Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Entre para seguir isso  
vava28

Remover Personal Shield Pro

Recommended Posts

Boa Noite, o falso antivirus Personal Shield Pro faz um scan no meu computador toda fez que ligo ou reinicio, enviando mensagens de possíveis arquivos infectados. Ele não deixa abrir qualquer programa ou arquivo até que complete o scan. Gostaria de saber como remover esse malware ? Segue abaixo os dados solicitados. Desde já agradeço a atenção.

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by Vanessa at 20:07:14 on 2011-09-05

Microsoft Windows 7 Starter 6.1.7601.1.1252.55.1046.18.1643.811 [GMT -3:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k hpdevmgmt

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe

C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\DllHost.exe

C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe

C:\Windows\system32\svchost.exe -k HPService

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\rundll32.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Sony\VAIO Care\VCPerfService.exe

C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Sony\VAIO Care\listener.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10s_ActiveX.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://google.com.br/

uDefault_Page_URL = hxxp://sony.msn.com

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

uRun: [Pbenoc] rundll32.exe "c:\users\vanessa\appdata\local\KBDSTEv.dll",Startup

uRunOnce: [eN15401IoAnB15401] c:\programdata\en15401ioanb15401\eN15401IoAnB15401.exe

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s

mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [smartWiHelper] "c:\program files\sony\smartwi connection utility\SmartWiHelper.exe" /WindowsStartup

mRun: [iSBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"

mRun: [PMBVolumeWatcher] c:\program files\sony\pmb\PMBVolumeWatcher.exe

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xportar para o Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 201.10.1.2 192.168.0.1

TCP: Interfaces\{0A57431C-F3E9-474C-88E6-12740E517BB9} : DhcpNameServer = 192.57.112.29

TCP: Interfaces\{A8ED0A80-B564-4C6F-896B-1D66AD4747C6} : DhcpNameServer = 201.10.1.2 192.168.0.1

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\vanessa\appdata\roaming\mozilla\firefox\profiles\yrrbi7a1.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

.

============= SERVICES / DRIVERS ===============

.

R0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [2011-3-7 63616]

R0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [2011-3-7 32384]

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]

R1 MpKsla994746b;MpKsla994746b;c:\programdata\microsoft\microsoft antimalware\definition updates\{b6ef1ed3-d995-49f4-bf5a-7694a740f4e1}\MpKsla994746b.sys [2011-9-5 28752]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-12-6 176128]

R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ati technologies\ati.ace\fuel\Fuel.Service.exe [2010-11-18 284160]

R2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ati technologies\ati.ace\reservation manager\AMD Reservation Manager.exe [2010-6-17 140224]

R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2010-11-27 398176]

R2 SampleCollector;VAIO Care Performance Service;c:\program files\sony\vaio care\VCPerfService.exe [2011-3-7 187792]

R2 uCamMonitor;CamMonitor;c:\program files\arcsoft\magic-i visual effects 2\uCamMonitor.exe [2011-3-7 104960]

R2 VCFw;VAIO Content Folder Watcher;c:\program files\common files\sony shared\vaio content folder watcher\VCFw.exe [2010-9-27 864000]

R3 amdiox86;AMD IO Driver;c:\windows\system32\drivers\amdiox86.sys [2011-3-7 37944]

R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2010-12-6 6574080]

R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-12-6 229888]

R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [2011-3-7 17408]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-12-6 102416]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2010-11-1 68208]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2011-3-7 186912]

R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2010-6-1 9344]

R3 SpfService;VAIO Entertainment Common Service;c:\program files\common files\sony shared\vaio entertainment platform\spf\SpfService.exe [2010-9-27 222464]

R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2011-3-7 30464]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2011-3-7 297000]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2011-3-7 33320]

S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6032.sys [2009-7-13 214016]

S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-3-7 39272]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]

S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]

S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]

S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]

S3 SOHCImp;VAIO Media plus Content Importer;c:\program files\common files\sony shared\sohlib\SOHCImp.exe [2010-9-10 108400]

S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\common files\sony shared\sohlib\SOHDms.exe [2010-10-12 423280]

S3 SOHDs;VAIO Media plus Device Searcher;c:\program files\common files\sony shared\sohlib\SOHDs.exe [2010-9-10 67952]

S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]

S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]

S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-26 52224]

S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2010-10-25 549168]

S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\sony\vcm intelligent network service manager\VcmINSMgr.exe [2010-10-25 387896]

S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2010-10-25 84256]

S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

.

=============== Created Last 30 ================

.

2011-09-05 22:43:16 -------- d-----w- c:\users\vanessa\appdata\local\{B405AFA0-78A0-4C42-BBED-706060A5F2CF}

2011-09-05 22:43:03 -------- d-----w- c:\users\vanessa\appdata\local\{2EFBD299-2D9E-415F-BF2C-92153D11AD16}

2011-09-05 22:30:09 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{b6ef1ed3-d995-49f4-bf5a-7694a740f4e1}\MpKsla994746b.sys

2011-09-05 15:54:00 -------- d-----w- c:\users\vanessa\appdata\local\{B54B0AB1-B48E-4ACF-AE61-5A61F93E3929}

2011-09-05 15:53:47 -------- d-----w- c:\users\vanessa\appdata\local\{E0551E04-C7B9-4C1C-BDC1-46B6A52B834E}

2011-09-05 01:39:12 7152464 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{b6ef1ed3-d995-49f4-bf5a-7694a740f4e1}\mpengine.dll

2011-09-05 01:29:41 -------- d-----w- c:\users\vanessa\appdata\local\{CC0BD404-A347-4F05-8AF6-4989218F764E}

2011-09-05 01:29:24 -------- d-----w- c:\users\vanessa\appdata\local\{3501910B-667E-47C1-A609-8F58978C8E27}

2011-09-05 01:16:29 -------- d-----w- c:\programdata\eN15401IoAnB15401

2011-09-04 19:38:19 -------- d-----w- c:\users\vanessa\appdata\local\{A8F6C1F6-D7EE-40C9-9255-76908F321329}

2011-09-04 19:37:47 -------- d-----w- c:\users\vanessa\appdata\local\{3BC7FECE-C8B9-4337-9D25-C511AD8B5ED8}

2011-09-04 17:29:36 -------- d-----w- c:\programdata\MSScanAppDataDir

2011-09-04 17:22:33 -------- d-----w- c:\users\vanessa\appdata\local\{84750C1B-9703-460F-AC73-D3B3F36C4B3A}

2011-09-04 17:22:08 -------- d-----w- c:\users\vanessa\appdata\local\{E4E591BC-9E56-47BB-B3FC-2EE0D0F00028}

2011-09-04 01:48:08 -------- d-----w- c:\users\vanessa\appdata\local\{5D772F75-D594-4395-B050-BA6FF746B66E}

2011-09-04 01:47:47 -------- d-----w- c:\users\vanessa\appdata\local\{B0C38E62-C5C2-4C88-BE99-5FA2AFC78317}

2011-09-03 21:26:58 -------- d-----w- c:\users\vanessa\appdata\local\{D8BDA931-E64C-43B9-8B49-314D5F9CD3B7}

2011-09-03 21:26:34 -------- d-----w- c:\users\vanessa\appdata\local\{D461B659-22E7-4DA1-8BEA-4B14F2DC2A7A}

2011-09-03 17:24:51 -------- d-----w- c:\users\vanessa\appdata\local\{D8CF8E64-80F0-4FB7-B077-97A86E53BE4C}

2011-09-03 17:24:31 -------- d-----w- c:\users\vanessa\appdata\local\{57BB7C6C-1E24-4794-B0FD-4805F7F5C659}

2011-09-03 01:22:51 -------- d-----w- c:\users\vanessa\appdata\local\{F6C6FDB9-1E5B-45C7-AAE5-B0D794AC7D8C}

2011-09-03 01:22:26 -------- d-----w- c:\users\vanessa\appdata\local\{DC9BA4E1-AFA6-45CF-85D0-6D110629C3D8}

2011-09-02 17:32:08 -------- d-----w- c:\users\vanessa\appdata\local\{F8A3B96B-ACC0-4172-A593-0AE464C0D8C8}

2011-09-02 17:31:43 -------- d-----w- c:\users\vanessa\appdata\local\{5705F4B0-B9AA-4A37-998A-50EA1F138F4B}

2011-09-02 15:16:45 -------- d-----w- c:\users\vanessa\appdata\local\{901C5689-CD6C-4447-8681-40008A69ECC8}

2011-09-02 15:16:27 -------- d-----w- c:\users\vanessa\appdata\local\{83DFE053-28D7-4FAB-87B0-3FE6684E47CD}

