.:: Análise de logs HijackThis! ::.

Agradecia os vossos comentários para um problema que me surgiu ontem no PC.

Tudo começou ao ter detectado no "task manager" a presença de um processo estranho: "a.exe" Após ter pesquisado na net encontrei o seguinte ProcessLibrary - a.exe

Só consegui erradicar através do SuperAntiSpyware e pensei que tinha o problema resolvido, no entanto ao ir ao site da ***** o KAV 7.01.325 disparou um aviso em que dei indicação de "desinfeção" mas como não conseguiu efectuar esta acção começou a alterar/eliminar ficheiros das pastas system32, system e drivers do Windows.

A partir dai, ao ter reiniciado o PC pois ficou instável, o arranque do sistema ficou muito lenta (mais de 30 minutos), tendo desaparecido vários ícones de programas, etc. Resumidamente: tente fazer uma recuperação do sistema mas apenas consegui reverter a situação através do reustauro do windows.

Posteriormente, o SuperAntiSpyware volta a encontrar o processo:


Neste momento, já com o Avira AntiVir Premium, acontece o mesmo com o site da *****, como podem verificar:


Com esta situação recorrente, coloco a vossa consideração o log do HijackThis que efectuei em 3 momentos diferentes:


====================================================================================================

Após um scan com o SuperAntiSpyware e Malwarebytes' Anti-Malware em modo de segurança


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:07:59, on 05-08-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programas\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\Programas\Avira\AntiVir PersonalEdition Premium\avguard.exe
C:\Programas\Avira\AntiVir PersonalEdition Premium\avesvc.exe
C:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programas\cFosSpeed\spd.exe
C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programas\No-IP\DUC20.exe
C:\Programas\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Programas\UpsPilot\monitor.exe
C:\Programas\Avira\AntiVir PersonalEdition Premium\avmailc.exe
C:\Programas\UpsPilot\jre\bin\javaw.exe
C:\Programas\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
C:\Programas\Raxco\PerfectDisk\PDEngine.exe
C:\Programas\UpsPilot\wpRMI.exe
C:\Programas\UpsPilot\jre\bin\javaw.exe
C:\WINDOWS\Explorer.EXE
C:\Programas\Unlocker\UnlockerAssistant.exe
C:\Programas\Java\jre1.6.0_07\bin\jusched.exe
C:\Programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programas\HP\HP Software Update\HPWuSchd2.exe
C:\Programas\UpsPilot\Winpower.exe
C:\Programas\cFosSpeed\cFosSpeed.exe
C:\Programas\Avira\AntiVir PersonalEdition Premium\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programas\UpsPilot\jre\bin\javaw.exe
C:\Programas\PeerGuardian2\pg2.exe
C:\Programas\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programas\Microsoft ActiveSync\Wcescomm.exe
C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\sistray.exe
C:\Programas\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Programas\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programas\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [HP Software Update] C:\Programas\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Winpower] C:\Programas\UpsPilot\Winpower.exe
O4 - HKLM\..\Run: [cFosSpeed] C:\Programas\cFosSpeed\cFosSpeed.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [avgnt] "C:\Programas\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Programas\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programas\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programas\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Criar Favorito Móvel... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Programas\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Programas\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O16 - DPF: {4E592651-4590-11D6-BC20-00C095EEAD5D} - https://www.mbnet.pt/sidebar/mbnetsidebar.cab
O16 - DPF: {C014B140-3835-11D6-BC1D-00C095EEAD5D} - https://www.mbnet.pt/sidebar/mbnetrsidebar.cab
O20 - AppInit_DLLs:
O20 - Winlogon Notify: !SASWinLogon - C:\Programas\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Programas\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programas\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Programas\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Programas\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
O23 - Service: Avira AntiVir Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Programas\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Programas\cFosSpeed\spd.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: NoIPDUCService - Vitalwerks LLC - C:\Programas\No-IP\DUC20.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Programas\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Programas\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Winpowermanager - Macrovision - C:\Programas\UpsPilot\manager.exe
O23 - Service: Winpowermonitor - Macrovision - C:\Programas\UpsPilot\monitor.exe
O23 - Service: WinpowerRMI - Macrovision - C:\Programas\UpsPilot\wpRMI.exe

--
End of file - 8281 bytes
 
====================================================================================================

