Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Ricardoeditor

Infecção nos Exe. Onde está a origem de tudo isso?

Recommended Posts

Segue os logs pedidos:

DDS.txt

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.7600.16385

Run by Rick at 10:00:28 on 2012-01-16

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1046.18.3071.1816 [GMT -2:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\srvany.exe

C:\Windows\svchost.exe

C:\Windows\KMService.exe

C:\Windows\system32\conhost.exe

C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\system32\taskhost.exe

C:\Windows\system32\wuauclt.exe

C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\rundll32.exe

C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com.br/

BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office14\GROOVEEX.DLL

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll

uRun: [Google Update] "c:\users\rick\appdata\local\google\update\GoogleUpdate.exe" /c

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin

mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"

mRun: [<NO NAME>]

mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"

mRun: [Adobe_ID0ENQBO] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE

mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: &Enviar para o OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105

IE: Anexar para um PDF existente - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html

IE: Converter destino do link em Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Converter destino do link em um PDF existente - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Converter em Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xportar para o Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

TCP: DhcpNameServer = 200.204.0.10 200.204.0.138

TCP: Interfaces\{28C8B4E0-DD6F-4A74-9AB8-1D1308794754} : DhcpNameServer = 200.204.0.10 200.204.0.138

TCP: Interfaces\{B741D3CA-C1CD-44C8-9742-3872CBDB12B1} : NameServer = 200.204.0.10 200.204.0.138

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\rick\appdata\roaming\mozilla\firefox\profiles\cruswfun.default\

.

============= SERVICES / DRIVERS ===============

.

R2 KMService;KMService;c:\windows\system32\srvany.exe [2012-1-14 8192]

R2 PowerManager;Power Manager;c:\windows\svchost.exe [2001-8-24 36352]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-1-11 240232]

S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\wat\WatAdminSvc.exe [2012-1-16 1343400]

.

=============== Created Last 30 ================

.

2012-01-16 09:49:18 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{9a6781cb-0d19-428f-ae14-01a066eca154}\offreg.dll

2012-01-16 09:44:48 -------- d-----w- c:\windows\system32\Wat

2012-01-15 19:45:56 257024 ----a-w- c:\windows\system32\msv1_0.dll

2012-01-15 19:41:43 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2012-01-15 19:41:43 49472 ----a-w- c:\windows\system32\netfxperf.dll

2012-01-15 19:41:43 297808 ----a-w- c:\windows\system32\mscoree.dll

2012-01-15 19:41:43 295264 ----a-w- c:\windows\system32\PresentationHost.exe

2012-01-15 19:41:43 1130824 ----a-w- c:\windows\system32\dfshim.dll

2012-01-15 19:28:51 190976 ----a-w- c:\windows\system32\drivers\ks.sys

2012-01-15 19:27:53 276992 ----a-w- c:\windows\system32\wcncsvc.dll

2012-01-15 14:55:51 90624 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\HPZPPWN7.DLL

2012-01-15 14:18:33 2048 ----a-w- c:\windows\system32\tzres.dll

2012-01-15 14:18:27 4247040 ----a-w- c:\program files\windows nt\accessories\wordpad.exe

2012-01-15 14:18:27 1413632 ----a-w- c:\windows\system32\ole32.dll

2012-01-15 14:18:01 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys

2012-01-15 14:15:21 75776 ----a-w- c:\windows\system32\psisrndr.ax

2012-01-15 14:15:21 72704 ----a-w- c:\windows\system32\Mpeg2Data.ax

2012-01-15 14:15:21 59904 ----a-w- c:\windows\system32\MSDvbNP.ax

2012-01-15 14:15:21 465408 ----a-w- c:\windows\system32\psisdecd.dll

2012-01-15 14:15:21 204288 ----a-w- c:\windows\system32\MSNP.ax

2012-01-15 14:15:18 224256 ----a-w- c:\windows\system32\schannel.dll

2012-01-15 14:15:16 6144 ----a-w- c:\program files\internet explorer\iecompat.dll

2012-01-15 14:15:13 34816 ----a-w- c:\windows\system32\msasn1.dll

2012-01-15 14:15:09 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-01-15 14:15:09 1037312 ----a-w- c:\windows\system32\lsasrv.dll