2011-09-01 17:18:33 -------- d-----w- c:\users\vanessa\appdata\local\{95E66A66-F6E2-46FC-8FA5-1A617813C7C2}

2011-09-01 17:18:16 -------- d-----w- c:\users\vanessa\appdata\local\{14AA3CD3-2542-4D2E-AC54-12115AA54B0E}

2011-09-01 00:29:18 -------- d-----w- c:\users\vanessa\appdata\local\{661123CC-E8F9-4456-B8D2-6A98DAC19DA7}

2011-09-01 00:28:07 -------- d-----w- c:\users\vanessa\appdata\local\{83B8B1F3-1C0B-4221-BB6C-E96D0BDB99F4}

2011-08-31 14:57:34 -------- d-----w- c:\users\vanessa\appdata\local\{F4263EA0-F198-4418-A88A-EFCAA292D8AD}

2011-08-31 14:56:41 -------- d-----w- c:\users\vanessa\appdata\local\{5CEBEBCC-F137-4CE5-8783-503E45CB2E17}

2011-08-31 02:32:02 -------- d-----w- c:\users\vanessa\appdata\local\{4087650E-6B49-4871-B377-D94327DC8FA4}

2011-08-31 02:31:33 -------- d-----w- c:\users\vanessa\appdata\local\{54A84AAF-CAB2-4C2A-8DD4-55F02BD8804A}

2011-08-30 18:14:06 -------- d-----w- c:\users\vanessa\appdata\local\{22BAC29C-2816-4F1A-97A4-D06F69CE8A53}

2011-08-30 18:13:42 -------- d-----w- c:\users\vanessa\appdata\local\{8DA44BC3-0816-4E43-92BF-B99FBA0BD015}

2011-08-30 14:27:34 -------- d-----w- c:\users\vanessa\appdata\local\{2E1F2D20-B3F1-4393-A904-838D89AE886B}

2011-08-30 14:27:17 -------- d-----w- c:\users\vanessa\appdata\local\{24A89255-A469-4005-A800-1C3E991B2587}

2011-08-29 21:25:27 -------- d-----w- c:\users\vanessa\appdata\local\{FD7C54D0-0CF0-4CD8-AE15-C08ACE982BD9}

2011-08-29 21:25:03 -------- d-----w- c:\users\vanessa\appdata\local\{83C5AAF5-FF33-4494-9705-8FE4F9B2D47F}

2011-08-29 14:14:22 -------- d-----w- c:\users\vanessa\appdata\local\{BC280284-83A1-4960-813D-D9CF7DFAD12F}

2011-08-29 14:14:06 -------- d-----w- c:\users\vanessa\appdata\local\{4918C993-A3A9-4FBC-BA04-573F594A1997}

2011-08-29 03:24:32 -------- d-----w- c:\users\vanessa\appdata\local\{55768627-ECE3-45B8-969A-CF0838D8A069}

2011-08-29 03:24:05 -------- d-----w- c:\users\vanessa\appdata\local\{C2234907-97D1-4A7D-8ACD-3D2A90DF94ED}

2011-08-28 19:49:26 -------- d-----w- c:\users\vanessa\appdata\local\{7053811A-6D85-45CF-8F15-6E8BCEF93AB4}

2011-08-28 19:49:10 -------- d-----w- c:\users\vanessa\appdata\local\{719EBDD1-4D37-41A0-89C0-92C9D384E1E6}

2011-08-27 22:10:15 -------- d-----w- c:\users\vanessa\appdata\local\{D140EDF4-6870-4848-8EF2-B39D119FCBD4}

2011-08-27 22:09:36 -------- d-----w- c:\users\vanessa\appdata\local\{67A28E87-1C73-4007-A2D2-4786F8513D96}

2011-08-27 01:45:41 -------- d-----w- c:\users\vanessa\appdata\local\{7B499603-7CA1-45C2-8526-23167C8D6B21}

2011-08-27 01:45:16 -------- d-----w- c:\users\vanessa\appdata\local\{4D4E8FDB-123F-4F05-9327-1D5E17682FED}

2011-08-26 14:31:06 -------- d-----w- c:\users\vanessa\appdata\local\{B2B684BF-B5E9-4D35-99CC-7A70AE421A2A}

2011-08-26 14:30:53 -------- d-----w- c:\users\vanessa\appdata\local\{21D5EC72-A5A6-4BAA-AA72-D512A51FE414}

2011-08-26 02:53:26 -------- d-----w- c:\users\vanessa\appdata\local\{55AECCEF-07E7-4552-8697-7AED4B8CAB7C}

2011-08-26 02:53:05 -------- d-----w- c:\users\vanessa\appdata\local\{BAABA21C-2E82-4DDE-99F9-56BEDB9BB390}

2011-08-25 21:10:51 -------- d-----w- c:\users\vanessa\appdata\local\{C721BA65-BA8E-40D1-89E4-01E5C4417A67}

2011-08-25 21:10:35 -------- d-----w- c:\users\vanessa\appdata\local\{209399C7-1B40-4BEC-8FC2-C17403987DDE}

2011-08-25 00:51:39 -------- d-----w- c:\users\vanessa\appdata\local\{0A629F44-94E7-4458-A246-8F7DF9A23839}

2011-08-25 00:51:18 -------- d-----w- c:\users\vanessa\appdata\local\{047D6C93-0E72-49CB-B050-EB604B638107}

2011-08-24 21:35:17 -------- d-----w- c:\users\vanessa\appdata\local\{0E922790-1339-498B-82CF-6C6B97715C09}

2011-08-24 21:34:52 -------- d-----w- c:\users\vanessa\appdata\local\{4151C551-A89E-4DBB-88C5-75F881DCB718}

2011-08-24 16:20:28 -------- d-----w- c:\users\vanessa\appdata\local\{2CDEB94F-2264-43F8-A1C0-2FBE7B22D799}

2011-08-24 16:20:15 -------- d-----w- c:\users\vanessa\appdata\local\{CF00961D-C729-4CA0-9017-38B85539A841}

2011-08-24 14:51:42 -------- d-----w- c:\users\vanessa\appdata\local\{329860EB-C67D-4038-B4FA-1704A62239B1}

2011-08-24 14:51:26 -------- d-----w- c:\users\vanessa\appdata\local\{C70A50E8-C539-482F-8DAD-59AFBD535604}

2011-08-23 21:49:16 -------- d-----w- c:\users\vanessa\appdata\local\{15C95BE2-B530-42A5-BE7B-816F2EF2C230}

2011-08-23 21:49:00 -------- d-----w- c:\users\vanessa\appdata\local\{401A8995-A535-499B-88BB-C12198916869}

2011-08-23 16:05:46 -------- d-----w- c:\users\vanessa\appdata\local\{2CA8C81A-50B5-4D29-B6CA-A8E1F76E04C7}

2011-08-23 16:04:53 -------- d-----w- c:\users\vanessa\appdata\local\{54488569-F70C-4E4F-A0A5-67C939FC0B3E}

2011-08-23 02:46:59 -------- d-----w- c:\users\vanessa\appdata\local\{9A770345-6AA8-496E-BA72-92ADC78E3FF9}

2011-08-23 02:46:34 -------- d-----w- c:\users\vanessa\appdata\local\{BB273239-9D4F-45D5-B77A-1911C9BDAA44}

2011-08-22 14:34:10 -------- d-----w- c:\users\vanessa\appdata\local\{9A198B0F-7908-4D27-97B3-EABD3D97A216}

2011-08-22 14:33:44 -------- d-----w- c:\users\vanessa\appdata\local\{CAC467A6-9D70-4C5E-846B-C79EBCBF04E1}

2011-08-22 03:29:53 -------- d-----w- c:\users\vanessa\appdata\local\{B787B074-36C6-4C14-90E4-57CC5FC15791}

2011-08-21 22:23:55 -------- d-----w- c:\users\vanessa\appdata\local\{2F525531-E387-4EBA-B1C3-E423115866F6}

2011-08-21 22:23:31 -------- d-----w- c:\users\vanessa\appdata\local\{FD5AEB63-E026-40A5-AA3C-8D31A863E800}

2011-08-21 21:21:10 -------- d-----w- c:\users\vanessa\appdata\local\{845223CC-F644-4A97-B024-83A1C83B1264}

2011-08-21 21:20:52 -------- d-----w- c:\users\vanessa\appdata\local\{1741667E-3FD1-4B0A-8D78-C6FFD5B0AC34}

2011-08-21 01:26:27 -------- d-----w- c:\users\vanessa\appdata\local\{4EFDA7DC-E8BC-4CC0-9C74-343210935DCC}

