 - NTFSx86

    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.351.2070.18.3326.2022 [GMT 1:00]

    Executando de: C:\ComboFix.exe

    SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

    .

    ((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Madotate Desktop\madotate.exe

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Madotate Desktop\mtatecfg.exe

    .

    (((((((((((((((( Arquivos/Ficheiros criados de 2009-08-27 to 2009-09-27 ))))))))))))))))))))))))))))

    .

    2009-09-27 15:20 . 2009-09-27 15:20 -------- d-----w- c:\users\Geral\AppData\Local\temp

    2009-09-27 15:20 . 2009-09-27 15:20 -------- d-----w- c:\users\Utilizador\AppData\Local\temp

    2009-09-27 15:20 . 2009-09-27 15:20 -------- d-----w- c:\users\Public\AppData\Local\temp

    2009-09-27 15:20 . 2009-09-27 15:20 -------- d-----w- c:\users\Default\AppData\Local\temp

    2009-09-27 15:20 . 2009-09-27 15:20 -------- d-----w- c:\users\CONFIGURADOR\AppData\Local\temp

    2009-09-25 20:38 . 2009-09-25 20:59 -------- d-----w- c:\program files\SpywareBlaster

    2009-09-25 17:45 . 2009-09-25 17:45 -------- d-----w- c:\program files\Marcos Velasco Security

    2009-09-25 13:32 . 2009-09-23 10:19 3318538 ----a-r- C:\ComboFix.exe

    2009-09-25 13:20 . 2009-09-25 13:20 -------- d-----w- c:\program files\Quicksys

    2009-09-25 09:53 . 2009-09-25 07:44 401720 ----a-w- C:\HijackThis.exe

    2009-09-24 19:12 . 2009-09-24 19:12 -------- d--h--w- c:\windows\PIF

    2009-09-23 19:22 . 2009-08-17 16:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys

    2009-09-23 19:22 . 2009-08-17 16:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys

    2009-09-23 19:22 . 2009-08-17 16:02 97480 ----a-w- c:\windows\system32\AvastSS.scr

    2009-09-23 19:22 . 2009-08-17 16:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys

    2009-09-23 19:22 . 2009-08-17 16:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

    2009-09-23 19:22 . 2009-08-17 16:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe

    2009-09-23 19:22 . 2009-08-17 16:05 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

    2009-09-22 12:18 . 2009-09-22 12:18 -------- d-----w- c:\users\Geral\.kde

    2009-09-22 12:09 . 2009-09-22 12:09 -------- d-----w- c:\users\Geral\AppData\Local\GNU

    2009-09-21 21:09 . 2009-09-24 07:26 -------- d-----w- c:\users\Geral\AppData\Roaming\gnupg

    2009-09-21 21:09 . 2009-09-21 21:09 -------- d-----w- c:\programdata\GNU

    2009-09-21 21:09 . 2009-09-21 21:09 -------- d-----w- c:\program files\GNU

    2009-09-21 19:32 . 2009-09-21 19:31 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys

    2009-09-21 19:31 . 2009-09-22 17:15 -------- d-----w- c:\users\Geral\.housecall6.6

    2009-09-20 10:49 . 2009-09-20 10:49 -------- d-----w- c:\users\Geral\AppData\Roaming\Uniblue

    2009-09-19 15:04 . 2009-09-20 04:41 -------- d-----w- c:\windows\BDOSCAN8

    2009-09-19 09:36 . 2009-09-19 09:36 -------- d-----w- c:\program files\ESET

    2009-09-18 22:23 . 2008-06-19 16:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys

    2009-09-18 22:22 . 2009-09-18 22:22 -------- d-----w- c:\program files\Panda Security

    2009-09-18 22:21 . 2009-09-18 22:21 -------- d-----w- c:\programdata\F-Secure

    2009-09-17 19:58 . 2009-09-17 20:02 -------- d-----w- c:\program files\Chami

    2009-09-17 18:58 . 2009-09-17 18:58 -------- d-----w- c:\users\Geral\AppData\Roaming\Nvu

    2009-09-17 18:58 . 2009-09-17 18:58 -------- d-----w- c:\program files\Nvu

    2009-09-17 18:20 . 2009-09-18 07:33 -------- d-----w- c:\users\Geral\amaya

    2009-09-17 18:20 . 2009-09-17 18:20 -------- d-----w- c:\program files\Amaya

    2009-09-17 11:46 . 2009-09-22 20:05 -------- d-----w- C:\Os meus Sites

    2009-09-17 09:52 . 2009-09-17 09:52 -------- d-----w- c:\programdata\WindowsSearch

    2009-09-16 21:11 . 2009-09-16 21:11 -------- d-----w- c:\users\Geral\AppData\Local\Stardock

    2009-09-14 21:37 . 2009-03-27 00:16 12672 ----a-w- c:\windows\system32\drivers\cpuz132_x32.sys

    2009-09-14 17:40 . 2009-09-15 11:56 -------- d-----w- c:\program files\SpeedFan

    2009-09-14 17:37 . 2009-09-14 17:37 -------- d-----w- c:\windows\Java

    2009-09-14 17:37 . 2009-09-14 21:37 -------- d-----w- c:\program files\CPUID

    2009-09-14 13:16 . 2009-09-14 13:16 -------- d-----w- c:\programdata\McAfee

    2009-09-14 12:42 . 2009-09-14 12:42 -------- d-----w- c:\programdata\McAfee Security Scan

    2009-09-10 10:50 . 2009-09-11 08:56 -------- d-----w- c:\program files\RocketDock

    2009-09-09 09:04 . 2009-06-10 11:41 2868224 ----a-w- c:\windows\system32\mf.dll

    2009-09-06 12:33 . 2009-09-06 12:33 -------- d-----w- c:\program files\Windows Installer Clean Up

    2009-09-03 17:23 . 2009-09-03 17:23 -------- d-----w- c:\programdata\HP Product Assistant

    2009-09-03 17:22 . 2009-09-03 17:22 -------- d-----w- c:\program files\Hewlett-Packard

    2009-09-03 17:22 . 2009-09-03 17:22 -------- d-----w- c:\program files\Common Files\HP

    2009-09-03 17:11 . 2009-09-03 17:42 175268 ----a-w- c:\windows\hpoins21.dat

    2009-09-03 17:11 . 2008-02-15 04:00 7262 ------w- c:\windows\hpomdl21.dat

    2009-09-03 17:11 . 2007-11-02 02:28 729088 ----a-w- c:\windows\system32\hpowiax5.dll

    2009-09-03 17:11 . 2007-11-02 02:28 303104 ----a-w- c:\windows\system32\hpovst12.dll

    2009-09-03 17:11 . 2007-11-02 02:28 364544 ----a-w- c:\windows\system32\hppldcoi.dll

    2009-09-03 17:11 . 2007-11-02 02:28 970752 ----a-w- c:\windows\system32\hpotiop5.dll

    2009-09-03 17:11 . 2007-11-02 02:28 309760 ----a-w- c:\windows\system32\difxapi.dll

    2009-09-03 04:10 . 2009-08-29 00:27 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

    2009-09-03 04:10 . 2009-08-29 00:14 28672 ----a-w- c:\windows\system32\Apphlpdm.dll

    2009-09-01 13:30 . 2009-09-01 13:30 -------- d-----w- c:\program files\WinHTTrack

    2009-09-01 09:51 . 2009-09-03 16:07 -------- d-----w- c:\users\Geral\AppData\Roaming\HpUpdate

    2009-09-01 09:48 . 2009-09-01 09:48 -------- d-----w- c:\windows\Hewlett-Packard

    .

    ((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2009-09-27 15:14 . 2008-08-17 10:40 -------- d-----w- c:\users\Geral\AppData\Roaming\Skype

    2009-09-27 15:09 . 2008-08-17 10:47 -------- d-----w- c:\users\Geral\AppData\Roaming\skypePM

    2009-09-27 14:49 . 2009-07-18 13:38 -------- d-----w- c:\programdata\Babylon

    2009-09-27 12:22 . 2009-07-22 12:37 -------- d-----w- c:\program files\Blue Coat K9 Web Protection

    2009-09-27 11:55 . 2007-01-18 04:49 584066 ----a-w- c:\windows\system32\prfc0816.dat

    2009-09-27 11:55 . 2007-01-18 04:49 1128562 ----a-w- c:\windows\system32\prfh0816.dat

    2009-09-27 11:49 . 2009-08-16 10:22 32879 ----a-w- c:\programdata\nvModes.dat

    2009-09-27 11:49 . 2008-07-17 17:33 -------- d-----w- c:\programdata\NVIDIA

    2009-09-27 09:56 . 2009-06-25 12:05 -------- d-----w- c:\programdata\Spybot - Search & Destroy

    2009-09-25 20:55 . 2008-07-17 15:46 143944 ----a-w- c:\users\Geral\AppData\Local\GDIPFONTCACHEV1.DAT

    2009-09-23 17:55 . 2009-05-05 07:55 -------- d-----w- c:\program files\Bíblia Católica v2.0

    2009-09-23 08:15 . 2008-07-29 08:30 -------- d-----w- c:\users\Geral\AppData\Roaming\U3

    2009-09-20 11:25 . 2009-08-25 07:36 -------- d-----w- c:\program files\System Explorer

    2009-09-19 21:32 . 2009-07-18 13:38 -------- d-----w- c:\users\Geral\AppData\Roaming\Babylon

    2009-09-13 21:26 . 2009-07-22 17:43 -------- d-----w- c:\users\Geral\AppData\Roaming\IObit

    2009-09-13 21:26 . 2009-07-22 17:43 -------- d-----w- c:\program files\IObit

    2009-09-11 08:03 . 2009-06-25 12:05 -------- d-----w- c:\program files\Spybot - Search & Destroy

    2009-09-09 09:11 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

    2009-09-09 09:11 . 2008-08-08 14:29 -------- d-----w- c:\program files\Microsoft Silverlight

    2009-09-09 09:11 . 2008-07-17 17:18 -------- d-----w- c:\programdata\Microsoft Help

    2009-09-07 22:40 . 2008-07-17 15:45 1356 ----a-w- c:\users\Geral\AppData\Local\d3d9caps.dat

