[Arquivado] problemas com spyware e malware e pc infectado

tidrum · Janeiro 23, 2009

ola pessoal,continuo a ter demasiado upload e donwload sem estar a fazer nada,problemas de spyware e malware.tenho tambem o pc infectado.será que me podem ajudar? obrigado

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:58:44, on 23-01-2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Programas\Lavasoft\Ad-Aware\aawservice.exe

C:\Programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programas\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe

C:\Programas\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Programas\Ficheiros comuns\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\FixCamera.exe

C:\WINDOWS\tsnp2std.exe

C:\WINDOWS\vsnp2std.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE

C:\Programas\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE

C:\Programas\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programas\MSN Messenger\msnmsgr.exe

C:\Programas\Ficheiros comuns\Ahead\Lib\NMBgMonitor.exe

C:\Programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Programas\SAGEM\SAGEM F@st 800-840\dslmon.exe

C:\PROGRA~1\FICHEI~1\PCSuite\Services\SERVIC~1.EXE

C:\Programas\Logitech\SetPoint\SetPoint.exe

C:\Programas\Ficheiros comuns\Logitech\KHAL\KHALMNPR.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Programas\uTorrent\uTorrent.exe

C:\WINDOWS\explorer.exe

C:\Programas\Java\jre1.6.0_05\bin\jucheck.exe

C:\Programas\TomTom HOME 2\HOMERunner.exe

C:\Programas\DAEMON Tools Pro\DTProShellHlp.exe

C:\Programas\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60337

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60337

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60337

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60337

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programas\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programas\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programas\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programas\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programas\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programas\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe

O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe

O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe

O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_SD9.tmp" /EF "HKLM"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\VistaCodecPack\QT\qttask.exe" -atboottime

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programas\Ficheiros comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray

O4 - HKLM\..\Run: [Media Codec Update Service] C:\Programas\Essentials Codec Pack\update.exe -silent

O4 - HKLM\..\Run: ['Ashampoo AntiSpyWare 2 Guard'] C:\Programas\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [uVS12 Preload] C:\Programas\Corel\Corel VideoStudio 12\uvPL.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programas\Ficheiros comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Programas\TomTom HOME 2\HOMERunner.exe" -s

O4 - HKCU\..\Run: [swg] C:\Programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: DSLMON.lnk = C:\Programas\SAGEM\SAGEM F@st 800-840\dslmon.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Programas\Logitech\SetPoint\SetPoint.exe

O8 - Extra context menu item: Add to AMV Converter... - C:\Programas\MP3 Player Utilities 4.10\AMVConverter\grab.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Programas\MP3 Player Utilities 4.10\MediaManager\grab.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Programas\Bonjour\ExplorerPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O15 - ESC Trusted Zone: http://*.update.microsoft.com

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{3EBADFBC-8A55-47E9-A925-AB7035BB115A}: NameServer = 212.55.154.174 212.55.154.190

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHEI~1\Skype\SKYPE4~1.DLL

O23 - Service: Ashampoo AntiSpyWare 2 Service (AASW2_Service) - Unknown owner - C:\Programas\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programas\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Programas\Bonjour\mDNSResponder.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NBService - Nero AG - D:\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programas\Ficheiros comuns\Ulead Systems\DVD\ULCDRSvr.exe

--

End of file - 11436 bytes

jgarcia · Janeiro 24, 2009

Opa tidrum,

Baixe o ComboFix em:

ComboFix

1) Desabilite o seu anti-vírus temporariamente;

2) Dê um duplo-clique no combofix.exe e aguarde (o processo total demora cerca de 10 minutos);

3) A janela de “NEGAÇÃO DE GARANTIA DO SOFTWARE” abrir-se-á. Leia atentamente o texto contido nesta janela e clique sobre “SIM” para continuar.

PS.: Caso não concorde com os termos clique sobre “NÃO” para sair do software, cabendo lembrar que o processo de desinfecção não será possível sem a continuidade do ComboFix.

4) Outra janela irá abrir, caso a sua máquina não possua o CONSOLE DE RECUPERAÇÃO DO WINDOWS. É recomendável executar a instalação do console ante de dar continuidade ao processo, pois tal ação proporcionará a garantia de que o sistema poderá ser recuperado em caso de problemas durante a varredura.