2011-08-21 01:25:57 -------- d-----w- c:\users\vanessa\appdata\local\{5CE94245-F4AE-4366-812E-1F9E292C5E14}

2011-08-20 22:41:11 -------- d-----w- c:\users\vanessa\appdata\local\{2FD3BA8D-F817-4E30-8A46-4C3342B7443A}

2011-08-20 22:40:45 -------- d-----w- c:\users\vanessa\appdata\local\{ADEB6026-BD59-4DEA-8004-C5AC5FA33868}

2011-08-20 20:02:51 -------- d-----w- c:\users\vanessa\appdata\local\{BF4CE91A-F214-46EE-8412-82FFC2588600}

2011-08-20 20:02:18 -------- d-----w- c:\users\vanessa\appdata\local\{3B4308E0-3BCB-4650-B817-0566F79E3E22}

2011-08-20 02:21:03 -------- d-----w- c:\users\vanessa\appdata\local\{875FF92A-B6DF-4292-A19E-69D4323E2590}

2011-08-20 02:20:46 -------- d-----w- c:\users\vanessa\appdata\local\{10BE55D8-EDBB-48FE-8755-008B9AC8589A}

2011-08-19 17:55:17 -------- d-----w- c:\users\vanessa\appdata\local\{68ABB456-B757-4FB9-B2BC-2991960BBB10}

2011-08-19 17:55:00 -------- d-----w- c:\users\vanessa\appdata\local\{B344AB3C-8E85-4006-983A-3615C159FDFF}

2011-08-19 01:53:47 -------- d-----w- c:\users\vanessa\appdata\local\{63C39F12-A88A-4ED3-A535-A20F5CC921B4}

2011-08-19 01:53:22 -------- d-----w- c:\users\vanessa\appdata\local\{CEC0D977-BBD2-4F54-A5A4-47795EFF205F}

2011-08-18 23:12:42 -------- d-----w- c:\users\vanessa\appdata\local\{CA703BF4-ACAD-4D2E-B815-2198D7F13D96}

2011-08-18 23:11:46 -------- d-----w- c:\users\vanessa\appdata\local\{D81795BD-6C33-408B-8349-C9E51DBF9A18}

2011-08-18 18:15:38 -------- d-----w- c:\users\vanessa\appdata\local\{82498D68-0A42-4D57-94EB-604D472F4C6F}

2011-08-18 18:15:14 -------- d-----w- c:\users\vanessa\appdata\local\{03366397-1D4C-48DE-B231-E58A77C96F3B}

2011-08-18 14:18:19 -------- d-----w- c:\users\vanessa\appdata\local\{6A3C2FD6-0594-4BF1-8795-360023DEDCFF}

2011-08-18 14:18:00 -------- d-----w- c:\users\vanessa\appdata\local\{F3D4470F-FA35-4822-9308-AE6B95D8A4D2}

2011-08-18 01:31:40 -------- d-----w- c:\users\vanessa\appdata\local\{B3B4A8C5-5552-40BF-A6D3-B067A667D9A7}

2011-08-18 01:31:20 -------- d-----w- c:\users\vanessa\appdata\local\{331CED80-40CC-4FA2-94D5-D87DF777925F}

2011-08-17 21:38:02 -------- d-----w- c:\users\vanessa\appdata\local\{9A755733-6A92-4A7D-BAF5-17E25D7B9B6A}

2011-08-17 21:37:38 -------- d-----w- c:\users\vanessa\appdata\local\{549B0C35-28A7-4831-B750-48C0FCD7E918}

2011-08-17 17:42:43 -------- d-----w- c:\users\vanessa\appdata\local\{C369DBCD-9F75-4BE6-B15C-3798B2F36465}

2011-08-17 17:42:16 -------- d-----w- c:\users\vanessa\appdata\local\{7E16F34F-20C7-442C-AA58-5F1932E5B253}

2011-08-17 13:38:43 -------- d-----w- c:\users\vanessa\appdata\local\{973CDC58-0461-48DB-A680-19928449519E}

2011-08-17 13:38:23 -------- d-----w- c:\users\vanessa\appdata\local\{1FA95A26-9E4A-4B95-92BF-789D61E588FB}

2011-08-17 01:33:09 -------- d-----w- c:\users\vanessa\appdata\local\{6BFE3DF1-EFC9-4233-80BF-5CB435302317}

2011-08-17 01:32:54 -------- d-----w- c:\users\vanessa\appdata\local\{E873E384-46F9-4139-8C75-802DB033F975}

2011-08-17 00:00:21 -------- d-----w- c:\users\vanessa\appdata\local\{BE5FD782-ADCD-487C-B6F7-9579AC809056}

2011-08-17 00:00:03 -------- d-----w- c:\users\vanessa\appdata\local\{67632D12-8C54-4469-84F1-F0D78C4564A2}

2011-08-16 16:23:25 -------- d-----w- c:\users\vanessa\appdata\local\{8BF69924-F8A2-4DF2-93AB-1C72AB80BEF8}

2011-08-16 16:23:01 -------- d-----w- c:\users\vanessa\appdata\local\{2A1171AC-DF0A-4972-9B59-4E8AAE822B1C}

2011-08-16 13:20:00 -------- d-----w- c:\users\vanessa\appdata\local\{0690950E-D3A5-4F20-BB0D-B6AF164DF765}

2011-08-16 13:19:38 -------- d-----w- c:\users\vanessa\appdata\local\{44062E1D-EEC4-4FDF-A2A9-2B58913159EC}

2011-08-16 00:50:05 -------- d-----w- c:\users\vanessa\appdata\local\{C15122B2-3EEC-41A8-AA1A-E744E32B7078}

2011-08-16 00:49:46 -------- d-----w- c:\users\vanessa\appdata\local\{CD939C8F-B26C-42F5-A26C-DE41BFCC2BC6}

2011-08-15 21:50:29 -------- d-----w- c:\users\vanessa\appdata\local\{57BC5681-FC16-41BD-B84E-59993120CF06}

2011-08-15 21:50:15 -------- d-----w- c:\users\vanessa\appdata\local\{4D6C2493-4543-4F59-9475-E89CA86E676E}

2011-08-15 19:36:51 -------- d-----w- c:\users\vanessa\appdata\local\{451B004A-3C17-4E16-9069-D96D3A3E9BBF}

2011-08-15 19:36:26 -------- d-----w- c:\users\vanessa\appdata\local\{692B6E5F-76CE-48EC-8D02-8D75E12B7A44}

2011-08-15 13:20:13 -------- d-----w- c:\users\vanessa\appdata\local\{9509C02D-E3EB-42EA-9ABB-7E340329A43C}

2011-08-15 13:19:53 -------- d-----w- c:\users\vanessa\appdata\local\{F2004381-6435-45FC-AAED-791807305C95}

2011-08-15 00:53:34 -------- d-----w- c:\users\vanessa\appdata\local\{B4240926-1E95-4D20-B4EF-782EC9EF2063}

2011-08-15 00:53:13 -------- d-----w- c:\users\vanessa\appdata\local\{34C52B4E-F084-4FE6-BE5C-8DBBFCCE6B1B}

2011-08-14 18:41:33 -------- d-----w- c:\users\vanessa\appdata\local\{6C78DA11-8A37-4D5E-99AF-C2BE27C85370}

2011-08-14 18:40:59 -------- d-----w- c:\users\vanessa\appdata\local\{B6F43D06-3229-42F3-99BE-0815D3F1E991}

2011-08-14 01:27:13 -------- d-----w- c:\users\vanessa\appdata\local\{2520AF2F-8D45-47B6-B184-55A2D492D77E}

2011-08-14 01:26:47 -------- d-----w- c:\users\vanessa\appdata\local\{7E7C86EC-470F-497C-B0C4-85F2396163C5}

2011-08-13 21:48:03 -------- d-----w- c:\users\vanessa\appdata\local\{6A31A137-70B9-42E6-B06D-4778B6A3E604}

2011-08-13 21:47:11 -------- d-----w- c:\users\vanessa\appdata\local\{82B9727D-7738-4237-8835-229D21B732FB}

2011-08-13 01:50:20 -------- d-----w- c:\users\vanessa\appdata\local\{C65E8FDC-CA53-4633-A7FD-867253B4CF7F}

2011-08-13 01:50:03 -------- d-----w- c:\users\vanessa\appdata\local\{FDAF17B4-6AC6-41A9-A246-3A72ED389953}

2011-08-12 17:16:16 -------- d-----w- c:\users\vanessa\appdata\local\{A5409D47-3012-4132-BDFD-CEFEA9837E65}

2011-08-12 17:15:44 -------- d-----w- c:\users\vanessa\appdata\local\{A5087441-F383-4BCC-B685-5860FF516C90}