Após ter provocado novamente visitando o site da *****:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:42:57, on 05-08-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programas\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\Programas\Avira\AntiVir PersonalEdition Premium\avguard.exe
C:\Programas\Avira\AntiVir PersonalEdition Premium\avesvc.exe
C:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programas\cFosSpeed\spd.exe
C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programas\No-IP\DUC20.exe
C:\Programas\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Programas\UpsPilot\monitor.exe
C:\Programas\Avira\AntiVir PersonalEdition Premium\avmailc.exe
C:\Programas\UpsPilot\jre\bin\javaw.exe
C:\Programas\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
C:\Programas\Raxco\PerfectDisk\PDEngine.exe
C:\Programas\UpsPilot\wpRMI.exe
C:\Programas\UpsPilot\jre\bin\javaw.exe
C:\WINDOWS\Explorer.EXE
C:\Programas\Unlocker\UnlockerAssistant.exe
C:\Programas\Java\jre1.6.0_07\bin\jusched.exe
C:\Programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programas\HP\HP Software Update\HPWuSchd2.exe
C:\Programas\UpsPilot\Winpower.exe
C:\Programas\cFosSpeed\cFosSpeed.exe
C:\Programas\Avira\AntiVir PersonalEdition Premium\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programas\UpsPilot\jre\bin\javaw.exe
C:\Programas\PeerGuardian2\pg2.exe
C:\Programas\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programas\Microsoft ActiveSync\Wcescomm.exe
C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\sistray.exe
C:\Programas\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Programas\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programas\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [HP Software Update] C:\Programas\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Winpower] C:\Programas\UpsPilot\Winpower.exe
O4 - HKLM\..\Run: [cFosSpeed] C:\Programas\cFosSpeed\cFosSpeed.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [avgnt] "C:\Programas\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Programas\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programas\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programas\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Criar Favorito Móvel... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Programas\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Programas\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O16 - DPF: {4E592651-4590-11D6-BC20-00C095EEAD5D} - https://www.mbnet.pt/sidebar/mbnetsidebar.cab
O16 - DPF: {C014B140-3835-11D6-BC1D-00C095EEAD5D} - https://www.mbnet.pt/sidebar/mbnetrsidebar.cab
O20 - AppInit_DLLs:
O20 - Winlogon Notify: !SASWinLogon - C:\Programas\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Programas\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programas\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Programas\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Programas\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
O23 - Service: Avira AntiVir Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Programas\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Programas\cFosSpeed\spd.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: NoIPDUCService - Vitalwerks LLC - C:\Programas\No-IP\DUC20.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Programas\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Programas\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Winpowermanager - Macrovision - C:\Programas\UpsPilot\manager.exe
O23 - Service: Winpowermonitor - Macrovision - C:\Programas\UpsPilot\monitor.exe
O23 - Service: WinpowerRMI - Macrovision - C:\Programas\UpsPilot\wpRMI.exe

--
End of file - 8281 bytes
 
====================================================================================================

Após ter reiniciado o PC:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:26:31, on 05-08-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programas\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\Programas\Avira\AntiVir PersonalEdition Premium\avguard.exe
C:\Programas\Avira\AntiVir PersonalEdition Premium\avesvc.exe
C:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programas\cFosSpeed\spd.exe
C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programas\No-IP\DUC20.exe
C:\Programas\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programas\UpsPilot\monitor.exe
C:\Programas\Avira\AntiVir PersonalEdition Premium\avmailc.exe
C:\Programas\UpsPilot\jre\bin\javaw.exe
C:\Programas\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
C:\Programas\Raxco\PerfectDisk\PDEngine.exe
C:\Programas\Unlocker\UnlockerAssistant.exe
C:\Programas\Java\jre1.6.0_07\bin\jusched.exe
C:\Programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programas\HP\HP Software Update\HPWuSchd2.exe
C:\Programas\UpsPilot\Winpower.exe
C:\Programas\cFosSpeed\cFosSpeed.exe
C:\Programas\Avira\AntiVir PersonalEdition Premium\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programas\PeerGuardian2\pg2.exe
C:\Programas\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programas\UpsPilot\jre\bin\javaw.exe
C:\Programas\Microsoft ActiveSync\Wcescomm.exe
C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\sistray.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Programas\UpsPilot\wpRMI.exe
C:\Programas\UpsPilot\jre\bin\javaw.exe
C:\Programas\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Programas\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programas\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [HP Software Update] C:\Programas\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Winpower] C:\Programas\UpsPilot\Winpower.exe
O4 - HKLM\..\Run: [cFosSpeed] C:\Programas\cFosSpeed\cFosSpeed.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [avgnt] "C:\Programas\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Programas\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programas\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programas\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Criar Favorito Móvel... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Programas\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Programas\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O16 - DPF: {4E592651-4590-11D6-BC20-00C095EEAD5D} - https://www.mbnet.pt/sidebar/mbnetsidebar.cab
O16 - DPF: {C014B140-3835-11D6-BC1D-00C095EEAD5D} - https://www.mbnet.pt/sidebar/mbnetrsidebar.cab
O20 - AppInit_DLLs:
O20 - Winlogon Notify: !SASWinLogon - C:\Programas\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Programas\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programas\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Programas\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Programas\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
O23 - Service: Avira AntiVir Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Programas\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Programas\cFosSpeed\spd.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: NoIPDUCService - Vitalwerks LLC - C:\Programas\No-IP\DUC20.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Programas\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Programas\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Winpowermanager - Macrovision - C:\Programas\UpsPilot\manager.exe
O23 - Service: Winpowermonitor - Macrovision - C:\Programas\UpsPilot\monitor.exe
O23 - Service: WinpowerRMI - Macrovision - C:\Programas\UpsPilot\wpRMI.exe

--
End of file - 8247 bytes

====================================================================================================

Desculpem o testamento mas quis fornecer o máximo de informação.

Isto ocorre com os browser's Opera 9.51; Firefox 3.0.1 com addons Ad Block Plus, KeyScrambler e NoScript; Internet Explorer 6.02.2900.5512 (que só utilizo para as actualizações do Windows)

Preferencialmente utilizo o Opera e só uso o Firefox para os sites em que o Opera não funciona bem.

Aguardo as vossas apreciações. Obrigado.
 
Última edição:
...
Após ter reiniciado o PC:
...
Seleccione e remova estas entradas com o HJT:

R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_07\bin\jusched.exe "
O20 - AppInit_DLLs:

Reinicie o PC e teste.

Zee
 
Obrigado pela resposta Blue Zee.

Como tinha já o PC em modo de segurança (pois estava a correr um scan completo com o Kaspersky Virus Removal Tool) aproveitei e fiz o que me indicaste. O que achei estranho foi o desaparecimento de umas das linhas que deveria aparecer e que só apareceu uma, foi esta:

O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)

Só apareceu e apaguei uma.

