Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Entre para seguir isso  
ingridviana

Virus Hotmail

Recommended Posts

Olá,

Tudo bem?

Eu estou com um vírus no meu computador, aquele de hotmail que manda e-mails com vírus pra todo mundo da minha lista e alguns que não tenho na minha lista e todo dia, já passei dois anti vírus (o mcafee e o avast) ele ate encontrou alguns, mas o problema persistiu, ontem eu não entrei na internet e meu computador estava desligado e mesmo assim mandei e-mails.

Esse aqui é o log gerado pelo dds.txt:

.

DDS (Ver_11-03-05.01) - NTFS_AMD64

Run by Ingrid at 17:20:52,21 on 08/04/2011

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.55.1046.18.4063.1584 [GMT -3:00]

.

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

AV: McAfee Anti-Virus e Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee Anti-Virus e Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\PROGRA~2\GbPlugin\GbpSv.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\System32\svchost.exe -k yksvcs

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe

C:\Windows\SysWOW64\svchost.exe -k Akamai

C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe

C:\Windows\system32\rundll32.exe

C:\Windows\SysWOW64\rundll32.exe

c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe

C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe

C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe

C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe

C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Sony\VAIO Care\VAIOCareService.exe

C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe

C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe

C:\Windows\SysWOW64\DllHost.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe

C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe

C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe

C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe

C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files (x86)\Sony\Media Gallery\ElbServer.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Sony\VAIO Care\VCsystray.exe

C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe

C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe

C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe

C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe

C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe

C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe

C:\Windows\sysWOW64\wbem\wmiprvse.exe

C:\Program Files\Sony\VAIO Power Management\SPMService.exe

C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Sony\VAIO Personalization Manager\VpmLM.exe

C:\Windows\sysWOW64\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

C:\Windows\system32\DllHost.exe

C:\Users\Ingrid\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Ingrid\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Ingrid\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Ingrid\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Users\Ingrid\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Ingrid\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Ingrid\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Ingrid\Desktop\dds.pif

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2567694

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT

uInternet Settings,ProxyServer = 10.65.1.10:3128

uInternet Settings,ProxyOverride = <local>

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20101105121108.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Auxiliar de Conexão do Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

BHO: GbIehObj Class: {c41a1c0e-ea6c-11d4-b1b8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

uRun: [Elbserver] C:\Program Files (x86)\Sony\Media Gallery\ElbServer.exe /Stay

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [Google Update] "C:\Users\Ingrid\AppData\Local\Google\Update\GoogleUpdate.exe" /c

mRun: [LaunchUserRequestedPrograms] "C:\Program Files\Sony\First Experience\Miniprogram.exe"

mRun: [RegistrationReminder] "C:\Program Files\Sony\First Experience\OOBEFcdRegistration.exe"

mRun: [smartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup

mRun: [VAIOSurvey] "C:\Program Files (x86)\Sony\VAIO Survey\VAIO Sat Survey.exe"

mRun: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"

mRun: [sHTtray.exe] C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

StartupFolder: C:\Users\Ingrid\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RECORT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\EA_RES~1.LNK - C:\Users\Ingrid\AppData\Local\Temp\AutoRun.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SERVID~1.LNK - C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200

IE: E&xportar para o Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: Enviar imagem para Dispositivo &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Enviar página para Dispositivo &Bluetooth ... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html

IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

Trusted Zone: bancobrasil.com.br\www

Trusted Zone: bancobrasil.com.br\www14

Trusted Zone: bancobrasil.com.br\www2

Trusted Zone: bb.com.br\www

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll

Notify: VESWinlogon - VESWinlogon.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

SEH: GbPluginObj Class: {e37cb5f0-51f5-4395-a808-5fa49e399f83} - C:\Program Files (x86)\GbPlugin\gbieh.dll

