×
×
Ir ao conteúdo
  • Cadastre-se

Protecção de ecrã (Screensaver) do Avast acusa presença de vírus


K9_2009

Posts recomendados

Olá!

Inicialmente eu tinha a intenção de pedir ajuda sobre um log do ComboFix mas lendo as regras do fórum e especificamente as dos logs no seguinte link

http://forum.clubedohardware.com.br/leia-antes-postar/597599

decidi seguir as indicações, porém encontrei problemas logo ao inicio pois ao tentar aviar o arquivo dds.scr não acontecia o descrito nas instruções bem sim se abria o Bloco de Notas contendo as seguinte primeiras linhas:

:confused:

MZP ÿÿ ¸ @ º ´ Í!¸LÍ!This program must be run under Win32

:confused:

Se alguém me pode ajudar, agradeço imensamente!

OBs.: Eu uso um Desktop com Windows Vista Home Premiun SP2.

Link para o comentário
Compartilhar em outros sites

  • Coordenador

Use o seguinte link para fazer download do DDS:

http://www.forospyware.com/sUBs/dds

Link para o comentário
Compartilhar em outros sites

Obrigado RenatoMejias pela resposta, estava já pensando que não seria atendido.

Tenho já o log do DDS que segue.

Gostaria de descrever o meu problema: já da um tempo que suspeito de um vírus no meu computador porque começou a ficar lento (se bem não demasiadamente). Por este motivo rodei quase todos os antivírus Online conhecidos e de facto encontrei alguns arquivos infectados ou corroídos, mas nenhum activo (não eram executáveis). Usei o ComBofix mas não sabendo interpretar o log não resolveu nada (mas me recordo que não encontrou nenhum processo oculto).

Estava já convencendo-me que o computador não tinha nada quando resolvi mudar as configurações de Protecção de Ecrã do Avast acrescentando entre as áreas a serem escaneadas a opção "Memória RAM do computador" e então me apareceu a seguinte mensagem:

Protecção de ecrã do Avast!

Ficheiro: Processo 988, bloco de memória 0x04B40000, tamanho do bloco 26214

Número de ficheiros: 3744

Foi encontrado o vírus JS:Agent-AV[EXPL], o teste foi interrompido!!!

Deve ser um super vírus este JS:Agent-AV[EXPL] pois nenhum Antivírus o detecta, nem mesmo a escanção em Boot do Avast.

Mas poderia também ser um falso positivo do Avast...

Não sei, é por isso que vos peço ajuda. Porém digo já que receio usar o GMER porque já tentei roda-lo umas cinco (5) vezes e deu sempre a :eek:Tela Azul do Windows:eek:. Por isso posto o log do DDS e do HijackThis:

DDS (Ver_09-09-24.01) - NTFSx86

Run by Geral at 8:31:23,57 on 28-09-2009

Internet Explorer: 8.0.6001.18813 BrowserJavaVersion: 1.6.0_14

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.351.2070.18.3326.1785 [GMT 1:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe

C:\Program Files\GNU\GnuPG\dirmngr.exe

C:\Windows\system32\svchost.exe -k hpdevmgmt

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Windows\Explorer.EXE

C:\Program Files\ASUS\AASP\1.00.59\aaCenter.exe

C:\Program Files\ASUS\Ai Suite\EnergySaving\PwSave.exe

C:\Program Files\Babylon\Babylon-Pro\Babylon.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\RocketDock\RocketDock.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Babylon\Babylon-Pro\Agent\BabylonAgent.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Windows\system32\rundll32.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Geral\Desktop\dds.pif

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com

uSearch Page = hxxp://www.google.com

mSearch Page = hxxp://www.shareware-pt.com/pt/index.php?rvs=hompag

mStart Page = hxxp://www.shareware-pt.com/pt/index.php?rvs=hompag

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

mSearchAssistant = hxxp://www.google.com/ie

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Programa Auxiliar de Início de Sessão do Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Babylon IE plugin: {9cfaccb6-2f3f-4177-94ea-0d2b72d384c1} - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe

mRun: [babylon Client] c:\program files\babylon\babylon-pro\Babylon.exe -AutoStart

mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup

mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe

mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe

mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: &Point&&Go - c:\program files\common files\expert system\pgplatform\PGPlatform.htm

IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xportar para o Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Translate this web page with Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/ActionTU.htm

IE: Translate with Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/Action.htm

IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe

IE: {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/ActionTU.htm

IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

LSP: c:\windows\system32\wpclsp.dll

DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab

DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/você/bin/AvSniff.cab

DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

AppInit_DLLs: c:\progra~1\google\google~1\GoogleDesktopNetwork3.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\geral\appdata\roaming\mozilla\firefox\profiles\8v5szns4.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.google.pt

FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-9-18 28544]

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-9-23 114768]

R1 bckd;bckd;c:\windows\system32\drivers\bckd.sys [2009-1-14 72992]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-9-23 20560]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-9-23 53328]

R2 bckwfs;Blue Coat K9 Web Protection;c:\program files\blue coat k9 web protection\k9filter.exe [2009-1-14 1078560]

R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-9-14 12672]

R2 DirMngr;DirMngr;c:\program files\gnu\gnupg\dirmngr.exe [2009-8-7 242176]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-6-25 1153368]

R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2009-7-14 239648]

R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\common files\microsoft shared\windows live\WLIDSVC.EXE [2009-3-30 1533808]

R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\drivers\athrusb.sys [2008-7-29 904192]

S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-7-9 55280]

S3 GoogleDesktopManager-060409-093314;Gerenciador do Google Desktop 5.9.906.4286;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-8-25 30192]

S4 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\adobe\photoshop elements 6.0\PhotoshopElementsFileAgent.exe [2007-9-11 124832]

S4 fsssvc;Segurança Familiar do Windows Live;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]

S4 gupdate;Serviço Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-7-20 133104]

S4 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\nero\nero8\incd\NBHRegInCDSrv.exe [2008-8-8 53032]

S4 SeekService Service;SeekService Service; [x]