Também não apareceu esta linha:

O20 - AppInit_DLLs:


Este é o log do HijackThis após reiniciar o PC:


====================================================================================================


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:13:25, on 05-08-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programas\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\Programas\Avira\AntiVir PersonalEdition Premium\avguard.exe
C:\Programas\Avira\AntiVir PersonalEdition Premium\avesvc.exe
C:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programas\cFosSpeed\spd.exe
C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programas\No-IP\DUC20.exe
C:\Programas\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Programas\UpsPilot\monitor.exe
C:\Programas\Avira\AntiVir PersonalEdition Premium\avmailc.exe
C:\Programas\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
C:\Programas\UpsPilot\jre\bin\javaw.exe
C:\Programas\Raxco\PerfectDisk\PDEngine.exe
C:\Programas\Unlocker\UnlockerAssistant.exe
C:\Programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programas\HP\HP Software Update\HPWuSchd2.exe
C:\Programas\UpsPilot\Winpower.exe
C:\Programas\cFosSpeed\cFosSpeed.exe
C:\Programas\Avira\AntiVir PersonalEdition Premium\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programas\PeerGuardian2\pg2.exe
C:\Programas\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programas\Microsoft ActiveSync\Wcescomm.exe
C:\Programas\UpsPilot\jre\bin\javaw.exe
C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\sistray.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Programas\UpsPilot\wpRMI.exe
C:\Programas\UpsPilot\jre\bin\javaw.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programas\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Programas\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programas\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [HP Software Update] C:\Programas\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Winpower] C:\Programas\UpsPilot\Winpower.exe
O4 - HKLM\..\Run: [cFosSpeed] C:\Programas\cFosSpeed\cFosSpeed.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [avgnt] "C:\Programas\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Programas\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programas\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programas\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Criar Favorito Móvel... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Programas\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Programas\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O16 - DPF: {4E592651-4590-11D6-BC20-00C095EEAD5D} - https://www.mbnet.pt/sidebar/mbnetsidebar.cab
O16 - DPF: {C014B140-3835-11D6-BC1D-00C095EEAD5D} - https://www.mbnet.pt/sidebar/mbnetrsidebar.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Programas\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Programas\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programas\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Programas\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Programas\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
O23 - Service: Avira AntiVir Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Programas\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Programas\cFosSpeed\spd.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: NoIPDUCService - Vitalwerks LLC - C:\Programas\No-IP\DUC20.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Programas\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Programas\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Winpowermanager - Macrovision - C:\Programas\UpsPilot\manager.exe
O23 - Service: Winpowermonitor - Macrovision - C:\Programas\UpsPilot\monitor.exe
O23 - Service: WinpowerRMI - Macrovision - C:\Programas\UpsPilot\wpRMI.exe

--
End of file - 7771 bytes


====================================================================================================


O problema se mantém. O Avira continua a dar um aviso como o site tem código malicioso.

Só para aumentar a confusão. Ontem coloquei o ficheiro na quarentena e enviei-o à Avira para ser analisado. Eis a resposta:


Dear Sir or Madam,

Thank you for your email to Avira's virus lab.
Tracking number: [edit].



We received the following archive files:
File ID Filename Size (Byte) Result
25104848 48c79d94.qua 42.9 KB OK


A listing of files contained inside archives alongside their results can be found below:File ID Filename Size (Byte) Result
25104849 48c79d94.vir 42.45 KB MALWARE



Please find a detailed report concerning each individual sample below: Filename Result
48c79d94.vir MALWARE


The file '48c79d94.vir' has been determined to be 'MALWARE'. Our analysts discovered that the file contains malicious HTML script code. Detection will be added to our virus definition file (VDF) with one of the next updates. Please note that Avira's proactive heuristic detection module AHeAD detected this threat up front without the latest VDF update as: HEUR/HTML.Malware.

(...)

Please note: The detection of Spy/Adware is not available in the product "AntiVir PersonalEdition Classic". Please address specific questions to [email protected]

Kind regards
Avira Virus Lab

---------------------------------------------
Avira GmbH
Lindauer Str. 21, D-88069 Tettnang, Germany
Phone: +49 (0) 7542-500 0
Fax: +49 (0) 7542-525 10
Internet: http://www.avira.com


CEO: Tjark Auerbach
Headquarter: Tettnang
Commercial register: AG Ulm HRB 630992


Fiz um scan file online do mesmo ficheiro no site VirusTotal e deu o seguinte resultado:


Arquivo 48c79d94.qua recebido em 2008.08.05 13:25:03 (CET)
Andamento: terminado
Resultado: 0/36 (0%)


Resultados negativos mesmo para o Avira Antivir :wow:


Em seguida fiz o mesmo no site da Kaspersky:


Kaspersky Virus File Scanner


Scanned file: 48c79d94.qua

Statistics:Known viruses: 1056681 Updated: 05-08-2008 15:17
File size (Kb): 43 Virus bodies: 0
Files: 1 Warnings: 0
Archives: 0 Suspicious: 0


====================================================================================================


Situação muito confusa. Como não sei o que devo agora fazer agradecia uma orientação.

Newbie
 
Obrigado pela resposta Blue Zee.
...
Para mim, e considerando o historial que reporta, é um falso positivo.
Já visitei o site e não me aconteceu nada nem nenhum programa de segurança me alertou para qualquer malware.
No log do HJT também não vejo razão para se preocupar.
Em último caso porque não contactar a Inforlândia?

A heuristic detection might be a false identification if one or more of the following are true:
- The site hosting the detected file has been accessed for a very long time and is known to the user
- The detected file is from a trustworthy source
Em:
http://www.avira.com/en/threats/section/fulldetails/id_vir/4142/heur_html.malware.html

Zee
 
Última edição:
Boas,
Estou aqui com um pequeno problema com o logitech setpoint, que deixou de me aparecer as opções de configuração do meu rato, apenas aparece a opção de actualização e de informação. Também problemas com o som, mas já resolvi esse probelama. Já desinstalei, apaguei a pasta, corri o anti-virus e voltei a instalar e nada.