Clique sobre “SIM” e aguarde, pois o processo de instalação do console dar-se-á automaticamente através do próprio ComboFix. Ele poderá demorar alguns minutos (dependerá da velocidade de sua conexão), portanto seja paciente.

Quando a janela “INSTALANDO O CONSOLE DE RECUPERAÇÃO” aparecer clique em “OK”, depois clique sobre “SIM” para aceitar a licença EULA.

Ao término da instalação do console de recuperação abrir-se-á uma janela avisando que “O CONSOLE DE RECUPERAÇÃO FOI INSTALADA COM SUCESSO”.

Clique sobre “SIM” para continuar a varredura.

5) O ComboFix iniciará o AUTOSCAN (aguarde).

ATENÇÃO: Não clique na janela do ComboFix, nem termine o processo abruptamente enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco).

Ao término do processo a máquina será reiniciada para a emissão do relatório.

6) Ao reiniciar a máquina o ComboFix irá executar o FIND3M para a criação do relatório final da varredura. O log ficará alocado em C:\ComboFix.txt.

7) Reabilite o seu anti-vírus;

8) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta.

OBS.1: Caso apareça uma mensagem avisando que ESTE NÃO É UM APLICATIVO WIN 32 VÁLIDO baixe o ComboFix novamente, mas salve-o em seu Desktop como KomboFix. Em último caso, tente utilizar o ComboFix em MODO SEGURO.

OBS.2: Caso haja um clique sobre a janela do ComboFix em execução, ela irá MAXIMIZAR, sobrepondo-se sobre as demais. Para minimizá-la novamente basta utilizar a combinação ALT + TAB.

Abraços.

tidrum · Janeiro 25, 2009

ola JGarcia.muito obrigado por ter respondido.Aqui vai o resultado:

ComboFix 09-01-21.04 - Admin 2009-01-25 0:18:39.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.2070.18.1022.533 [GMT 0:00]

Executando de: c:\documents and settings\Admin.SERVER\Ambiente de trabalho\ComboFix.exe

AV: avast! antivirus 4.8.1296 [VPS 090124-0] *On-access scanning disabled* (Updated)

.

(((((((((((((((( Arquivos/Ficheiros criados de 2008-12-25 to 2009-01-25 ))))))))))))))))))))))))))))

.

2009-01-24 11:38 . 2009-01-24 11:39 <DIR> d-------- C:\LinhaDefensiva

2009-01-20 20:21 . 2009-01-21 09:19 <DIR> d-------- c:\documents and settings\Admin.SERVER\Application Data\Ulead Systems

2009-01-20 20:20 . 2009-01-20 20:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\InterVideo

2009-01-20 20:20 . 2008-04-01 21:40 209,040 --a------ c:\windows\system32\IVIresizeW7.dll

2009-01-20 20:20 . 2008-04-01 21:40 204,944 --a------ c:\windows\system32\IVIresizeA6.dll

2009-01-20 20:20 . 2008-04-01 21:40 196,752 --a------ c:\windows\system32\IVIresizeP6.dll

2009-01-20 20:20 . 2008-04-01 21:40 196,752 --a------ c:\windows\system32\IVIresizeM6.dll

2009-01-20 20:20 . 2008-04-01 21:40 192,656 --a------ c:\windows\system32\IVIresizePX.dll

2009-01-20 20:20 . 2008-04-01 21:40 24,720 --a------ c:\windows\system32\IVIresize.dll

2009-01-20 20:19 . 2009-01-20 20:19 <DIR> d-------- c:\documents and settings\ADMIN~1~SER\DEFINI~1

2009-01-20 20:19 . 2009-01-20 20:19 <DIR> d-------- c:\documents and settings\ADMIN~1~SER

2009-01-20 20:18 . 2009-01-20 20:18 <DIR> d-------- c:\programas\Windows Media Components

2009-01-20 20:16 . 2009-01-20 20:18 <DIR> d-------- c:\programas\Ficheiros comuns\Ulead Systems

2009-01-20 20:16 . 2009-01-20 20:16 <DIR> d-------- c:\programas\Corel

2009-01-20 20:16 . 2009-01-20 20:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\Ulead Systems