=============== Created Last 30 ================

2009-09-28 05:21 22 a------- c:\windows\S.dirmngr

2009-09-27 16:22 <DIR> --dsh--- C:\$RECYCLE.BIN

2009-09-27 16:14 <DIR> --d----- C:\ComboFix

2009-09-25 21:38 <DIR> --d----- c:\program files\SpywareBlaster

2009-09-25 18:45 <DIR> --d----- c:\program files\Marcos Velasco Security

2009-09-25 14:32 3,318,538 a----r-- C:\ComboFix.exe

2009-09-25 14:20 <DIR> --d----- c:\program files\Quicksys

2009-09-25 10:53 401,720 a------- C:\HijackThis.exe

2009-09-24 20:12 <DIR> --d-h--- c:\windows\PIF

2009-09-23 20:22 53,328 a------- c:\windows\system32\drivers\aswMonFlt.sys

2009-09-23 18:48 229,888 a------- c:\windows\PEV.exe

2009-09-23 18:48 161,792 a------- c:\windows\SWREG.exe

2009-09-23 18:48 98,816 a------- c:\windows\sed.exe

2009-09-22 13:18 <DIR> --d----- c:\users\geral\.kde

2009-09-21 22:09 <DIR> --d----- c:\users\geral\appdata\roaming\gnupg

2009-09-21 22:09 <DIR> --d----- c:\programdata\GNU

2009-09-21 22:09 <DIR> --d----- c:\progra~2\GNU

2009-09-21 22:09 <DIR> --d----- c:\program files\GNU

2009-09-21 20:32 102,664 a------- c:\windows\system32\drivers\tmcomm.sys

2009-09-21 20:31 <DIR> --d----- c:\users\geral\.housecall6.6

2009-09-20 11:49 <DIR> --d----- c:\users\geral\appdata\roaming\Uniblue

2009-09-19 10:36 <DIR> --d----- c:\program files\ESET

2009-09-18 23:23 28,544 a------- c:\windows\system32\drivers\pavboot.sys

2009-09-18 23:22 <DIR> --d----- c:\program files\Panda Security

2009-09-18 23:21 <DIR> --d----- c:\programdata\F-Secure

2009-09-18 23:21 <DIR> --d----- c:\progra~2\F-Secure

2009-09-17 20:58 <DIR> --d----- c:\program files\Chami

2009-09-17 19:58 <DIR> --d----- c:\users\geral\appdata\roaming\Nvu

2009-09-17 19:58 <DIR> --d----- c:\program files\Nvu

2009-09-17 19:20 <DIR> --d----- c:\users\geral\amaya

2009-09-17 19:20 <DIR> --d----- c:\program files\Amaya

2009-09-17 12:46 <DIR> --d----- C:\Os meus Sites

2009-09-17 10:52 <DIR> --d----- c:\programdata\WindowsSearch

2009-09-14 22:37 12,672 a------- c:\windows\system32\drivers\cpuz132_x32.sys

2009-09-14 18:40 <DIR> --d----- c:\program files\SpeedFan

2009-09-14 18:40 45 a------- c:\windows\system32\initdebug.nfo

2009-09-14 18:37 27,136 a------- c:\windows\system32\PCWizard.cpl

2009-09-14 18:37 <DIR> --d----- c:\windows\Java

2009-09-14 18:37 <DIR> --d----- c:\program files\CPUID

2009-09-14 14:16 <DIR> --d----- c:\programdata\McAfee

2009-09-14 13:42 <DIR> --d----- c:\programdata\McAfee Security Scan

2009-09-14 13:42 <DIR> --d----- c:\progra~2\McAfee Security Scan

2009-09-10 11:50 <DIR> --d----- c:\program files\RocketDock

2009-09-09 10:04 2,868,224 a------- c:\windows\system32\mf.dll

2009-09-08 14:13 <DIR> --d----- c:\programdata\Windows Genuine Advantage

2009-09-06 13:33 <DIR> --d----- c:\program files\Windows Installer Clean Up

2009-09-03 18:47 262,144 a------- c:\progra~2\ntuser.dat

2009-09-03 18:23 <DIR> --d----- c:\programdata\HP Product Assistant

2009-09-03 18:22 <DIR> --d----- c:\program files\common files\HP

2009-09-03 18:11 175,268 a------- c:\windows\hpoins21.dat

2009-09-03 18:11 7,262 -------- c:\windows\hpomdl21.dat

2009-09-03 18:11 729,088 a------- c:\windows\system32\hpowiax5.dll

2009-09-03 18:11 364,544 a------- c:\windows\system32\hppldcoi.dll

2009-09-03 18:11 303,104 a------- c:\windows\system32\hpovst12.dll

2009-09-03 18:11 970,752 a------- c:\windows\system32\hpotiop5.dll

2009-09-03 18:11 309,760 a------- c:\windows\system32\difxapi.dll

2009-09-03 05:10 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll

2009-09-03 05:10 28,672 a------- c:\windows\system32\Apphlpdm.dll

2009-09-01 14:30 <DIR> --d----- c:\program files\WinHTTrack

2009-09-01 10:51 <DIR> --d----- c:\users\geral\appdata\roaming\HpUpdate

2009-09-01 10:48 <DIR> --d----- c:\windows\Hewlett-Packard

==================== Find3M ====================

2009-09-28 08:30 1,142,602 a------- c:\windows\system32\prfh0816.dat

2009-09-28 08:30 597,530 a------- c:\windows\system32\prfc0816.dat

2009-09-28 06:59 32,879 a------- c:\programdata\nvModes.dat

2009-09-28 06:59 32,879 a------- c:\progra~2\nvModes.dat

2009-09-03 18:51 19,539 a------- c:\windows\hpqins13.dat

2009-09-03 18:19 86,016 a------- c:\windows\inf\infstor.dat

2009-09-03 18:19 51,200 a------- c:\windows\inf\infpub.dat

2009-09-03 18:19 143,360 a------- c:\windows\inf\infstrng.dat

2009-09-03 17:17 99,858 a------- c:\windows\hpqins05.dat

2009-08-29 03:30 173,056 a------- c:\windows\apppatch\AcXtrnal.dll

2009-08-29 03:30 458,752 a------- c:\windows\apppatch\AcSpecfc.dll

2009-08-29 03:30 2,159,616 a------- c:\windows\apppatch\AcGenral.dll

2009-08-29 03:30 542,720 a------- c:\windows\apppatch\AcLayers.dll

2009-08-25 09:43 103,424 a------- c:\windows\system32\PowerUp3_nat.dll

2009-08-14 17:27 904,776 a------- c:\windows\system32\drivers\tcpip.sys

2009-08-14 16:53 17,920 a------- c:\windows\system32\netevent.dll

2009-08-14 14:49 9,728 a------- c:\windows\system32\TCPSVCS.EXE

2009-08-14 14:49 17,920 a------- c:\windows\system32\ROUTE.EXE

2009-08-14 14:49 11,264 a------- c:\windows\system32\MRINFO.EXE

2009-08-14 14:49 27,136 a------- c:\windows\system32\NETSTAT.EXE

2009-08-14 14:49 19,968 a------- c:\windows\system32\ARP.EXE

2009-08-14 14:49 8,704 a------- c:\windows\system32\HOSTNAME.EXE

2009-08-14 14:49 10,240 a------- c:\windows\system32\finger.exe

2009-08-14 14:48 30,720 a------- c:\windows\system32\drivers\tcpipreg.sys

2009-08-14 14:48 105,984 a------- c:\windows\system32\netiohlp.dll

2009-08-14 04:22 665,600 a------- c:\windows\inf\drvindex.dat

2009-07-21 22:52 915,456 a------- c:\windows\system32\wininet.dll

2009-07-21 22:47 109,056 a------- c:\windows\system32\iesysprep.dll

2009-07-21 22:47 71,680 a------- c:\windows\system32\iesetup.dll

2009-07-21 21:13 133,632 a------- c:\windows\system32\ieUnatt.exe

2009-07-17 14:54 71,680 a------- c:\windows\system32\atl.dll

2009-07-16 23:12 44,544 a------- c:\windows\system32\msxml4a.dll

2009-07-15 13:40 8,147,456 a------- c:\windows\system32\wmploc.DLL

2009-07-15 13:39 313,344 a------- c:\windows\system32\wmpdxm.dll

2009-07-15 13:39 4,096 a------- c:\windows\system32\dxmasf.dll

2009-07-15 13:39 7,680 a------- c:\windows\system32\spwmp.dll

2009-07-14 19:54 10,854,400 a------- c:\windows\system32\nvoglv32.dll

2009-07-14 19:54 7,565,824 a------- c:\windows\system32\nvd3dum.dll

2009-07-14 19:54 3,287,040 a------- c:\windows\system32\nvwgf2um.dll

2009-07-14 19:54 2,169,376 a------- c:\windows\system32\nvcuvid.dll

2009-07-14 19:54 1,983,488 a------- c:\windows\system32\nvcuda.dll

2009-07-14 19:54 1,706,528 a------- c:\windows\system32\nvcuvenc.dll

2009-07-14 19:54 1,044,992 a------- c:\windows\system32\nvapi.dll

2009-07-14 19:54 485,920 a------- c:\windows\system32\nvudisp.exe

2009-07-14 19:54 151,552 a------- c:\windows\system32\nvcod157.dll

2009-07-14 19:54 151,552 a------- c:\windows\system32\nvcod.dll

2009-07-11 20:01 513,536 a------- c:\windows\system32\wlansvc.dll

2009-07-11 20:01 302,592 a------- c:\windows\system32\wlansec.dll

2009-07-11 20:01 293,376 a------- c:\windows\system32\wlanmsm.dll

2009-07-11 20:01 65,024 a------- c:\windows\system32\wlanapi.dll

2009-07-11 18:03 127,488 a------- c:\windows\system32\L2SecHC.dll

2009-07-10 07:01 485,920 a------- c:\windows\system32\nvuninst.exe

2009-07-08 20:26 117,769 a------- c:\windows\hpqins00.dat

2008-07-17 17:48 174 a--sh--- c:\program files\desktop.ini

2007-01-18 05:46 332,682 a------- c:\windows\inf\perflib\0816\perfi.dat

2007-01-18 05:46 332,682 a------- c:\windows\inf\perflib\0816\perfh.dat

2007-01-18 05:46 39,514 a------- c:\windows\inf\perflib\0816\perfd.dat

2007-01-18 05:46 39,514 a------- c:\windows\inf\perflib\0816\perfc.dat

2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat

2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat

2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat

2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

2000-12-12 11:17 100,432 -------- c:\program files\Win2000PPAHotfix.exe

============= FINISH: 8:32:26,77 ===============

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:28:20, on 28-09-2009

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18813)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\ASUS\AASP\1.00.59\aaCenter.exe

C:\Program Files\ASUS\Ai Suite\EnergySaving\PwSave.exe

C:\Program Files\Babylon\Babylon-Pro\Babylon.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\RocketDock\RocketDock.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Babylon\Babylon-Pro\Agent\BabylonAgent.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Windows\system32\rundll32.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.shareware-pt.com/pt/index.php?rvs=hompag

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.shareware-pt.com/pt/index.php?rvs=hompag

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - Default URLSearchHook is missing

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll

O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe

O8 - Extra context menu item: &Point&&Go - C:\Program Files\Common Files\Expert System\PGPlatform\PGPlatform.htm

O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm

O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Seleção HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll

O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O16 - DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/você/bin/AvSniff.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Blue Coat K9 Web Protection (bckwfs) - Unknown owner - C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe

O23 - Service: DirMngr - Unknown owner - C:\Program Files\GNU\GnuPG\dirmngr.exe

O23 - Service: Gerenciador do Google Desktop 5.9.906.4286 (GoogleDesktopManager-060409-093314) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--

End of file - 9620 bytes

Link para o comentário
Compartilhar em outros sites

  • Coordenador

Não é recomendado usar o ComboFix por conta própria.

Poste o log gerado por ele em C:\ComboFix.txt

Link para o comentário
Compartilhar em outros sites

ComboFix 09-09-22.03 - Geral 27-09-2009 16:15.3.4 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.351.2070.18.3326.2022 [GMT 1:00]

Executando de: C:\ComboFix.exe

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Madotate Desktop\madotate.exe

c:\programdata\Microsoft\Windows\Start Menu\Programs\Madotate Desktop\mtatecfg.exe

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-08-27 to 2009-09-27 ))))))))))))))))))))))))))))

.

2009-09-27 15:20 . 2009-09-27 15:20 -------- d-----w- c:\users\Geral\AppData\Local\temp

2009-09-27 15:20 . 2009-09-27 15:20 -------- d-----w- c:\users\Utilizador\AppData\Local\temp

2009-09-27 15:20 . 2009-09-27 15:20 -------- d-----w- c:\users\Public\AppData\Local\temp

2009-09-27 15:20 . 2009-09-27 15:20 -------- d-----w- c:\users\Default\AppData\Local\temp

2009-09-27 15:20 . 2009-09-27 15:20 -------- d-----w- c:\users\CONFIGURADOR\AppData\Local\temp

2009-09-25 20:38 . 2009-09-25 20:59 -------- d-----w- c:\program files\SpywareBlaster

2009-09-25 17:45 . 2009-09-25 17:45 -------- d-----w- c:\program files\Marcos Velasco Security

2009-09-25 13:32 . 2009-09-23 10:19 3318538 ----a-r- C:\ComboFix.exe

2009-09-25 13:20 . 2009-09-25 13:20 -------- d-----w- c:\program files\Quicksys

2009-09-25 09:53 . 2009-09-25 07:44 401720 ----a-w- C:\HijackThis.exe

2009-09-24 19:12 . 2009-09-24 19:12 -------- d--h--w- c:\windows\PIF

2009-09-23 19:22 . 2009-08-17 16:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2009-09-23 19:22 . 2009-08-17 16:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2009-09-23 19:22 . 2009-08-17 16:02 97480 ----a-w- c:\windows\system32\AvastSS.scr

2009-09-23 19:22 . 2009-08-17 16:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys

2009-09-23 19:22 . 2009-08-17 16:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2009-09-23 19:22 . 2009-08-17 16:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe

2009-09-23 19:22 . 2009-08-17 16:05 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2009-09-22 12:18 . 2009-09-22 12:18 -------- d-----w- c:\users\Geral\.kde

2009-09-22 12:09 . 2009-09-22 12:09 -------- d-----w- c:\users\Geral\AppData\Local\GNU

2009-09-21 21:09 . 2009-09-24 07:26 -------- d-----w- c:\users\Geral\AppData\Roaming\gnupg

2009-09-21 21:09 . 2009-09-21 21:09 -------- d-----w- c:\programdata\GNU

2009-09-21 21:09 . 2009-09-21 21:09 -------- d-----w- c:\program files\GNU

2009-09-21 19:32 . 2009-09-21 19:31 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys

2009-09-21 19:31 . 2009-09-22 17:15 -------- d-----w- c:\users\Geral\.housecall6.6

2009-09-20 10:49 . 2009-09-20 10:49 -------- d-----w- c:\users\Geral\AppData\Roaming\Uniblue

2009-09-19 15:04 . 2009-09-20 04:41 -------- d-----w- c:\windows\BDOSCAN8

2009-09-19 09:36 . 2009-09-19 09:36 -------- d-----w- c:\program files\ESET

2009-09-18 22:23 . 2008-06-19 16:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys

2009-09-18 22:22 . 2009-09-18 22:22 -------- d-----w- c:\program files\Panda Security

2009-09-18 22:21 . 2009-09-18 22:21 -------- d-----w- c:\programdata\F-Secure

2009-09-17 19:58 . 2009-09-17 20:02 -------- d-----w- c:\program files\Chami

2009-09-17 18:58 . 2009-09-17 18:58 -------- d-----w- c:\users\Geral\AppData\Roaming\Nvu

2009-09-17 18:58 . 2009-09-17 18:58 -------- d-----w- c:\program files\Nvu

2009-09-17 18:20 . 2009-09-18 07:33 -------- d-----w- c:\users\Geral\amaya

2009-09-17 18:20 . 2009-09-17 18:20 -------- d-----w- c:\program files\Amaya

2009-09-17 11:46 . 2009-09-22 20:05 -------- d-----w- C:\Os meus Sites

2009-09-17 09:52 . 2009-09-17 09:52 -------- d-----w- c:\programdata\WindowsSearch

2009-09-16 21:11 . 2009-09-16 21:11 -------- d-----w- c:\users\Geral\AppData\Local\Stardock

2009-09-14 21:37 . 2009-03-27 00:16 12672 ----a-w- c:\windows\system32\drivers\cpuz132_x32.sys

2009-09-14 17:40 . 2009-09-15 11:56 -------- d-----w- c:\program files\SpeedFan

2009-09-14 17:37 . 2009-09-14 17:37 -------- d-----w- c:\windows\Java

2009-09-14 17:37 . 2009-09-14 21:37 -------- d-----w- c:\program files\CPUID

2009-09-14 13:16 . 2009-09-14 13:16 -------- d-----w- c:\programdata\McAfee

2009-09-14 12:42 . 2009-09-14 12:42 -------- d-----w- c:\programdata\McAfee Security Scan

2009-09-10 10:50 . 2009-09-11 08:56 -------- d-----w- c:\program files\RocketDock

2009-09-09 09:04 . 2009-06-10 11:41 2868224 ----a-w- c:\windows\system32\mf.dll

2009-09-06 12:33 . 2009-09-06 12:33 -------- d-----w- c:\program files\Windows Installer Clean Up