2011-08-12 14:12:16 -------- d-----w- c:\users\vanessa\appdata\local\{63F622FD-98B4-4CFE-8B4A-3060AD06BA71}

2011-08-12 14:11:59 -------- d-----w- c:\users\vanessa\appdata\local\{78E6209C-01C3-48F8-85F6-A23BE460A9F0}

2011-08-12 00:59:59 -------- d-----w- c:\users\vanessa\appdata\local\{BC97C4FE-18FD-4713-A846-10BC8633F653}

2011-08-12 00:59:38 -------- d-----w- c:\users\vanessa\appdata\local\{A3CBE6AA-A51B-4C81-865E-109792701882}

2011-08-11 22:04:42 439632 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{8e378d7e-7678-43fa-a488-24b8c7858357}\gapaengine.dll

2011-08-11 22:00:57 -------- d-----w- c:\users\vanessa\appdata\local\{AB2D1DF1-822F-4258-B728-9906E5C73217}

2011-08-11 22:00:29 -------- d-----w- c:\users\vanessa\appdata\local\{D8542915-4BB2-4BC0-B8A8-4C50FE6FC857}

2011-08-11 14:55:36 -------- d-----w- c:\users\vanessa\appdata\local\{3FD3769E-66D6-4128-BA24-014DAA0023E9}

2011-08-11 14:54:30 -------- d-----w- c:\users\vanessa\appdata\local\{B72333E9-165D-4D0D-9991-5DEDB7F74538}

2011-08-11 00:28:14 -------- d-----w- c:\users\vanessa\appdata\local\{57056CB4-280E-4119-9F83-FD5D0BB14F6B}

2011-08-11 00:27:07 -------- d-----w- c:\users\vanessa\appdata\local\{B08C0E38-660D-42D7-93EC-9011FBB149E7}

2011-08-10 20:42:28 -------- d-----w- c:\users\vanessa\appdata\local\{8B285D09-C8DC-4B7C-B8C9-15CC919975FA}

2011-08-10 20:42:04 -------- d-----w- c:\users\vanessa\appdata\local\{9C61DF97-BF19-4237-ABA4-0EC2E1DCCE65}

2011-08-10 14:03:17 -------- d-----w- c:\users\vanessa\appdata\local\{CBD9296B-6B3D-4B14-B418-62391FEC6360}

2011-08-10 14:02:59 -------- d-----w- c:\users\vanessa\appdata\local\{53A3A42F-BE0C-4D86-9279-E71EA1A3EB33}

2011-08-10 02:35:00 -------- d-----w- c:\users\vanessa\appdata\local\{24346F97-03F0-4513-8573-B1F0A0CF5A9C}

2011-08-10 02:34:38 -------- d-----w- c:\users\vanessa\appdata\local\{5C078060-8C15-4986-832F-8833C9296ED0}

2011-08-09 21:07:31 -------- d-----w- c:\users\vanessa\appdata\local\{24CFF86C-78E9-4D23-BC48-66D64328DE69}

2011-08-09 21:07:01 -------- d-----w- c:\users\vanessa\appdata\local\{3D070637-BFBE-4E16-A4AF-9EF006CC551D}

2011-08-09 18:58:35 -------- d-----w- c:\users\vanessa\appdata\local\{00ADCD85-17B1-4B83-8DAB-6D58BC89EFAE}

2011-08-09 18:58:09 -------- d-----w- c:\users\vanessa\appdata\local\{701CFC3E-0E7E-4441-BF7C-D283C4D0F9B2}

2011-08-09 16:00:08 -------- d-----w- c:\users\vanessa\appdata\local\{26843C7B-4043-4A42-90AE-71A697F6BF60}

2011-08-09 15:59:43 -------- d-----w- c:\users\vanessa\appdata\local\{E49AF3FF-C352-4117-9282-D56EB00F64B7}

2011-08-09 14:23:46 -------- d-----w- c:\users\vanessa\appdata\local\{F58525D1-C06F-4ECE-81DA-7795AFA34EE6}

2011-08-09 14:23:22 -------- d-----w- c:\users\vanessa\appdata\local\{63FA96B1-F833-4B26-9914-7AC72CA354C5}

2011-08-09 00:39:00 -------- d-----w- c:\users\vanessa\appdata\local\{16DF43B9-0458-4EE9-A6F1-17D0EC534137}

2011-08-09 00:38:26 -------- d-----w- c:\users\vanessa\appdata\local\{F3CE9406-81AA-46C3-91AC-FD7EF4E55EAD}

2011-08-08 17:59:15 -------- d-----w- c:\users\vanessa\appdata\local\{320B2526-B756-458F-B50D-754603D58044}

2011-08-08 17:58:50 -------- d-----w- c:\users\vanessa\appdata\local\{A77F5D2C-805A-4CF1-8E2E-4A8316D81AD7}

2011-08-08 17:05:09 -------- d-----w- c:\users\vanessa\appdata\local\{F66450DA-F4D6-449F-8002-06CAB032093F}

2011-08-08 17:04:44 -------- d-----w- c:\users\vanessa\appdata\local\{118DC379-D9F9-4D72-B016-304C6B1ADB47}

2011-08-08 14:24:36 -------- d-----w- c:\users\vanessa\appdata\local\{9CC5148F-D81C-48D3-BC83-33540DAEC9B0}

2011-08-08 14:24:21 -------- d-----w- c:\users\vanessa\appdata\local\{FB8CBEE0-A6A5-448F-A261-B9AD7A005D84}

2011-08-08 00:44:22 -------- d-----w- c:\users\vanessa\appdata\local\{BF451F19-1330-43E4-BB63-2011928BF80A}

2011-08-08 00:43:53 -------- d-----w- c:\users\vanessa\appdata\local\{0E042D01-B03F-40E4-8427-51A98EF60452}

2011-08-07 22:17:58 -------- d-----w- c:\users\vanessa\appdata\local\{731B7F8B-563C-4791-A853-99FAFAB45F85}

2011-08-07 22:16:51 -------- d-----w- c:\users\vanessa\appdata\local\{6712DB43-9AA6-4A85-ADC1-4A42D7E41C02}

2011-08-07 20:36:55 -------- d-----w- c:\users\vanessa\appdata\local\{29A5AA97-7468-42BE-AF4C-3E0E5B8C617D}

2011-08-07 20:35:57 -------- d-----w- c:\users\vanessa\appdata\local\{7CAF7A85-B273-4B20-9A01-4E1D6C45AF6D}

2011-08-07 17:22:58 -------- d-----w- c:\users\vanessa\appdata\local\{669F092F-9580-4087-BA77-A1D7A3F083F7}

2011-08-07 17:22:37 -------- d-----w- c:\users\vanessa\appdata\local\{DA5BB879-75D3-440E-A8D4-F4FF9907187C}

.

==================== Find3M ====================

.

2011-06-14 01:59:24 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

============= FINISH: 20:08:58,43 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-06-23.01)

.

Microsoft Windows 7 Starter

Boot Device: \Device\HarddiskVolume2

Install Date: 19/04/2011 16:10:03

System Uptime: 05/09/2011 19:29:46 (1 hours ago)

.

Motherboard: Sony Corporation | | VAIO

Processor: AMD E-350 Processor | N/A | 800/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 457 GiB total, 355,979 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}

Description: Photosmart C4700 series

Device ID: ROOT\IMAGE\0000

Manufacturer: HP

Name: Photosmart C4700 series

PNP Device ID: ROOT\IMAGE\0000

Service: StillCam

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Photosmart C4700 series

Device ID: ROOT\MULTIFUNCTION\0000

Manufacturer: HP

Name: Photosmart C4700 series

PNP Device ID: ROOT\MULTIFUNCTION\0000

Service:

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: MpKsl7e4fce6c

Device ID: ROOT\LEGACY_MPKSL7E4FCE6C\0000

Manufacturer:

Name: MpKsl7e4fce6c

PNP Device ID: ROOT\LEGACY_MPKSL7E4FCE6C\0000

Service: MpKsl7e4fce6c

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: MpKsl86175783

Device ID: ROOT\LEGACY_MPKSL86175783\0000

Manufacturer:

Name: MpKsl86175783

PNP Device ID: ROOT\LEGACY_MPKSL86175783\0000

Service: MpKsl86175783

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: MpKsl89279601

Device ID: ROOT\LEGACY_MPKSL89279601\0000

Manufacturer:

Name: MpKsl89279601

PNP Device ID: ROOT\LEGACY_MPKSL89279601\0000

Service: MpKsl89279601

.

==== System Restore Points ===================

.