Deixo aqui o log do Hijackthis, para se alguém me conseguem ajudar.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:01:39, on 07-08-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programas\McAfee.com\Agent\mcagent.exe
C:\Programas\ASUS\Ai Booster\OverClk.exe
C:\Programas\Keyboard Driver\OEMDriver.exe
C:\Programas\Mozilla Thunderbird\thunderbird.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programas\DNA\btdna.exe
C:\Programas\Nuria\Nuria.exe
C:\Programas\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
C:\Programas\Ninja\ninja.exe
C:\Programas\Stardock\ObjectDock\ObjectDock.exe
C:\Programas\Ficheiros comuns\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\FICHEI~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\FICHEI~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Programas\McAfee\MPF\MPFSrv.exe
C:\Programas\McAfee\MSK\MskSrver.exe
C:\Programas\Microsoft SQL Server\MSSQL.1\OLAP\bin\msmdsrv.exe
C:\Programas\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programas\Windows Live\Messenger\msnmsgr.exe
C:\Programas\Trend Micro\HijackThis\HijackThis.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programas\Logitech\SetPoint\SetPoint.exe
C:\Programas\Ficheiros comuns\Logitech\KhalShared\KHALMNPR.EXE
C:\Programas\Mozilla Firefox\firefox.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://g.live.com/9uxp9en-us/hpg_lnk2
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programas\McAfee\VirusScan\scriptsn.dll
O4 - HKLM\..\Run: [mcagent_exe] C:\Programas\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Programas\ASUS\Ai Booster\OverClk.exe"
O4 - HKLM\..\Run: [KBDriver] C:\Programas\Keyboard Driver\OEMDriver.exe
O4 - HKLM\..\Run: [Thunderbird] "C:\Programas\Mozilla Thunderbird\thunderbird.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\RunOnce: [LogiSPSetupNeedReboot] rundll32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Programas\DNA\btdna.exe"
O4 - HKCU\..\Run: [Nuria] C:\Programas\Nuria\Nuria.exe
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Programas\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Serviço de rede')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Registo de Produto da Logitech.lnk = C:\Programas\Ficheiros comuns\LogiShared\eReg\SetPoint\eReg.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Programas\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programas\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: ninja.lnk = C:\Programas\Ninja\ninja.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programas\Ficheiros comuns\EPSON\EBAPI\SAgent2.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\FICHEI~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHEI~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Programas\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Programas\McAfee\MSK\MskSrver.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programas\Ficheiros comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programas\PC Connectivity Solution\ServiceLayer.exe

Desde já obrigado.
 
Boas,
Estou aqui com um pequeno problema com o logitech setpoint,...
Desde já obrigado.
Já reiniciou o sistema depois da última reinstalação do software Logitech?
Se não o fez, faça-o e teste antes de irmos ao passo seguinte.

Não sei se vai ajudar mas tente limpar estas entradas com o HJT:

O4 - HKLM\..\RunOnce: [LogiSPSetupNeedReboot] rundll32.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Serviço de rede')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

Este não sei o que é mas fica ao seu critério, dependo de o ter instalado ou não:

O4 - Global Startup: ninja.lnk = C:\Programas\Ninja\ninja.exe

Depois reinicie e teste.

Eventualmente terá de reinstalar o software Logitech.

Zee
 
Boas,

Este não sei o que é mas fica ao seu critério, dependo de o ter instalado ou não:

O4 - Global Startup: ninja.lnk = C:\Programas\Ninja\ninja.exe

Zee

É um programa para remover virus de pen's, podes ver nesta thread.

Fiz o seguinte:

Fixei aqueles quatro itens indicados;
Reiniciei;
Desinstalei o software da logitech e reiniciei;
Voltei a instalar a versão mais recente do software e reiniciei;
Abri o programa mas está igual.

Deixo aqui o log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:38:42, on 07-08-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programas\McAfee.com\Agent\mcagent.exe
C:\Programas\ASUS\Ai Booster\OverClk.exe
C:\Programas\Keyboard Driver\OEMDriver.exe
C:\Programas\Mozilla Thunderbird\thunderbird.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programas\DNA\btdna.exe
C:\Programas\Nuria\Nuria.exe
C:\Programas\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
C:\Programas\Logitech\SetPoint\SetPoint.exe
C:\Programas\Ninja\ninja.exe
C:\Programas\Stardock\ObjectDock\ObjectDock.exe
C:\Programas\Ficheiros comuns\Logishrd\KHAL2\KHALMNPR.EXE
C:\Programas\Ficheiros comuns\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\FICHEI~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\FICHEI~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Programas\McAfee\MPF\MPFSrv.exe
C:\Programas\McAfee\MSK\MskSrver.exe
C:\Programas\Microsoft SQL Server\MSSQL.1\OLAP\bin\msmdsrv.exe
C:\Programas\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programas\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://g.live.com/9uxp9en-us/hpg_lnk2
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programas\McAfee\VirusScan\scriptsn.dll
O4 - HKLM\..\Run: [mcagent_exe] C:\Programas\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Programas\ASUS\Ai Booster\OverClk.exe"
O4 - HKLM\..\Run: [KBDriver] C:\Programas\Keyboard Driver\OEMDriver.exe
O4 - HKLM\..\Run: [Thunderbird] "C:\Programas\Mozilla Thunderbird\thunderbird.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Programas\DNA\btdna.exe"
O4 - HKCU\..\Run: [Nuria] C:\Programas\Nuria\Nuria.exe
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Programas\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Registo de Produto da Logitech.lnk = C:\Programas\Ficheiros comuns\LogiShared\eReg\SetPoint\eReg.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Programas\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programas\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: ninja.lnk = C:\Programas\Ninja\ninja.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programas\Ficheiros comuns\EPSON\EBAPI\SAgent2.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programas\Ficheiros comuns\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\FICHEI~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHEI~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Programas\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Programas\McAfee\MSK\MskSrver.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programas\Ficheiros comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programas\PC Connectivity Solution\ServiceLayer.exe

Será que a única solução seja formatar?