2009-09-03 17:23 . 2009-09-03 17:23 -------- d-----w- c:\programdata\HP Product Assistant

2009-09-03 17:22 . 2009-09-03 17:22 -------- d-----w- c:\program files\Hewlett-Packard

2009-09-03 17:22 . 2009-09-03 17:22 -------- d-----w- c:\program files\Common Files\HP

2009-09-03 17:11 . 2009-09-03 17:42 175268 ----a-w- c:\windows\hpoins21.dat

2009-09-03 17:11 . 2008-02-15 04:00 7262 ------w- c:\windows\hpomdl21.dat

2009-09-03 17:11 . 2007-11-02 02:28 729088 ----a-w- c:\windows\system32\hpowiax5.dll

2009-09-03 17:11 . 2007-11-02 02:28 303104 ----a-w- c:\windows\system32\hpovst12.dll

2009-09-03 17:11 . 2007-11-02 02:28 364544 ----a-w- c:\windows\system32\hppldcoi.dll

2009-09-03 17:11 . 2007-11-02 02:28 970752 ----a-w- c:\windows\system32\hpotiop5.dll

2009-09-03 17:11 . 2007-11-02 02:28 309760 ----a-w- c:\windows\system32\difxapi.dll

2009-09-03 04:10 . 2009-08-29 00:27 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

2009-09-03 04:10 . 2009-08-29 00:14 28672 ----a-w- c:\windows\system32\Apphlpdm.dll

2009-09-01 13:30 . 2009-09-01 13:30 -------- d-----w- c:\program files\WinHTTrack

2009-09-01 09:51 . 2009-09-03 16:07 -------- d-----w- c:\users\Geral\AppData\Roaming\HpUpdate

2009-09-01 09:48 . 2009-09-01 09:48 -------- d-----w- c:\windows\Hewlett-Packard

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-09-27 15:14 . 2008-08-17 10:40 -------- d-----w- c:\users\Geral\AppData\Roaming\Skype

2009-09-27 15:09 . 2008-08-17 10:47 -------- d-----w- c:\users\Geral\AppData\Roaming\skypePM

2009-09-27 14:49 . 2009-07-18 13:38 -------- d-----w- c:\programdata\Babylon

2009-09-27 12:22 . 2009-07-22 12:37 -------- d-----w- c:\program files\Blue Coat K9 Web Protection

2009-09-27 11:55 . 2007-01-18 04:49 584066 ----a-w- c:\windows\system32\prfc0816.dat

2009-09-27 11:55 . 2007-01-18 04:49 1128562 ----a-w- c:\windows\system32\prfh0816.dat

2009-09-27 11:49 . 2009-08-16 10:22 32879 ----a-w- c:\programdata\nvModes.dat

2009-09-27 11:49 . 2008-07-17 17:33 -------- d-----w- c:\programdata\NVIDIA

2009-09-27 09:56 . 2009-06-25 12:05 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2009-09-25 20:55 . 2008-07-17 15:46 143944 ----a-w- c:\users\Geral\AppData\Local\GDIPFONTCACHEV1.DAT

2009-09-23 17:55 . 2009-05-05 07:55 -------- d-----w- c:\program files\Bíblia Católica v2.0

2009-09-23 08:15 . 2008-07-29 08:30 -------- d-----w- c:\users\Geral\AppData\Roaming\U3

2009-09-20 11:25 . 2009-08-25 07:36 -------- d-----w- c:\program files\System Explorer

2009-09-19 21:32 . 2009-07-18 13:38 -------- d-----w- c:\users\Geral\AppData\Roaming\Babylon

2009-09-13 21:26 . 2009-07-22 17:43 -------- d-----w- c:\users\Geral\AppData\Roaming\IObit

2009-09-13 21:26 . 2009-07-22 17:43 -------- d-----w- c:\program files\IObit

2009-09-11 08:03 . 2009-06-25 12:05 -------- d-----w- c:\program files\Spybot - Search & Destroy

2009-09-09 09:11 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2009-09-09 09:11 . 2008-08-08 14:29 -------- d-----w- c:\program files\Microsoft Silverlight

2009-09-09 09:11 . 2008-07-17 17:18 -------- d-----w- c:\programdata\Microsoft Help

2009-09-07 22:40 . 2008-07-17 15:45 1356 ----a-w- c:\users\Geral\AppData\Local\d3d9caps.dat

2009-09-06 12:33 . 2009-06-25 11:08 -------- d-----w- c:\program files\MSECache

2009-09-03 18:40 . 2009-07-24 08:54 -------- d-----w- c:\users\Geral\AppData\Roaming\vlc

2009-09-03 17:51 . 2008-11-13 13:05 19539 ----a-w- c:\windows\hpqins13.dat

2009-09-03 17:47 . 2009-09-03 17:47 262144 ----a-w- c:\programdata\ntuser.dat

2009-09-03 17:23 . 2008-07-18 15:15 -------- d-----w- c:\programdata\HP

2009-09-03 16:17 . 2007-08-30 09:55 99858 ----a-w- c:\windows\hpqins05.dat

2009-09-01 12:09 . 2008-08-04 16:03 -------- d-----w- c:\programdata\FLEXnet

2009-08-27 18:47 . 2008-07-17 15:59 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-08-27 18:46 . 2009-08-27 18:27 -------- d-----w- c:\program files\SMC

2009-08-27 14:31 . 2008-07-17 16:52 -------- d-----w- c:\program files\Common Files\Adobe

2009-08-27 10:29 . 2009-08-27 09:59 -------- d-----w- c:\users\Geral\AppData\Roaming\Download Manager

2009-08-25 12:28 . 2008-08-17 10:22 -------- d-----w- c:\program files\Google

2009-08-25 08:43 . 2009-08-25 08:43 -------- d-----w- c:\users\Geral\AppData\Roaming\Ashampoo

2009-08-25 08:43 . 2009-08-25 08:43 103424 ----a-w- c:\windows\system32\PowerUp3_nat.dll

2009-08-25 08:34 . 2009-08-25 08:34 -------- d-----w- c:\program files\Security Process Explorer

2009-08-25 07:40 . 2009-08-25 07:36 -------- d-----w- c:\programdata\SystemExplorer

2009-08-24 22:31 . 2009-08-24 22:31 -------- d-----w- c:\users\Geral\AppData\Roaming\Auslogics

2009-08-24 22:31 . 2009-08-24 22:31 -------- d-----w- c:\program files\Auslogics

2009-08-24 09:03 . 2008-07-17 16:03 -------- d-----w- c:\program files\ASUS

2009-08-24 08:45 . 2009-07-31 08:19 -------- d-----w- c:\program files\Free 3D Earth Screensaver

2009-08-23 15:12 . 2008-08-27 10:37 -------- d-----w- c:\program files\UpsPilot

2009-08-22 12:28 . 2009-08-19 07:52 -------- d-----w- c:\users\Geral\AppData\Roaming\FileZilla

2009-08-22 09:22 . 2009-05-14 19:49 -------- d-----w- c:\program files\Mozilla Thunderbird

2009-08-21 10:58 . 2008-07-31 10:03 -------- d-----w- c:\programdata\ScanSoft

2009-08-21 10:58 . 2008-07-31 10:03 -------- d-----w- c:\program files\ScanSoft

2009-08-20 08:13 . 2009-07-26 09:38 -------- d-----w- c:\users\Geral\AppData\Roaming\dvdcss

2009-08-19 07:52 . 2009-08-19 07:52 -------- d-----w- c:\program files\FileZilla FTP Client

2009-08-16 10:10 . 2009-08-16 10:10 -------- d-----w- c:\program files\NVIDIA Corporation

2009-08-16 10:09 . 2009-08-16 10:09 -------- d-----w- c:\program files\AGEIA Technologies

2009-08-16 10:08 . 2009-08-16 10:08 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2009-08-16 09:56 . 2009-08-16 09:56 -------- d-----w- c:\program files\SystemRequirementsLab

2009-08-16 09:56 . 2009-08-16 09:56 -------- d-----w- c:\users\Geral\AppData\Roaming\SystemRequirementsLab

2009-08-14 16:27 . 2009-09-09 09:05 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys

2009-08-14 15:53 . 2009-09-09 09:05 17920 ----a-w- c:\windows\system32\netevent.dll

2009-08-14 13:49 . 2009-09-09 09:05 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE

2009-08-14 13:49 . 2009-09-09 09:05 17920 ----a-w- c:\windows\system32\ROUTE.EXE

2009-08-14 13:49 . 2009-09-09 09:05 11264 ----a-w- c:\windows\system32\MRINFO.EXE

2009-08-14 13:49 . 2009-09-09 09:05 27136 ----a-w- c:\windows\system32\NETSTAT.EXE

2009-08-14 13:49 . 2009-09-09 09:05 19968 ----a-w- c:\windows\system32\ARP.EXE

2009-08-14 13:49 . 2009-09-09 09:05 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE

2009-08-14 13:49 . 2009-09-09 09:05 10240 ----a-w- c:\windows\system32\finger.exe

2009-08-14 13:48 . 2009-09-09 09:05 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

2009-08-14 13:48 . 2009-09-09 09:05 105984 ----a-w- c:\windows\system32\netiohlp.dll

2009-08-14 03:22 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar

2009-08-14 03:22 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration

2009-08-14 03:22 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar

2009-08-14 03:22 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery

2009-08-14 03:22 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal

2009-08-14 03:22 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender

2009-08-14 03:22 . 2006-11-02 12:37 -------- d-----w- c:\program files\Microsoft Games

2009-08-11 10:36 . 2009-06-25 14:41 -------- d-----w- c:\program files\SeekService

2009-08-10 09:20 . 2009-08-10 09:20 -------- d-----w- c:\users\Geral\AppData\Roaming\Talkback

2009-07-31 08:19 . 2009-07-31 08:19 -------- d-----w- c:\users\Geral\AppData\Roaming\TERMINAL Studio

2009-07-25 09:43 . 2009-07-25 09:43 53 ----a-w- c:\windows\DelToolbox.bat

2009-07-21 21:52 . 2009-07-29 07:59 915456 ----a-w- c:\windows\system32\wininet.dll

2009-07-21 21:47 . 2009-07-29 07:59 109056 ----a-w- c:\windows\system32\iesysprep.dll

2009-07-21 21:47 . 2009-07-29 07:59 71680 ----a-w- c:\windows\system32\iesetup.dll

2009-07-21 20:13 . 2009-07-29 07:59 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2009-07-17 16:30 . 2009-07-17 16:30 142384 ----a-w- c:\users\Utilizador\AppData\Local\GDIPFONTCACHEV1.DAT

2009-07-17 13:54 . 2009-08-12 21:49 71680 ----a-w- c:\windows\system32\atl.dll

2009-07-16 22:12 . 2009-07-23 14:29 44544 ----a-w- c:\windows\system32\msxml4a.dll

2009-07-15 12:40 . 2009-08-12 21:49 8147456 ----a-w- c:\windows\system32\wmploc.DLL

2009-07-15 12:39 . 2009-08-12 21:49 313344 ----a-w- c:\windows\system32\wmpdxm.dll

2009-07-15 12:39 . 2009-08-12 21:49 4096 ----a-w- c:\windows\system32\dxmasf.dll

2009-07-15 12:39 . 2009-08-12 21:49 7680 ----a-w- c:\windows\system32\spwmp.dll

2009-07-14 18:54 . 2009-08-16 10:07 485920 ----a-w- c:\windows\system32\nvudisp.exe

2009-07-14 18:54 . 2009-08-16 10:07 9557216 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2009-07-14 18:54 . 2009-08-16 10:07 3287040 ----a-w- c:\windows\system32\nvwgf2um.dll