    2009-09-06 12:33 . 2009-06-25 11:08 -------- d-----w- c:\program files\MSECache

    2009-09-03 18:40 . 2009-07-24 08:54 -------- d-----w- c:\users\Geral\AppData\Roaming\vlc

    2009-09-03 17:51 . 2008-11-13 13:05 19539 ----a-w- c:\windows\hpqins13.dat

    2009-09-03 17:47 . 2009-09-03 17:47 262144 ----a-w- c:\programdata\ntuser.dat

    2009-09-03 17:23 . 2008-07-18 15:15 -------- d-----w- c:\programdata\HP

    2009-09-03 16:17 . 2007-08-30 09:55 99858 ----a-w- c:\windows\hpqins05.dat

    2009-09-01 12:09 . 2008-08-04 16:03 -------- d-----w- c:\programdata\FLEXnet

    2009-08-27 18:47 . 2008-07-17 15:59 -------- d--h--w- c:\program files\InstallShield Installation Information

    2009-08-27 18:46 . 2009-08-27 18:27 -------- d-----w- c:\program files\SMC

    2009-08-27 14:31 . 2008-07-17 16:52 -------- d-----w- c:\program files\Common Files\Adobe

    2009-08-27 10:29 . 2009-08-27 09:59 -------- d-----w- c:\users\Geral\AppData\Roaming\Download Manager

    2009-08-25 12:28 . 2008-08-17 10:22 -------- d-----w- c:\program files\Google

    2009-08-25 08:43 . 2009-08-25 08:43 -------- d-----w- c:\users\Geral\AppData\Roaming\Ashampoo

    2009-08-25 08:43 . 2009-08-25 08:43 103424 ----a-w- c:\windows\system32\PowerUp3_nat.dll

    2009-08-25 08:34 . 2009-08-25 08:34 -------- d-----w- c:\program files\Security Process Explorer

    2009-08-25 07:40 . 2009-08-25 07:36 -------- d-----w- c:\programdata\SystemExplorer

    2009-08-24 22:31 . 2009-08-24 22:31 -------- d-----w- c:\users\Geral\AppData\Roaming\Auslogics

    2009-08-24 22:31 . 2009-08-24 22:31 -------- d-----w- c:\program files\Auslogics

    2009-08-24 09:03 . 2008-07-17 16:03 -------- d-----w- c:\program files\ASUS

    2009-08-24 08:45 . 2009-07-31 08:19 -------- d-----w- c:\program files\Free 3D Earth Screensaver

    2009-08-23 15:12 . 2008-08-27 10:37 -------- d-----w- c:\program files\UpsPilot

    2009-08-22 12:28 . 2009-08-19 07:52 -------- d-----w- c:\users\Geral\AppData\Roaming\FileZilla

    2009-08-22 09:22 . 2009-05-14 19:49 -------- d-----w- c:\program files\Mozilla Thunderbird

    2009-08-21 10:58 . 2008-07-31 10:03 -------- d-----w- c:\programdata\ScanSoft

    2009-08-21 10:58 . 2008-07-31 10:03 -------- d-----w- c:\program files\ScanSoft

    2009-08-20 08:13 . 2009-07-26 09:38 -------- d-----w- c:\users\Geral\AppData\Roaming\dvdcss

    2009-08-19 07:52 . 2009-08-19 07:52 -------- d-----w- c:\program files\FileZilla FTP Client

    2009-08-16 10:10 . 2009-08-16 10:10 -------- d-----w- c:\program files\NVIDIA Corporation

    2009-08-16 10:09 . 2009-08-16 10:09 -------- d-----w- c:\program files\AGEIA Technologies

    2009-08-16 10:08 . 2009-08-16 10:08 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

    2009-08-16 09:56 . 2009-08-16 09:56 -------- d-----w- c:\program files\SystemRequirementsLab

    2009-08-16 09:56 . 2009-08-16 09:56 -------- d-----w- c:\users\Geral\AppData\Roaming\SystemRequirementsLab

    2009-08-14 16:27 . 2009-09-09 09:05 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys

    2009-08-14 15:53 . 2009-09-09 09:05 17920 ----a-w- c:\windows\system32\netevent.dll

    2009-08-14 13:49 . 2009-09-09 09:05 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE

    2009-08-14 13:49 . 2009-09-09 09:05 17920 ----a-w- c:\windows\system32\ROUTE.EXE

    2009-08-14 13:49 . 2009-09-09 09:05 11264 ----a-w- c:\windows\system32\MRINFO.EXE

    2009-08-14 13:49 . 2009-09-09 09:05 27136 ----a-w- c:\windows\system32\NETSTAT.EXE

    2009-08-14 13:49 . 2009-09-09 09:05 19968 ----a-w- c:\windows\system32\ARP.EXE

    2009-08-14 13:49 . 2009-09-09 09:05 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE

    2009-08-14 13:49 . 2009-09-09 09:05 10240 ----a-w- c:\windows\system32\finger.exe

    2009-08-14 13:48 . 2009-09-09 09:05 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

    2009-08-14 13:48 . 2009-09-09 09:05 105984 ----a-w- c:\windows\system32\netiohlp.dll

    2009-08-14 03:22 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar

    2009-08-14 03:22 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration

    2009-08-14 03:22 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar

    2009-08-14 03:22 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery

    2009-08-14 03:22 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal

    2009-08-14 03:22 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender

    2009-08-14 03:22 . 2006-11-02 12:37 -------- d-----w- c:\program files\Microsoft Games

    2009-08-11 10:36 . 2009-06-25 14:41 -------- d-----w- c:\program files\SeekService

    2009-08-10 09:20 . 2009-08-10 09:20 -------- d-----w- c:\users\Geral\AppData\Roaming\Talkback

    2009-07-31 08:19 . 2009-07-31 08:19 -------- d-----w- c:\users\Geral\AppData\Roaming\TERMINAL Studio

    2009-07-25 09:43 . 2009-07-25 09:43 53 ----a-w- c:\windows\DelToolbox.bat

    2009-07-21 21:52 . 2009-07-29 07:59 915456 ----a-w- c:\windows\system32\wininet.dll

    2009-07-21 21:47 . 2009-07-29 07:59 109056 ----a-w- c:\windows\system32\iesysprep.dll

    2009-07-21 21:47 . 2009-07-29 07:59 71680 ----a-w- c:\windows\system32\iesetup.dll

    2009-07-21 20:13 . 2009-07-29 07:59 133632 ----a-w- c:\windows\system32\ieUnatt.exe

    2009-07-17 16:30 . 2009-07-17 16:30 142384 ----a-w- c:\users\Utilizador\AppData\Local\GDIPFONTCACHEV1.DAT

    2009-07-17 13:54 . 2009-08-12 21:49 71680 ----a-w- c:\windows\system32\atl.dll

    2009-07-16 22:12 . 2009-07-23 14:29 44544 ----a-w- c:\windows\system32\msxml4a.dll

    2009-07-15 12:40 . 2009-08-12 21:49 8147456 ----a-w- c:\windows\system32\wmploc.DLL

    2009-07-15 12:39 . 2009-08-12 21:49 313344 ----a-w- c:\windows\system32\wmpdxm.dll

    2009-07-15 12:39 . 2009-08-12 21:49 4096 ----a-w- c:\windows\system32\dxmasf.dll

    2009-07-15 12:39 . 2009-08-12 21:49 7680 ----a-w- c:\windows\system32\spwmp.dll

    2009-07-14 18:54 . 2009-08-16 10:07 485920 ----a-w- c:\windows\system32\nvudisp.exe

    2009-07-14 18:54 . 2009-08-16 10:07 9557216 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

    2009-07-14 18:54 . 2009-08-16 10:07 3287040 ----a-w- c:\windows\system32\nvwgf2um.dll

    2009-07-14 18:54 . 2009-08-16 10:07 10854400 ----a-w- c:\windows\system32\nvoglv32.dll

    2009-07-14 18:54 . 2009-08-16 10:07 2169376 ----a-w- c:\windows\system32\nvcuvid.dll

    2009-07-14 18:54 . 2009-08-16 10:07 1983488 ----a-w- c:\windows\system32\nvcuda.dll

    2009-07-14 18:54 . 2009-08-16 10:07 1706528 ----a-w- c:\windows\system32\nvcuvenc.dll

    2009-07-14 18:54 . 2009-08-16 10:07 151552 ----a-w- c:\windows\system32\nvcod157.dll

    2009-07-14 18:54 . 2009-08-16 10:07 151552 ----a-w- c:\windows\system32\nvcod.dll

    2009-07-14 18:54 . 2007-07-06 05:15 7565824 ----a-w- c:\windows\system32\nvd3dum.dll

    2009-07-14 18:54 . 2007-07-06 05:15 1044992 ----a-w- c:\windows\system32\nvapi.dll

    2009-07-11 19:01 . 2009-09-09 09:05 513536 ----a-w- c:\windows\system32\wlansvc.dll

    2009-07-11 19:01 . 2009-09-09 09:05 302592 ----a-w- c:\windows\system32\wlansec.dll

    2009-07-11 19:01 . 2009-09-09 09:05 293376 ----a-w- c:\windows\system32\wlanmsm.dll

    2009-08-25 12:28 . 2009-08-25 12:28 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

    .

    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

    .

    .

    *Nota* entradas vazias e legítimas por defeito não são mostradas.