{27B4851A-3207-45A2-B947-BE8AFE6163AB}

{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}

{7DB2D5A0-7241-4E79-B68D-6309F01C5231}

{9030D464-4C02-4ABF-8ECC-5164760863C6}

{AA58ED58-01DD-4d91-8333-CF10577473F7}

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}

{B164E929-A1B6-4A06-B104-2CD0E90A88FF}

{DBC80044-A445-435b-BC74-9C25C1C588A9}

{32099AAC-C132-4136-9E9A-4E364A424E17}

{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}

{2318C2B1-4965-11d4-9B18-009027A5CD4F}

{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}

TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

mRun-x64: [skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe

mRun-x64: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun-x64: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe

mRun-x64: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2010-5-31 529128]

R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2010-8-17 283360]

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-10-27 55280]

R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-4-5 505176]

R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-4-5 280408]

R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\System32\drivers\mfenlfk.sys [2010-8-17 75032]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]

R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-12-8 169312]

R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 27136]

R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-4-5 22360]

R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-4-5 64344]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-4-5 42184]

R2 GbpSv;Gbp Service;C:\PROGRA~2\GbPlugin\GbpSv.exe [2011-3-27 57120]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-8-17 355440]

R2 McMPFSvc;McAfee Serviço Personal Firewall;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-8-17 355440]

R2 McNaiAnn;McAfee VirusScan Announcer;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-8-17 355440]

R2 McProxy;McAfee Proxy Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-8-17 355440]

R2 McShield;McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2010-8-17 200056]

R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2010-8-17 245352]

R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-8-17 149032]

R2 mi-raysat_3dsMax2009_64;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 64-bit 64-bit;C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe [2008-3-10 65536]

R2 rimspci;rimspci;C:\Windows\System32\drivers\rimssne64.sys [2009-8-18 91648]

R2 risdsnpe;risdsnpe;C:\Windows\System32\drivers\risdsne64.sys [2009-8-18 75776]

R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2009-10-27 19968]

R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2009-8-18 35104]

R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2010-8-17 62800]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2010-8-17 190136]

R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2010-8-17 441328]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2009-6-7 5435904]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2009-8-18 83488]

R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2009-8-18 11392]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-8-18 393216]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-10-27 133104]

S2 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-6-26 362992]

S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-3-30 1436424]

S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2010-8-17 94864]

S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-6-26 313840]

S3 SampleCollector;Intel® Sample Collector;C:\Program Files\Sony\VAIO Care\collsvc.exe [2010-2-27 167424]

.

=============== File Associations ===============

.

.scr=Ecotect Script

.

=============== Created Last 30 ================

.

2011-04-08 18:25:58 -------- d-----w- C:\Program Files\CCleaner

2011-04-08 18:08:16 -------- d-----w- C:\Users\Ingrid\AppData\Local\Windows Live

2011-04-06 00:18:12 505176 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2011-04-06 00:18:10 64344 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2011-04-06 00:17:40 40648 ----a-w- C:\Windows\avastSS.scr

2011-04-06 00:17:30 -------- d-----w- C:\Program Files\AVAST Software

2011-04-06 00:17:30 -------- d-----w- C:\PROGRA~3\AVAST Software

2011-04-05 23:50:27 -------- d-sh--w- C:\$RECYCLE.BIN

2011-04-05 23:35:00 98816 ----a-w- C:\Windows\sed.exe

2011-04-05 23:35:00 89088 ----a-w- C:\Windows\MBR.exe

2011-04-05 23:35:00 256512 ----a-w- C:\Windows\PEV.exe

2011-04-05 23:35:00 161792 ----a-w- C:\Windows\SWREG.exe

2011-04-05 23:34:27 -------- d-----w- C:\ComboFix

2011-03-30 21:39:45 -------- d-----w- C:\Program Files\Common Files\Macrovision Shared

2011-03-27 19:32:06 47008 ----a-w- C:\Windows\SysWow64\drivers\gbpkm.sys

2011-03-27 19:31:38 -------- d-----w- C:\Program Files (x86)\GbPlugin

2011-03-27 19:31:38 -------- d-----w- C:\PROGRA~3\GbPlugin

.

==================== Find3M ====================

.