EDIT: Acho que isto fico assim quando o anti-virus acusou o keyfinder como trojan e eu fiz "trust program"
 
Última edição:
Boas,
...

Será que a única solução seja formatar?

EDIT: Acho que isto fico assim quando o anti-virus acusou o keyfinder como trojan e eu fiz "trust program"
Com o HJT não vai lá.
Se acredita que esteja relacionado com o "keyfinder", altere a configuração no anti-vírus e teste.
Em alternativa coloque um post aqui.

Zee
 
Á cerca de dois dias o meu PC tem uns erros estupidos,
- Carregava no icon da internet e não aparecia nada até que me lembrei de duplica-lo para testar e deu, mas não dá o duplicado, dá é o que eu carregar pela segunda vez, por exemplom reinicio o PC se carregar no original depois tenho que carregar na copia para conseguir ligar à internet, se carregar primeiro na copia depois tenho que carregar no original :S
-O internet explorer deixou de funcionar;
-O firefox por exemplo empanca nos videos do sapo;
-São assim coisas estupidas, faço um uso cuidado do PC, tenho o McAfee, alias original e já é o segundo, porque nunca tive problemas com virus durante cerca de 3/4 anos com este anti-virus...

O log é:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:13:30, on 07-08-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\Programas\CheckPoint\SecuRemote\bin\SR_Service.exe
F:\Programas\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Programas\Ficheiros comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
F:\Programas\Ficheiros comuns\Autodesk Shared\Service\AdskScSrv.exe
F:\Programas\Bonjour\mDNSResponder.exe
F:\WINDOWS\system32\CTsvcCDA.exe
F:\WINDOWS\system32\lkcitdl.exe
F:\WINDOWS\system32\lkads.exe
F:\WINDOWS\system32\lktsrv.exe
f:\programas\mcafee.com\agent\mcdetect.exe
f:\PROGRA~1\mcafee.com\vso\mcshield.exe
f:\PROGRA~1\mcafee.com\agent\mctskshd.exe
F:\Programas\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe
F:\WINDOWS\Explorer.EXE
F:\Programas\CheckPoint\SecuRemote\bin\SR_GUI.Exe
F:\Programas\National Instruments\Shared\Security\nidmsrv.exe
F:\WINDOWS\system32\nisvcloc.exe
F:\PROGRA~1\NowSMS\SMSGWNT.EXE
F:\WINDOWS\system32\nvsvc32.exe
F:\PROGRA~1\NowSMS\SMSGWS.EXE
f:\Programas\Microsoft SQL Server\90\Shared\sqlwriter.exe
F:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\RUNDLL32.EXE
F:\Programas\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
F:\Programas\McAfee.com\VSO\mcvsshld.exe
F:\Programas\McAfee.com\VSO\oasclnt.exe
f:\programas\mcafee.com\agent\mcagent.exe
f:\progra~1\mcafee.com\vso\mcvsescn.exe
F:\Programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
F:\Programas\Java\jre1.6.0_07\bin\jusched.exe
F:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe
F:\Programas\Microsoft Office\Office12\GrooveMonitor.exe
F:\Programas\CyberLink\PowerDVD8\PDVD8Serv.exe
F:\Programas\iTunes\iTunesHelper.exe
F:\Programas\MSN Messenger\MsnMsgr.Exe
F:\Programas\Ficheiros comuns\Nero\Lib\NMBgMonitor.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Programas\Ficheiros comuns\Nero\Lib\NMIndexingService.exe
F:\Programas\Ficheiros comuns\Nero\Lib\NMIndexStoreSvr.exe
F:\Programas\SAGEM\SAGEM F@st 800-840\dslmon.exe
f:\progra~1\mcafee.com\vso\mcvsftsn.exe
F:\Programas\iPod\bin\iPodService.exe
F:\Programas\Messenger\msmsgs.exe
F:\Programas\Ficheiros comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
F:\WINDOWS\system32\wuauclt.exe
F:\Programas\Mozilla Firefox\firefox.exe
F:\Programas\MSN Messenger\usnsvc.exe
F:\Programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sapo.pt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
F2 - REG:system.ini: UserInit=Userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\Programas\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Programas\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ActivationManager module - {86A44EF7-78FC-4e18-A564-B18F806F7F56} - F:\Programas\ActivationManager\ActivationManager.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - F:\Programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - F:\Programas\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - f:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - F:\Programas\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTSysVol] F:\Programas\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] F:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [VSOCheckTask] "F:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] F:\Programas\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] F:\Programas\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] f:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] f:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "F:\Programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] F:\PROGRA~1\FICHEI~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Programas\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "F:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "F:\Programas\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] F:\Programas\Ficheiros comuns\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "F:\Programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [RemoteControl8] F:\Programas\CyberLink\PowerDVD8\PDVD8Serv.exe
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] F:\Programas\CyberLink\PowerDVD8\Language\Language.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] F:\Programas\Ficheiros comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Programas\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "F:\Programas\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MsnMsgr] "F:\Programas\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AlcoholAutomount] "F:\Programas\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "F:\Programas\Ficheiros comuns\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] F:\Programas\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] F:\Programas\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: DSLMON.lnk = F:\Programas\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: Append to existing PDF - res://F:\Programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://F:\Programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://F:\Programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://F:\Programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://F:\Programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://F:\Programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://F:\Programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://F:\Programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://F:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - F:\Programas\Ficheiros comuns\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Programas\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Programas\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - F:\Programas\Ficheiros comuns\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - F:\Programas\Ficheiros comuns\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Programas\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - http://powerchallenge.com/applet/PowerLoader.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {861FDA2A-2B57-4BDA-8B8B-305C9D5D8604} (_Multimedia Player) - http://stream.pussyharem.com/stream/mmp2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EDF113D5-C0A5-4229-875C-8B98A4092A42}: NameServer = 212.55.154.174 212.55.154.190
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\Programas\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\PROGRA~1\FICHEI~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - F:\Programas\Ficheiros comuns\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - F:\Programas\Ficheiros comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - F:\Programas\Ficheiros comuns\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - F:\Programas\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - F:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - F:\Programas\Ficheiros comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - F:\Programas\iPod\bin\iPodService.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - F:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - F:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - F:\WINDOWS\system32\lktsrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - f:\programas\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - f:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - f:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - F:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2008 32-bit 32-bit (mi-raysat_3dsMax2008_32) - Unknown owner - F:\Programas\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - F:\Programas\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - F:\Programas\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - F:\WINDOWS\system32\nisvcloc.exe
O23 - Service: NMIndexingService - Nero AG - F:\Programas\Ficheiros comuns\Nero\Lib\NMIndexingService.exe
O23 - Service: Now SMS/MMS Gateway (NowSMS) - Unknown owner - F:\PROGRA~1\NowSMS\SMSGWNT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - F:\Programas\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Check Point VPN-1 Securemote service (SR_Service) - Check Point Software Technologies - F:\Programas\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point VPN-1 Securemote watchdog (SR_Watchdog) - Check Point Software Technologies - F:\Programas\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - F:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 14961 bytes