2012-01-15 14:14:32 37376 ----a-w- c:\windows\system32\rtutils.dll

2012-01-15 14:14:30 541184 ----a-w- c:\windows\system32\kerberos.dll

2012-01-15 14:14:29 1619968 ----a-w- c:\program files\windows mail\msoe.dll

2012-01-15 14:14:25 571904 ----a-w- c:\windows\system32\oleaut32.dll

2012-01-15 14:14:25 233472 ----a-w- c:\windows\system32\oleacc.dll

2012-01-15 14:14:23 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys

2012-01-15 14:14:18 740864 ----a-w- c:\windows\system32\inetcomm.dll

2012-01-15 14:14:15 67584 ----a-w- c:\windows\system32\asycfilt.dll

2012-01-15 14:14:14 530432 ----a-w- c:\windows\system32\comctl32.dll

2012-01-15 14:14:12 954752 ----a-w- c:\windows\system32\mfc40.dll

2012-01-15 14:14:12 954288 ----a-w- c:\windows\system32\mfc40u.dll

2012-01-15 14:12:53 2614784 ----a-w- c:\windows\explorer.exe

2012-01-15 14:11:58 759296 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll

2012-01-15 14:08:52 311296 ----a-w- c:\windows\system32\drivers\srv.sys

2012-01-15 14:08:52 309760 ----a-w- c:\windows\system32\drivers\srv2.sys

2012-01-15 14:08:51 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys

2012-01-15 14:08:34 316928 ----a-w- c:\windows\system32\spoolsv.exe

2012-01-15 14:06:02 2340352 ----a-w- c:\windows\system32\win32k.sys

2012-01-15 14:05:01 96256 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2012-01-15 14:05:01 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2012-01-15 14:05:01 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2012-01-15 14:02:03 987136 ----a-w- c:\program files\common files\system\ado\msado15.dll

2012-01-15 14:02:03 573440 ----a-w- c:\windows\system32\odbc32.dll

2012-01-15 14:02:03 372736 ----a-w- c:\program files\common files\system\ado\msadox.dll

2012-01-15 14:02:03 352256 ----a-w- c:\program files\common files\system\ado\msadomd.dll

2012-01-15 14:02:03 208896 ----a-w- c:\program files\common files\system\msadc\msadco.dll

2012-01-15 13:59:33 534528 ----a-w- c:\windows\system32\EncDec.dll

2012-01-15 13:58:22 1328640 ----a-w- c:\windows\system32\quartz.dll

2012-01-15 13:58:21 514560 ----a-w- c:\windows\system32\qdvd.dll

2012-01-15 13:54:18 94208 ----a-w- c:\program files\common files\system\ole db\msdaosp.dll

2012-01-15 13:54:18 86016 ----a-w- c:\windows\system32\odbccu32.dll

2012-01-15 13:54:18 81920 ----a-w- c:\windows\system32\odbccr32.dll

2012-01-15 13:54:18 319488 ----a-w- c:\windows\system32\odbcjt32.dll

2012-01-15 13:54:18 163840 ----a-w- c:\windows\system32\odbctrac.dll

2012-01-15 13:54:18 122880 ----a-w- c:\windows\system32\odbccp32.dll

2012-01-15 13:45:25 172032 ----a-w- c:\windows\system32\wintrust.dll

2012-01-15 13:45:24 132608 ----a-w- c:\windows\system32\cabview.dll

2012-01-15 13:43:44 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2012-01-15 13:43:43 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys

2012-01-15 13:43:43 107520 ----a-w- c:\windows\system32\cdd.dll

2012-01-14 21:36:54 -------- d-----w- c:\programdata\Kaspersky Lab

2012-01-14 20:44:47 -------- d-----w- c:\users\rick\appdata\local\ashampoo

2012-01-14 20:44:47 -------- d-----w- c:\programdata\ashampoo

2012-01-14 20:44:33 -------- d-----w- c:\program files\Ashampoo

2012-01-14 20:41:56 8192 ----a-w- c:\windows\system32\srvany.exe

2012-01-14 20:41:56 77824 ----a-w- c:\windows\KMService.exe

2012-01-14 20:33:45 -------- d-----w- c:\program files\Microsoft Synchronization Services

2012-01-14 20:33:27 -------- d-----w- c:\windows\PCHEALTH

2012-01-14 20:33:26 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition

2012-01-14 20:31:43 -------- d-----w- c:\program files\Microsoft Visual Studio 8

2012-01-14 20:30:51 -------- d-----w- c:\program files\Microsoft Analysis Services