2011-02-19 06:37:44 1135104 ----a-w- C:\Windows\System32\FntCache.dll

2011-02-19 06:37:10 1540608 ----a-w- C:\Windows\System32\DWrite.dll

2011-02-19 06:36:49 902656 ----a-w- C:\Windows\System32\d2d1.dll

2011-02-19 05:32:48 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll

2011-02-19 05:32:35 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll

2011-02-03 00:40:23 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2011-01-26 06:53:10 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys

2011-01-26 06:53:10 265088 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys

2011-01-26 06:31:20 144384 ----a-w- C:\Windows\System32\cdd.dll

2011-01-26 04:05:27 3766 --sha-w- C:\PROGRA~3\KGyGaAvL.sys

2011-01-26 04:05:24 168 --sh--r- C:\PROGRA~3\08DE554F04.sys

.

============= FINISH: 17:24:50,55 ===============

O relátorio attach.txt:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_11-03-05.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 27/01/2010 14:02:39

System Uptime: 08/04/2011 14:56:39 (3 hours ago)

.

Motherboard: Sony Corporation | | VAIO

Processor: Intel® Core2 Duo CPU P7450 @ 2.13GHz | N/A | 2133/266mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 284 GiB total, 123,847 GiB free.

E: is Removable

F: is Removable

G: is CDROM ()

H: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description: Dispositivo Periférico Bluetooth

Device ID: BTHENUM\{DB1D8F12-95F3-402C-9B97-BC504C9A55C4}_LOCALMFG&000F\7&271D535E&0&0017D5A1D06B_C00000000

Manufacturer:

Name: Dispositivo Periférico Bluetooth

PNP Device ID: BTHENUM\{DB1D8F12-95F3-402C-9B97-BC504C9A55C4}_LOCALMFG&000F\7&271D535E&0&0017D5A1D06B_C00000000

Service:

.

==== System Restore Points ===================

.

RP200: 24/03/2011 16:43:51 - Windows Update

RP201: 28/03/2011 20:02:48 - Installed Java 6 Update 24

RP202: 05/04/2011 00:00:08 - Ponto de Verificação Agendado

RP203: 05/04/2011 21:16:53 - avast! Free Antivirus Setup

RP204: 08/04/2011 15:05:11 - Windows Update

.

==== Installed Programs ======================

.

.

3DPaintBrush

3dsmax ancillary install

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Photoshop Elements 7.0

Adobe Premiere Elements 7.0

Adobe Premiere Elements 7.0 Templates

Adobe Reader 9.4.0 - Português

Adobe Shockwave Player 11.5

Akamai NetSession Interface

ArcSoft Magic-i Visual Effects 2

ArcSoft WebCam Companion 3

Assassin's Creed

µTorrent

Atualização do produto Microsoft Office Excel 2007 Help (KB963678)

Atualização do produto Microsoft Office Outlook 2007 Help (KB963677)

Atualização do produto Microsoft Office Powerpoint 2007 Help (KB963669)

Atualização do produto Microsoft Office Word 2007 Help (KB963665)

Autodesk DWF Viewer 7

Autodesk Ecotect Analysis 2010

Autodesk Ecotect Shared Components

Autodesk Material Library 2011

Autodesk Material Library 2011 Base Image library

Autodesk Material Library 2011 Medium Image library

avast! Free Antivirus

Backburner

Click to Disc

Click to Disc Editor

Content

Corel Painter 11

Corel Painter 11 - ICA

Corel Painter 11 - IPM

Corel Painter Essentials 4

DAEMON Tools Toolbar

Desktop Radiance 2.0 BETA

DWG to PDF Converter 2010 MX v5.2

Fable - The Lost Chapters

FBX Plugin 2006.08 for Max 9.0

Ferramenta de Carregamento do Windows Live

Ferramenta de Restauração de Dados VAIO

Firefox Unesp p0.1

Free Mp3 Wma Converter V 1.94

Gerenciador de Downloads da EA

Google Chrome

Google Earth

Google SketchUp 7

Google Toolbar for Internet Explorer

Google Update Helper

Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)

Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)

Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)

Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)

Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)

Hotfix for Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (KB944899)