2009-07-14 18:54 . 2009-08-16 10:07 10854400 ----a-w- c:\windows\system32\nvoglv32.dll

2009-07-14 18:54 . 2009-08-16 10:07 2169376 ----a-w- c:\windows\system32\nvcuvid.dll

2009-07-14 18:54 . 2009-08-16 10:07 1983488 ----a-w- c:\windows\system32\nvcuda.dll

2009-07-14 18:54 . 2009-08-16 10:07 1706528 ----a-w- c:\windows\system32\nvcuvenc.dll

2009-07-14 18:54 . 2009-08-16 10:07 151552 ----a-w- c:\windows\system32\nvcod157.dll

2009-07-14 18:54 . 2009-08-16 10:07 151552 ----a-w- c:\windows\system32\nvcod.dll

2009-07-14 18:54 . 2007-07-06 05:15 7565824 ----a-w- c:\windows\system32\nvd3dum.dll

2009-07-14 18:54 . 2007-07-06 05:15 1044992 ----a-w- c:\windows\system32\nvapi.dll

2009-07-11 19:01 . 2009-09-09 09:05 513536 ----a-w- c:\windows\system32\wlansvc.dll

2009-07-11 19:01 . 2009-09-09 09:05 302592 ----a-w- c:\windows\system32\wlansec.dll

2009-07-11 19:01 . 2009-09-09 09:05 293376 ----a-w- c:\windows\system32\wlanmsm.dll

2009-08-25 12:28 . 2009-08-25 12:28 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]

@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"

[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]

2008-08-08 10:28 97064 ----a-w- c:\program files\Nero\Nero8\InCD\NBHShx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688]

"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Babylon Client"="c:\program files\Babylon\Babylon-Pro\Babylon.exe" [2009-07-07 3706768]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-08-25 30192]

"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]

"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-02-27 38768]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-02-27 640376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]

backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup

backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup

backupExtension=.CommonStartup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpScheduler

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF3 Registry Controller

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"VistaSp2"=hex(B):ce,d8,58,ff,8e,1c,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2089727552-4062423731-2301173062-1000]

"EnableNotificationsRef"=dword:00000004

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2089727552-4062423731-2301173062-1001]

"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{9937B00E-A54F-4CA3-AECD-A943D7EE7317}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{9D79F79B-23E2-412B-A6B7-6C8F92F95952}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{76EFBA76-43AF-41BC-94ED-2907EECEEEA6}"= Disabled:UDP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server

"{31D16C5F-4805-457C-BCA5-9FB11DA5C731}"= Disabled:TCP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server

"TCP Query User{F7620554-85A9-49EE-BF28-D554E3F69A59}d:\\sthiw\\stinstall.exe"= UDP:d:\sthiw\stinstall.exe:SpeedTouch Setup Wizard

"UDP Query User{DBD9DA8A-F63E-4709-8A32-3C9D53A34DBA}d:\\sthiw\\stinstall.exe"= TCP:d:\sthiw\stinstall.exe:SpeedTouch Setup Wizard

"TCP Query User{01B0B620-D53C-4988-868E-C9018EA716B9}c:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= UDP:c:\program files\nero\nero8\nero home\nerohome.exe:Nero Home

"UDP Query User{A3C04835-921A-4E68-88D4-D132112194F0}c:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= TCP:c:\program files\nero\nero8\nero home\nerohome.exe:Nero Home

"{32A177E9-6F12-4ADE-A300-D0FD7ED1B5EF}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"{A1DCA234-0312-4916-9092-4CE8724083E3}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{E56BB8DE-EB3A-4DAE-8A8C-779C6433F72F}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{6605E52E-DD8B-4F18-B431-E727A0044895}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{0923E21F-B1D9-415C-8CC2-93AAE5EED489}"= c:\program files\HP\Digital Imaging\bin\hpqpse.exe:hpqpse.exe

"{3EEB5443-2F32-4F24-ADA2-77D9789F29A5}"= c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe:hpqphotocrm.exe

"{61030871-D04C-4194-9F09-951EB597EB65}"= c:\program files\HP\Digital Imaging\bin\hpqsudi.exe:hpqsudi.exe

"{A67B3DE7-E1E2-4BEB-A4C6-141CBC0156C9}"= c:\program files\HP\Digital Imaging\bin\hpqpsapp.exe:hpqpsapp.exe

"{97B18ECD-6644-4F69-8162-77D5BBFFF7DA}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe

"{A3D02601-D623-489D-B201-33483A02955C}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe

"{217C5169-2CCC-4A16-B419-4F7FC773D32F}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe

"{9CE1F1CA-581C-40E7-82DF-D11A799DEB8B}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe

"{E2BD1F60-C7A7-45EB-A013-9122B45F22A0}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe

"{C2140165-4711-40D6-BBB7-BE0F985DF8C3}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe

"{C53E39BF-43EF-49AD-9B79-4FF1BCAEB2FE}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe

"{B7DF64A7-6B86-4074-B715-7DE8B28FF8F9}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe

"{D688D444-D3C0-411C-BC27-7DA0C718DCDB}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe

"{EA86AF40-F451-4F98-9382-380B3FF1622D}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe

"{F840034F-DCD3-41EF-839D-277C7655AC61}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe

"{35A42B67-EEA7-44B1-86C7-DE52148E1850}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe

"{1E6565B4-0B35-4499-82B1-99F997EE0438}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe

"{C74F9B4A-6413-4CC6-AFAB-F39A69659E4A}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe

"{71BEE14C-4581-4F21-9133-3F9C8E6A355D}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpiscnapp.exe:hpiscnapp.exe

"{0FB9283B-9CA1-4116-9C4E-CABF528C3BCA}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpiscnapp.exe:hpiscnapp.exe

"{A67EF226-8BE0-49BB-8F1A-5B7BDB384D31}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe

"{CFA08273-0672-4009-8FB5-41D826A51764}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe

"{B3AD4B83-3547-4BD4-AA22-374FEDDD631B}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync

"{5522E970-F809-4252-9F3A-670827353A96}"= UDP:c:\program files\ASUS\AASP\1.00.59\AsLoader.exe:AsLoader

"{7A52608C-C7EF-4BD5-87D5-C3585F27EF9F}"= TCP:c:\program files\ASUS\AASP\1.00.59\AsLoader.exe:AsLoader

"{8F58D381-EC55-489D-A2B6-4143D0106E12}"= UDP:c:\program files\ASUS\Ai Suite\EnergySaving\PwSave.exe:PwSave

"{79219383-EEF6-4176-B30F-3C0B272289E0}"= TCP:c:\program files\ASUS\Ai Suite\EnergySaving\PwSave.exe:PwSave

"{F6207809-7909-4DB6-B271-CA906CE1E891}"= UDP:c:\program files\ASUS\Ai Suite\CpuLevelUpHookLaunch.exe:CpuLevelUpHookLaunch

"{88A9AE8C-E8FE-4A5B-839B-C8ADA0AE0FBE}"= TCP:c:\program files\ASUS\Ai Suite\CpuLevelUpHookLaunch.exe:CpuLevelUpHookLaunch

"{F8446BCF-C354-410B-99E8-A5DB4429DF6A}"= UDP:c:\program files\ASUS\AASP\1.00.59\AsRunHelp.exe:AsRunHelp

"{4E1D8C4E-77CD-4AED-B42E-7C51E2207614}"= TCP:c:\program files\ASUS\AASP\1.00.59\AsRunHelp.exe:AsRunHelp

"{027F80EF-C905-4628-BC89-CAD3A9525F6C}"= UDP:c:\program files\ASUS\AASP\1.00.59\aaCenter.exe:aaCenter

"{EEA549B5-4477-4964-955C-9ABA36EA28C2}"= TCP:c:\program files\ASUS\AASP\1.00.59\aaCenter.exe:aaCenter

"{2027D653-A93E-486F-9ED1-0B4DDB48BE65}"= UDP:c:\program files\ASUS\Ai Suite\AiSuite.exe:AI Suite v1.03.27

"{4CB86386-9662-4327-9D65-A3F1DFFED324}"= TCP:c:\program files\ASUS\Ai Suite\AiSuite.exe:AI Suite v1.03.27

"{39D7DE6A-B3CB-40B3-9445-823A686DA9F0}"= UDP:c:\program files\ASUS\Ai Suite\CpuLevelUpHook32.exe:CpuLevelUpHook32

"{2EA4A342-0127-44CB-A2AD-84600557C63B}"= TCP:c:\program files\ASUS\Ai Suite\CpuLevelUpHook32.exe:CpuLevelUpHook32

"{B6216C0E-E8DC-46B8-92F5-A77E5EAC851B}"= UDP:c:\program files\ASUS\Ai Suite\CpuLevelUpHook64.exe:CpuLevelUpHook64

"{A7D6E70A-078C-42F3-B7E8-5372EB5C84DD}"= TCP:c:\program files\ASUS\Ai Suite\CpuLevelUpHook64.exe:CpuLevelUpHook64

"{102C3DF5-B017-4DB6-9925-F88536575A43}"= UDP:c:\program files\Adobe\Photoshop 7.0\ImageReady.exe:Adobe ImageReady 7.0

"{B3E8E674-3D2C-4035-92AE-CBAAB7A28D4F}"= TCP:c:\program files\Adobe\Photoshop 7.0\ImageReady.exe:Adobe ImageReady 7.0

"{06CFCC26-BEDF-4776-B7EA-C3D375C82C47}"= UDP:c:\program files\ASUS\Ai Suite\RegSchdTask.exe:RegSchdTask

"{A1D0BB05-84BB-405F-A560-65616AE949D9}"= TCP:c:\program files\ASUS\Ai Suite\RegSchdTask.exe:RegSchdTask

"{07412892-8EEF-4780-A26E-E9A6E6DFBBE5}"= UDP:c:\program files\Babylon\Babylon-Pro\Babylon.exe:Babylon

"{02E30890-51F6-4CCF-BB5A-91C380C303A2}"= TCP:c:\program files\Babylon\Babylon-Pro\Babylon.exe:Babylon

"{D6BC082C-0A62-48B5-B2F0-02919411835A}"= UDP:c:\program files\Alwil Software\Avast4\ashAvast.exe:avast! Antivirus

"{1A0BDF1B-F709-4302-A302-E76324AC8658}"= TCP:c:\program files\Alwil Software\Avast4\ashAvast.exe:avast! Antivirus

"{0254D70F-86AB-4F3D-B23B-C23E9EDAABB2}"= UDP:c:\program files\Spybot - Search & Destroy\SpybotSD.exe:Spybot - Search & Destroy

"{68EE1B64-669C-44F2-8783-2D29D8CA8A56}"= TCP:c:\program files\Spybot - Search & Destroy\SpybotSD.exe:Spybot - Search & Destroy

"{1ED2B055-B8B3-483E-ACFF-BED69BDACD47}"= UDP:c:\program files\Spybot - Search & Destroy\SDUpdate.exe:Update Spybot-S&D

"{79CFCC2F-3071-4F91-B636-C2ABEDD6B5FB}"= TCP:c:\program files\Spybot - Search & Destroy\SDUpdate.exe:Update Spybot-S&D

"{67DD79B9-D689-49FA-998E-8F41A282F771}"= UDP:c:\program files\Google\Google Earth\googleearth.exe:Google Earth

"{DFE14236-5A26-454A-A414-5A1722972B98}"= TCP:c:\program files\Google\Google Earth\googleearth.exe:Google Earth

"{4360EE28-EB7E-4A14-989D-30716188C2FF}"= UDP:c:\program files\FileZilla FTP Client\filezilla.exe:FileZilla