2012-01-14 20:30:35 -------- d-----w- c:\users\rick\appdata\local\Microsoft Help

2012-01-14 17:10:31 1409 ----a-w- c:\windows\QTFont.for

2012-01-14 12:31:19 -------- d-----w- c:\program files\CCleaner

2012-01-14 12:26:39 175616 ----a-w- c:\windows\system32\unrar.dll

2012-01-14 12:26:38 839680 ----a-w- c:\windows\system32\lameACM.acm

2012-01-14 12:26:38 650752 ----a-w- c:\windows\system32\xvidcore.dll

2012-01-14 12:26:38 243200 ----a-w- c:\windows\system32\xvidvfw.dll

2012-01-14 12:26:38 151552 ----a-w- c:\windows\system32\ac3acm.acm

2012-01-14 12:26:37 79360 ----a-w- c:\windows\system32\ff_vfw.dll

2012-01-14 12:26:35 -------- d-----w- c:\program files\K-Lite Codec Pack

2012-01-14 12:09:16 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll

2012-01-14 12:08:59 452440 ----a-w- c:\windows\system32\d3dx10_40.dll

2012-01-14 12:03:07 148312 ----a-w- c:\windows\dxsdkuninst.exe

2012-01-14 12:02:59 -------- d-----w- c:\program files\Microsoft DirectX SDK (June 2010)

2012-01-14 11:43:50 -------- d-----w- c:\users\rick\appdata\local\Opera

2012-01-14 11:30:57 -------- d-----w- c:\programdata\ALM

2012-01-14 11:27:46 -------- d-----w- c:\program files\common files\PX Storage Engine

2012-01-14 11:20:05 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll

2012-01-14 10:45:55 -------- d-sh--w- c:\windows\system32\%APPDATA%

2012-01-14 10:43:45 -------- d-----w- c:\users\rick\appdata\local\Adobe

2012-01-14 10:43:23 -------- d-----w- c:\program files\common files\Macrovision Shared

2012-01-14 10:08:08 131072 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll

2012-01-14 10:08:08 131072 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll

2012-01-14 10:08:08 131072 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll

2012-01-14 10:08:08 131072 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll

2012-01-14 10:08:08 131072 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll

2012-01-14 10:08:08 131072 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll

2012-01-14 10:08:08 131072 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll

2012-01-14 10:07:10 33508 --sh--r- C:\keklgd.pif

2012-01-14 10:07:06 -------- d-----w- c:\users\rick\appdata\local\Apple

2012-01-14 09:46:02 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll

2012-01-14 09:43:37 -------- d-----w- c:\program files\NVIDIA Corporation

2012-01-14 00:48:52 -------- d-----w- c:\windows\Panther

2012-01-13 19:45:39 6823496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{9a6781cb-0d19-428f-ae14-01a066eca154}\mpengine.dll

2012-01-13 19:45:39 258432 ----a-w- c:\windows\system32\MpSigStub.exe

2012-01-13 19:40:09 294912 ----a-w- c:\windows\system32\umpnpmgr.dll

2012-01-13 19:40:06 507568 ----a-w- c:\windows\system32\winload.exe

2012-01-13 19:40:06 442920 ----a-w- c:\windows\system32\winresume.exe

2012-01-13 19:40:06 164864 ----a-w- c:\program files\windows media player\wmplayer.exe

2012-01-13 19:40:06 1320960 ----a-w- c:\windows\system32\CertEnroll.dll

2012-01-13 19:40:06 12625408 ----a-w- c:\windows\system32\wmploc.DLL

2012-01-13 19:39:31 91648 ----a-w- c:\windows\system32\avifil32.dll

2012-01-13 19:39:31 84480 ----a-w- c:\windows\system32\mciavi32.dll

2012-01-13 19:39:31 50176 ----a-w- c:\windows\system32\iyuv_32.dll

2012-01-13 19:39:31 31744 ----a-w- c:\windows\system32\msvidc32.dll

2012-01-13 19:39:31 22016 ----a-w- c:\windows\system32\msyuv.dll

2012-01-13 19:39:31 13312 ----a-w- c:\windows\system32\msrle32.dll

2012-01-13 19:39:31 12288 ----a-w- c:\windows\system32\tsbyuv.dll

2012-01-13 19:38:52 -------- d-sh--w- c:\windows\Installer

2012-01-13 19:38:45 -------- d-----w- c:\program files\common files\Wise Installation Wizard