IconHandler 32 bit

Java Auto Updater

Java 6 Update 24

K-Lite Mega Codec Pack 5.7.0

Langauge

McAfee SecurityCenter

Media Gallery

Microsoft Choice Guard

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Access MUI (Portuguese (Brazil)) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (Portuguese (Brazil)) 2007

Microsoft Office Groove MUI (Portuguese (Brazil)) 2007

Microsoft Office Home and Student 2007

Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007

Microsoft Office Live Add-in 1.5

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007

Microsoft Office PowerPoint Viewer 2007 (Portuguese (Brazil))

Microsoft Office Proof (English) 2007

Microsoft Office Proof (Portuguese (Brazil)) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (Portuguese (Brazil)) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007

Microsoft Office Shared MUI (Portuguese (Brazil)) 2007

Microsoft Office Suite Activation Assistant

Microsoft Office Word MUI (Portuguese (Brazil)) 2007

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 x86 ATL Runtime 9.0.30729

Microsoft Visual C++ 2008 x86 CRT Runtime 9.0.30729

Microsoft Visual C++ 2008 x86 MFC Runtime 9.0.30729

Microsoft Visual C++ 2008 x86 OpenMP Runtime 9.0.30729

Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU Service Pack 1 (KB945140)

Microsoft Visual Studio Tools for Applications 2.0 - ENU

Microsoft Visual Studio Tools for Applications 2.0 Runtime

Microsoft Works

Microsoft WSE 3.0 Runtime

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Music Transfer

Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0

Pacote de Compatibilidade para o sistema Office 2007

Picasa 3

PokerStars

Primo

QuickTime

RealPlayer

Realtek High Definition Audio Driver

RealUpgrade 1.0

Roxio Central Audio

Roxio Central Copy

Roxio Central Core

Roxio Central Data

Roxio Central Tools

Roxio Easy Media Creator 10 LJ

Roxio Easy Media Creator Home

Runtime

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2289158)

Security Update for 2007 Microsoft Office System (KB2344875)

Security Update for 2007 Microsoft Office System (KB2345043)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for Microsoft Office Access 2007 (KB979440)

Security Update for Microsoft Office Excel 2007 (KB2345035)

Security Update for Microsoft Office Groove 2007 (KB2494047)

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB982158)

Security Update for Microsoft Office PowerPoint Viewer (KB2413381)

Security Update for Microsoft Office Publisher 2007 (KB2284697)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2344993)

Setting Utility Series

SketchUp DWG Importer

Skype™ 5.0

SmartSound Quicktracks for Premiere Elements

SmartWi Connection Utility

Sony Home Network Library

Sony Picture Utility

Suplemento Microsoft Salvar como PDF ou XPS para programas do Microsoft Office 2007

SwiftView Viewer

System Requirements Lab

The Sims™ 3

The Sims™ 3 Acelerando Coleção de Objetos

The Sims™ 3 Ambições

The Sims™ 3 Caindo na Noite

The Sims™ 3 Vida ao Ar Livre Coleção de Objetos

The Sims™ 3 Vida em Alto Estilo Coleção de Objetos

The Sims™ 3 Volta ao Mundo

Unity Web Player

Update for 2007 Microsoft Office System (KB2284654)

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft Office OneNote 2007 (KB980729)

Update for Microsoft Office Outlook 2007 (KB2412171)

Update for Outlook 2007 Junk Email Filter (KB2508979)

V-Ray for SketchUp

VAIO Care

VAIO Content Metadata Intelligent Analyzing Manager

VAIO Content Metadata Intelligent Network Service Manager

VAIO Content Metadata Manager Settings

VAIO Content Metadata XML Interface Library

VAIO Content Monitoring Settings

VAIO Control Center

VAIO DVD Menu Data Basic

VAIO Entertainment Platform

VAIO Event Service

VAIO Help and Support

VAIO Media plus

VAIO Media plus Opening Movie

VAIO Movie Story

VAIO Movie Story Template Data

VAIO OOBE and Startup Assistant

VAIO Original Function Settings

VAIO Personalization Manager

VAIO Power Management

VAIO Presentation Support

VAIO Quick Web Access

VAIO Sample Contents

VAIO Survey

VAIO Update 4

VAIO Wallpaper Contents

VBA (2627.01)

Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177

Visual C++ 8.0 Runtime Setup Package (x64)

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Messenger

Windows Live Sync

Xfire (remove only)

.