2009-01-20 20:16 . 2009-01-20 20:16 <DIR> d-------- c:\documents and settings\Admin.SERVER\Application Data\InstallShield

2009-01-20 17:32 . 2009-01-20 17:32 <DIR> d-------- c:\programas\Xilisoft

2009-01-20 14:43 . 2009-01-20 14:43 <DIR> d-------- c:\programas\RdDrv001

2009-01-20 14:43 . 2006-10-20 03:04 4,669,440 --a------ c:\windows\system32\RDDP1034.DAT

2009-01-20 14:43 . 2006-09-28 05:07 157,312 --a------ c:\windows\system32\drivers\RDWM1034.sys

2009-01-20 14:43 . 2006-09-28 03:13 81,920 --a------ c:\windows\system32\RDAS1034.DLL

2009-01-20 14:43 . 2006-09-28 03:20 57,344 --a------ c:\windows\system32\RDCP1034.CPL

2009-01-20 14:43 . 2006-09-28 03:19 31,862 --a------ c:\windows\system32\RDCI1034.DLL

2009-01-20 14:43 . 2006-09-27 08:05 4,088 --a------ c:\windows\system32\RD3T1034.DAT

2009-01-19 16:57 . 2009-01-24 23:41 <DIR> d-------- c:\documents and settings\Admin.SERVER\Application Data\Skype

2009-01-19 16:56 . 2009-01-19 16:56 <DIR> d-------- c:\programas\Skype

2009-01-19 16:56 . 2009-01-19 16:56 <DIR> d-------- c:\programas\Ficheiros comuns\Skype

2009-01-17 10:39 . 2009-01-17 10:39 <DIR> d-------- c:\documents and settings\Admin.SERVER\Application Data\IDS_COMPANY

2009-01-14 17:13 . 2009-01-14 17:13 <DIR> d-------- c:\programas\Trend Micro

2009-01-12 22:40 . 2009-01-12 22:40 <DIR> d-------- c:\documents and settings\Admin.SERVER\TruePianos Settings

2009-01-12 22:37 . 2009-01-12 22:39 <DIR> d-------- c:\documents and settings\Admin.SERVER\Application Data\Cakewalk

2009-01-12 21:43 . 2009-01-12 21:43 <DIR> d-------- c:\programas\Ficheiros comuns\Native Instruments

2009-01-12 21:42 . 2009-01-12 21:42 <DIR> d-------- c:\programas\Ficheiros comuns\Digidesign

2009-01-12 21:41 . 2009-01-12 21:41 <DIR> d-------- c:\programas\Native Instruments

2009-01-12 21:24 . 2009-01-12 21:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\Cakewalk

2009-01-12 21:10 . 2009-01-12 21:40 <DIR> d-------- c:\programas\Cakewalk

2009-01-08 12:23 . 2009-01-08 12:23 <DIR> d-------- c:\programas\Ashampoo

2009-01-08 12:17 . 2009-01-08 12:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\Fighters

2009-01-08 11:33 . 2009-01-08 12:09 36 -r-h----- c:\windows\sued.dat

2009-01-07 20:54 . 2009-01-11 18:13 <DIR> d--h----- C:\$AVG8.VAULT$

2009-01-06 18:33 . 2009-01-07 19:43 8,627 --a------ c:\windows\system32\PAV_FOG.OPC

2009-01-06 18:21 . 2009-01-06 18:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\Backup

2009-01-06 18:17 . 2009-01-14 18:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avg8

2009-01-06 18:13 . 2009-01-06 18:13 144 --a------ c:\windows\AvDetected.ini

2009-01-06 16:00 . 2009-01-06 16:00 <DIR> dr------- c:\documents and settings\NetworkService\Favoritos

2009-01-06 15:39 . 2009-01-06 15:39 775,168 --a------ c:\windows\isRS-000.tmp

2009-01-06 15:36 . 2009-01-06 17:33 <DIR> d-------- c:\programas\AskSBar

2009-01-06 15:36 . 2009-01-06 17:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\Webroot

2009-01-06 15:36 . 2009-01-06 15:36 <DIR> d-------- c:\documents and settings\Admin.SERVER\Application Data\Webroot