    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]

    @="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"

    [HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]

    2008-08-08 10:28 97064 ----a-w- c:\program files\Nero\Nero8\InCD\NBHShx.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688]

    "RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]

    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "Babylon Client"="c:\program files\Babylon\Babylon-Pro\Babylon.exe" [2009-07-07 3706768]

    "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-08-25 30192]

    "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]

    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]

    "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-02-27 38768]

    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

    "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-02-27 640376]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "EnableLUA"= 0 (0x0)

    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

    "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

    @="Service"

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]

    backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup

    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

    backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup

    backupExtension=.CommonStartup

    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpScheduler

    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF3 Registry Controller

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

    "VistaSp2"=hex(B):ce,d8,58,ff,8e,1c,ca,01

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2089727552-4062423731-2301173062-1000]

    "EnableNotificationsRef"=dword:00000004

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2089727552-4062423731-2301173062-1001]

    "EnableNotificationsRef"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

    "{9937B00E-A54F-4CA3-AECD-A943D7EE7317}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

    "{9D79F79B-23E2-412B-A6B7-6C8F92F95952}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

    "{76EFBA76-43AF-41BC-94ED-2907EECEEEA6}"= Disabled:UDP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server

    "{31D16C5F-4805-457C-BCA5-9FB11DA5C731}"= Disabled:TCP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server

    "TCP Query User{F7620554-85A9-49EE-BF28-D554E3F69A59}d:\\sthiw\\stinstall.exe"= UDP:d:\sthiw\stinstall.exe:SpeedTouch Setup Wizard

    "UDP Query User{DBD9DA8A-F63E-4709-8A32-3C9D53A34DBA}d:\\sthiw\\stinstall.exe"= TCP:d:\sthiw\stinstall.exe:SpeedTouch Setup Wizard

    "TCP Query User{01B0B620-D53C-4988-868E-C9018EA716B9}c:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= UDP:c:\program files\nero\nero8\nero home\nerohome.exe:Nero Home

    "UDP Query User{A3C04835-921A-4E68-88D4-D132112194F0}c:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= TCP:c:\program files\nero\nero8\nero home\nerohome.exe:Nero Home

    "{32A177E9-6F12-4ADE-A300-D0FD7ED1B5EF}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

    "{A1DCA234-0312-4916-9092-4CE8724083E3}"= c:\program files\Skype\Phone\Skype.exe:Skype

    "{E56BB8DE-EB3A-4DAE-8A8C-779C6433F72F}"= c:\program files\Skype\Phone\Skype.exe:Skype

    "{6605E52E-DD8B-4F18-B431-E727A0044895}"= c:\program files\Skype\Phone\Skype.exe:Skype

    "{0923E21F-B1D9-415C-8CC2-93AAE5EED489}"= c:\program files\HP\Digital Imaging\bin\hpqpse.exe:hpqpse.exe

    "{3EEB5443-2F32-4F24-ADA2-77D9789F29A5}"= c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe:hpqphotocrm.exe

    "{61030871-D04C-4194-9F09-951EB597EB65}"= c:\program files\HP\Digital Imaging\bin\hpqsudi.exe:hpqsudi.exe

    "{A67B3DE7-E1E2-4BEB-A4C6-141CBC0156C9}"= c:\program files\HP\Digital Imaging\bin\hpqpsapp.exe:hpqpsapp.exe

    "{97B18ECD-6644-4F69-8162-77D5BBFFF7DA}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe

    "{A3D02601-D623-489D-B201-33483A02955C}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe

    "{217C5169-2CCC-4A16-B419-4F7FC773D32F}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe

    "{9CE1F1CA-581C-40E7-82DF-D11A799DEB8B}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe

    "{E2BD1F60-C7A7-45EB-A013-9122B45F22A0}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe

    "{C2140165-4711-40D6-BBB7-BE0F985DF8C3}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe

    "{C53E39BF-43EF-49AD-9B79-4FF1BCAEB2FE}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe

    "{B7DF64A7-6B86-4074-B715-7DE8B28FF8F9}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe

    "{D688D444-D3C0-411C-BC27-7DA0C718DCDB}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe

    "{EA86AF40-F451-4F98-9382-380B3FF1622D}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe

    "{F840034F-DCD3-41EF-839D-277C7655AC61}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe

    "{35A42B67-EEA7-44B1-86C7-DE52148E1850}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe

    "{1E6565B4-0B35-4499-82B1-99F997EE0438}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe

    "{C74F9B4A-6413-4CC6-AFAB-F39A69659E4A}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe

    "{71BEE14C-4581-4F21-9133-3F9C8E6A355D}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpiscnapp.exe:hpiscnapp.exe

    "{0FB9283B-9CA1-4116-9C4E-CABF528C3BCA}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpiscnapp.exe:hpiscnapp.exe

    "{A67EF226-8BE0-49BB-8F1A-5B7BDB384D31}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe

    "{CFA08273-0672-4009-8FB5-41D826A51764}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe

    "{B3AD4B83-3547-4BD4-AA22-374FEDDD631B}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync

    "{5522E970-F809-4252-9F3A-670827353A96}"= UDP:c:\program files\ASUS\AASP\1.00.59\AsLoader.exe:AsLoader

    "{7A52608C-C7EF-4BD5-87D5-C3585F27EF9F}"= TCP:c:\program files\ASUS\AASP\1.00.59\AsLoader.exe:AsLoader

    "{8F58D381-EC55-489D-A2B6-4143D0106E12}"= UDP:c:\program files\ASUS\Ai Suite\EnergySaving\PwSave.exe:PwSave

    "{79219383-EEF6-4176-B30F-3C0B272289E0}"= TCP:c:\program files\ASUS\Ai Suite\EnergySaving\PwSave.exe:PwSave

    "{F6207809-7909-4DB6-B271-CA906CE1E891}"= UDP:c:\program files\ASUS\Ai Suite\CpuLevelUpHookLaunch.exe:CpuLevelUpHookLaunch

    "{88A9AE8C-E8FE-4A5B-839B-C8ADA0AE0FBE}"= TCP:c:\program files\ASUS\Ai Suite\CpuLevelUpHookLaunch.exe:CpuLevelUpHookLaunch

    "{F8446BCF-C354-410B-99E8-A5DB4429DF6A}"= UDP:c:\program files\ASUS\AASP\1.00.59\AsRunHelp.exe:AsRunHelp

    "{4E1D8C4E-77CD-4AED-B42E-7C51E2207614}"= TCP:c:\program files\ASUS\AASP\1.00.59\AsRunHelp.exe:AsRunHelp

    "{027F80EF-C905-4628-BC89-CAD3A9525F6C}"= UDP:c:\program files\ASUS\AASP\1.00.59\aaCenter.exe:aaCenter

    "{EEA549B5-4477-4964-955C-9ABA36EA28C2}"= TCP:c:\program files\ASUS\AASP\1.00.59\aaCenter.exe:aaCenter

    "{2027D653-A93E-486F-9ED1-0B4DDB48BE65}"= UDP:c:\program files\ASUS\Ai Suite\AiSuite.exe:AI Suite v1.03.27

    "{4CB86386-9662-4327-9D65-A3F1DFFED324}"= TCP:c:\program files\ASUS\Ai Suite\AiSuite.exe:AI Suite v1.03.27

    "{39D7DE6A-B3CB-40B3-9445-823A686DA9F0}"= UDP:c:\program files\ASUS\Ai Suite\CpuLevelUpHook32.exe:CpuLevelUpHook32

    "{2EA4A342-0127-44CB-A2AD-84600557C63B}"= TCP:c:\program files\ASUS\Ai Suite\CpuLevelUpHook32.exe:CpuLevelUpHook32

    "{B6216C0E-E8DC-46B8-92F5-A77E5EAC851B}"= UDP:c:\program files\ASUS\Ai Suite\CpuLevelUpHook64.exe:CpuLevelUpHook64

    "{A7D6E70A-078C-42F3-B7E8-5372EB5C84DD}"= TCP:c:\program files\ASUS\Ai Suite\CpuLevelUpHook64.exe:CpuLevelUpHook64

    "{102C3DF5-B017-4DB6-9925-F88536575A43}"= UDP:c:\program files\Adobe\Photoshop 7.0\ImageReady.exe:Adobe ImageReady 7.0

    "{B3E8E674-3D2C-4035-92AE-CBAAB7A28D4F}"= TCP:c:\program files\Adobe\Photoshop 7.0\ImageReady.exe:Adobe ImageReady 7.0

    "{06CFCC26-BEDF-4776-B7EA-C3D375C82C47}"= UDP:c:\program files\ASUS\Ai Suite\RegSchdTask.exe:RegSchdTask

    "{A1D0BB05-84BB-405F-A560-65616AE949D9}"= TCP:c:\program files\ASUS\Ai Suite\RegSchdTask.exe:RegSchdTask

    "{07412892-8EEF-4780-A26E-E9A6E6DFBBE5}"= UDP:c:\program files\Babylon\Babylon-Pro\Babylon.exe:Babylon

    "{02E30890-51F6-4CCF-BB5A-91C380C303A2}"= TCP:c:\program files\Babylon\Babylon-Pro\Babylon.exe:Babylon

    "{D6BC082C-0A62-48B5-B2F0-02919411835A}"= UDP:c:\program files\Alwil Software\Avast4\ashAvast.exe:avast! Antivirus

    "{1A0BDF1B-F709-4302-A302-E76324AC8658}"= TCP:c:\program files\Alwil Software\Avast4\ashAvast.exe:avast! Antivirus

    "{0254D70F-86AB-4F3D-B23B-C23E9EDAABB2}"= UDP:c:\program files\Spybot - Search & Destroy\SpybotSD.exe:Spybot - Search & Destroy

    "{68EE1B64-669C-44F2-8783-2D29D8CA8A56}"= TCP:c:\program files\Spybot - Search & Destroy\SpybotSD.exe:Spybot - Search & Destroy

    "{1ED2B055-B8B3-483E-ACFF-BED69BDACD47}"= UDP:c:\program files\Spybot - Search & Destroy\SDUpdate.exe:Update Spybot-S&D

    "{79CFCC2F-3071-4F91-B636-C2ABEDD6B5FB}"= TCP:c:\program files\Spybot - Search & Destroy\SDUpdate.exe:Update Spybot-S&D

    "{67DD79B9-D689-49FA-998E-8F41A282F771}"= UDP:c:\program files\Google\Google Earth\googleearth.exe:Google Earth

    "{DFE14236-5A26-454A-A414-5A1722972B98}"= TCP:c:\program files\Google\Google Earth\googleearth.exe:Google Earth

    "{4360EE28-EB7E-4A14-989D-30716188C2FF}"= UDP:c:\program files\FileZilla FTP Client\filezilla.exe:FileZilla

    "{7C34F830-5F3D-48A9-ABE3-5C632C6D4C6B}"= TCP:c:\program files\FileZilla FTP Client\filezilla.exe:FileZilla

    R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [18-09-2009 23:23 28544]

    R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [23-09-2009 20:22 114768]

    R1 bckd;bckd;c:\windows\System32\drivers\bckd.sys [14-01-2009 00:39 72992]

    R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [23-09-2009 20:22 20560]

    R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [23-09-2009 20:22 53328]

    R2 bckwfs;Blue Coat K9 Web Protection;c:\program files\Blue Coat K9 Web Protection\k9filter.exe [14-01-2009 00:39 1078560]

    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [25-06-2009 13:05 1153368]

    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [14-07-2009 12:28 239648]

    R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\System32\drivers\athrusb.sys [29-07-2008 04:45 904192]

    S2 cpuz132;cpuz132;c:\windows\System32\drivers\cpuz132_x32.sys [14-09-2009 22:37 12672]

    S2 DirMngr;DirMngr;c:\program files\GNU\GnuPG\dirmngr.exe [07-08-2009 18:19 242176]

    S2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [30-03-2009 16:28 1533808]

    S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [09-07-2009 05:44 55280]

    S3 GoogleDesktopManager-060409-093314;Gerenciador do Google Desktop 5.9.906.4286;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [25-08-2009 13:28 30192]

    S4 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [11-09-2007 00:45 124832]

    S4 fsssvc;Segurança Familiar do Windows Live;c:\program files\Windows Live\Family Safety\fsssvc.exe [06-02-2009 18:08 533360]

    S4 gupdate;Serviço Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [20-07-2009 21:02 133104]

    S4 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [08-08-2008 11:28 53032]

    S4 SeekService Service;SeekService Service; [x]

    --- =Outros Serviços/Drivers Na Memória ---

    *NewlyCreated* - CPUZ132

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

    "c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

    .