==== End Of File ===========================

E por ultimo o gmer.txt:

GMER 1.0.15.15570 - http://www.gmer.net

Rootkit scan 2011-04-08 17:05:49

Windows 6.1.7600

Running: gmer.exe

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002433751587

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026433eb658

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00264340186e

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00264340186e@0017d5a1d06b 0xA2 0xA4 0xEC 0x93 ...

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00264340186e@00265f6b76d2 0x35 0x1C 0x46 0x5D ...

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00264340186e@0017d5856c43 0x28 0xFE 0xA5 0x71 ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x90 0x0C 0x4E 0xDF ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x41 0xBE 0x5C 0x06 ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x3F 0xC3 0x0F 0x25 ...

Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002433751587 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026433eb658 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00264340186e (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00264340186e@0017d5a1d06b 0xA2 0xA4 0xEC 0x93 ...

Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00264340186e@00265f6b76d2 0x35 0x1C 0x46 0x5D ...

Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00264340186e@0017d5856c43 0x28 0xFE 0xA5 0x71 ...

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x5A 0xF6 0xB7 0xFB ...

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x41 0xBE 0x5C 0x06 ...

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x3F 0xC3 0x0F 0x25 ...

---- EOF - GMER 1.0.15 ----

Desde já agradeço.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro(a) ingridviana

Recomendo que salve este tópico em seus Favoritos para facilitar na hora de encontrá-lo.

Por favor, atente para o seguinte:

  • Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP);
  • O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
  • Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
  • Sempre coloque suas respostas neste tópico... Não abra outro!
  • Procure sempre me manter informado, durante a remoção, sobre o que acontece com seu computador.
  • Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

# Etapa nº 1 #

Não é uma boa prática de segurança ter tantos programas de proteção como você instalou. Escolha 1 AV e um SP destes:

AV: avast! Antivirus

AV: McAfee Anti-Virus e Anti-Spyware

SP: avast! Antivirus

SP: McAfee Anti-Virus e Anti-Spyware

# Etapa nº 2 #

Você conhece este proxy:

ProxyServer = 10.65.1.10:3128

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • Olá Diego, obrigada pela resposta!

    1º Já desinstalei o avast, ficando assim só com um Av e SP, como recomendado. Eu só baixei o avast porque o McAfee não tinha detectado nada, e eu estou evidentemente com algum malware... Esperança é a última que morre né...

    2º Esse proxy é o que a internet da faculdade usa.

    Abraço! :)

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Cara ingridviana

    Vi que já executou o ComboFix. Por favor, poste o log gerado por ele, se encontra em C:\ComboFix.txt

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Segue o log gerado pelo combofix:

    ComboFix 11-04-04.02 - Ingrid 05/04/2011 20:38:20.1.2 - x64

    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.55.1046.18.4063.1389 [GMT -3:00]

    Executando de: c:\users\Ingrid\Downloads\ComboFix.exe

    AV: McAfee Anti-Virus e Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

    FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

    SP: McAfee Anti-Virus e Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    * AV residente está ativo

    .

    .

    ADS - drivers: deleted 204 bytes in 1 streams.

    .

    ((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    c:\users\Ingrid\AppData\Local\Temp\nss702E.tmp\newadvsplash.dll

    c:\users\Ingrid\AppData\Local\Temp\nss702E.tmp\System.dll

    .

    .

    (((((((((((((((( Arquivos/Ficheiros criados de 2011-03-05 to 2011-04-05 ))))))))))))))))))))))))))))

    .

    .