RP31: 15/07/2011 22:50:02 - Windows Update

RP32: 19/07/2011 21:05:58 - Windows Update

RP33: 23/07/2011 12:52:16 - Windows Update

RP34: 26/07/2011 16:44:33 - Windows Update

RP35: 29/07/2011 23:12:27 - Windows Update

RP36: 02/08/2011 15:47:14 - Windows Update

RP37: 05/08/2011 21:25:21 - Windows Update

RP38: 09/08/2011 11:32:06 - Windows Update

RP39: 12/08/2011 22:57:43 - Windows Update

RP40: 16/08/2011 21:11:20 - Windows Update

RP41: 19/08/2011 23:24:39 - Windows Update

RP42: 23/08/2011 20:01:41 - Windows Update

RP43: 27/08/2011 19:20:16 - Windows Update

RP44: 31/08/2011 12:05:39 - Windows Update

RP45: 03/09/2011 22:58:35 - Windows Update

.

==== Installed Programs ======================

.

.

Update for Microsoft Office 2007 (KB2508958)

32 Bit HP CIO Components Installer

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9.4.5 - Português

AMD Fuel

ArcSoft Magic-i Visual Effects 2

ArcSoft WebCam Companion 4

ATI Catalyst Install Manager

Atualização do produto Microsoft Office Excel 2007 Help (KB963678)

Atualização do produto Microsoft Office Outlook 2007 Help (KB963677)

Atualização do produto Microsoft Office Powerpoint 2007 Help (KB963669)

Atualização do produto Microsoft Office Word 2007 Help (KB963665)

BufferChm

C4700

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

Catalyst Control Center Profiles Mobile

ccc-core-static

ccc-utility

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

Classic Menu 3.x for Office 2007

Controle ActiveX do Windows Live Mesh para Conexões Remotas

D3DX10

Destinations

DeviceDiscovery

Dicionário eletrônico Houaiss 3.0

ERGOLÂNDIA

Ferramenta de Restauração de Dados VAIO

GPBaseService2

HP Customer Participation Program 13.0

HP Imaging Device Functions 13.0

HP Photosmart C4700 All-In-One Driver Software 13.0 Rel .6

HP Print Projects 1.0

HP Smart Web Printing 4.5

HP Solution Center 13.0

HP Update

HPPhotoGadget

hpPrintProjects

HPProductAssistant

HPSSupply

hpWLPGInstaller

Java Auto Updater

Java 6 Update 22

Junk Mail filter update

Manual VAIO

MarketResearch

Media Gallery

Mesh Runtime

Messenger Companion

Microsoft Antimalware

Microsoft Antimalware Service PT-BR Language Pack

Microsoft Application Error Reporting

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Access MUI (Portuguese (Brazil)) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (Portuguese (Brazil)) 2007

Microsoft Office Groove MUI (Portuguese (Brazil)) 2007

Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (Portuguese (Brazil)) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (Portuguese (Brazil)) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007

Microsoft Office Shared MUI (Portuguese (Brazil)) 2007

Microsoft Office Word MUI (Portuguese (Brazil)) 2007

Microsoft Security Client

Microsoft Security Client PT-BR Language Pack

Microsoft Security Essentials

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Mozilla Firefox 6.0.1 (x86 pt-BR)

MSVCRT

MSXML 4.0 SP3 Parser

MSXML 4.0 SP3 Parser (KB973685)

Network

OOBE

PMB

PMB VAIO Edition Guide

PMB VAIO Edition Plug-in

PS_AIO_06_C4700_SW_Min

Realtek High Definition Audio Driver

Realtek USB 2.0 Card Reader

Scan

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2345043)

Security Update for 2007 Microsoft Office System (KB2509488)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for Microsoft Office 2007 System (KB2541012)

Security Update for Microsoft Office Access 2007 (KB979440)

Security Update for Microsoft Office Excel 2007 (KB2541007)

Security Update for Microsoft Office Groove 2007 (KB2494047)

Security Update for Microsoft Office InfoPath 2007 (KB2510061)

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office Outlook 2007 (KB2288953)

Security Update for Microsoft Office PowerPoint 2007 (KB2535818)

Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)

Security Update for Microsoft Office Publisher 2007 (KB2284697)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2344993)

Shop for HP Supplies

Skype Toolbars

Skype™ 4.2

SmartWebPrinting

SmartWi Connection Utility

SolutionCenter

Some PDF to Word Converter 1.5

Status

Suporte de Transferência VAIO

Synaptics Pointing Device Driver

Toolbox

TrayApp

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft Office 2007 System (KB2539530)

Update for Microsoft Office OneNote 2007 (KB980729)

VAIO - Media Gallery

VAIO - PMB VAIO Edition Guide

VAIO - PMB VAIO Edition Plug-in

VAIO Care

VAIO Control Center

VAIO Data Restore Tool

VAIO Gate

VAIO Gate Default

VAIO Hardware Diagnostics

VAIO Help and Support

VAIO Media plus

VAIO Media plus Opening Movie

VAIO Sample Contents

Visualizador do Microsoft PowerPoint

WebReg

WIDCOMM Bluetooth Software

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live Galeria de Fotos

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinRAR archiver

WMV9/você-1 Video Playback

.

==== End Of File ===========================

GMER 1.0.15.15641 - http://www.gmer.net

Rootkit scan 2011-09-05 21:07:09

Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\00000067 Hitachi_ rev.PB4O

Running: gmer.exe; Driver: C:\Users\Vanessa\AppData\Local\Temp\kwlirkog.sys

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13C1 82E84339 1 Byte [06]

.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EBDD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8E22C000, 0x353030, 0xE8000020]

? C:\Users\Vanessa\AppData\Local\Temp\mbr.sys O sistema não pode encontrar o arquivo especificado. !

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\System32\rundll32.exe[2052] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [74F3FFF6] C:\Windows\system32\apphelp.dll (Biblioteca de cliente de compatibilidade de aplicativos/Microsoft Corporation)

IAT C:\Windows\System32\rundll32.exe[2052] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [74F3FFF6] C:\Windows\system32\apphelp.dll (Biblioteca de cliente de compatibilidade de aplicativos/Microsoft Corporation)

IAT C:\Windows\System32\rundll32.exe[2052] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [74F3FFF6] C:\Windows\system32\apphelp.dll (Biblioteca de cliente de compatibilidade de aplicativos/Microsoft Corporation)

IAT C:\Windows\System32\rundll32.exe[2052] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [74F3FFF6] C:\Windows\system32\apphelp.dll (Biblioteca de cliente de compatibilidade de aplicativos/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3664] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73C02437] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3664] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73BE5600] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3664] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73BE56BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3664] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73C024B2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3664] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73BF8514] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3664] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73BF4CC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3664] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73BF506F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3664] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73BF5144] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3664] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73BF6671] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3664] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73BF826B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3664] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73BF87BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3664] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73BF901B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3664] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73BFE1BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3664] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73BF4BFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Tempo de Execução da Estrutura de Driver em Modo Kernel/Microsoft Corporation)

AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Tempo de Execução da Estrutura de Driver em Modo Kernel/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000004c halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ec55f9eaf554

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ec55f9eaf554@00265d3e77b4 0xDF 0xAC 0x8B 0xE8 ...

Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ec55f9eaf554 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ec55f9eaf554@00265d3e77b4 0xDF 0xAC 0x8B 0xE8 ...

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Superfetch@VirtualStoreSize 936

---- EOF - GMER 1.0.15 ----

Compartilhar este post


Link para o post
Compartilhar em outros sites

Faça o download do Malwarebytes Anti-Malware:

Link1

Link alternativo

Duplo-clique em mbam-setup.exe, escolha a linguagem e siga as instruções para o software ser instalado.

  • Certifique-se que marca a caixa Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware, e clique em concluir.
  • Se existirem atualizações, elas serão baixadas e instaladas.
  • Quando as atualizações terminarem, abrirá uma janela do programa. Marque "Verificação Rápida", e depois clique no botão Verificar.
  • O scan iniciará e poderá ser demorado. Por favor seja paciente.
  • Quando o scan estiver completo, clique em Ok, depois em Mostrar Resultados para ver o log.
  • Se algo for encontrado, certifique-se que tudo está marcado e clique em Remover.
  • Quando a desinfecção terminar, automaticamente um log surgirá aberto num documento do Bloco de Notas e pode ser questionado para reiniciar o PC. (Leia a nota)
  • O log é automaticamente guardado e pode ser consultado clicando na tab Logs do menu principal.
  • Copie e cole o conteúdo desse log na sua próxima resposta.

Nota: Em infecções mais complicadas, poderá haver a necessidade de reiniciar o PC. Caso lhe seja pedido para reiniciar o PC, por favor, faça-o imediatamente.