    Conteúdo da pasta 'Tarefas Agendadas'

    2009-09-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

    - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-20 20:02]

    2009-09-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

    - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-20 20:02]

    2009-09-27 c:\windows\Tasks\User_Feed_Synchronization-{8C53BD34-E904-4AA3-99A6-5F15D3AEF76F}.job

    - c:\windows\system32\msfeedssync.exe [2009-07-29 20:13]

    2009-09-20 c:\windows\Tasks\User_Feed_Synchronization-{D200C210-2D3D-4928-9654-1424D03CAF08}.job

    - c:\windows\system32\msfeedssync.exe [2009-07-29 20:13]

    .

    .

    ------- Scan Suplementar -------

    .

    uStart Page = hxxp://www.google.com

    mStart Page = hxxp://www.shareware-pt.com/pt/index.php?rvs=hompag

    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

    IE: &Point&&Go - c:\program files\Common Files\Expert System\PGPlatform\PGPlatform.htm

    IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

    IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

    IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

    IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

    IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

    IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm

    IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm

    IE: {{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm

    LSP: c:\windows\system32\wpclsp.dll

    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

    FF - ProfilePath - c:\users\Geral\AppData\Roaming\Mozilla\Firefox\Profiles\8v5szns4.default\

    FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch

    FF - prefs.js: browser.search.selectedEngine - Google

    FF - prefs.js: browser.startup.homepage - www.google.pt

    FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

    FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll

    FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll

    FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2009-09-27 16:20

    Windows 6.0.6002 Service Pack 2 NTFS

    Procurando processos ocultos ...

    Procurando entradas auto inicializáveis ocultas ...

    Procurando ficheiros/arquivos ocultos ...

    Varredura completada com sucesso

    arquivos/ficheiros ocultos: 0

    **************************************************************************

    .

    --------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

    [HKEY_USERS\S-1-5-21-2089727552-4062423731-2301173062-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3905DF8B-F558-6C2A-9808-5BD9043C0262}*]

    "jajdmnpmabdfamcnohac"=hex:63,61,6f,68,68,64,00,00

    "pabeloahcgoimbhedihohlflobfohlkb"=hex:62,61,66,67,00,64

    "hajdmnpmabdfamcn"=hex:61,61,00,00

    [HKEY_USERS\S-1-5-21-2089727552-4062423731-2301173062-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FEAF3BED-5D91-DFC8-D6D6-8829A3F072AE}*]

    "abiibifmgpmkpdlamfjkbgmnbgndknnbjn"=hex:6a,61,6d,6c,6a,6d,6b,68,6e,69,6e,70,

    6d,62,64,68,6a,6d,67,70,00,52

    "pagjbgnenibakpggbmmdhbophneglfga"=hex:6a,61,6d,6c,6c,6d,61,6a,68,6f,67,65,6f,

    62,6f,67,6d,67,64,6b,00,8b

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

    @Denied: (A) (Users)

    @Denied: (A) (Everyone)

    @Allowed: (B 1 2 3 4 5) (S-1-5-20)

    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

    @Denied: (A) (Users)

    @Denied: (A) (Everyone)

    @Allowed: (B 1 2 3 4 5) (S-1-5-20)

    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

    @Denied: (A) (Users)

    @Denied: (A) (Everyone)

    @Allowed: (B 1 2 3 4 5) (S-1-5-20)

    "BlindDial"=dword:00000000

    .

    Tempo para conclusão: 2009-09-27 16:22

    ComboFix-quarantined-files.txt 2009-09-27 15:22

    ComboFix2.txt 2009-09-25 13:43

    Pré-execução: 297.632.702.464 bytes livres

    Pós execução: 297.522.114.560 bytes livres

    Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4

    400 --- E O F --- 2009-09-25 07:37

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    RenatoMejias    1.041

    Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

    Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Código":


    RegNull::


    [HKEY_USERS\S-1-5-21-2089727552-4062423731-2301173062-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3905DF8B-F558-6C2A-9808-5BD9043C0262}*]

    [HKEY_USERS\S-1-5-21-2089727552-4062423731-2301173062-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FEAF3BED-5D91-DFC8-D6D6-8829A3F072AE}*]

    • Salve este arquivo como: CFScript.txt
      CFScriptB-4.gif
    • Tal com exemplificado na foto acima, arraste o arquivo CFScript.txt para dentro do ComboFix.exe
    • Quando a ferramenta terminar de rodar, gerará um log. Poste esse arquivo C:\ComboFix.txt.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    K9_2009    0
  • Autor do tópico
  • OBSERVAÇÕES:

    * Na dúvida se devia executar as tuas instruções a partir do Desktop ou da "Pasta Raiz" (C:\ ) decidi colocar o ComboFix e o arquivo CFSript.txt dentro de C:\ e depois arrastar este ultimo para dentro do ComboFix.

    * Por ter desactivado os sistemas de protecção do computador resolvi desconectar-me da internet também.

    * Quando se aviou o processo do ComboFix me apareceu uma mensagem dizendo (mais ou menos) que a cópia do programa era expirada e que era necessário apagar a actual e baixar uma outra. Porém quando fechei a caixa de diálogo o ComboFix se aviou normalmente e gerou o seguinte log:

    ComboFix 09-09-22.03 - Geral 30-09-2009 8:46.4.4 - NTFSx86

    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.351.2070.18.3326.2258 [GMT 1:00]

    Executando de: C:\ComboFix.exe

    Comandos utilizados :: C:\CFScript.txt

    SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

    .

    - MODO DE FUNCIONALIDADE REDUZIDA -

    .

    (((((((((((((((( Arquivos/Ficheiros criados de 2009-08-28 to 2009-09-30 ))))))))))))))))))))))))))))

    .

    2009-09-30 07:47 . 2009-09-30 07:47 -------- d-----w- c:\users\Geral\AppData\Local\temp

    2009-09-30 07:47 . 2009-09-30 07:47 -------- d-----w- c:\users\Utilizador\AppData\Local\temp

    2009-09-30 07:47 . 2009-09-30 07:47 -------- d-----w- c:\users\Public\AppData\Local\temp

    2009-09-30 07:47 . 2009-09-30 07:47 -------- d-----w- c:\users\Default\AppData\Local\temp

    2009-09-30 07:47 . 2009-09-30 07:47 -------- d-----w- c:\users\CONFIGURADOR\AppData\Local\temp

    2009-09-28 17:41 . 2009-09-28 17:41 -------- d-----w- c:\users\Geral\AppData\Local\Apps

    2009-09-25 20:38 . 2009-09-25 20:59 -------- d-----w- c:\program files\SpywareBlaster

    2009-09-25 17:45 . 2009-09-25 17:45 -------- d-----w- c:\program files\Marcos Velasco Security

    2009-09-25 13:32 . 2009-09-23 10:19 3318538 ----a-r- C:\ComboFix.exe

    2009-09-25 13:20 . 2009-09-25 13:20 -------- d-----w- c:\program files\Quicksys

    2009-09-24 19:12 . 2009-09-24 19:12 -------- d--h--w- c:\windows\PIF

    2009-09-23 19:22 . 2009-09-15 10:54 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys

    2009-09-23 19:22 . 2009-09-15 10:54 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys

    2009-09-23 19:22 . 2009-08-17 16:02 97480 ----a-w- c:\windows\system32\AvastSS.scr

    2009-09-23 19:22 . 2009-09-15 10:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys

    2009-09-23 19:22 . 2009-09-15 10:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

    2009-09-23 19:22 . 2009-09-15 10:59 1279968 ----a-w- c:\windows\system32\aswBoot.exe

    2009-09-23 19:22 . 2009-09-15 10:55 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

    2009-09-22 12:18 . 2009-09-22 12:18 -------- d-----w- c:\users\Geral\.kde

    2009-09-22 12:09 . 2009-09-22 12:09 -------- d-----w- c:\users\Geral\AppData\Local\GNU

    2009-09-21 21:09 . 2009-09-24 07:26 -------- d-----w- c:\users\Geral\AppData\Roaming\gnupg

    2009-09-21 21:09 . 2009-09-21 21:09 -------- d-----w- c:\programdata\GNU

    2009-09-21 21:09 . 2009-09-21 21:09 -------- d-----w- c:\program files\GNU

    2009-09-21 19:32 . 2009-09-21 19:31 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys

    2009-09-21 19:31 . 2009-09-22 17:15 -------- d-----w- c:\users\Geral\.housecall6.6

    2009-09-20 10:49 . 2009-09-20 10:49 -------- d-----w- c:\users\Geral\AppData\Roaming\Uniblue

    2009-09-19 15:04 . 2009-09-20 04:41 -------- d-----w- c:\windows\BDOSCAN8

    2009-09-19 09:36 . 2009-09-19 09:36 -------- d-----w- c:\program files\ESET

    2009-09-18 22:23 . 2008-06-19 16:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys

    2009-09-18 22:22 . 2009-09-18 22:22 -------- d-----w- c:\program files\Panda Security