2009-01-06 15:29 . 2009-01-06 15:29 164 --a------ C:\install.dat

2009-01-01 18:02 . 2009-01-01 18:02 <DIR> d-------- c:\documents and settings\Admin.SERVER\Application Data\Steinberg

2009-01-01 17:26 . 2009-01-06 17:51 <DIR> d-------- c:\programas\Steinberg

2009-01-01 17:25 . 2009-01-01 17:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\Pinnacle

2008-12-27 18:41 . 2008-12-27 18:41 <DIR> d-------- c:\programas\WinISO

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-25 00:02 --------- d-----w c:\documents and settings\Admin.SERVER\Application Data\uTorrent

2009-01-21 17:42 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help

2009-01-20 20:19 --------- d--h--w c:\programas\InstallShield Installation Information

2009-01-19 16:56 --------- d-----w c:\documents and settings\All Users\Application Data\Skype

2009-01-17 13:14 --------- d-----w c:\programas\eMule

2009-01-08 13:02 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP

2009-01-07 11:39 --------- d-----w c:\programas\AoA DVD Ripper

2009-01-07 11:38 --------- d-----w c:\programas\Total Video Converter

2009-01-07 11:19 --------- d-----w c:\programas\PI Engineering

2008-12-30 23:30 --------- d-----w c:\documents and settings\All Users\Application Data\WinZip

2008-12-21 12:32 --------- d-----w c:\programas\Google

2008-12-16 10:02 --------- d-----w c:\documents and settings\Admin.SERVER\Application Data\GetRightToGo

2008-12-16 09:51 --------- d-----w c:\programas\Microsoft Works

2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys

2008-11-30 23:08 --------- d-----w c:\documents and settings\Admin.SERVER\Application Data\Nokia Multimedia Player

2008-11-29 13:05 --------- d-----w c:\documents and settings\Admin.SERVER\Application Data\EPSON

2008-11-26 17:37 --------- d-----w c:\documents and settings\Admin.SERVER\Application Data\Apple Computer

2008-11-25 17:27 --------- d-----w c:\programas\TomTom HOME 2

2008-11-25 17:27 --------- d-----w c:\documents and settings\All Users\Application Data\TomTom

2008-11-25 17:27 --------- d-----w c:\documents and settings\Admin.SERVER\Application Data\TomTom

2008-11-25 17:25 --------- d-----w c:\programas\TomTom DesktopSuite

2008-11-24 18:06 3,482 ----a-w c:\windows\system32\ealregsnapshot1.reg

2008-11-19 11:44 1,198,557 ----a-w c:\windows\system32\Object Browser For Trainz ScreenSaver.scr

2008-11-13 17:42 641,021 ----a-w c:\windows\unins000.exe

2008-11-09 18:43 33,280 ----a-w c:\windows\system32\HUFFYUV.DLL

2008-11-09 18:43 196,608 ----a-w c:\windows\system32\avisynth.dll

2008-10-25 11:06 414,272 ----a-w c:\windows\system32\DivXc32f.dll

2008-10-25 11:06 414,272 ----a-w c:\windows\system32\DivXc32.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-09-21 15360]

"msnmsgr"="c:\programas\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programas\Ficheiros comuns\Ahead\Lib\NMBgMonitor.exe" [2006-08-22 94208]

"TomTomHOME.exe"="c:\programas\TomTom HOME 2\HOMERunner.exe" [2008-12-09 234856]

"swg"="c:\programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-23 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-11 86016]

"FixCamera"="c:\windows\FixCamera.exe" [2005-12-06 20480]

"tsnp2std"="c:\windows\tsnp2std.exe" [2006-01-16 114688]

"snp2std"="c:\windows\vsnp2std.exe" [2006-01-06 344064]

"SunJavaUpdateSched"="c:\programas\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]

"NeroFilterCheck"="c:\programas\Ficheiros comuns\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]

"Adobe Photo Downloader"="c:\programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-07-14 57344]

"PCSuiteTrayApplication"="c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2005-12-13 217088]

"Media Codec Update Service"="c:\programas\Essentials Codec Pack\update.exe" [2007-04-08 303104]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]

"UVS12 Preload"="c:\programas\Corel\Corel VideoStudio 12\uvPL.exe" [2008-06-09 397456]