Depois

Leia as instruções contidas neste link:

Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

  1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

[*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).[*]Duplo clique no icone desktopicon.png que está no desktop.[*]Leia e aceite as condições, digitando 1 e enter.[*]Computadores com Windows XP deverão instalar o Console de Recuperação:

  • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
  • Clique em "OK" ao EULA.
  • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

[*]O ComboFix será executado, por favor seja paciente e aguarde. [*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.[*]Poderá surgir o aviso que é necessário reiniciar o computador.

NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

  • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
  • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
  • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • Executei o Malwarebytes' Anti-Malware ontem no modo verificação completa conforme instruções de outro post seu.

    Segue abaixo o log do Malwarebytes' Anti-Malware :

    Malwarebytes' Anti-Malware 1.51.1.1800

    www.malwarebytes.org

    Versão da Base de Dados: 7665

    Windows 6.1.7601 Service Pack 1

    Internet Explorer 9.0.8112.16421

    06/09/2011 17:44:09

    mbam-log-2011-09-06 (17-44-09).txt

    Tipo de Verificação: Verificação Completa (C:\|)

    Objetos escaneados: 274754

    Tempo decorrido: 1 hora(s), 6 minuto(s), 24 segundo(s)

    Processos de Memória Infectados: 0

    Módulos de Memória Infectados: 0

    Chaves de Registro Infectadas: 0

    Valores de Registro Infectados: 0

    Itens de Dados no Registro Infectados: 0

    Pastas Infectadas: 0

    Arquivos Infectados: 7

    Processos de Memória Infectados:

    (Não foram detectados ítens maliciosos)

    Módulos de Memória Infectados:

    (Não foram detectados ítens maliciosos)

    Chaves de Registro Infectadas:

    (Não foram detectados ítens maliciosos)

    Valores de Registro Infectados:

    (Não foram detectados ítens maliciosos)

    Itens de Dados no Registro Infectados:

    (Não foram detectados ítens maliciosos)

    Pastas Infectadas:

    (Não foram detectados ítens maliciosos)

    Arquivos Infectados:

    c:\programdata\en15401ioanb15401\en15401ioanb15401.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    c:\Users\Vanessa\AppData\LocalLow\Sun\Java\deployment\cache\6.0\20\21e772d4-1636be0b (Trojan.Ransom) -> Quarantined and deleted successfully.

    c:\Users\Vanessa\AppData\Roaming\Adobe\plugs\mmc18129016.txt (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    c:\Users\Vanessa\AppData\Roaming\Adobe\shed\thr1.chm (Malware.Trace) -> Quarantined and deleted successfully.

    c:\Users\Vanessa\AppData\Roaming\Adobe\plugs\mmc167.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

    c:\Users\Vanessa\AppData\Roaming\Adobe\plugs\mmc18190636.txt (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

    c:\Users\Vanessa\AppData\Roaming\Adobe\plugs\mmc60.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

    Log do combofix realizado hoje conforme as instruções do post:

    ComboFix 11-09-07.04 - Vanessa 07/09/2011 13:57:43.1.2 - x86

    Microsoft Windows 7 Starter 6.1.7601.1.1252.55.1046.18.1643.835 [GMT -3:00]

    Executando de: c:\users\Vanessa\Desktop\ComboFix.exe

    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    .

    .

    ((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    c:\users\Vanessa\AppData\Roaming\Adobe\plugs

    c:\users\Vanessa\AppData\Roaming\Adobe\shed

    c:\windows\system32\mfc100deu.dll

    c:\windows\system32\Thumbs.db

    .

    c:\windows\system32\userinit.exe . . . está infectado!!

    .

    .

    (((((((((((((((( Arquivos/Ficheiros criados de 2011-08-07 to 2011-09-07 ))))))))))))))))))))))))))))

    .

    .

    2011-09-07 17:08 . 2011-09-07 17:08 -------- d-----w- c:\users\Default\AppData\Local\temp

    2011-09-07 15:04 . 2011-09-07 15:04 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F118FAB8-E499-4D47-84EF-F74B094FAD3A}\MpKslaee3f31c.sys

    2011-09-07 01:06 . 2011-08-12 02:44 7152464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F118FAB8-E499-4D47-84EF-F74B094FAD3A}\mpengine.dll

    2011-09-06 19:11 . 2011-09-06 19:11 -------- d-----w- c:\users\Vanessa\AppData\Roaming\Malwarebytes

    2011-09-06 19:11 . 2011-07-06 22:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

    2011-09-06 19:11 . 2011-09-06 19:11 -------- d-----w- c:\programdata\Malwarebytes

    2011-09-06 19:11 . 2011-09-06 19:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

    2011-09-06 19:11 . 2011-07-06 22:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

    2011-09-06 04:52 . 2011-09-06 18:00 -------- d-----w- c:\program files\GridinSoft Trojan Killer

    2011-09-06 03:05 . 2011-08-12 02:44 7152464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll

    2011-09-06 03:02 . 2011-07-22 02:44 2382848 ----a-w- c:\windows\system32\mshtml.tlb

    2011-09-06 03:02 . 2011-07-22 03:00 141104 ----a-w- c:\program files\Internet Explorer\sqmapi.dll

    2011-09-06 03:02 . 2011-07-22 02:46 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll

    2011-09-06 03:01 . 2011-07-22 02:54 1797632 ----a-w- c:\windows\system32\jscript9.dll

    2011-09-06 03:01 . 2011-07-22 02:48 1126912 ----a-w- c:\windows\system32\wininet.dll

    2011-09-06 02:53 . 2011-07-09 04:29 2048 ----a-w- c:\windows\system32\tzres.dll

    2011-09-06 02:53 . 2011-06-21 05:34 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys

    2011-09-06 02:51 . 2011-05-04 04:34 1549312 ----a-w- c:\windows\system32\tquery.dll

    2011-09-06 02:51 . 2011-05-04 04:32 1401344 ----a-w- c:\windows\system32\mssrch.dll

    2011-09-06 02:51 . 2011-05-04 04:28 427520 ----a-w- c:\windows\system32\SearchIndexer.exe

    2011-09-06 02:51 . 2011-05-04 04:28 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe

    2011-09-06 02:51 . 2011-05-04 04:32 666624 ----a-w- c:\windows\system32\mssvp.dll

    2011-09-06 02:51 . 2011-05-04 04:32 337408 ----a-w- c:\windows\system32\mssph.dll

    2011-09-06 02:51 . 2011-05-04 04:32 197120 ----a-w- c:\windows\system32\mssphtb.dll

    2011-09-06 02:51 . 2011-05-04 04:28 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe

    2011-09-06 02:51 . 2011-05-04 04:32 59392 ----a-w- c:\windows\system32\msscntrs.dll

    2011-09-06 02:50 . 2011-06-15 08:55 81920 ----a-w- c:\windows\system32\odbccr32.dll

    2011-09-06 02:50 . 2011-06-15 08:55 319488 ----a-w- c:\windows\system32\odbcjt32.dll

    2011-09-06 02:50 . 2011-06-15 08:55 86016 ----a-w- c:\windows\system32\odbccu32.dll

    2011-09-06 02:50 . 2011-06-15 08:55 163840 ----a-w- c:\windows\system32\odbctrac.dll

    2011-09-06 02:50 . 2011-06-15 08:55 122880 ----a-w- c:\windows\system32\odbccp32.dll

    2011-09-06 02:50 . 2011-06-15 08:54 94208 ----a-w- c:\program files\Common Files\System\Ole DB\msdaosp.dll

    2011-09-06 02:50 . 2011-06-11 02:29 2334208 ----a-w- c:\windows\system32\win32k.sys

    2011-09-05 01:16 . 2011-09-06 20:44 -------- d-----w- c:\programdata\eN15401IoAnB15401

    2011-09-04 17:29 . 2011-09-04 17:29 -------- d-----w- c:\programdata\MSScanAppDataDir

    2011-08-11 22:04 . 2011-05-20 01:14 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8E378D7E-7678-43FA-A488-24B8C7858357}\gapaengine.dll

    .

    .

    .

    ((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2011-08-12 02:44 . 2011-05-21 19:18 7152464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

    2011-06-14 01:59 . 2011-06-14 01:59 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

    2011-09-02 03:56 . 2011-04-21 14:47 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

    .

    .

    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

    .

    .

    *Nota* entradas vazias e legítimas por padrão não são apresentadas.

    REGEDIT4

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

    "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-06 1047656]

    .

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-29 836896]

    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "ConsentPromptBehaviorAdmin"= 5 (0x5)

    "ConsentPromptBehaviorUser"= 3 (0x3)

    "EnableUIADesktopToggle"= 0 (0x0)

    .