    2009-09-18 22:21 . 2009-09-18 22:21 -------- d-----w- c:\programdata\F-Secure

    2009-09-17 19:58 . 2009-09-17 20:02 -------- d-----w- c:\program files\Chami

    2009-09-17 18:58 . 2009-09-17 18:58 -------- d-----w- c:\users\Geral\AppData\Roaming\Nvu

    2009-09-17 18:58 . 2009-09-17 18:58 -------- d-----w- c:\program files\Nvu

    2009-09-17 18:20 . 2009-09-18 07:33 -------- d-----w- c:\users\Geral\amaya

    2009-09-17 18:20 . 2009-09-17 18:20 -------- d-----w- c:\program files\Amaya

    2009-09-17 11:46 . 2009-09-22 20:05 -------- d-----w- C:\Os meus Sites

    2009-09-17 09:52 . 2009-09-17 09:52 -------- d-----w- c:\programdata\WindowsSearch

    2009-09-16 21:11 . 2009-09-16 21:11 -------- d-----w- c:\users\Geral\AppData\Local\Stardock

    2009-09-14 21:37 . 2009-03-27 00:16 12672 ----a-w- c:\windows\system32\drivers\cpuz132_x32.sys

    2009-09-14 17:40 . 2009-09-15 11:56 -------- d-----w- c:\program files\SpeedFan

    2009-09-14 17:37 . 2009-09-14 17:37 -------- d-----w- c:\windows\Java

    2009-09-14 17:37 . 2009-09-14 21:37 -------- d-----w- c:\program files\CPUID

    2009-09-14 13:16 . 2009-09-14 13:16 -------- d-----w- c:\programdata\McAfee

    2009-09-14 12:42 . 2009-09-14 12:42 -------- d-----w- c:\programdata\McAfee Security Scan

    2009-09-10 10:50 . 2009-09-11 08:56 -------- d-----w- c:\program files\RocketDock

    2009-09-09 09:04 . 2009-06-10 11:41 2868224 ----a-w- c:\windows\system32\mf.dll

    2009-09-06 12:33 . 2009-09-06 12:33 -------- d-----w- c:\program files\Windows Installer Clean Up

    2009-09-03 17:23 . 2009-09-03 17:23 -------- d-----w- c:\programdata\HP Product Assistant

    2009-09-03 17:22 . 2009-09-03 17:22 -------- d-----w- c:\program files\Hewlett-Packard

    2009-09-03 17:22 . 2009-09-03 17:22 -------- d-----w- c:\program files\Common Files\HP

    2009-09-03 17:11 . 2009-09-03 17:42 175268 ----a-w- c:\windows\hpoins21.dat

    2009-09-03 17:11 . 2008-02-15 04:00 7262 ------w- c:\windows\hpomdl21.dat

    2009-09-03 17:11 . 2007-11-02 02:28 729088 ----a-w- c:\windows\system32\hpowiax5.dll

    2009-09-03 17:11 . 2007-11-02 02:28 303104 ----a-w- c:\windows\system32\hpovst12.dll

    2009-09-03 17:11 . 2007-11-02 02:28 364544 ----a-w- c:\windows\system32\hppldcoi.dll

    2009-09-03 17:11 . 2007-11-02 02:28 970752 ----a-w- c:\windows\system32\hpotiop5.dll

    2009-09-03 17:11 . 2007-11-02 02:28 309760 ----a-w- c:\windows\system32\difxapi.dll

    2009-09-03 04:10 . 2009-08-29 00:27 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

    2009-09-03 04:10 . 2009-08-29 00:14 28672 ----a-w- c:\windows\system32\Apphlpdm.dll

    2009-09-01 13:30 . 2009-09-01 13:30 -------- d-----w- c:\program files\WinHTTrack

    2009-09-01 09:51 . 2009-09-03 16:07 -------- d-----w- c:\users\Geral\AppData\Roaming\HpUpdate

    2009-09-01 09:48 . 2009-09-01 09:48 -------- d-----w- c:\windows\Hewlett-Packard

    .

    ((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2009-09-30 07:45 . 2008-08-17 10:40 -------- d-----w- c:\users\Geral\AppData\Roaming\Skype

    2009-09-30 07:44 . 2009-07-18 13:38 -------- d-----w- c:\programdata\Babylon

    2009-09-30 07:26 . 2007-01-18 04:49 637922 ----a-w- c:\windows\system32\prfc0816.dat

    2009-09-30 07:26 . 2007-01-18 04:49 1184722 ----a-w- c:\windows\system32\prfh0816.dat

    2009-09-30 07:04 . 2008-08-17 10:47 -------- d-----w- c:\users\Geral\AppData\Roaming\skypePM

    2009-09-30 05:44 . 2009-07-22 12:37 -------- d-----w- c:\program files\Blue Coat K9 Web Protection

    2009-09-30 05:44 . 2009-08-16 10:22 32879 ----a-w- c:\programdata\nvModes.dat

    2009-09-30 05:43 . 2008-07-17 17:33 -------- d-----w- c:\programdata\NVIDIA

    2009-09-27 09:56 . 2009-06-25 12:05 -------- d-----w- c:\programdata\Spybot - Search & Destroy

    2009-09-25 20:55 . 2008-07-17 15:46 143944 ----a-w- c:\users\Geral\AppData\Local\GDIPFONTCACHEV1.DAT

    2009-09-23 17:55 . 2009-05-05 07:55 -------- d-----w- c:\program files\Bíblia Católica v2.0

    2009-09-23 08:15 . 2008-07-29 08:30 -------- d-----w- c:\users\Geral\AppData\Roaming\U3

    2009-09-20 11:25 . 2009-08-25 07:36 -------- d-----w- c:\program files\System Explorer

    2009-09-19 21:32 . 2009-07-18 13:38 -------- d-----w- c:\users\Geral\AppData\Roaming\Babylon

    2009-09-13 21:26 . 2009-07-22 17:43 -------- d-----w- c:\users\Geral\AppData\Roaming\IObit

    2009-09-13 21:26 . 2009-07-22 17:43 -------- d-----w- c:\program files\IObit

    2009-09-11 08:03 . 2009-06-25 12:05 -------- d-----w- c:\program files\Spybot - Search & Destroy

    2009-09-09 09:11 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

    2009-09-09 09:11 . 2008-08-08 14:29 -------- d-----w- c:\program files\Microsoft Silverlight

    2009-09-09 09:11 . 2008-07-17 17:18 -------- d-----w- c:\programdata\Microsoft Help

    2009-09-07 22:40 . 2008-07-17 15:45 1356 ----a-w- c:\users\Geral\AppData\Local\d3d9caps.dat

    2009-09-06 12:33 . 2009-06-25 11:08 -------- d-----w- c:\program files\MSECache

    2009-09-03 18:40 . 2009-07-24 08:54 -------- d-----w- c:\users\Geral\AppData\Roaming\vlc

    2009-09-03 17:51 . 2008-11-13 13:05 19539 ----a-w- c:\windows\hpqins13.dat

    2009-09-03 17:47 . 2009-09-03 17:47 262144 ----a-w- c:\programdata\ntuser.dat

    2009-09-03 17:23 . 2008-07-18 15:15 -------- d-----w- c:\programdata\HP

    2009-09-03 16:17 . 2007-08-30 09:55 99858 ----a-w- c:\windows\hpqins05.dat

    2009-09-01 12:09 . 2008-08-04 16:03 -------- d-----w- c:\programdata\FLEXnet

    2009-08-27 18:47 . 2008-07-17 15:59 -------- d--h--w- c:\program files\InstallShield Installation Information

    2009-08-27 18:46 . 2009-08-27 18:27 -------- d-----w- c:\program files\SMC

    2009-08-27 14:31 . 2008-07-17 16:52 -------- d-----w- c:\program files\Common Files\Adobe

    2009-08-27 10:29 . 2009-08-27 09:59 -------- d-----w- c:\users\Geral\AppData\Roaming\Download Manager

    2009-08-25 12:28 . 2008-08-17 10:22 -------- d-----w- c:\program files\Google

    2009-08-25 08:43 . 2009-08-25 08:43 -------- d-----w- c:\users\Geral\AppData\Roaming\Ashampoo

    2009-08-25 08:43 . 2009-08-25 08:43 103424 ----a-w- c:\windows\system32\PowerUp3_nat.dll

    2009-08-25 08:34 . 2009-08-25 08:34 -------- d-----w- c:\program files\Security Process Explorer

    2009-08-25 07:40 . 2009-08-25 07:36 -------- d-----w- c:\programdata\SystemExplorer

    2009-08-24 22:31 . 2009-08-24 22:31 -------- d-----w- c:\users\Geral\AppData\Roaming\Auslogics

    2009-08-24 22:31 . 2009-08-24 22:31 -------- d-----w- c:\program files\Auslogics

    2009-08-24 09:03 . 2008-07-17 16:03 -------- d-----w- c:\program files\ASUS

    2009-08-24 08:45 . 2009-07-31 08:19 -------- d-----w- c:\program files\Free 3D Earth Screensaver

    2009-08-23 15:12 . 2008-08-27 10:37 -------- d-----w- c:\program files\UpsPilot

    2009-08-22 12:28 . 2009-08-19 07:52 -------- d-----w- c:\users\Geral\AppData\Roaming\FileZilla

    2009-08-22 09:22 . 2009-05-14 19:49 -------- d-----w- c:\program files\Mozilla Thunderbird

    2009-08-21 10:58 . 2008-07-31 10:03 -------- d-----w- c:\programdata\ScanSoft

    2009-08-21 10:58 . 2008-07-31 10:03 -------- d-----w- c:\program files\ScanSoft

    2009-08-20 08:13 . 2009-07-26 09:38 -------- d-----w- c:\users\Geral\AppData\Roaming\dvdcss

    2009-08-19 07:52 . 2009-08-19 07:52 -------- d-----w- c:\program files\FileZilla FTP Client

    2009-08-16 10:10 . 2009-08-16 10:10 -------- d-----w- c:\program files\NVIDIA Corporation

    2009-08-16 10:09 . 2009-08-16 10:09 -------- d-----w- c:\program files\AGEIA Technologies

    2009-08-16 10:08 . 2009-08-16 10:08 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