    2011-04-05 23:46 . 2011-04-05 23:46 -------- d-----w- c:\users\Default\AppData\Local\temp

    2011-03-30 21:39 . 2011-03-30 21:39 -------- d-----w- c:\program files\Common Files\Macrovision Shared

    2011-03-30 21:35 . 2011-03-30 21:35 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0

    2011-03-30 21:32 . 2011-03-30 21:32 -------- d-----w- c:\program files (x86)\Microsoft SDKs

    2011-03-30 21:32 . 2011-03-30 21:32 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 9.0

    2011-03-28 23:04 . 2011-03-28 23:04 -------- d-----w- c:\program files (x86)\Common Files\Java

    2011-03-27 19:32 . 2011-02-24 14:38 47008 ----a-w- c:\windows\SysWow64\drivers\gbpkm.sys

    2011-03-27 19:31 . 2011-03-27 19:32 -------- d-----w- c:\program files (x86)\GbPlugin

    2011-03-27 19:31 . 2011-03-27 19:32 -------- d-----w- c:\programdata\GbPlugin

    2011-03-09 04:48 . 2010-12-18 06:12 3138048 ----a-w- c:\windows\system32\mstscax.dll

    2011-03-09 04:48 . 2010-12-18 06:08 1097216 ----a-w- c:\windows\system32\mstsc.exe

    2011-03-09 04:48 . 2010-12-18 05:30 2690560 ----a-w- c:\windows\SysWow64\mstscax.dll

    2011-03-09 04:48 . 2010-12-18 05:26 1034240 ----a-w- c:\windows\SysWow64\mstsc.exe

    .

    .

    ((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2011-02-03 00:40 . 2010-05-14 22:07 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

    2011-01-26 06:53 . 2011-02-09 11:20 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

    2011-01-26 06:53 . 2011-02-09 11:20 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys

    2011-01-26 06:31 . 2011-02-09 11:20 144384 ----a-w- c:\windows\system32\cdd.dll

    2011-01-26 04:05 . 2010-10-28 21:11 3766 --sha-w- c:\programdata\KGyGaAvL.sys

    2011-01-26 04:05 . 2010-10-28 21:11 168 --sh--r- c:\programdata\08DE554F04.sys

    2011-01-07 08:07 . 2011-02-23 04:20 662528 ----a-w- c:\windows\system32\XpsPrint.dll

    2011-01-07 08:07 . 2011-02-23 04:20 475648 ----a-w- c:\windows\system32\XpsGdiConverter.dll

    2011-01-07 08:06 . 2011-02-09 11:19 46080 ----a-w- c:\windows\system32\atmlib.dll

    2011-01-07 07:31 . 2011-02-23 04:20 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll

    2011-01-07 07:31 . 2011-02-23 04:20 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll

    2011-01-07 07:27 . 2011-02-09 11:19 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

    2011-01-07 05:49 . 2011-02-09 11:19 366080 ----a-w- c:\windows\system32\atmfd.dll

    2011-01-07 05:33 . 2011-02-09 11:19 294400 ----a-w- c:\windows\SysWow64\atmfd.dll

    .

    .

    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

    .

    .

    *Nota* entradas vazias e legítimas por defeito não são mostradas.

    REGEDIT4

    .

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "Elbserver"="c:\program files (x86)\Sony\Media Gallery\ElbServer.exe" [2009-07-21 78184]

    "msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]

    "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]

    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-27 39408]

    "Google Update"="c:\users\Ingrid\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-10-19 136176]

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

    "LaunchUserRequestedPrograms"="c:\program files\Sony\First Experience\Miniprogram.exe" [2009-08-26 68608]

    "RegistrationReminder"="c:\program files\Sony\First Experience\OOBEFcdRegistration.exe" [2009-07-13 268288]

    "SmartWiHelper"="c:\program files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" [2009-09-02 80384]

    "VAIOSurvey"="c:\program files (x86)\Sony\VAIO Survey\VAIO Sat Survey.exe" [2008-07-25 385024]

    "ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-05-26 317288]

    "SHTtray.exe"="c:\program files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe" [2009-07-27 99624]

    "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

    "TkBellExe"="c:\program files (x86)\Common Files\Real\Update_OB\realsched.exe" [2010-03-20 202256]

    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2008-09-06 413696]

    "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-09-30 1484856]

    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

    .

    c:\users\Ingrid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

    Recorte de tela e Iniciador do OneNote 2007.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

    .