"{7C34F830-5F3D-48A9-ABE3-5C632C6D4C6B}"= TCP:c:\program files\FileZilla FTP Client\filezilla.exe:FileZilla

R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [18-09-2009 23:23 28544]

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [23-09-2009 20:22 114768]

R1 bckd;bckd;c:\windows\System32\drivers\bckd.sys [14-01-2009 00:39 72992]

R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [23-09-2009 20:22 20560]

R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [23-09-2009 20:22 53328]

R2 bckwfs;Blue Coat K9 Web Protection;c:\program files\Blue Coat K9 Web Protection\k9filter.exe [14-01-2009 00:39 1078560]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [25-06-2009 13:05 1153368]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [14-07-2009 12:28 239648]

R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\System32\drivers\athrusb.sys [29-07-2008 04:45 904192]

S2 cpuz132;cpuz132;c:\windows\System32\drivers\cpuz132_x32.sys [14-09-2009 22:37 12672]

S2 DirMngr;DirMngr;c:\program files\GNU\GnuPG\dirmngr.exe [07-08-2009 18:19 242176]

S2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [30-03-2009 16:28 1533808]

S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [09-07-2009 05:44 55280]

S3 GoogleDesktopManager-060409-093314;Gerenciador do Google Desktop 5.9.906.4286;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [25-08-2009 13:28 30192]

S4 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [11-09-2007 00:45 124832]

S4 fsssvc;Segurança Familiar do Windows Live;c:\program files\Windows Live\Family Safety\fsssvc.exe [06-02-2009 18:08 533360]

S4 gupdate;Serviço Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [20-07-2009 21:02 133104]

S4 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [08-08-2008 11:28 53032]

S4 SeekService Service;SeekService Service; [x]

--- =Outros Serviços/Drivers Na Memória ---

*NewlyCreated* - CPUZ132

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Conteúdo da pasta 'Tarefas Agendadas'

2009-09-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-20 20:02]

2009-09-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-20 20:02]

2009-09-27 c:\windows\Tasks\User_Feed_Synchronization-{8C53BD34-E904-4AA3-99A6-5F15D3AEF76F}.job

- c:\windows\system32\msfeedssync.exe [2009-07-29 20:13]

2009-09-20 c:\windows\Tasks\User_Feed_Synchronization-{D200C210-2D3D-4928-9654-1424D03CAF08}.job

- c:\windows\system32\msfeedssync.exe [2009-07-29 20:13]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com

mStart Page = hxxp://www.shareware-pt.com/pt/index.php?rvs=hompag

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

IE: &Point&&Go - c:\program files\Common Files\Expert System\PGPlatform\PGPlatform.htm

IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm

IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm

IE: {{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm

LSP: c:\windows\system32\wpclsp.dll

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

FF - ProfilePath - c:\users\Geral\AppData\Roaming\Mozilla\Firefox\Profiles\8v5szns4.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.google.pt

FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll

FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll

FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-09-27 16:20

Windows 6.0.6002 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_USERS\S-1-5-21-2089727552-4062423731-2301173062-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3905DF8B-F558-6C2A-9808-5BD9043C0262}*]

"jajdmnpmabdfamcnohac"=hex:63,61,6f,68,68,64,00,00

"pabeloahcgoimbhedihohlflobfohlkb"=hex:62,61,66,67,00,64

"hajdmnpmabdfamcn"=hex:61,61,00,00

[HKEY_USERS\S-1-5-21-2089727552-4062423731-2301173062-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FEAF3BED-5D91-DFC8-D6D6-8829A3F072AE}*]

"abiibifmgpmkpdlamfjkbgmnbgndknnbjn"=hex:6a,61,6d,6c,6a,6d,6b,68,6e,69,6e,70,

6d,62,64,68,6a,6d,67,70,00,52

"pagjbgnenibakpggbmmdhbophneglfga"=hex:6a,61,6d,6c,6c,6d,61,6a,68,6f,67,65,6f,

62,6f,67,6d,67,64,6b,00,8b

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Tempo para conclusão: 2009-09-27 16:22

ComboFix-quarantined-files.txt 2009-09-27 15:22

ComboFix2.txt 2009-09-25 13:43

Pré-execução: 297.632.702.464 bytes livres

Pós execução: 297.522.114.560 bytes livres

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4

400 --- E O F --- 2009-09-25 07:37

Link para o comentário
Compartilhar em outros sites

  • Coordenador

Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Código":


RegNull::


[HKEY_USERS\S-1-5-21-2089727552-4062423731-2301173062-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3905DF8B-F558-6C2A-9808-5BD9043C0262}*]

[HKEY_USERS\S-1-5-21-2089727552-4062423731-2301173062-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FEAF3BED-5D91-DFC8-D6D6-8829A3F072AE}*]

  • Salve este arquivo como: CFScript.txt
    CFScriptB-4.gif
  • Tal com exemplificado na foto acima, arraste o arquivo CFScript.txt para dentro do ComboFix.exe
  • Quando a ferramenta terminar de rodar, gerará um log. Poste esse arquivo C:\ComboFix.txt.

Link para o comentário
Compartilhar em outros sites

OBSERVAÇÕES:

* Na dúvida se devia executar as tuas instruções a partir do Desktop ou da "Pasta Raiz" (C:\ ) decidi colocar o ComboFix e o arquivo CFSript.txt dentro de C:\ e depois arrastar este ultimo para dentro do ComboFix.

* Por ter desactivado os sistemas de protecção do computador resolvi desconectar-me da internet também.

* Quando se aviou o processo do ComboFix me apareceu uma mensagem dizendo (mais ou menos) que a cópia do programa era expirada e que era necessário apagar a actual e baixar uma outra. Porém quando fechei a caixa de diálogo o ComboFix se aviou normalmente e gerou o seguinte log:

ComboFix 09-09-22.03 - Geral 30-09-2009 8:46.4.4 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.351.2070.18.3326.2258 [GMT 1:00]

Executando de: C:\ComboFix.exe

Comandos utilizados :: C:\CFScript.txt

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

- MODO DE FUNCIONALIDADE REDUZIDA -

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-08-28 to 2009-09-30 ))))))))))))))))))))))))))))

.

2009-09-30 07:47 . 2009-09-30 07:47 -------- d-----w- c:\users\Geral\AppData\Local\temp

2009-09-30 07:47 . 2009-09-30 07:47 -------- d-----w- c:\users\Utilizador\AppData\Local\temp

2009-09-30 07:47 . 2009-09-30 07:47 -------- d-----w- c:\users\Public\AppData\Local\temp

2009-09-30 07:47 . 2009-09-30 07:47 -------- d-----w- c:\users\Default\AppData\Local\temp

2009-09-30 07:47 . 2009-09-30 07:47 -------- d-----w- c:\users\CONFIGURADOR\AppData\Local\temp

2009-09-28 17:41 . 2009-09-28 17:41 -------- d-----w- c:\users\Geral\AppData\Local\Apps

2009-09-25 20:38 . 2009-09-25 20:59 -------- d-----w- c:\program files\SpywareBlaster

2009-09-25 17:45 . 2009-09-25 17:45 -------- d-----w- c:\program files\Marcos Velasco Security

2009-09-25 13:32 . 2009-09-23 10:19 3318538 ----a-r- C:\ComboFix.exe

2009-09-25 13:20 . 2009-09-25 13:20 -------- d-----w- c:\program files\Quicksys

2009-09-24 19:12 . 2009-09-24 19:12 -------- d--h--w- c:\windows\PIF

2009-09-23 19:22 . 2009-09-15 10:54 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2009-09-23 19:22 . 2009-09-15 10:54 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2009-09-23 19:22 . 2009-08-17 16:02 97480 ----a-w- c:\windows\system32\AvastSS.scr

2009-09-23 19:22 . 2009-09-15 10:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys

2009-09-23 19:22 . 2009-09-15 10:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2009-09-23 19:22 . 2009-09-15 10:59 1279968 ----a-w- c:\windows\system32\aswBoot.exe

2009-09-23 19:22 . 2009-09-15 10:55 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2009-09-22 12:18 . 2009-09-22 12:18 -------- d-----w- c:\users\Geral\.kde

2009-09-22 12:09 . 2009-09-22 12:09 -------- d-----w- c:\users\Geral\AppData\Local\GNU

2009-09-21 21:09 . 2009-09-24 07:26 -------- d-----w- c:\users\Geral\AppData\Roaming\gnupg

2009-09-21 21:09 . 2009-09-21 21:09 -------- d-----w- c:\programdata\GNU

2009-09-21 21:09 . 2009-09-21 21:09 -------- d-----w- c:\program files\GNU

2009-09-21 19:32 . 2009-09-21 19:31 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys

2009-09-21 19:31 . 2009-09-22 17:15 -------- d-----w- c:\users\Geral\.housecall6.6

2009-09-20 10:49 . 2009-09-20 10:49 -------- d-----w- c:\users\Geral\AppData\Roaming\Uniblue

2009-09-19 15:04 . 2009-09-20 04:41 -------- d-----w- c:\windows\BDOSCAN8

2009-09-19 09:36 . 2009-09-19 09:36 -------- d-----w- c:\program files\ESET

2009-09-18 22:23 . 2008-06-19 16:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys

2009-09-18 22:22 . 2009-09-18 22:22 -------- d-----w- c:\program files\Panda Security

2009-09-18 22:21 . 2009-09-18 22:21 -------- d-----w- c:\programdata\F-Secure

2009-09-17 19:58 . 2009-09-17 20:02 -------- d-----w- c:\program files\Chami

2009-09-17 18:58 . 2009-09-17 18:58 -------- d-----w- c:\users\Geral\AppData\Roaming\Nvu

2009-09-17 18:58 . 2009-09-17 18:58 -------- d-----w- c:\program files\Nvu

2009-09-17 18:20 . 2009-09-18 07:33 -------- d-----w- c:\users\Geral\amaya

2009-09-17 18:20 . 2009-09-17 18:20 -------- d-----w- c:\program files\Amaya

2009-09-17 11:46 . 2009-09-22 20:05 -------- d-----w- C:\Os meus Sites

2009-09-17 09:52 . 2009-09-17 09:52 -------- d-----w- c:\programdata\WindowsSearch

2009-09-16 21:11 . 2009-09-16 21:11 -------- d-----w- c:\users\Geral\AppData\Local\Stardock

2009-09-14 21:37 . 2009-03-27 00:16 12672 ----a-w- c:\windows\system32\drivers\cpuz132_x32.sys

2009-09-14 17:40 . 2009-09-15 11:56 -------- d-----w- c:\program files\SpeedFan

2009-09-14 17:37 . 2009-09-14 17:37 -------- d-----w- c:\windows\Java

2009-09-14 17:37 . 2009-09-14 21:37 -------- d-----w- c:\program files\CPUID

2009-09-14 13:16 . 2009-09-14 13:16 -------- d-----w- c:\programdata\McAfee

2009-09-14 12:42 . 2009-09-14 12:42 -------- d-----w- c:\programdata\McAfee Security Scan

2009-09-10 10:50 . 2009-09-11 08:56 -------- d-----w- c:\program files\RocketDock

2009-09-09 09:04 . 2009-06-10 11:41 2868224 ----a-w- c:\windows\system32\mf.dll

2009-09-06 12:33 . 2009-09-06 12:33 -------- d-----w- c:\program files\Windows Installer Clean Up

2009-09-03 17:23 . 2009-09-03 17:23 -------- d-----w- c:\programdata\HP Product Assistant

2009-09-03 17:22 . 2009-09-03 17:22 -------- d-----w- c:\program files\Hewlett-Packard

2009-09-03 17:22 . 2009-09-03 17:22 -------- d-----w- c:\program files\Common Files\HP