    2009-08-16 09:56 . 2009-08-16 09:56 -------- d-----w- c:\program files\SystemRequirementsLab

    2009-08-16 09:56 . 2009-08-16 09:56 -------- d-----w- c:\users\Geral\AppData\Roaming\SystemRequirementsLab

    2009-08-14 16:27 . 2009-09-09 09:05 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys

    2009-08-14 15:53 . 2009-09-09 09:05 17920 ----a-w- c:\windows\system32\netevent.dll

    2009-08-14 13:49 . 2009-09-09 09:05 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE

    2009-08-14 13:49 . 2009-09-09 09:05 17920 ----a-w- c:\windows\system32\ROUTE.EXE

    2009-08-14 13:49 . 2009-09-09 09:05 11264 ----a-w- c:\windows\system32\MRINFO.EXE

    2009-08-14 13:49 . 2009-09-09 09:05 27136 ----a-w- c:\windows\system32\NETSTAT.EXE

    2009-08-14 13:49 . 2009-09-09 09:05 19968 ----a-w- c:\windows\system32\ARP.EXE

    2009-08-14 13:49 . 2009-09-09 09:05 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE

    2009-08-14 13:49 . 2009-09-09 09:05 10240 ----a-w- c:\windows\system32\finger.exe

    2009-08-14 13:48 . 2009-09-09 09:05 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

    2009-08-14 13:48 . 2009-09-09 09:05 105984 ----a-w- c:\windows\system32\netiohlp.dll

    2009-08-14 03:22 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar

    2009-08-14 03:22 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration

    2009-08-14 03:22 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar

    2009-08-14 03:22 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery

    2009-08-14 03:22 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal

    2009-08-14 03:22 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender

    2009-08-14 03:22 . 2006-11-02 12:37 -------- d-----w- c:\program files\Microsoft Games

    2009-08-11 10:36 . 2009-06-25 14:41 -------- d-----w- c:\program files\SeekService

    2009-08-10 09:20 . 2009-08-10 09:20 -------- d-----w- c:\users\Geral\AppData\Roaming\Talkback

    2009-07-25 09:43 . 2009-07-25 09:43 53 ----a-w- c:\windows\DelToolbox.bat

    2009-07-21 21:52 . 2009-07-29 07:59 915456 ----a-w- c:\windows\system32\wininet.dll

    2009-07-21 21:47 . 2009-07-29 07:59 109056 ----a-w- c:\windows\system32\iesysprep.dll

    2009-07-21 21:47 . 2009-07-29 07:59 71680 ----a-w- c:\windows\system32\iesetup.dll

    2009-07-21 20:13 . 2009-07-29 07:59 133632 ----a-w- c:\windows\system32\ieUnatt.exe

    2009-07-17 16:30 . 2009-07-17 16:30 142384 ----a-w- c:\users\Utilizador\AppData\Local\GDIPFONTCACHEV1.DAT

    2009-07-17 13:54 . 2009-08-12 21:49 71680 ----a-w- c:\windows\system32\atl.dll

    2009-07-16 22:12 . 2009-07-23 14:29 44544 ----a-w- c:\windows\system32\msxml4a.dll

    2009-07-15 12:40 . 2009-08-12 21:49 8147456 ----a-w- c:\windows\system32\wmploc.DLL

    2009-07-15 12:39 . 2009-08-12 21:49 313344 ----a-w- c:\windows\system32\wmpdxm.dll

    2009-07-15 12:39 . 2009-08-12 21:49 4096 ----a-w- c:\windows\system32\dxmasf.dll

    2009-07-15 12:39 . 2009-08-12 21:49 7680 ----a-w- c:\windows\system32\spwmp.dll

    2009-07-14 18:54 . 2009-08-16 10:07 485920 ----a-w- c:\windows\system32\nvudisp.exe

    2009-07-14 18:54 . 2009-08-16 10:07 9557216 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

    2009-07-14 18:54 . 2009-08-16 10:07 3287040 ----a-w- c:\windows\system32\nvwgf2um.dll

    2009-07-14 18:54 . 2009-08-16 10:07 10854400 ----a-w- c:\windows\system32\nvoglv32.dll

    2009-07-14 18:54 . 2009-08-16 10:07 2169376 ----a-w- c:\windows\system32\nvcuvid.dll

    2009-07-14 18:54 . 2009-08-16 10:07 1983488 ----a-w- c:\windows\system32\nvcuda.dll

    2009-07-14 18:54 . 2009-08-16 10:07 1706528 ----a-w- c:\windows\system32\nvcuvenc.dll

    2009-07-14 18:54 . 2009-08-16 10:07 151552 ----a-w- c:\windows\system32\nvcod157.dll

    2009-07-14 18:54 . 2009-08-16 10:07 151552 ----a-w- c:\windows\system32\nvcod.dll

    2009-07-14 18:54 . 2007-07-06 05:15 7565824 ----a-w- c:\windows\system32\nvd3dum.dll

    2009-07-14 18:54 . 2007-07-06 05:15 1044992 ----a-w- c:\windows\system32\nvapi.dll

    2009-07-11 19:01 . 2009-09-09 09:05 513536 ----a-w- c:\windows\system32\wlansvc.dll

    2009-07-11 19:01 . 2009-09-09 09:05 302592 ----a-w- c:\windows\system32\wlansec.dll

    2009-07-11 19:01 . 2009-09-09 09:05 293376 ----a-w- c:\windows\system32\wlanmsm.dll

    2009-07-11 19:01 . 2009-09-09 09:05 65024 ----a-w- c:\windows\system32\wlanapi.dll

    2009-08-25 12:28 . 2009-08-25 12:28 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

    .

    ((((((((((((((((((((((((((((( SnapShot@2009-09-27_15.20.40 )))))))))))))))))))))))))))))))))))))))))

    .

    + 2008-07-17 16:02 . 2009-09-30 05:46 75654 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

    + 2006-11-02 13:05 . 2009-09-30 05:46 81914 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

    + 2008-07-17 15:47 . 2009-09-30 05:46 13826 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2089727552-4062423731-2301173062-1000_UserData.bin

    - 2006-11-02 13:02 . 2009-09-27 11:49 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

    + 2006-11-02 13:02 . 2009-09-30 05:44 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

    - 2006-11-02 13:02 . 2009-09-27 11:49 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

    + 2006-11-02 13:02 . 2009-09-30 05:44 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

    + 2006-11-02 13:02 . 2009-09-30 05:44 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

    - 2006-11-02 13:02 . 2009-09-27 11:49 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

    - 2009-09-27 11:49 . 2009-09-27 11:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

    + 2009-09-30 05:43 . 2009-09-30 05:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

    - 2009-09-27 11:49 . 2009-09-27 11:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

    + 2009-09-30 05:43 . 2009-09-30 05:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

    + 2008-07-18 20:09 . 2009-09-29 17:22 394652 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin

    + 2006-11-02 10:33 . 2009-09-30 07:26 611196 c:\windows\System32\perfc009.dat

    - 2009-07-09 05:03 . 2009-09-25 20:59 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

    + 2009-07-09 05:03 . 2009-09-29 17:37 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

    + 2006-11-02 10:33 . 2009-09-30 07:26 1121264 c:\windows\System32\perfh009.dat

    .

    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

    .

    .

    *Nota* entradas vazias e legítimas por defeito não são mostradas.

    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]

    @="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"

    [HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]

    2008-08-08 10:28 97064 ----a-w- c:\program files\Nero\Nero8\InCD\NBHShx.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688]

    "RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]

    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "Babylon Client"="c:\program files\Babylon\Babylon-Pro\Babylon.exe" [2009-07-07 3706768]

    "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-08-25 30192]

    "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]

    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]

    "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-02-27 38768]

    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

    "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-02-27 640376]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "EnableLUA"= 0 (0x0)

    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

    "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

    @="Service"

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]

    backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup

    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

    backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup

    backupExtension=.CommonStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

    "VistaSp2"=hex(B):ce,d8,58,ff,8e,1c,ca,01

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2089727552-4062423731-2301173062-1000]

    "EnableNotificationsRef"=dword:00000004

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2089727552-4062423731-2301173062-1001]

    "EnableNotificationsRef"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

    "{9937B00E-A54F-4CA3-AECD-A943D7EE7317}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

    "{9D79F79B-23E2-412B-A6B7-6C8F92F95952}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

    "{76EFBA76-43AF-41BC-94ED-2907EECEEEA6}"= Disabled:UDP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server

    "{31D16C5F-4805-457C-BCA5-9FB11DA5C731}"= Disabled:TCP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server

    "TCP Query User{F7620554-85A9-49EE-BF28-D554E3F69A59}d:\\sthiw\\stinstall.exe"= UDP:d:\sthiw\stinstall.exe:SpeedTouch Setup Wizard

    "UDP Query User{DBD9DA8A-F63E-4709-8A32-3C9D53A34DBA}d:\\sthiw\\stinstall.exe"= TCP:d:\sthiw\stinstall.exe:SpeedTouch Setup Wizard

    "TCP Query User{01B0B620-D53C-4988-868E-C9018EA716B9}c:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= UDP:c:\program files\nero\nero8\nero home\nerohome.exe:Nero Home

    "UDP Query User{A3C04835-921A-4E68-88D4-D132112194F0}c:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= TCP:c:\program files\nero\nero8\nero home\nerohome.exe:Nero Home

    "{32A177E9-6F12-4ADE-A300-D0FD7ED1B5EF}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

    "{A1DCA234-0312-4916-9092-4CE8724083E3}"= c:\program files\Skype\Phone\Skype.exe:Skype

    "{E56BB8DE-EB3A-4DAE-8A8C-779C6433F72F}"= c:\program files\Skype\Phone\Skype.exe:Skype

    "{6605E52E-DD8B-4F18-B431-E727A0044895}"= c:\program files\Skype\Phone\Skype.exe:Skype

    "{0923E21F-B1D9-415C-8CC2-93AAE5EED489}"= c:\program files\HP\Digital Imaging\bin\hpqpse.exe:hpqpse.exe

    "{3EEB5443-2F32-4F24-ADA2-77D9789F29A5}"= c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe:hpqphotocrm.exe

    "{61030871-D04C-4194-9F09-951EB597EB65}"= c:\program files\HP\Digital Imaging\bin\hpqsudi.exe:hpqsudi.exe