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584]

    EA_RESTART_001.lnk - c:\users\Ingrid\AppData\Local\Temp\AutoRun.exe [N/A]

    Servidor de rede.lnk - c:\program files (x86)\WIBUKEY\Server\WkSvMgr.exe [N/A]

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "ConsentPromptBehaviorAdmin"= 5 (0x5)

    "ConsentPromptBehaviorUser"= 3 (0x3)

    "EnableUIADesktopToggle"= 0 (0x0)

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

    2011-02-24 14:38 494880 ----a-w- c:\program files (x86)\GbPlugin\gbieh.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]

    2009-07-01 13:49 98304 ----a-w- c:\windows\System32\VESWinlogon.dll

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

    "mixer4"=wdmaud.drv

    .

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

    @=""

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

    @=""

    .

    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-10-27 133104]

    R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-06-26 362992]

    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

    R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-03-30 1436424]

    R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]

    R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-06-26 313840]

    R3 SampleCollector;Intel® Sample Collector;c:\program files\Sony\VAIO Care\collsvc.exe [2009-09-17 167424]

    R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-06-17 110888]

    R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]

    S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]

    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]

    S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]

    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

    S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-12-08 169312]

    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]

    S2 GbpSv;Gbp Service;c:\progra~2\GbPlugin\GbpSv.exe [2011-02-24 57120]

    S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]

    S2 McMPFSvc;McAfee Serviço Personal Firewall;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]

    S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]

    S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-10-14 245352]

    S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-10-14 149032]

    S2 mi-raysat_3dsMax2009_64;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 64-bit 64-bit;c:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe [2008-03-10 65536]

    S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimssne64.sys [x]

    S2 risdsnpe;risdsnpe;c:\windows\system32\DRIVERS\risdsne64.sys [x]

    S2 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-07-27 120104]

    S2 SOHDBSvr;VAIO Media plus Database Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-07-27 70952]

    S2 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-07-27 427304]

    S2 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-07-27 75048]

    S2 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-07-27 91432]

    S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]

    S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2009-08-22 411496]

    S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-07-22 642920]

    S2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-06-26 468264]

    S2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2009-06-26 357672]

    S2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe [2009-07-14 27136]

    S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]

    S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]

    S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]

    S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]

    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

    S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x]

    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]

    .

    .

    --- =Outros Serviços/Drivers Na Memória ---

    .

    *Deregistered* - mfeavfk01

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

    Akamai REG_MULTI_SZ Akamai

    .

    Conteúdo da pasta 'Tarefas Agendadas'

    .

    2011-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-10-27 09:43]

    .

    2011-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-10-27 09:43]

    .

    2011-04-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1330939343-1529424913-3724159524-1000Core.job

    - c:\users\Ingrid\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-31 20:21]

    .

    2011-04-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1330939343-1529424913-3724159524-1000UA.job

    - c:\users\Ingrid\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-31 20:21]

    .

    .

    --------- x86-64 -----------

    .

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-24 7938080]

    "Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-07-24 1833504]

    "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]

    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-28 16335392]

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

    "LoadAppInit_DLLs"=0x1

    .

    ------- Scan Suplementar -------

    .

    uLocal Page = c:\windows\system32\blank.htm

    uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2567694

    mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT

    mLocal Page = c:\windows\SysWOW64\blank.htm

    uInternet Settings,ProxyServer = 10.65.1.10:3128

    uInternet Settings,ProxyOverride = <local>

    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

    IE: E&xportar para o Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

    IE: Enviar imagem para Dispositivo &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

    IE: Enviar página para Dispositivo &Bluetooth ... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

    IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html

    Trusted Zone: bancobrasil.com.br\www

    Trusted Zone: bancobrasil.com.br\www14

    Trusted Zone: bancobrasil.com.br\www2

    Trusted Zone: bb.com.br\www

    .

    - - - - ORFÃOS REMOVIDOS - - - -

    .

    Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe

    HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

    AddRemove-_{A3CF662F-5DEF-46C0-BAF5-0E00E1B4C5B0} - c:\program files (x86)\Corel\Corel Painter Essentials 4\MSILauncher {A3CF662F-5DEF-46C0-BAF5-0E00E1B4C5B0}

    .

    .

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]

    "ImagePath"="\"c:\program files\Sony\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\""

    .

    --------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

    .

    [HKEY_USERS\S-1-5-21-1330939343-1529424913-3724159524-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*,%ã*T%]

    @Class="Shell"

    .

    [HKEY_USERS\S-1-5-21-1330939343-1529424913-3724159524-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*,%ã*T%\OpenWithList]

    @Class="Shell"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

    @Denied: (A 2) (Everyone)

    @="FlashBroker"

    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

    "Enabled"=dword:00000001

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

    @Denied: (A 2) (Everyone)

    @="Shockwave Flash Object"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"

    "ThreadingModel"="Apartment"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

    @="0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

    @="ShockwaveFlash.ShockwaveFlash.10"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

    @="1.0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

    @="ShockwaveFlash.ShockwaveFlash"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

    @Denied: (A 2) (Everyone)

    @="Macromedia Flash Factory Object"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"

    "ThreadingModel"="Apartment"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

    @="FlashFactory.FlashFactory.1"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

    @="1.0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

    @="FlashFactory.FlashFactory"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

    @Denied: (A 2) (Everyone)

    @="IFlashBroker4"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

    @="{00020424-0000-0000-C000-000000000046}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    "Version"="1.0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

    @Denied: (A) (Users)

    @Denied: (A) (Everyone)

    @Allowed: (B 1 2 3 4 5) (S-1-5-20)

    "BlindDial"=dword:00000000

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

    @Denied: (A) (Users)

    @Denied: (A) (Everyone)

    @Allowed: (B 1 2 3 4 5) (S-1-5-20)

    "BlindDial"=dword:00000000

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

    @Denied: (A) (Users)

    @Denied: (A) (Everyone)

    @Allowed: (B 1 2 3 4 5) (S-1-5-20)

    "BlindDial"=dword:00000000

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

    @Denied: (A) (Users)

    @Denied: (A) (Everyone)

    @Allowed: (B 1 2 3 4 5) (S-1-5-20)

    "BlindDial"=dword:00000001

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

    @Denied: (Full) (Everyone)

    .

    ------------------------ Outros Processos em Execução ------------------------

    .

    c:\program files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe

    c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

    c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

    c:\windows\SysWOW64\rundll32.exe

    c:\program files (x86)\Sony\VAIO Event Service\VESMgr.exe

    c:\program files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

    c:\windows\SysWOW64\DllHost.exe

    c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

    c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe

    c:\program files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

    c:\program files (x86)\Sony\SmartWi Connection Utility\CCP.exe

    c:\program files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe

    c:\program files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe

    c:\program files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe

    c:\program files\Sony\VAIO Personalization Manager\VpmLM.exe

    .

    **************************************************************************

    .

    Tempo para conclusão: 2011-04-05 21:01:56 - Máquina reiniciou

    ComboFix-quarantined-files.txt 2011-04-06 00:01

    .

    Pré-execução: 132.451.774.464 bytes disponíveis

    Pós execução: 132.332.544.000 bytes disponíveis

    .

    - - End Of File - - BE5AFADF44351D287FEFCB63F3B70F44

    :)

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Cara ingridviana

    Delete do combofix.exe:

    Executando de: c:\users\Ingrid\Downloads\ComboFix.exe

    Faça um novo scan de acordo com as instruções abaixo ;)

    Leia as instruções contidas neste link:

    Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

    1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

    [*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).[*]Duplo clique no icone desktopicon.png que está no desktop.[*]Leia e aceite as condições, digitando 1 e enter.[*]Computadores com Windows XP deverão instalar o Console de Recuperação:

    • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
    • Clique em "OK" ao EULA.
    • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

    [*]O ComboFix será executado, por favor seja paciente e aguarde. [*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.[*]Poderá surgir o aviso que é necessário reiniciar o computador.

    NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

    NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

    • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
    • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
    • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Entre para seguir isso  





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×