2009-09-03 17:11 . 2009-09-03 17:42 175268 ----a-w- c:\windows\hpoins21.dat

2009-09-03 17:11 . 2008-02-15 04:00 7262 ------w- c:\windows\hpomdl21.dat

2009-09-03 17:11 . 2007-11-02 02:28 729088 ----a-w- c:\windows\system32\hpowiax5.dll

2009-09-03 17:11 . 2007-11-02 02:28 303104 ----a-w- c:\windows\system32\hpovst12.dll

2009-09-03 17:11 . 2007-11-02 02:28 364544 ----a-w- c:\windows\system32\hppldcoi.dll

2009-09-03 17:11 . 2007-11-02 02:28 970752 ----a-w- c:\windows\system32\hpotiop5.dll

2009-09-03 17:11 . 2007-11-02 02:28 309760 ----a-w- c:\windows\system32\difxapi.dll

2009-09-03 04:10 . 2009-08-29 00:27 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

2009-09-03 04:10 . 2009-08-29 00:14 28672 ----a-w- c:\windows\system32\Apphlpdm.dll

2009-09-01 13:30 . 2009-09-01 13:30 -------- d-----w- c:\program files\WinHTTrack

2009-09-01 09:51 . 2009-09-03 16:07 -------- d-----w- c:\users\Geral\AppData\Roaming\HpUpdate

2009-09-01 09:48 . 2009-09-01 09:48 -------- d-----w- c:\windows\Hewlett-Packard

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-09-30 07:45 . 2008-08-17 10:40 -------- d-----w- c:\users\Geral\AppData\Roaming\Skype

2009-09-30 07:44 . 2009-07-18 13:38 -------- d-----w- c:\programdata\Babylon

2009-09-30 07:26 . 2007-01-18 04:49 637922 ----a-w- c:\windows\system32\prfc0816.dat

2009-09-30 07:26 . 2007-01-18 04:49 1184722 ----a-w- c:\windows\system32\prfh0816.dat

2009-09-30 07:04 . 2008-08-17 10:47 -------- d-----w- c:\users\Geral\AppData\Roaming\skypePM

2009-09-30 05:44 . 2009-07-22 12:37 -------- d-----w- c:\program files\Blue Coat K9 Web Protection

2009-09-30 05:44 . 2009-08-16 10:22 32879 ----a-w- c:\programdata\nvModes.dat

2009-09-30 05:43 . 2008-07-17 17:33 -------- d-----w- c:\programdata\NVIDIA

2009-09-27 09:56 . 2009-06-25 12:05 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2009-09-25 20:55 . 2008-07-17 15:46 143944 ----a-w- c:\users\Geral\AppData\Local\GDIPFONTCACHEV1.DAT

2009-09-23 17:55 . 2009-05-05 07:55 -------- d-----w- c:\program files\Bíblia Católica v2.0

2009-09-23 08:15 . 2008-07-29 08:30 -------- d-----w- c:\users\Geral\AppData\Roaming\U3

2009-09-20 11:25 . 2009-08-25 07:36 -------- d-----w- c:\program files\System Explorer

2009-09-19 21:32 . 2009-07-18 13:38 -------- d-----w- c:\users\Geral\AppData\Roaming\Babylon

2009-09-13 21:26 . 2009-07-22 17:43 -------- d-----w- c:\users\Geral\AppData\Roaming\IObit

2009-09-13 21:26 . 2009-07-22 17:43 -------- d-----w- c:\program files\IObit

2009-09-11 08:03 . 2009-06-25 12:05 -------- d-----w- c:\program files\Spybot - Search & Destroy

2009-09-09 09:11 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2009-09-09 09:11 . 2008-08-08 14:29 -------- d-----w- c:\program files\Microsoft Silverlight

2009-09-09 09:11 . 2008-07-17 17:18 -------- d-----w- c:\programdata\Microsoft Help

2009-09-07 22:40 . 2008-07-17 15:45 1356 ----a-w- c:\users\Geral\AppData\Local\d3d9caps.dat

2009-09-06 12:33 . 2009-06-25 11:08 -------- d-----w- c:\program files\MSECache

2009-09-03 18:40 . 2009-07-24 08:54 -------- d-----w- c:\users\Geral\AppData\Roaming\vlc

2009-09-03 17:51 . 2008-11-13 13:05 19539 ----a-w- c:\windows\hpqins13.dat

2009-09-03 17:47 . 2009-09-03 17:47 262144 ----a-w- c:\programdata\ntuser.dat

2009-09-03 17:23 . 2008-07-18 15:15 -------- d-----w- c:\programdata\HP

2009-09-03 16:17 . 2007-08-30 09:55 99858 ----a-w- c:\windows\hpqins05.dat

2009-09-01 12:09 . 2008-08-04 16:03 -------- d-----w- c:\programdata\FLEXnet

2009-08-27 18:47 . 2008-07-17 15:59 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-08-27 18:46 . 2009-08-27 18:27 -------- d-----w- c:\program files\SMC

2009-08-27 14:31 . 2008-07-17 16:52 -------- d-----w- c:\program files\Common Files\Adobe

2009-08-27 10:29 . 2009-08-27 09:59 -------- d-----w- c:\users\Geral\AppData\Roaming\Download Manager

2009-08-25 12:28 . 2008-08-17 10:22 -------- d-----w- c:\program files\Google

2009-08-25 08:43 . 2009-08-25 08:43 -------- d-----w- c:\users\Geral\AppData\Roaming\Ashampoo

2009-08-25 08:43 . 2009-08-25 08:43 103424 ----a-w- c:\windows\system32\PowerUp3_nat.dll

2009-08-25 08:34 . 2009-08-25 08:34 -------- d-----w- c:\program files\Security Process Explorer

2009-08-25 07:40 . 2009-08-25 07:36 -------- d-----w- c:\programdata\SystemExplorer

2009-08-24 22:31 . 2009-08-24 22:31 -------- d-----w- c:\users\Geral\AppData\Roaming\Auslogics

2009-08-24 22:31 . 2009-08-24 22:31 -------- d-----w- c:\program files\Auslogics

2009-08-24 09:03 . 2008-07-17 16:03 -------- d-----w- c:\program files\ASUS

2009-08-24 08:45 . 2009-07-31 08:19 -------- d-----w- c:\program files\Free 3D Earth Screensaver

2009-08-23 15:12 . 2008-08-27 10:37 -------- d-----w- c:\program files\UpsPilot

2009-08-22 12:28 . 2009-08-19 07:52 -------- d-----w- c:\users\Geral\AppData\Roaming\FileZilla

2009-08-22 09:22 . 2009-05-14 19:49 -------- d-----w- c:\program files\Mozilla Thunderbird

2009-08-21 10:58 . 2008-07-31 10:03 -------- d-----w- c:\programdata\ScanSoft

2009-08-21 10:58 . 2008-07-31 10:03 -------- d-----w- c:\program files\ScanSoft

2009-08-20 08:13 . 2009-07-26 09:38 -------- d-----w- c:\users\Geral\AppData\Roaming\dvdcss

2009-08-19 07:52 . 2009-08-19 07:52 -------- d-----w- c:\program files\FileZilla FTP Client

2009-08-16 10:10 . 2009-08-16 10:10 -------- d-----w- c:\program files\NVIDIA Corporation

2009-08-16 10:09 . 2009-08-16 10:09 -------- d-----w- c:\program files\AGEIA Technologies

2009-08-16 10:08 . 2009-08-16 10:08 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2009-08-16 09:56 . 2009-08-16 09:56 -------- d-----w- c:\program files\SystemRequirementsLab

2009-08-16 09:56 . 2009-08-16 09:56 -------- d-----w- c:\users\Geral\AppData\Roaming\SystemRequirementsLab

2009-08-14 16:27 . 2009-09-09 09:05 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys

2009-08-14 15:53 . 2009-09-09 09:05 17920 ----a-w- c:\windows\system32\netevent.dll

2009-08-14 13:49 . 2009-09-09 09:05 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE

2009-08-14 13:49 . 2009-09-09 09:05 17920 ----a-w- c:\windows\system32\ROUTE.EXE

2009-08-14 13:49 . 2009-09-09 09:05 11264 ----a-w- c:\windows\system32\MRINFO.EXE

2009-08-14 13:49 . 2009-09-09 09:05 27136 ----a-w- c:\windows\system32\NETSTAT.EXE

2009-08-14 13:49 . 2009-09-09 09:05 19968 ----a-w- c:\windows\system32\ARP.EXE

2009-08-14 13:49 . 2009-09-09 09:05 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE

2009-08-14 13:49 . 2009-09-09 09:05 10240 ----a-w- c:\windows\system32\finger.exe

2009-08-14 13:48 . 2009-09-09 09:05 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

2009-08-14 13:48 . 2009-09-09 09:05 105984 ----a-w- c:\windows\system32\netiohlp.dll

2009-08-14 03:22 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar

2009-08-14 03:22 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration

2009-08-14 03:22 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar

2009-08-14 03:22 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery

2009-08-14 03:22 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal

2009-08-14 03:22 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender

2009-08-14 03:22 . 2006-11-02 12:37 -------- d-----w- c:\program files\Microsoft Games

2009-08-11 10:36 . 2009-06-25 14:41 -------- d-----w- c:\program files\SeekService

2009-08-10 09:20 . 2009-08-10 09:20 -------- d-----w- c:\users\Geral\AppData\Roaming\Talkback

2009-07-25 09:43 . 2009-07-25 09:43 53 ----a-w- c:\windows\DelToolbox.bat

2009-07-21 21:52 . 2009-07-29 07:59 915456 ----a-w- c:\windows\system32\wininet.dll

2009-07-21 21:47 . 2009-07-29 07:59 109056 ----a-w- c:\windows\system32\iesysprep.dll

2009-07-21 21:47 . 2009-07-29 07:59 71680 ----a-w- c:\windows\system32\iesetup.dll

2009-07-21 20:13 . 2009-07-29 07:59 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2009-07-17 16:30 . 2009-07-17 16:30 142384 ----a-w- c:\users\Utilizador\AppData\Local\GDIPFONTCACHEV1.DAT

2009-07-17 13:54 . 2009-08-12 21:49 71680 ----a-w- c:\windows\system32\atl.dll

2009-07-16 22:12 . 2009-07-23 14:29 44544 ----a-w- c:\windows\system32\msxml4a.dll

2009-07-15 12:40 . 2009-08-12 21:49 8147456 ----a-w- c:\windows\system32\wmploc.DLL

2009-07-15 12:39 . 2009-08-12 21:49 313344 ----a-w- c:\windows\system32\wmpdxm.dll

2009-07-15 12:39 . 2009-08-12 21:49 4096 ----a-w- c:\windows\system32\dxmasf.dll

2009-07-15 12:39 . 2009-08-12 21:49 7680 ----a-w- c:\windows\system32\spwmp.dll

2009-07-14 18:54 . 2009-08-16 10:07 485920 ----a-w- c:\windows\system32\nvudisp.exe

2009-07-14 18:54 . 2009-08-16 10:07 9557216 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2009-07-14 18:54 . 2009-08-16 10:07 3287040 ----a-w- c:\windows\system32\nvwgf2um.dll

2009-07-14 18:54 . 2009-08-16 10:07 10854400 ----a-w- c:\windows\system32\nvoglv32.dll

2009-07-14 18:54 . 2009-08-16 10:07 2169376 ----a-w- c:\windows\system32\nvcuvid.dll

2009-07-14 18:54 . 2009-08-16 10:07 1983488 ----a-w- c:\windows\system32\nvcuda.dll

2009-07-14 18:54 . 2009-08-16 10:07 1706528 ----a-w- c:\windows\system32\nvcuvenc.dll

2009-07-14 18:54 . 2009-08-16 10:07 151552 ----a-w- c:\windows\system32\nvcod157.dll

2009-07-14 18:54 . 2009-08-16 10:07 151552 ----a-w- c:\windows\system32\nvcod.dll

2009-07-14 18:54 . 2007-07-06 05:15 7565824 ----a-w- c:\windows\system32\nvd3dum.dll

2009-07-14 18:54 . 2007-07-06 05:15 1044992 ----a-w- c:\windows\system32\nvapi.dll

2009-07-11 19:01 . 2009-09-09 09:05 513536 ----a-w- c:\windows\system32\wlansvc.dll

2009-07-11 19:01 . 2009-09-09 09:05 302592 ----a-w- c:\windows\system32\wlansec.dll

2009-07-11 19:01 . 2009-09-09 09:05 293376 ----a-w- c:\windows\system32\wlanmsm.dll

2009-07-11 19:01 . 2009-09-09 09:05 65024 ----a-w- c:\windows\system32\wlanapi.dll

2009-08-25 12:28 . 2009-08-25 12:28 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

.