    "{A67B3DE7-E1E2-4BEB-A4C6-141CBC0156C9}"= c:\program files\HP\Digital Imaging\bin\hpqpsapp.exe:hpqpsapp.exe

    "{97B18ECD-6644-4F69-8162-77D5BBFFF7DA}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe

    "{A3D02601-D623-489D-B201-33483A02955C}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe

    "{217C5169-2CCC-4A16-B419-4F7FC773D32F}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe

    "{9CE1F1CA-581C-40E7-82DF-D11A799DEB8B}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe

    "{E2BD1F60-C7A7-45EB-A013-9122B45F22A0}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe

    "{C2140165-4711-40D6-BBB7-BE0F985DF8C3}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe

    "{C53E39BF-43EF-49AD-9B79-4FF1BCAEB2FE}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe

    "{B7DF64A7-6B86-4074-B715-7DE8B28FF8F9}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe

    "{D688D444-D3C0-411C-BC27-7DA0C718DCDB}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe

    "{EA86AF40-F451-4F98-9382-380B3FF1622D}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe

    "{F840034F-DCD3-41EF-839D-277C7655AC61}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe

    "{35A42B67-EEA7-44B1-86C7-DE52148E1850}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe

    "{1E6565B4-0B35-4499-82B1-99F997EE0438}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe

    "{C74F9B4A-6413-4CC6-AFAB-F39A69659E4A}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe

    "{71BEE14C-4581-4F21-9133-3F9C8E6A355D}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpiscnapp.exe:hpiscnapp.exe

    "{0FB9283B-9CA1-4116-9C4E-CABF528C3BCA}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpiscnapp.exe:hpiscnapp.exe

    "{A67EF226-8BE0-49BB-8F1A-5B7BDB384D31}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe

    "{CFA08273-0672-4009-8FB5-41D826A51764}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe

    "{B3AD4B83-3547-4BD4-AA22-374FEDDD631B}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync

    "{5522E970-F809-4252-9F3A-670827353A96}"= UDP:c:\program files\ASUS\AASP\1.00.59\AsLoader.exe:AsLoader

    "{7A52608C-C7EF-4BD5-87D5-C3585F27EF9F}"= TCP:c:\program files\ASUS\AASP\1.00.59\AsLoader.exe:AsLoader

    "{8F58D381-EC55-489D-A2B6-4143D0106E12}"= UDP:c:\program files\ASUS\Ai Suite\EnergySaving\PwSave.exe:PwSave

    "{79219383-EEF6-4176-B30F-3C0B272289E0}"= TCP:c:\program files\ASUS\Ai Suite\EnergySaving\PwSave.exe:PwSave

    "{F6207809-7909-4DB6-B271-CA906CE1E891}"= UDP:c:\program files\ASUS\Ai Suite\CpuLevelUpHookLaunch.exe:CpuLevelUpHookLaunch

    "{88A9AE8C-E8FE-4A5B-839B-C8ADA0AE0FBE}"= TCP:c:\program files\ASUS\Ai Suite\CpuLevelUpHookLaunch.exe:CpuLevelUpHookLaunch

    "{F8446BCF-C354-410B-99E8-A5DB4429DF6A}"= UDP:c:\program files\ASUS\AASP\1.00.59\AsRunHelp.exe:AsRunHelp

    "{4E1D8C4E-77CD-4AED-B42E-7C51E2207614}"= TCP:c:\program files\ASUS\AASP\1.00.59\AsRunHelp.exe:AsRunHelp

    "{027F80EF-C905-4628-BC89-CAD3A9525F6C}"= UDP:c:\program files\ASUS\AASP\1.00.59\aaCenter.exe:aaCenter

    "{EEA549B5-4477-4964-955C-9ABA36EA28C2}"= TCP:c:\program files\ASUS\AASP\1.00.59\aaCenter.exe:aaCenter

    "{2027D653-A93E-486F-9ED1-0B4DDB48BE65}"= UDP:c:\program files\ASUS\Ai Suite\AiSuite.exe:AI Suite v1.03.27

    "{4CB86386-9662-4327-9D65-A3F1DFFED324}"= TCP:c:\program files\ASUS\Ai Suite\AiSuite.exe:AI Suite v1.03.27

    "{39D7DE6A-B3CB-40B3-9445-823A686DA9F0}"= UDP:c:\program files\ASUS\Ai Suite\CpuLevelUpHook32.exe:CpuLevelUpHook32

    "{2EA4A342-0127-44CB-A2AD-84600557C63B}"= TCP:c:\program files\ASUS\Ai Suite\CpuLevelUpHook32.exe:CpuLevelUpHook32

    "{B6216C0E-E8DC-46B8-92F5-A77E5EAC851B}"= UDP:c:\program files\ASUS\Ai Suite\CpuLevelUpHook64.exe:CpuLevelUpHook64

    "{A7D6E70A-078C-42F3-B7E8-5372EB5C84DD}"= TCP:c:\program files\ASUS\Ai Suite\CpuLevelUpHook64.exe:CpuLevelUpHook64

    "{102C3DF5-B017-4DB6-9925-F88536575A43}"= UDP:c:\program files\Adobe\Photoshop 7.0\ImageReady.exe:Adobe ImageReady 7.0

    "{B3E8E674-3D2C-4035-92AE-CBAAB7A28D4F}"= TCP:c:\program files\Adobe\Photoshop 7.0\ImageReady.exe:Adobe ImageReady 7.0

    "{06CFCC26-BEDF-4776-B7EA-C3D375C82C47}"= UDP:c:\program files\ASUS\Ai Suite\RegSchdTask.exe:RegSchdTask

    "{A1D0BB05-84BB-405F-A560-65616AE949D9}"= TCP:c:\program files\ASUS\Ai Suite\RegSchdTask.exe:RegSchdTask

    "{07412892-8EEF-4780-A26E-E9A6E6DFBBE5}"= UDP:c:\program files\Babylon\Babylon-Pro\Babylon.exe:Babylon

    "{02E30890-51F6-4CCF-BB5A-91C380C303A2}"= TCP:c:\program files\Babylon\Babylon-Pro\Babylon.exe:Babylon

    "{D6BC082C-0A62-48B5-B2F0-02919411835A}"= UDP:c:\program files\Alwil Software\Avast4\ashAvast.exe:avast! Antivirus

    "{1A0BDF1B-F709-4302-A302-E76324AC8658}"= TCP:c:\program files\Alwil Software\Avast4\ashAvast.exe:avast! Antivirus

    "{0254D70F-86AB-4F3D-B23B-C23E9EDAABB2}"= UDP:c:\program files\Spybot - Search & Destroy\SpybotSD.exe:Spybot - Search & Destroy

    "{68EE1B64-669C-44F2-8783-2D29D8CA8A56}"= TCP:c:\program files\Spybot - Search & Destroy\SpybotSD.exe:Spybot - Search & Destroy

    "{1ED2B055-B8B3-483E-ACFF-BED69BDACD47}"= UDP:c:\program files\Spybot - Search & Destroy\SDUpdate.exe:Update Spybot-S&D

    "{79CFCC2F-3071-4F91-B636-C2ABEDD6B5FB}"= TCP:c:\program files\Spybot - Search & Destroy\SDUpdate.exe:Update Spybot-S&D

    "{67DD79B9-D689-49FA-998E-8F41A282F771}"= UDP:c:\program files\Google\Google Earth\googleearth.exe:Google Earth

    "{DFE14236-5A26-454A-A414-5A1722972B98}"= TCP:c:\program files\Google\Google Earth\googleearth.exe:Google Earth

    "{4360EE28-EB7E-4A14-989D-30716188C2FF}"= UDP:c:\program files\FileZilla FTP Client\filezilla.exe:FileZilla

    "{7C34F830-5F3D-48A9-ABE3-5C632C6D4C6B}"= TCP:c:\program files\FileZilla FTP Client\filezilla.exe:FileZilla

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

    "EnableFirewall"= 0 (0x0)

    R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [18-09-2009 23:23 28544]

    R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [23-09-2009 20:22 114768]

    R1 bckd;bckd;c:\windows\System32\drivers\bckd.sys [14-01-2009 00:39 72992]

    R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [23-09-2009 20:22 20560]

    R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [23-09-2009 20:22 53328]

    R2 bckwfs;Blue Coat K9 Web Protection;c:\program files\Blue Coat K9 Web Protection\k9filter.exe [14-01-2009 00:39 1078560]

    R2 cpuz132;cpuz132;c:\windows\System32\drivers\cpuz132_x32.sys [14-09-2009 22:37 12672]

    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [25-06-2009 13:05 1153368]

    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [14-07-2009 12:28 239648]

    R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [30-03-2009 16:28 1533808]

    R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\System32\drivers\athrusb.sys [29-07-2008 04:45 904192]

    S2 DirMngr;DirMngr;c:\program files\GNU\GnuPG\dirmngr.exe [07-08-2009 18:19 242176]

    S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [09-07-2009 05:44 55280]

    S3 GoogleDesktopManager-060409-093314;Gerenciador do Google Desktop 5.9.906.4286;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [25-08-2009 13:28 30192]

    S4 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [11-09-2007 00:45 124832]

    S4 fsssvc;Segurança Familiar do Windows Live;c:\program files\Windows Live\Family Safety\fsssvc.exe [06-02-2009 18:08 533360]

    S4 gupdate;Serviço Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [20-07-2009 21:02 133104]

    S4 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [08-08-2008 11:28 53032]

    S4 SeekService Service;SeekService Service; [x]

    --- =Outros Serviços/Drivers Na Memória ---

    *Deregistered* - PROCEXP113

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

    "c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

    .

    Conteúdo da pasta 'Tarefas Agendadas'

    2009-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

    - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-20 20:02]

    2009-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

    - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-20 20:02]

    2009-09-30 c:\windows\Tasks\User_Feed_Synchronization-{8C53BD34-E904-4AA3-99A6-5F15D3AEF76F}.job

    - c:\windows\system32\msfeedssync.exe [2009-07-29 20:13]

    2009-09-20 c:\windows\Tasks\User_Feed_Synchronization-{D200C210-2D3D-4928-9654-1424D03CAF08}.job

    - c:\windows\system32\msfeedssync.exe [2009-07-29 20:13]

    .

    .