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

    @="Service"

    .

    R1 MpKsl7e4fce6c;MpKsl7e4fce6c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E5407340-3222-4800-9BDE-8A5B519216C6}\MpKsl7e4fce6c.sys [x]

    R1 MpKsl86175783;MpKsl86175783;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BDA8797F-6B5D-4A4D-8666-3AD97E403A67}\MpKsl86175783.sys [x]

    R1 MpKsl89279601;MpKsl89279601;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C750E17D-4527-47C7-B8E1-AC816F1A2E4B}\MpKsl89279601.sys [x]

    R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-11-01 297000]

    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-11-01 33320]

    R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6032.sys [2009-07-13 214016]

    R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]

    R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]

    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]

    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]

    R3 SOHCImp;VAIO Media plus Content Importer;c:\program files\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-09-10 108400]

    R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-10-12 423280]

    R3 SOHDs;VAIO Media plus Device Searcher;c:\program files\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-09-10 67952]

    R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe [2010-09-27 222464]

    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]

    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]

    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]

    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

    R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-10-25 549168]

    R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-10-25 387896]

    R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2010-10-25 84256]

    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

    S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-11-05 63616]

    S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-11-05 32384]

    S1 MpKslaee3f31c;MpKslaee3f31c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F118FAB8-E499-4D47-84EF-F74B094FAD3A}\MpKslaee3f31c.sys [2011-09-07 28752]

    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-12-03 176128]

    S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2010-11-18 284160]

    S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 140224]

    S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]

    S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2010-08-12 187792]

    S2 uCamMonitor;CamMonitor;c:\program files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]

    S2 VCFw;VAIO Content Folder Watcher;c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-09-27 864000]

    S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]

    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-12-03 6574080]

    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-12-03 229888]

    S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 17408]

    S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-12-03 102416]

    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2010-11-01 68208]

    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-11-01 186912]

    S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2010-04-26 9344]

    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-11-01 30464]

    .

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

    LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc

    HPService REG_MULTI_SZ HPSLPSVC

    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

    .

    .

    ------- Scan Suplementar -------

    .

    uStart Page = hxxp://google.com.br/

    IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

    TCP: DhcpNameServer = 201.10.128.2 192.168.0.1

    FF - ProfilePath - c:\users\Vanessa\AppData\Roaming\Mozilla\Firefox\Profiles\yrrbi7a1.default\

    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br

    .

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]

    "ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=inteldata\""

    .

    --------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

    @Denied: (A) (Users)

    @Denied: (A) (Everyone)

    @Allowed: (B 1 2 3 4 5) (S-1-5-20)

    "BlindDial"=dword:00000000

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

    @Denied: (Full) (Everyone)

    .

    --------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

    .

    - - - - - - - > 'Explorer.exe'(1996)

    c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll

    c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll

    .

    ------------------------ Outros Processos em Execução ------------------------

    .

    c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe

    c:\windows\system32\atieclxx.exe

    c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe

    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

    c:\program files\Sony\VAIO Event Service\VESMgr.exe

    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

    c:\windows\system32\DllHost.exe

    c:\program files\Sony\VAIO Event Service\VESMgrSub.exe

    c:\windows\system32\taskhost.exe

    c:\program files\Sony\VAIO Care\VCSpt.exe

    c:\program files\Sony\VAIO Gate\VAIO Gate.exe

    c:\windows\system32\conhost.exe

    c:\program files\Windows Media Player\wmpnetwk.exe

    c:\program files\Sony\VAIO Care\listener.exe

    c:\windows\system32\sppsvc.exe

    c:\windows\system32\msiexec.exe

    c:\windows\system32\MsiExec.exe

    .

    **************************************************************************

    .

    Tempo para conclusão: 2011-09-07 14:15:38 - Máquina reiniciou

    ComboFix-quarantined-files.txt 2011-09-07 17:15

    .

    Pré-execução: 382.585.946.112 bytes disponíveis

    Pós execução: 382.611.820.544 bytes disponíveis

    .

    - - End Of File - - EDFED49BDAD8FBE224FE3C296D73D4AD

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Configure o Windows para mostrar todos os arquivos

    Acesse este site: http://virustotal.com/

    Em File to upload coloque: c:\windows\system32\userinit.exe

    Em seguida clique em Submit

    Copie e poste o resultado deste exame.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Segue o resultado do exame. Espero ter feito corretamemente.

    0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.

    File name:

    userinit.exe

    Submission date:

    2011-09-08 02:13:26 (UTC)

    Current status:

    finished

    Result:

    0/ 44 (0.0%)

    VT Community

    not reviewed

    Safety score: -

    Compact

    Print results

    Antivirus Version Last Update Result

    AhnLab-V3 2011.09.07.02 2011.09.07 -

    AntiVir 7.11.14.134 2011.09.07 -

    Antiy-AVL 2.0.3.7 2011.09.07 -

    Avast 4.8.1351.0 2011.09.08 -

    Avast5 5.0.677.0 2011.09.08 -

    AVG 10.0.0.1190 2011.09.07 -

    BitDefender 7.2 2011.09.08 -

    ByteHero 1.0.0.1 2011.08.22 -

    CAT-QuickHeal 11.00 2011.09.07 -

    ClamAV 0.97.0.0 2011.09.07 -

    Commtouch 5.3.2.6 2011.09.08 -

    Comodo 10030 2011.09.07 -

    DrWeb 5.0.2.03300 2011.09.08 -

    Emsisoft 5.1.0.11 2011.09.08 -

    eSafe 7.0.17.0 2011.09.07 -

    eTrust-Vet 36.1.8545 2011.09.07 -

    F-Prot 4.6.2.117 2011.09.07 -

    F-Secure 9.0.16440.0 2011.09.08 -

    Fortinet 4.3.370.0 2011.09.07 -

    GData 22 2011.09.08 -

    Ikarus T3.1.1.107.0 2011.09.08 -

    Jiangmin 13.0.900 2011.09.07 -

    K7AntiVirus 9.112.5100 2011.09.07 -

    Kaspersky 9.0.0.837 2011.09.08 -

    McAfee 5.400.0.1158 2011.09.08 -

    McAfee-GW-Edition 2010.1D 2011.09.08 -

    Microsoft 1.7604 2011.09.07 -

    NOD32 6445 2011.09.08 -

    Norman 6.07.11 2011.09.07 -

    nProtect 2011-09-07.01 2011.09.07 -

    Panda 10.0.3.5 2011.09.07 -

    PCTools 8.0.0.5 2011.09.08 -

    Prevx 3.0 2011.09.08 -

    Rising 23.74.02.03 2011.09.07 -

    Sophos 4.69.0 2011.09.08 -

    SUPERAntiSpyware 4.40.0.1006 2011.09.08 -

    Symantec 20111.2.0.82 2011.09.08 -

    TheHacker 6.7.0.1.291 2011.09.07 -

    TrendMicro 9.500.0.1008 2011.09.06 -

    TrendMicro-HouseCall 9.500.0.1008 2011.09.08 -

    VBA32 3.12.16.4 2011.09.07 -

    VIPRE 10405 2011.09.08 -

    ViRobot 2011.9.7.4661 2011.09.08 -

    VirusBuster 14.0.203.0 2011.09.07 -

    Additional information

    MD5 : 61ac3efdfacfdd3f0f11dd4fd4044223

    SHA1 : 211295ccda6cf6409189279bf66a212bd53fc650

    SHA256: 538fe1012fedc72727a8de0c2c01944b3d35c29812ecef88e95aac07235e0b0b

    ssdeep: 384:dxAeSOCguz8sfE4XslZzN5hbFJ5K6gUf6mgKWjwtdeKpuZPFa3mWVPymW49TU:LCJD8lZZ5

    hbFJILcve34Ep

    File size : 26624 bytes

    First seen: 2011-02-20 17:55:12

    Last seen : 2011-09-08 02:13:26

    TrID:

    Win32 Executable MS Visual C++ (generic) (65.2%)

    Win32 Executable Generic (14.7%)

    Win32 Dynamic Link Library (generic) (13.1%)

    Generic Win/DOS Executable (3.4%)

    DOS Executable Generic (3.4%)

    sigcheck:

    publisher....: Microsoft Corporation

    copyright....: © Microsoft Corporation. All rights reserved.

    product......: Microsoft_ Windows_ Operating System

    description..: Userinit Logon Application

    original name: USERINIT.EXE

    internal name: userinit

    file version.: 6.1.7601.17514 (win7sp1_rtm.101119-1850)

    comments.....: n/a

    signers......: -

    signing date.: -

    verified.....: Unsigned

    PEInfo: PE structure information

    [[ basic data ]]

    entrypointaddress: 0x2BE9

    timedatestamp....: 0x4CE79438 (Sat Nov 20 09:26:16 2010)

    machinetype......: 0x14c (I386)