"nwiz"="nwiz.exe" [2006-08-11 c:\windows\system32\nwiz.exe]

"SoundMan"="SOUNDMAN.EXE" [2006-06-20 c:\windows\soundman.exe]

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-12-10 c:\windows\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-09-21 15360]

"msnmsgr"="c:\programas\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

c:\documents and settings\All Users\Menu Iniciar\Programas\Arranque\

Adobe Reader Speed Launch.lnk - c:\programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]

DSLMON.lnk - c:\programas\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-08-15 827392]

Logitech SetPoint.lnk - c:\programas\Logitech\SetPoint\SetPoint.exe [2008-06-21 434176]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.MJPG"= pvmjpg21.dll

"VIDC.HFYU"= huffyuv.dll

"vidc.DIV3"= DivXc32.dll

"vidc.DIV4"= DivXc32f.dll

"msacm.divxa32"= DivXa32.acm

"msacm.dvacm"= c:\progra~1\FICHEI~1\ULEADS~1\Vio\Dvacm.acm

"msacm.MPEGacm"= c:\progra~1\FICHEI~1\ULEADS~1\MPEG\MPEGacm.acm

"msacm.ulmp3acm"= c:\progra~1\FICHEI~1\ULEADS~1\MPEG\ulmp3acm.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programas\\eMule\\emule.exe"=

"c:\\Programas\\MSN Messenger\\msnmsgr.exe"=

"c:\\Programas\\MSN Messenger\\livecall.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Programas\\Messenger\\msmsgs.exe"=

"c:\\Programas\\Bonjour\\mDNSResponder.exe"=

"c:\\Programas\\DNA\\btdna.exe"=

"c:\\Programas\\BT Next Evolution\\btnext.exe"=

"c:\\WINDOWS\\system32\\dpnsvr.exe"=

"c:\\Programas\\uTorrent\\uTorrent.exe"=

"c:\\Programas\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"22326:TCP"= 22326:TCP:BitComet 22326 TCP

"22326:UDP"= 22326:UDP:BitComet 22326 UDP

"25653:TCP"= 25653:TCP:BitComet 25653 TCP

"25653:UDP"= 25653:UDP:BitComet 25653 UDP

"10653:TCP"= 10653:TCP:BitComet 10653 TCP

"10653:UDP"= 10653:UDP:BitComet 10653 UDP

"11900:TCP"= 11900:TCP:BitComet 11900 TCP

"11900:UDP"= 11900:UDP:BitComet 11900 UDP

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-14 111184]

R3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\drivers\e4usbaw.sys [2007-08-15 114616]

R3 PIBus;PIBus Device;c:\windows\system32\drivers\PIBus.sys [2008-11-19 43004]

R3 PIKbd;PI Virtual Keyboard;c:\windows\system32\drivers\PIKbd.sys [2008-11-19 3878]

R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-01-14 20560]

R4 HPFECP13;HPFECP13;c:\windows\system32\drivers\HPFecp13.sys [1998-09-25 52800]

S3 efipsk;efipsk;\??\c:\docume~1\Admin\DEFINI~1\Temp\efipsk.sys --> c:\docume~1\Admin\DEFINI~1\Temp\efipsk.sys [?]

S3 MusCDriverV32;MusCDriverV32;c:\windows\system32\drivers\MusCDriverV32.sys [2007-10-20 513152]

S3 MusCVideo32;MusCVideo32;c:\windows\system32\drivers\MusCVideo32.sys [2007-10-20 2688]

S3 RDID1034;EDIROL UA-1000;c:\windows\system32\drivers\RDWM1034.sys [2009-01-20 157312]

S4 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\drivers\e4ldr.sys [2007-08-15 63555]

--- ---

*Deregistered* - mchInjDrv

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fa3f07c8-bb15-11dd-ae43-4d6564696130}]

\Shell\AutoRun\command - O:\InstallTomTomHOME.exe

.

Conteúdo da pasta 'Tarefas Agendadas'

2009-01-25 c:\windows\Tasks\A76D7E43904EEE9F.job

- c:\docume~1\admin\applic~1\grimbi~1\deadtickmode.exe []

2009-01-20 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\programas\Apple Software Update\SoftwareUpdate.exe []

2009-01-23 c:\windows\Tasks\At1.job