    ------- Scan Suplementar -------

    .

    uStart Page = hxxp://www.google.com

    mStart Page = hxxp://www.shareware-pt.com/pt/index.php?rvs=hompag

    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

    IE: &Point&&Go - c:\program files\Common Files\Expert System\PGPlatform\PGPlatform.htm

    IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

    IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

    IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

    IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

    IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

    IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm

    IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm

    IE: {{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm

    LSP: c:\windows\system32\wpclsp.dll

    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

    FF - ProfilePath - c:\users\Geral\AppData\Roaming\Mozilla\Firefox\Profiles\8v5szns4.default\

    FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch

    FF - prefs.js: browser.search.selectedEngine - Google

    FF - prefs.js: browser.startup.homepage - www.google.pt

    FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

    FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll

    FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll

    FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    .

    - - - - ORFÃOS REMOVIDOS - - - -

    AddRemove-HijackThis - C:\HijackThis.exe

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2009-09-30 08:47

    Windows 6.0.6002 Service Pack 2 NTFS

    Procurando processos ocultos ...

    Procurando entradas auto inicializáveis ocultas ...

    Procurando ficheiros/arquivos ocultos ...

    Varredura completada com sucesso

    arquivos/ficheiros ocultos: 0

    **************************************************************************

    .

    --------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

    @Denied: (A) (Users)

    @Denied: (A) (Everyone)

    @Allowed: (B 1 2 3 4 5) (S-1-5-20)

    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

    @Denied: (A) (Users)

    @Denied: (A) (Everyone)

    @Allowed: (B 1 2 3 4 5) (S-1-5-20)

    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

    @Denied: (A) (Users)

    @Denied: (A) (Everyone)

    @Allowed: (B 1 2 3 4 5) (S-1-5-20)

    "BlindDial"=dword:00000000

    .

    --------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

    - - - - - - - > 'explorer.exe'(5000)

    c:\program files\Nero\Nero8\InCD\NBHShx.dll

    c:\program files\Nero\Nero8\InCD\NBHStr.dll

    c:\program files\Common Files\Nero\Shared\NL3\AdvrCntr3.dll

    .

    Tempo para conclusão: 2009-09-30 8:49

    ComboFix-quarantined-files.txt 2009-09-30 07:49

    ComboFix2.txt 2009-09-27 15:22

    ComboFix3.txt 2009-09-25 13:43

    Pré-execução: 290.063.331.328 bytes livres

    Pós execução: 290.043.863.040 bytes livres

    Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4

    419 --- E O F --- 2009-09-28 17:19

    Editado por K9_2009

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    RenatoMejias    1.041

    Faça download do Kaspersky Removal Tool. Salve em seu desktop (área de trabalho).

    • Instale o programa normalmente, seguindo todas as instruções.
    • Uma pasta chamada Virus Removal Tool será criada no desktop.
    • Na tela principal do programa clique na opção Meu computador, Startup objects, Disk boot sectors e depois clique no botão Scan.
    • Seja paciente, o scan pode demorar
    • Se ele encontrar alguma infecção abrirá uma janela de alerta clique em skip.
    • Após completar tudo, clique no botão Reports... e clique em Save to file.
    • Dê um nome para o arquivo e salve numa pasta de sua preferência.
    • Feche o resultado clicando no X da janela.
    • Logo em seguida feche o programa também clicando no X da janela. Ao fazer isso será questionado se quer desinstalar a ferramenta, clique em No. Poste o conteúdo desse arquivo em sua próxima resposta e aguarde.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    K9_2009    0
  • Autor do tópico
  • OBSERVAÇÕES:

    O Avast! continua acusando presença de vírus:

    :!:

    avast! [GERAL-PC]: O ficheiro "Processo 1044, bloco de memória 0x04BE0000, tamanho do bloco 262144" está infectado pelo vírus "JS:Agent-AU [Expl]".

    Foi utilizada a tarefa "Protecção de ecrã"

    A versão do ficheiro VPS actual é 091004-0, 04-10-2009

    :!:

    Scan

    ----

    Scanned: 1957201

    Detected: 1

    Untreated: 1

    Start time: 04-10-2009 10:57:27

    Duration: 09:07:11

    Finish time: 04-10-2009 20:04:38

    Detected

    --------

    Status Object

    ------ ------

    detected: adware not-a-virus:AdWare.Win32.CommonName.aq File: I:\MUSICAS\MÚSICAS ON AIR\SetupCloneDVD13112.exe

    Events

    ------

    Time Name Status Reason

    ---- ---- ------ ------

    04-10-2009 10:57:32 Running module: smss.exe\smss.exe ok scanned

    04-10-2009 10:57:33 File: C:\Windows\System32\smss.exe ok scanned

    04-10-2009 10:57:33 Running module: smss.exe\ntdll.dll ok scanned

    04-10-2009 10:57:33 File: C:\Windows\system32\ntdll.dll ok scanned

    04-10-2009 10:57:33 Running module: csrss.exe\csrss.exe ok scanned

    04-10-2009 10:57:33 File: C:\Windows\system32\csrss.exe ok scanned

    04-10-2009 10:57:33 Running module: csrss.exe\ntdll.dll ok scanned

    04-10-2009 10:57:33 File: C:\Windows\system32\ntdll.dll ok scanned

    04-10-2009 10:57:33 Running module: csrss.exe\CSRSRV.dll ok scanned

    04-10-2009 10:57:33 File: C:\Windows\system32\CSRSRV.dll ok scanned

    04-10-2009 10:57:33 Running module: csrss.exe\basesrv.dll ok scanned

    Statistics

    ----------

    Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted

    ------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ ---------

    Settings

    --------

    Parameter Value

    --------- -----

    Security Level Recommended

    Action Prompt for action when the scan is complete

    Run mode Manually

    File types Scan all files

    Scan only new and changed files No

    Scan archives All

    Scan embedded OLE objects All

    Skip if object is larger than No

    Skip if scan takes longer than No

    Parse email formats No

    Scan password-protected archives No

    Enable iChecker technology No

    Enable iSwift technology No

    Show detected threats on "Detected" tab Yes

    Rootkits search Yes

    Deep rootkits search No

    Use heuristic analyzer Yes

    Quarantine

    ----------

    Status Object Size Added

    ------ ------ ---- -----

    Backup

    ------

    Status Object Size

    ------ ------ ----

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    RenatoMejias    1.041

    Qual arquivo o Avast acusa como infecção?

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    K9_2009    0
  • Autor do tópico
  • Segundo a mensagem do Avast não se trata próprio de um arquivo mas de uma parte da memoria RAM :conf::

    Avast! [GERAL-PC]: O ficheiro "Processo 1024, bloco de memória 0x04BE0000, tamanho do bloco 262144" está infectado pelo vírus "JS:Agent-AU [Expl]".

    Foi utilizada a tarefa "Protecção de ecrã"

    Será um BUG do Avast???

    #####################################################

    Neste momento me veio a ideia de controlar, através do Gestor de Tarefas, qual arquivo corresponde ao Processo 1024 indicado pelo Avast e vi que é o arquivo svchost.exe.

    Através do Svchostanalyzer obtive mais informações sobre este processo:

    Processo = svchost.exe;

    ID = 1024;

    Arquivo = C:\Windows\System32\svchost.exe;

    Grupo = secsvcs;

    Services = 1

    O processo contém os serviços seguintes:

    Display Name = Windows Defender;

    Service Name = WinDefend;

    File = C:\Program Files\Windows Defender\mpsvc.dll;

    Status = active

    Parametro ou linha de comando = C:\Windows\System32\svchost.exe -k secsvcs

    Observei ainda que o ID do processo infectado (segundo o Avast) muda quase toda a vez que eu reavio o PC, às vezes é 988, outras 1044, etc; agora é 1024.

    Editado por RenatoMejias
    Remover formatação desnecessária.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    RenatoMejias    1.041
    Neste momento me veio a ideia de controlar, através do Gestor de Tarefas, qual arquivo corresponde ao Processo 1024 indicado pelo Avast e vi que é o arquivo svchost.exe.

    O processo svchost é legitimo, não se preocupe com ele.

    "JS:Agent-AU [Expl]".

    Isso aparece quando você está navegando na internet ou usando algum determinado programa?

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    K9_2009    0
  • Autor do tópico
  • Isso aparece quando você está navegando na internet ou usando algum determinado programa?

    Isto acontece sempre. Em qualquer condição. Quando tenho o Screensavers do Avast activado com a opção de escanção da memoria logo que este se avia me aparece a mensagem de presença de vírus.

    #########################################

    Dias atrás observei que eram três os processos com os quais o Avast "implicava", e me recordo que eram todos ligados a sistemas de protecção.

    Ontem eu resolvi dar umas manutenção no computador e actualizar tudo o que era possível inclusive os drives.

    Agora o Avast acusa vírus (JS:ScriptSH-inf [Trj]) somente no seguinte processo:

    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (este processo é ligado ao Spybot)

    Editado por K9_2009
    O AVAST mudou o comportamento.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    RenatoMejias    1.041

    Poderia postar uma imagem do problema?

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    K9_2009    0
  • Autor do tópico
  • Não sei muito bem postar imagens aqui, mas vai lá:

    Processo 3044 = TiaTimer

    post-616225-13884953381549_thumb.jpg

    post-616225-13884953381944_thumb.jpg

    post-616225-13884953382165_thumb.jpg

    Editado por K9_2009

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    RenatoMejias    1.041

    Aparentemente trata-se de um falso positivo do AVAST, desative o TeaTimer e veja se persiste o problema.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    K9_2009    0
  • Autor do tópico
  • Olá Renato! Depois de uma recente desventura que tive com o computador (http://forum.clubedohardware.com.br/controlo-acesso-me/728881?t=728881) retorno aqui para dizer que de facto esta do Avast é mesmo um falso alarme ou um bug porque acontece somente quando uso a proteção de ecrã do Avast, quando uso a escanção normal o arquivo TiaTimer passa sem problemas.

    Creio que podemos reter este "problema de vírus" como resolvido.

    Muito obrigado pela tua ajuda, Deus te pague!!! :bandeira:

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    RenatoMejias    1.041

    Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com a moderação solicitando o desbloqueio.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Visitante
    Este tópico está impedido de receber novos posts.
    Entre para seguir isso  





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×