    [[ 4 section(s) ]]

    name, viradd, virsiz, rawdsiz, ntropy, md5

    .text, 0x1000, 0x4E49, 0x5000, 6.07, 3beadf3adeddc9255daf26056f4997e4

    .data, 0x6000, 0x4E8, 0x600, 0.87, 6f8a31caa159b63d85db3e8d8b1bdad4

    .rsrc, 0x7000, 0x780, 0x800, 4.05, 9c487e583e8c549692755222faeccaf7

    .reloc, 0x8000, 0x42C, 0x600, 5.36, 1baffd908a7e6fd7b564465e8af55c93

    [[ 7 import(s) ]]

    ntdll.dll: DbgPrint, RtlInitUnicodeString, NtOpenKey, NtClose

    API_MS_Win_Core_LocalRegistry_L1_1_0.dll: RegCreateKeyExW, RegDeleteTreeW, RegSetValueExW, RegQueryValueExW, RegOpenKeyExW, RegCloseKey, RegQueryInfoKeyW

    API_MS_Win_Core_ProcessThreads_L1_1_0.dll: SetThreadPriority, GetCurrentThread, CreateThread, GetCurrentProcess, CreateProcessW, OpenProcessToken

    USER32.dll: CharNextW, GetKeyboardLayout, GetSystemMetrics, ExitWindowsEx, MessageBoxW, LoadStringW, LoadRemoteFonts, DefWindowProcW, RegisterClassExW, DestroyWindow, CreateWindowExW, SystemParametersInfoW

    USERENV.dll: -

    msvcrt.dll: _ismbblead, _XcptFilter, _exit, _cexit, exit, _wcsicmp, memset, memmove, _vsnwprintf, _initterm, _acmdln, _amsg_exit, __setusermatherr, __p__fmode, __set_app_type, _terminate@@YAXXZ, _except_handler4_common, _controlfp, __getmainargs, __p__commode

    KERNEL32.dll: GetSystemTimeAsFileTime, TerminateProcess, UnhandledExceptionFilter, GetCurrentProcessId, GetTickCount, QueryPerformanceCounter, GetModuleHandleA, SetUnhandledExceptionFilter, GetStartupInfoA, InterlockedExchange, LoadLibraryA, RegOpenKeyExA, RegQueryValueExA, ExpandEnvironmentStringsA, LoadLibraryExA, InterlockedCompareExchange, DelayLoadFailureHook, HeapSetInformation, SetCurrentDirectoryW, FormatMessageW, GetFileAttributesExW, GetSystemDirectoryW, SetLastError, ExpandEnvironmentStringsW, GetUserDefaultLangID, SetEvent, OpenEventW, Sleep, WaitForSingleObject, CloseHandle, GetLastError, SetEnvironmentVariableW, SearchPathW, GetCurrentThreadId, CompareFileTime, LoadLibraryW, GetProcAddress, FreeLibrary, GetEnvironmentVariableW, LocalAlloc, LocalFree, GetVersionExW, lstrlenW

    ExifTool:

    file metadata

    CharacterSet: Unicode

    CodeSize: 20480

    CompanyName: Microsoft Corporation

    EntryPoint: 0x2be9

    FileDescription: Userinit Logon Application

    FileFlagsMask: 0x003f

    FileOS: Windows NT 32-bit

    FileSize: 26 kB

    FileSubtype: 0

    FileType: Win32 EXE

    FileVersion: 6.1.7601.17514 (win7sp1_rtm.101119-1850)

    FileVersionNumber: 6.1.7601.17514

    ImageVersion: 6.1

    InitializedDataSize: 5120

    InternalName: userinit

    LanguageCode: English (U.S.)

    LegalCopyright: Microsoft Corporation. All rights reserved.

    LinkerVersion: 9.0

    MIMEType: application/octet-stream

    MachineType: Intel 386 or later, and compatibles

    OSVersion: 6.1

    ObjectFileType: Executable application

    OriginalFilename: USERINIT.EXE

    PEType: PE32

    ProductName: Microsoft Windows Operating System

    ProductVersion: 6.1.7601.17514

    ProductVersionNumber: 6.1.7601.17514

    Subsystem: Windows GUI

    SubsystemVersion: 6.1

    TimeStamp: 2010:11:20 10:26:16+01:00

    UninitializedDataSize: 0

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Baixe o Kaspersky AVP Tool de um desses 2 links:

    http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/

    http://dnl-us6.kaspersky-labs.com/devbuilds/AVPTool/

    Você será conduzido a uma página da Kaspersky, solicitando um email para cadastro, nome e sobrenome. Somente o campo "email" é obrigatório.

    Informe seu email depois clique no botão Submit Form.

    A página será recarregada. Clique no botão Download

    Salve-o em sua área de trabalho.

    Execute o arquivo e aguarde a instalação.

    ** Usuários do Windows Vista e Windows 7:

    Clique com o direito sobre o arquivo, depois clique em Executar como administrador

    Na tela do contrato de licença, marque a opção I accept the license agreement e depois clique no botão Start. Aparentemente o programa congela e nada acontece. É normal, apenas aguarde até aparecer a tela inicial do programa, e então clique no ícone Settings:

    KRT_settings.png

    Nesta tela, marque a caixa ao lado de:

    • Meu Computador
    • Disco local (C:)

    Marque também todas as unidades que aparecem abaixo de Disco Local, caso houverem. Depois clique na aba Automatic Scan

    KRT_install2_.png

    De volta à tela inicial do programa, clique no botão Start scanning

    Tenha paciência, é um pouco demorado.

    Quando terminar, caso tenha detectado algo, o programa irá lhe perguntar o que fazer.

    Marque o quadradinho ao lado de Apply to all objects e depois clique em Skip (queremos apenas o log).

    KRT_detection_.png

    Enquanto durar o exame, a tela inicial exibirá uma barra de progresso. Quando terminar, o programa exibirá o status concluído e um botão que ficará na cor laranja, caso nada tenha sido detectado, e na cor vermelha, caso tenha encontrado algo.

    Caso tenha detectado algo, o programa também exibirá uma tela de alerta, avisando que o seu sistema está desprotegido e sugerindo um produto da Kaspersky. Clique no botão No, thanks.

    De volta à tela principal, caso tenha sido detectado algo, então salve o log. Se você fechar o programa e esquecer de salvar o log, terá que repetir todo o scan novamente.

    Para salvar o log, clique no ícone Reports (ao lado do ícone "Settings"). Na próxima janela, clique em Detected Threats, depois clique no ícone de disquete para salvar o log.

    Escolha um local de fácil acesso e salve como log.txt

    Copie todo o conteúdo desse bloco de notas e cole na sua próxima resposta.

    Se nada for detectado, então não precisa salvar o log. Apenas poste aqui avisando.

    Para sair do programa, basta clicar no X no canto superior direito.

    Editado por RenatoMejias

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Demorou 7h para realizar o scan e nada foi detectado.

    Conferi o uso da CPU. Esta dando saltos de 50% mesmo sem abrir ou executar qualquer programa.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Saltos no processamento não quer dizer nada. O seu sistema tem drivers e serviços que se executam independente de qualquer programa em execução.

    Como tem estado o computador?

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Era só uma duvida que eu tinha. O computador está ótimo! O objetivo da minha postagem foi atingido. Aproveito para parabenizar pelo trabalho e agradecer as excelentes instruções que foram passadas. Pode fechar o tópico. Muito obrigada!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Parabéns, seu log está limpo.

    De agora em diante fique ALERTA!

    Para finalizar faça o seguinte:

    Vá em Iniciar > Executar e digite ComboFix /Uninstall . Isso desinstalará o ComboFix de sua máquina.

    Faça download do OTC

    • Salve no seu desktop (área/ambiente de trabalho).
    • Duplo-clique no icone do OTC.
    • Clique no botão "Cleanup" 8gehxg0.gif
    • Permita que o seu computador seja reiniciado.

    Sugiro que rode o CCleaner para fazer uma limpeza em sua máquina. Faça o download dele aqui CCleaner

    • Abra o programa e clique em Executar Limpeza;
    • Após isto, clique em Erros >> Procurar erros >> Corrigir Erros

    Sugiro também que consulte este artigo: Proteja seu PC

    Mais algum problema com o computador?

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com a moderação solicitando o desbloqueio.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Visitante
    Este tópico está impedido de receber novos posts.
    Entre para seguir isso  





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×