((((((((((((((((((((((((((((( SnapShot@2009-09-27_15.20.40 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-07-17 16:02 . 2009-09-30 05:46 75654 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2006-11-02 13:05 . 2009-09-30 05:46 81914 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2008-07-17 15:47 . 2009-09-30 05:46 13826 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2089727552-4062423731-2301173062-1000_UserData.bin

- 2006-11-02 13:02 . 2009-09-27 11:49 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2006-11-02 13:02 . 2009-09-30 05:44 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2006-11-02 13:02 . 2009-09-27 11:49 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2006-11-02 13:02 . 2009-09-30 05:44 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2006-11-02 13:02 . 2009-09-30 05:44 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2006-11-02 13:02 . 2009-09-27 11:49 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-09-27 11:49 . 2009-09-27 11:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2009-09-30 05:43 . 2009-09-30 05:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2009-09-27 11:49 . 2009-09-27 11:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-09-30 05:43 . 2009-09-30 05:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2008-07-18 20:09 . 2009-09-29 17:22 394652 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin

+ 2006-11-02 10:33 . 2009-09-30 07:26 611196 c:\windows\System32\perfc009.dat

- 2009-07-09 05:03 . 2009-09-25 20:59 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2009-07-09 05:03 . 2009-09-29 17:37 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2006-11-02 10:33 . 2009-09-30 07:26 1121264 c:\windows\System32\perfh009.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]

@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"

[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]

2008-08-08 10:28 97064 ----a-w- c:\program files\Nero\Nero8\InCD\NBHShx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688]

"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Babylon Client"="c:\program files\Babylon\Babylon-Pro\Babylon.exe" [2009-07-07 3706768]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-08-25 30192]

"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]

"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-02-27 38768]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-02-27 640376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]

backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup

backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup

backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"VistaSp2"=hex(B):ce,d8,58,ff,8e,1c,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2089727552-4062423731-2301173062-1000]

"EnableNotificationsRef"=dword:00000004

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2089727552-4062423731-2301173062-1001]

"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{9937B00E-A54F-4CA3-AECD-A943D7EE7317}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{9D79F79B-23E2-412B-A6B7-6C8F92F95952}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{76EFBA76-43AF-41BC-94ED-2907EECEEEA6}"= Disabled:UDP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server

"{31D16C5F-4805-457C-BCA5-9FB11DA5C731}"= Disabled:TCP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server

"TCP Query User{F7620554-85A9-49EE-BF28-D554E3F69A59}d:\\sthiw\\stinstall.exe"= UDP:d:\sthiw\stinstall.exe:SpeedTouch Setup Wizard

"UDP Query User{DBD9DA8A-F63E-4709-8A32-3C9D53A34DBA}d:\\sthiw\\stinstall.exe"= TCP:d:\sthiw\stinstall.exe:SpeedTouch Setup Wizard

"TCP Query User{01B0B620-D53C-4988-868E-C9018EA716B9}c:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= UDP:c:\program files\nero\nero8\nero home\nerohome.exe:Nero Home

"UDP Query User{A3C04835-921A-4E68-88D4-D132112194F0}c:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= TCP:c:\program files\nero\nero8\nero home\nerohome.exe:Nero Home

"{32A177E9-6F12-4ADE-A300-D0FD7ED1B5EF}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"{A1DCA234-0312-4916-9092-4CE8724083E3}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{E56BB8DE-EB3A-4DAE-8A8C-779C6433F72F}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{6605E52E-DD8B-4F18-B431-E727A0044895}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{0923E21F-B1D9-415C-8CC2-93AAE5EED489}"= c:\program files\HP\Digital Imaging\bin\hpqpse.exe:hpqpse.exe

"{3EEB5443-2F32-4F24-ADA2-77D9789F29A5}"= c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe:hpqphotocrm.exe

"{61030871-D04C-4194-9F09-951EB597EB65}"= c:\program files\HP\Digital Imaging\bin\hpqsudi.exe:hpqsudi.exe

"{A67B3DE7-E1E2-4BEB-A4C6-141CBC0156C9}"= c:\program files\HP\Digital Imaging\bin\hpqpsapp.exe:hpqpsapp.exe

"{97B18ECD-6644-4F69-8162-77D5BBFFF7DA}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe

"{A3D02601-D623-489D-B201-33483A02955C}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe

"{217C5169-2CCC-4A16-B419-4F7FC773D32F}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe

"{9CE1F1CA-581C-40E7-82DF-D11A799DEB8B}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe

"{E2BD1F60-C7A7-45EB-A013-9122B45F22A0}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe

"{C2140165-4711-40D6-BBB7-BE0F985DF8C3}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe

"{C53E39BF-43EF-49AD-9B79-4FF1BCAEB2FE}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe

"{B7DF64A7-6B86-4074-B715-7DE8B28FF8F9}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe

"{D688D444-D3C0-411C-BC27-7DA0C718DCDB}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe

"{EA86AF40-F451-4F98-9382-380B3FF1622D}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe

"{F840034F-DCD3-41EF-839D-277C7655AC61}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe

"{35A42B67-EEA7-44B1-86C7-DE52148E1850}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe

"{1E6565B4-0B35-4499-82B1-99F997EE0438}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe

"{C74F9B4A-6413-4CC6-AFAB-F39A69659E4A}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe

"{71BEE14C-4581-4F21-9133-3F9C8E6A355D}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpiscnapp.exe:hpiscnapp.exe

"{0FB9283B-9CA1-4116-9C4E-CABF528C3BCA}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpiscnapp.exe:hpiscnapp.exe

"{A67EF226-8BE0-49BB-8F1A-5B7BDB384D31}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe

"{CFA08273-0672-4009-8FB5-41D826A51764}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe

"{B3AD4B83-3547-4BD4-AA22-374FEDDD631B}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync

"{5522E970-F809-4252-9F3A-670827353A96}"= UDP:c:\program files\ASUS\AASP\1.00.59\AsLoader.exe:AsLoader

"{7A52608C-C7EF-4BD5-87D5-C3585F27EF9F}"= TCP:c:\program files\ASUS\AASP\1.00.59\AsLoader.exe:AsLoader

"{8F58D381-EC55-489D-A2B6-4143D0106E12}"= UDP:c:\program files\ASUS\Ai Suite\EnergySaving\PwSave.exe:PwSave

"{79219383-EEF6-4176-B30F-3C0B272289E0}"= TCP:c:\program files\ASUS\Ai Suite\EnergySaving\PwSave.exe:PwSave

"{F6207809-7909-4DB6-B271-CA906CE1E891}"= UDP:c:\program files\ASUS\Ai Suite\CpuLevelUpHookLaunch.exe:CpuLevelUpHookLaunch

"{88A9AE8C-E8FE-4A5B-839B-C8ADA0AE0FBE}"= TCP:c:\program files\ASUS\Ai Suite\CpuLevelUpHookLaunch.exe:CpuLevelUpHookLaunch

"{F8446BCF-C354-410B-99E8-A5DB4429DF6A}"= UDP:c:\program files\ASUS\AASP\1.00.59\AsRunHelp.exe:AsRunHelp

"{4E1D8C4E-77CD-4AED-B42E-7C51E2207614}"= TCP:c:\program files\ASUS\AASP\1.00.59\AsRunHelp.exe:AsRunHelp

"{027F80EF-C905-4628-BC89-CAD3A9525F6C}"= UDP:c:\program files\ASUS\AASP\1.00.59\aaCenter.exe:aaCenter

"{EEA549B5-4477-4964-955C-9ABA36EA28C2}"= TCP:c:\program files\ASUS\AASP\1.00.59\aaCenter.exe:aaCenter

"{2027D653-A93E-486F-9ED1-0B4DDB48BE65}"= UDP:c:\program files\ASUS\Ai Suite\AiSuite.exe:AI Suite v1.03.27

"{4CB86386-9662-4327-9D65-A3F1DFFED324}"= TCP:c:\program files\ASUS\Ai Suite\AiSuite.exe:AI Suite v1.03.27

"{39D7DE6A-B3CB-40B3-9445-823A686DA9F0}"= UDP:c:\program files\ASUS\Ai Suite\CpuLevelUpHook32.exe:CpuLevelUpHook32

"{2EA4A342-0127-44CB-A2AD-84600557C63B}"= TCP:c:\program files\ASUS\Ai Suite\CpuLevelUpHook32.exe:CpuLevelUpHook32

"{B6216C0E-E8DC-46B8-92F5-A77E5EAC851B}"= UDP:c:\program files\ASUS\Ai Suite\CpuLevelUpHook64.exe:CpuLevelUpHook64

"{A7D6E70A-078C-42F3-B7E8-5372EB5C84DD}"= TCP:c:\program files\ASUS\Ai Suite\CpuLevelUpHook64.exe:CpuLevelUpHook64

"{102C3DF5-B017-4DB6-9925-F88536575A43}"= UDP:c:\program files\Adobe\Photoshop 7.0\ImageReady.exe:Adobe ImageReady 7.0

"{B3E8E674-3D2C-4035-92AE-CBAAB7A28D4F}"= TCP:c:\program files\Adobe\Photoshop 7.0\ImageReady.exe:Adobe ImageReady 7.0

"{06CFCC26-BEDF-4776-B7EA-C3D375C82C47}"= UDP:c:\program files\ASUS\Ai Suite\RegSchdTask.exe:RegSchdTask

"{A1D0BB05-84BB-405F-A560-65616AE949D9}"= TCP:c:\program files\ASUS\Ai Suite\RegSchdTask.exe:RegSchdTask

"{07412892-8EEF-4780-A26E-E9A6E6DFBBE5}"= UDP:c:\program files\Babylon\Babylon-Pro\Babylon.exe:Babylon

"{02E30890-51F6-4CCF-BB5A-91C380C303A2}"= TCP:c:\program files\Babylon\Babylon-Pro\Babylon.exe:Babylon

"{D6BC082C-0A62-48B5-B2F0-02919411835A}"= UDP:c:\program files\Alwil Software\Avast4\ashAvast.exe:avast! Antivirus

"{1A0BDF1B-F709-4302-A302-E76324AC8658}"= TCP:c:\program files\Alwil Software\Avast4\ashAvast.exe:avast! Antivirus

"{0254D70F-86AB-4F3D-B23B-C23E9EDAABB2}"= UDP:c:\program files\Spybot - Search & Destroy\SpybotSD.exe:Spybot - Search & Destroy

"{68EE1B64-669C-44F2-8783-2D29D8CA8A56}"= TCP:c:\program files\Spybot - Search & Destroy\SpybotSD.exe:Spybot - Search & Destroy

"{1ED2B055-B8B3-483E-ACFF-BED69BDACD47}"= UDP:c:\program files\Spybot - Search & Destroy\SDUpdate.exe:Update Spybot-S&D