Se alguem puder dar uma olhadela :S
 
Á cerca de dois dias o meu PC tem uns erros estupidos,
...
Se alguem puder dar uma olhadela :S
Descarregue e instale os seguintes programas:

A versão Slim do CCleaner (sem toolbar, em Inglês):
http://www.ccleaner.com/download/builds.aspx

SUPERAntiSpyware FREE

Depois de instalados os programas acima, encerre todos os programas e browsers, seleccione as seguintes entradas para limpar com o HJT:

F2 - REG:system.ini: UserInit=Userinit.exe
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ActivationManager module - {86A44EF7-78FC-4e18-A564-B18F806F7F56} - F:\Programas\ActivationManager\ActivationManager.d ll
O4 - HKLM\..\Run: [UpdReg] F:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] \"F:\Programas\Java\jre1.6.0_07\bin\jusched.exe \"
O4 - HKLM\..\Run: [TkBellExe] \"F:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe\" -osboot
O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - http://powerchallenge.com/applet/PowerLoader.cab
O16 - DPF: {861FDA2A-2B57-4BDA-8B8B-305C9D5D8604} (_Multimedia Player) - http://stream.pussyharem.com/stream/mmp2.cab

Faça a limpeza e reinicie o sistema em Modo de Segurança (pressione F8 ao iniciar).

Assegure-se que pode ver todas as pastas e ficheiros, e apague a seguinte pasta:

F:\Programas\ActivationManager\

Arranque com o CCleaner usando o ícone no ambiente de trabalho, seleccione todas as entradas nos separadores Windows e Applications e clique no botão Run cleaner.

Terminada a limpeza reinicie o sistema em Modo Normal.

Arranque o SUPERAntiSpyware utilizando o ícone criado no ambiente de trabalho.

Actualize as definições clicando no botão Check for Updates...

Terminada a actualização clique em Preferences, depois no separador Scanning Control, em Scanner Options, assegure-se que selecciona

- Close browsers before scanning.
- Scan for tracking cookies.
- Terminate memory threats before quarantining.

E desmarque todos os outros. Agora clique em Close para sair deste menu.

Clique em Scan your Computer..., seleccione Perform Complete Scan, clique em Next e aguarde pacientemente até lhe ser apresentado um relatório dos itens encontrados. Clique em OK e Next para confirmar a limpeza.

Encerre o programa, reinicie o PC e teste.

Diga-nos se resultou.

Zee
 
Última edição:
boas pessoal, por favor ajudem, abro o gestor de tarefas e n fecha, fica na parte da utilizaçao de cpu e memoria
ta aqui o log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:40:22, on 07-08-2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=pt_pt&c=81&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=pt_pt&c=81&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=pt_pt&c=81&bd=Pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Serviço de rede')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E768D3BE-491A-47A6-A924-CC9EB6C62D2E}: NameServer = 192.168.2.1,192.168.2.0
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8160 bytes



agradeço qualquer ajuda
 
Comecemos pelo básico.

Descarregar e instalar os seguintes programas:

O CCleaner e SUPERAntiSpyware FREE.

Arranquem o CCleaner usando o ícone no ambiente de trabalho, não alterem as opções selecionadas por defeito e cliquem no botão Run cleaner.

Terminada a limpeza reiniciem o sistema.

Arranquem o SUPERAntiSpyware utilizando o ícone criado no ambiente de trabalho.

Actualizem as definições clicando no botão Check for Updates...

Terminada a actualização cliquem em Preferences, depois no separador Scanning Control, em Scanner Options, assegurem-se que selecionam:

- Close browsers before scanning.
- Scan for tracking cookies.
- Terminate memory threats before quarantining.

E desmarquem todos os outros. Agora cliquem em Home para sairmos deste menu.