"{79CFCC2F-3071-4F91-B636-C2ABEDD6B5FB}"= TCP:c:\program files\Spybot - Search & Destroy\SDUpdate.exe:Update Spybot-S&D

"{67DD79B9-D689-49FA-998E-8F41A282F771}"= UDP:c:\program files\Google\Google Earth\googleearth.exe:Google Earth

"{DFE14236-5A26-454A-A414-5A1722972B98}"= TCP:c:\program files\Google\Google Earth\googleearth.exe:Google Earth

"{4360EE28-EB7E-4A14-989D-30716188C2FF}"= UDP:c:\program files\FileZilla FTP Client\filezilla.exe:FileZilla

"{7C34F830-5F3D-48A9-ABE3-5C632C6D4C6B}"= TCP:c:\program files\FileZilla FTP Client\filezilla.exe:FileZilla

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [18-09-2009 23:23 28544]

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [23-09-2009 20:22 114768]

R1 bckd;bckd;c:\windows\System32\drivers\bckd.sys [14-01-2009 00:39 72992]

R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [23-09-2009 20:22 20560]

R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [23-09-2009 20:22 53328]

R2 bckwfs;Blue Coat K9 Web Protection;c:\program files\Blue Coat K9 Web Protection\k9filter.exe [14-01-2009 00:39 1078560]

R2 cpuz132;cpuz132;c:\windows\System32\drivers\cpuz132_x32.sys [14-09-2009 22:37 12672]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [25-06-2009 13:05 1153368]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [14-07-2009 12:28 239648]

R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [30-03-2009 16:28 1533808]

R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\System32\drivers\athrusb.sys [29-07-2008 04:45 904192]

S2 DirMngr;DirMngr;c:\program files\GNU\GnuPG\dirmngr.exe [07-08-2009 18:19 242176]

S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [09-07-2009 05:44 55280]

S3 GoogleDesktopManager-060409-093314;Gerenciador do Google Desktop 5.9.906.4286;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [25-08-2009 13:28 30192]

S4 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [11-09-2007 00:45 124832]

S4 fsssvc;Segurança Familiar do Windows Live;c:\program files\Windows Live\Family Safety\fsssvc.exe [06-02-2009 18:08 533360]

S4 gupdate;Serviço Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [20-07-2009 21:02 133104]

S4 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [08-08-2008 11:28 53032]

S4 SeekService Service;SeekService Service; [x]

--- =Outros Serviços/Drivers Na Memória ---

*Deregistered* - PROCEXP113

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Conteúdo da pasta 'Tarefas Agendadas'

2009-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-20 20:02]

2009-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-20 20:02]

2009-09-30 c:\windows\Tasks\User_Feed_Synchronization-{8C53BD34-E904-4AA3-99A6-5F15D3AEF76F}.job

- c:\windows\system32\msfeedssync.exe [2009-07-29 20:13]

2009-09-20 c:\windows\Tasks\User_Feed_Synchronization-{D200C210-2D3D-4928-9654-1424D03CAF08}.job

- c:\windows\system32\msfeedssync.exe [2009-07-29 20:13]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com

mStart Page = hxxp://www.shareware-pt.com/pt/index.php?rvs=hompag

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

IE: &Point&&Go - c:\program files\Common Files\Expert System\PGPlatform\PGPlatform.htm

IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm

IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm

IE: {{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm

LSP: c:\windows\system32\wpclsp.dll

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

FF - ProfilePath - c:\users\Geral\AppData\Roaming\Mozilla\Firefox\Profiles\8v5szns4.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.google.pt

FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll

FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll

FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.

- - - - ORFÃOS REMOVIDOS - - - -

AddRemove-HijackThis - C:\HijackThis.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-09-30 08:47

Windows 6.0.6002 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'explorer.exe'(5000)

c:\program files\Nero\Nero8\InCD\NBHShx.dll

c:\program files\Nero\Nero8\InCD\NBHStr.dll

c:\program files\Common Files\Nero\Shared\NL3\AdvrCntr3.dll

.

Tempo para conclusão: 2009-09-30 8:49

ComboFix-quarantined-files.txt 2009-09-30 07:49

ComboFix2.txt 2009-09-27 15:22

ComboFix3.txt 2009-09-25 13:43

Pré-execução: 290.063.331.328 bytes livres

Pós execução: 290.043.863.040 bytes livres

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4

419 --- E O F --- 2009-09-28 17:19

Link para o comentário
Compartilhar em outros sites

  • Coordenador

Faça download do Kaspersky Removal Tool. Salve em seu desktop (área de trabalho).

  • Instale o programa normalmente, seguindo todas as instruções.
  • Uma pasta chamada Virus Removal Tool será criada no desktop.
  • Na tela principal do programa clique na opção Meu computador, Startup objects, Disk boot sectors e depois clique no botão Scan.
  • Seja paciente, o scan pode demorar
  • Se ele encontrar alguma infecção abrirá uma janela de alerta clique em skip.
  • Após completar tudo, clique no botão Reports... e clique em Save to file.
  • Dê um nome para o arquivo e salve numa pasta de sua preferência.
  • Feche o resultado clicando no X da janela.
  • Logo em seguida feche o programa também clicando no X da janela. Ao fazer isso será questionado se quer desinstalar a ferramenta, clique em No. Poste o conteúdo desse arquivo em sua próxima resposta e aguarde.

Link para o comentário
Compartilhar em outros sites

OBSERVAÇÕES:

O Avast! continua acusando presença de vírus:

:!:

avast! [GERAL-PC]: O ficheiro "Processo 1044, bloco de memória 0x04BE0000, tamanho do bloco 262144" está infectado pelo vírus "JS:Agent-AU [Expl]".

Foi utilizada a tarefa "Protecção de ecrã"

A versão do ficheiro VPS actual é 091004-0, 04-10-2009

:!:

Scan

----

Scanned: 1957201

Detected: 1

Untreated: 1

Start time: 04-10-2009 10:57:27

Duration: 09:07:11

Finish time: 04-10-2009 20:04:38

Detected

--------

Status Object

------ ------

detected: adware not-a-virus:AdWare.Win32.CommonName.aq File: I:\MUSICAS\MÚSICAS ON AIR\SetupCloneDVD13112.exe

Events

------

Time Name Status Reason

---- ---- ------ ------

04-10-2009 10:57:32 Running module: smss.exe\smss.exe ok scanned

04-10-2009 10:57:33 File: C:\Windows\System32\smss.exe ok scanned

04-10-2009 10:57:33 Running module: smss.exe\ntdll.dll ok scanned

04-10-2009 10:57:33 File: C:\Windows\system32\ntdll.dll ok scanned

04-10-2009 10:57:33 Running module: csrss.exe\csrss.exe ok scanned

04-10-2009 10:57:33 File: C:\Windows\system32\csrss.exe ok scanned

04-10-2009 10:57:33 Running module: csrss.exe\ntdll.dll ok scanned

04-10-2009 10:57:33 File: C:\Windows\system32\ntdll.dll ok scanned

04-10-2009 10:57:33 Running module: csrss.exe\CSRSRV.dll ok scanned

04-10-2009 10:57:33 File: C:\Windows\system32\CSRSRV.dll ok scanned

04-10-2009 10:57:33 Running module: csrss.exe\basesrv.dll ok scanned

Statistics

----------

Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted

------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ ---------

Settings

--------

Parameter Value

--------- -----

Security Level Recommended

Action Prompt for action when the scan is complete

Run mode Manually

File types Scan all files

Scan only new and changed files No

Scan archives All

Scan embedded OLE objects All

Skip if object is larger than No

Skip if scan takes longer than No

Parse email formats No

Scan password-protected archives No

Enable iChecker technology No

Enable iSwift technology No

Show detected threats on "Detected" tab Yes

Rootkits search Yes

Deep rootkits search No

Use heuristic analyzer Yes

Quarantine

----------

Status Object Size Added

------ ------ ---- -----

Backup

------

Status Object Size

------ ------ ----

Link para o comentário
Compartilhar em outros sites

  • Coordenador

Qual arquivo o Avast acusa como infecção?

Link para o comentário
Compartilhar em outros sites

Segundo a mensagem do Avast não se trata próprio de um arquivo mas de uma parte da memoria RAM :conf::

Avast! [GERAL-PC]: O ficheiro "Processo 1024, bloco de memória 0x04BE0000, tamanho do bloco 262144" está infectado pelo vírus "JS:Agent-AU [Expl]".

Foi utilizada a tarefa "Protecção de ecrã"

Será um BUG do Avast???

#####################################################

Neste momento me veio a ideia de controlar, através do Gestor de Tarefas, qual arquivo corresponde ao Processo 1024 indicado pelo Avast e vi que é o arquivo svchost.exe.

Através do Svchostanalyzer obtive mais informações sobre este processo:

Processo = svchost.exe;

ID = 1024;

Arquivo = C:\Windows\System32\svchost.exe;

Grupo = secsvcs;

Services = 1

O processo contém os serviços seguintes:

Display Name = Windows Defender;

Service Name = WinDefend;

File = C:\Program Files\Windows Defender\mpsvc.dll;

Status = active

Parametro ou linha de comando = C:\Windows\System32\svchost.exe -k secsvcs

Observei ainda que o ID do processo infectado (segundo o Avast) muda quase toda a vez que eu reavio o PC, às vezes é 988, outras 1044, etc; agora é 1024.

Link para o comentário
Compartilhar em outros sites

  • Coordenador
Neste momento me veio a ideia de controlar, através do Gestor de Tarefas, qual arquivo corresponde ao Processo 1024 indicado pelo Avast e vi que é o arquivo svchost.exe.

O processo svchost é legitimo, não se preocupe com ele.

"JS:Agent-AU [Expl]".

Isso aparece quando você está navegando na internet ou usando algum determinado programa?

Link para o comentário
Compartilhar em outros sites

Isso aparece quando você está navegando na internet ou usando algum determinado programa?

Isto acontece sempre. Em qualquer condição. Quando tenho o Screensavers do Avast activado com a opção de escanção da memoria logo que este se avia me aparece a mensagem de presença de vírus.

#########################################

Dias atrás observei que eram três os processos com os quais o Avast "implicava", e me recordo que eram todos ligados a sistemas de protecção.

Ontem eu resolvi dar umas manutenção no computador e actualizar tudo o que era possível inclusive os drives.

Agora o Avast acusa vírus (JS:ScriptSH-inf [Trj]) somente no seguinte processo:

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (este processo é ligado ao Spybot)

Link para o comentário
Compartilhar em outros sites

  • Coordenador

Poderia postar uma imagem do problema?

Link para o comentário
Compartilhar em outros sites

  • Coordenador

Aparentemente trata-se de um falso positivo do AVAST, desative o TeaTimer e veja se persiste o problema.

Link para o comentário
Compartilhar em outros sites

Olá Renato! Depois de uma recente desventura que tive com o computador (http://forum.clubedohardware.com.br/controlo-acesso-me/728881?t=728881) retorno aqui para dizer que de facto esta do Avast é mesmo um falso alarme ou um bug porque acontece somente quando uso a proteção de ecrã do Avast, quando uso a escanção normal o arquivo TiaTimer passa sem problemas.

Creio que podemos reter este "problema de vírus" como resolvido.

Muito obrigado pela tua ajuda, Deus te pague!!! :bandeira:

Link para o comentário
Compartilhar em outros sites

  • Coordenador

Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com a moderação solicitando o desbloqueio.

Link para o comentário
Compartilhar em outros sites

Visitante
Este tópico está impedido de receber novos posts.

Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas comunidades sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×
×
  • Criar novo...

Aprenda a ler resistores e capacitores

EBOOK GRÁTIS!

CLIQUE AQUI E BAIXE AGORA MESMO!