Selecionem Complete Scan, cliquem em Scan your Computer... e aguardem pacientemente até lhe ser apresentado um relatório dos itens encontrados. Cliquem em Next e Remove Threats para confirmar a limpeza.

Encerrem o programa, reiniciem o PC e testem.

Se usarem o Spybot S&D e/ou o SpywareBlaster, desactivem todas as imunizações antes de fazer o scan com o SUPERAntiSpyware.

Digam se resultou.
 
Última edição:
:( não parece que tenha resultado, continuo com os mesmos problemas, aqui fica o novo log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:21:13, on 08-08-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\Programas\CheckPoint\SecuRemote\bin\SR_Service.exe
F:\Programas\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Programas\Ficheiros comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
F:\Programas\Ficheiros comuns\Autodesk Shared\Service\AdskScSrv.exe
F:\Programas\Bonjour\mDNSResponder.exe
F:\WINDOWS\system32\CTsvcCDA.exe
F:\WINDOWS\system32\lkcitdl.exe
F:\WINDOWS\system32\lkads.exe
F:\WINDOWS\system32\lktsrv.exe
f:\programas\mcafee.com\agent\mcdetect.exe
f:\PROGRA~1\mcafee.com\vso\mcshield.exe
f:\PROGRA~1\mcafee.com\agent\mctskshd.exe
F:\Programas\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe
F:\Programas\National Instruments\Shared\Security\nidmsrv.exe
F:\WINDOWS\system32\nisvcloc.exe
F:\PROGRA~1\NowSMS\SMSGWNT.EXE
F:\WINDOWS\Explorer.EXE
F:\Programas\CheckPoint\SecuRemote\bin\SR_GUI.Exe
F:\WINDOWS\system32\nvsvc32.exe
F:\PROGRA~1\NowSMS\SMSGWS.EXE
f:\Programas\Microsoft SQL Server\90\Shared\sqlwriter.exe
F:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\RUNDLL32.EXE
F:\Programas\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
F:\Programas\McAfee.com\VSO\mcvsshld.exe
F:\Programas\McAfee.com\VSO\oasclnt.exe
F:\PROGRA~1\mcafee.com\agent\mcagent.exe
f:\progra~1\mcafee.com\vso\mcvsescn.exe
F:\Programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
F:\Programas\Microsoft Office\Office12\GrooveMonitor.exe
F:\Programas\CyberLink\PowerDVD8\PDVD8Serv.exe
F:\Programas\iTunes\iTunesHelper.exe
F:\Programas\Ficheiros comuns\Nero\Lib\NMBgMonitor.exe
F:\WINDOWS\system32\ctfmon.exe
F:\WINDOWS\system32\wuauclt.exe
F:\Programas\SAGEM\SAGEM F@st 800-840\dslmon.exe
F:\Programas\Ficheiros comuns\Nero\Lib\NMIndexingService.exe
F:\Programas\Ficheiros comuns\Nero\Lib\NMIndexStoreSvr.exe
f:\progra~1\mcafee.com\vso\mcvsftsn.exe
F:\Programas\iPod\bin\iPodService.exe
F:\Programas\Messenger\msmsgs.exe
F:\Programas\Ficheiros comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
F:\WINDOWS\system32\wuauclt.exe
F:\Programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sapo.pt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\Programas\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Programas\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - F:\Programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - F:\Programas\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - f:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - F:\Programas\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTSysVol] F:\Programas\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [VSOCheckTask] "F:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] F:\Programas\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] F:\Programas\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] f:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] F:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "F:\Programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] F:\PROGRA~1\FICHEI~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "F:\Programas\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] F:\Programas\Ficheiros comuns\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "F:\Programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [RemoteControl8] F:\Programas\CyberLink\PowerDVD8\PDVD8Serv.exe
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] F:\Programas\CyberLink\PowerDVD8\Language\Language.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] F:\Programas\Ficheiros comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Programas\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "F:\Programas\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MsnMsgr] "F:\Programas\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AlcoholAutomount] "F:\Programas\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "F:\Programas\Ficheiros comuns\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] F:\Programas\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] F:\Programas\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: DSLMON.lnk = F:\Programas\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: Append to existing PDF - res://F:\Programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://F:\Programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://F:\Programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://F:\Programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://F:\Programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://F:\Programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://F:\Programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://F:\Programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://F:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - F:\Programas\Ficheiros comuns\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Programas\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Programas\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - F:\Programas\Ficheiros comuns\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - F:\Programas\Ficheiros comuns\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Programas\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EDF113D5-C0A5-4229-875C-8B98A4092A42}: NameServer = 212.55.154.174 212.55.154.190
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\Programas\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\PROGRA~1\FICHEI~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - F:\Programas\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - F:\Programas\Ficheiros comuns\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - F:\Programas\Ficheiros comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - F:\Programas\Ficheiros comuns\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - F:\Programas\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - F:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - F:\Programas\Ficheiros comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - F:\Programas\iPod\bin\iPodService.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - F:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - F:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - F:\WINDOWS\system32\lktsrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - f:\programas\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - f:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - f:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - F:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2008 32-bit 32-bit (mi-raysat_3dsMax2008_32) - Unknown owner - F:\Programas\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - F:\Programas\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - F:\Programas\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - F:\WINDOWS\system32\nisvcloc.exe
O23 - Service: NMIndexingService - Nero AG - F:\Programas\Ficheiros comuns\Nero\Lib\NMIndexingService.exe
O23 - Service: Now SMS/MMS Gateway (NowSMS) - Unknown owner - F:\PROGRA~1\NowSMS\SMSGWNT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - F:\Programas\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Check Point VPN-1 Securemote service (SR_Service) - Check Point Software Technologies - F:\Programas\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point VPN-1 Securemote watchdog (SR_Watchdog) - Check Point Software Technologies - F:\Programas\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - F:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 14211 bytes
 
Os problemas que descreveu não podem ser resolvidos com o HJT.

Provavelmente terá que reparar a instalação do Windows mas sugiro que coloque um post aqui.

Zee
 
Peço desculpa por ter dado uma resposta só hoje mas só foi por falta de tempo.

Para mim, e considerando o historial que reporta, é um falso positivo.
Já visitei o site e não me aconteceu nada nem nenhum programa de segurança me alertou para qualquer malware.
No log do HJT também não vejo razão para se preocupar.
Em último caso porque não contactar a Inforlândia?

A heuristic detection might be a false identification if one or more of the following are true:
- The site hosting the detected file has been accessed for a very long time and is known to the user
- The detected file is from a trustworthy source
Em:
http://www.avira.com/en/threats/section/fulldetails/id_vir/4142/heur_html.malware.html

Zee

Antes de contactar a ***** e de certa forma causar algum alarme, algo que foi muito ponderado antes sequer de colocar esta questão neste fórum, estive a pensar no que poderia ser a origem esta situação pois noutros computadores de pessoas amigas verificava da parte deles estava tudo aparentemente bem.

Então lembrei-me de que provávelmente seria o comportamente do browser o causador de toda esta confusão. O que de comúm tinha entre eles, era um add-on do Firefox KeyScrambler Personal. Então decidi desinstalá-lo e experimentar de novo aceder ao site da *****.

Pois bem, desta vez nada de anormal se passou. Desapareceram os alertas que referi nos post anteriores, mesmo com o Avira ou mesmo com o Kaspersky.

Fiz scan's em modo de segurança e com o restauro do sistema desactivado, com os AV's e com o SuperAntiSpyware dando resultados nulos.

Finalmente efectuei mais um scan com o HijackThis, que é o seguinte:

====================================================================================================

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:11:24, on 07-08-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programas\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Programas\Avira\AntiVir PersonalEdition Premium\avguard.exe
C:\Programas\Avira\AntiVir PersonalEdition Premium\avesvc.exe
C:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programas\cFosSpeed\spd.exe
C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programas\No-IP\DUC20.exe
C:\Programas\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Programas\UpsPilot\monitor.exe
C:\Programas\UpsPilot\jre\bin\javaw.exe
C:\Programas\Avira\AntiVir PersonalEdition Premium\avmailc.exe
C:\Programas\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
C:\Programas\Unlocker\UnlockerAssistant.exe
C:\Programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programas\HP\HP Software Update\HPWuSchd2.exe
C:\Programas\UpsPilot\Winpower.exe
C:\Programas\cFosSpeed\cFosSpeed.exe
C:\Programas\Avira\AntiVir PersonalEdition Premium\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programas\PeerGuardian2\pg2.exe
C:\Programas\UpsPilot\jre\bin\javaw.exe
C:\Programas\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programas\Microsoft ActiveSync\Wcescomm.exe
C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\sistray.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Programas\Raxco\PerfectDisk\PDEngine.exe
C:\Programas\UpsPilot\wpRMI.exe
C:\Programas\UpsPilot\jre\bin\javaw.exe
C:\Programas\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programas\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [HP Software Update] C:\Programas\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Winpower] C:\Programas\UpsPilot\Winpower.exe
O4 - HKLM\..\Run: [cFosSpeed] C:\Programas\cFosSpeed\cFosSpeed.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [avgnt] "C:\Programas\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Programas\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programas\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programas\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Criar Favorito Móvel... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O16 - DPF: {4E592651-4590-11D6-BC20-00C095EEAD5D} - https://www.mbnet.pt/sidebar/mbnetsidebar.cab
O16 - DPF: {C014B140-3835-11D6-BC1D-00C095EEAD5D} - https://www.mbnet.pt/sidebar/mbnetrsidebar.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Programas\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Programas\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programas\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Programas\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Programas\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
O23 - Service: Avira AntiVir Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Programas\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Programas\cFosSpeed\spd.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: NoIPDUCService - Vitalwerks LLC - C:\Programas\No-IP\DUC20.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Programas\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Programas\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Winpowermanager - Macrovision - C:\Programas\UpsPilot\manager.exe
O23 - Service: Winpowermonitor - Macrovision - C:\Programas\UpsPilot\monitor.exe
O23 - Service: WinpowerRMI - Macrovision - C:\Programas\UpsPilot\wpRMI.exe

--
End of file - 7326 bytes

====================================================================================================


A partir deste momento penso que o problema terá sido ultrapassado mas agradecia a vossa opinião para que possa estar um pouco mais descansado.

Fiz alguma pesquisa da net de algum problema relacionado ou semelhante. Se bem me lembro, apenas encontrei algumas referências ao KeyScrambler no fórum Avira mas não percebi o contexto.

Agradeço desde já, independentemente de quem responder, a ajuda solícita do BlueZee.

Um abraço.
 
...
Um abraço.
Parabéns pelo trabalho de investigação realizado e conclusões que tirou.

No meu entender parece-me que terá acertado em cheio considerando as funções do add-on e a funcionalidade heurística do Avira.

Por isso, e sem dúvida, o log que colocou acima está limpo e não vejo razões para se preocupar.

Zee
 
ja agora podiam analisar aqui o meu log para ver se esta tudo em ordem...
...
Não parece ter nada de anormal. Tem algum problema?

Sugiro limpe estas entradas com o HJT:

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Serviço de rede')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O20 - Winlogon Notify: vtULffdb - vtULffdb.dll (file missing)

Depois o básico, que pode ver aqui.

Zee
 
Back
Topo