2012-01-13 19:38:17 592488 ----a-w- c:\windows\system32\nvudisp.exe

2012-01-13 19:35:24 705536 ----a-r- c:\windows\system32\cohelper.dll

2012-01-13 19:35:24 6136 ----a-r- c:\windows\system32\drivers\nvphy.bin

2012-01-13 19:35:23 897024 ----a-w- c:\windows\system32\fdco1.dll

2012-01-13 19:35:23 485920 ----a-w- c:\windows\system32\nvunrm.exe

2012-01-13 19:35:23 287392 ----a-w- c:\windows\system32\drivers\nvmf6232.sys

2012-01-13 19:35:23 151552 ----a-w- c:\windows\system32\nvconrm.dll

2012-01-13 19:35:10 628840 ----a-w- c:\windows\system32\NVUNINST.EXE

2012-01-13 19:34:53 -------- d-----w- c:\windows\system32\Tools

2012-01-13 19:34:45 757760 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iKernel.dll

2012-01-13 19:34:45 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\ctor.dll

2012-01-13 19:34:45 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\DotNetInstaller.exe

2012-01-13 19:34:45 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll

2012-01-13 19:34:45 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iscript.dll

2012-01-13 19:34:45 204800 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iuser.dll

2012-01-13 19:34:45 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iGdi.dll

2012-01-13 19:34:44 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\setup.dll

2012-01-13 19:32:11 -------- d-----w- c:\users\rick\appdata\local\Google

2012-01-13 19:31:59 -------- d-----w- c:\users\rick\appdata\local\Deployment

2012-01-13 19:31:59 -------- d-----w- c:\users\rick\appdata\local\Apps

2012-01-13 19:25:56 -------- d-----w- c:\windows\system32\wbem\Performance

2012-01-13 19:19:36 -------- d-----w- C:\Ativando Todas Versões Windows 7.exe

.

==================== Find3M ====================

.

2012-01-15 13:18:26 1230880 ----a-w- c:\windows\system32\nvcplui.exe

2011-11-19 14:06:13 67072 ----a-w- c:\windows\system32\packager.dll

2011-11-17 05:41:38 1288984 ----a-w- c:\windows\system32\ntdll.dll

2011-10-26 04:42:38 3901808 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-10-26 04:42:37 3957104 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-10-26 04:25:28 38912 ----a-w- c:\windows\system32\csrsrv.dll

.

============= FINISH: 10:00:59,27 ===============

Attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 13/01/2012 17:16:48

System Uptime: 16/01/2012 07:46:19 (3 hours ago)

.

Motherboard: ECS | | GeForce6100PM-M2

Processor: AMD Athlon II X3 425 Processor | CPU 1 | 783/200mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 78 GiB total, 31,535 GiB free.

D: is FIXED (NTFS) - 20 GiB total, 12,942 GiB free.

E: is FIXED (NTFS) - 834 GiB total, 159,519 GiB free.

F: is CDROM ()

G: is FIXED (NTFS) - 466 GiB total, 102,135 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description: USB 2.0 Video Capture Controller

Device ID: USB\VID_05E1&PID_0408&MI_00\7&34785C0E&0&0000

Manufacturer:

Name: USB 2.0 Video Capture Controller

PNP Device ID: USB\VID_05E1&PID_0408&MI_00\7&34785C0E&0&0000

Service:

.

==== System Restore Points ===================

.

RP8: 14/01/2012 18:30:08 - Installed Microsoft Office Professional Plus 2010

RP9: 15/01/2012 17:26:51 - Windows Update

.

==== Installed Programs ======================

.

Acrobat.com

Adobe Acrobat 9 Pro - Italiano, Español, Nederlands, Português

Adobe After Effects CS4

Adobe After Effects CS4 Presets

Adobe After Effects CS4 Third Party Content

Adobe AIR

Adobe Anchor Service CS4

Adobe Asset Services CS4

Adobe Bridge CS4

Adobe CMaps CS4

Adobe Color - Photoshop Specific CS4

Adobe Color EU Recommended Settings CS4

Adobe Color JA Extra Settings CS4

Adobe Color NA Extra Settings CS4

Adobe Color Video Profiles AE CS4

Adobe Color Video Profiles CS CS4

Adobe Contribute CS4

Adobe Creative Suite 4 Master Collection

Adobe CS4 American English Speech Analysis Models

Adobe CSI CS4

Adobe Default Language CS4

Adobe Device Central CS4

Adobe Dreamweaver CS4

Adobe Drive CS4

Adobe Dynamiclink Support

Adobe Encore CS4

Adobe Encore CS4 Codecs

Adobe ExtendScript Toolkit CS4

Adobe Extension Manager CS4

Adobe Fireworks CS4

Adobe Flash CS4

Adobe Flash CS4 Extension - Flash Lite STI others

Adobe Flash CS4 STI-other

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Fonts All

Adobe Illustrator CS4

Adobe InDesign CS4

Adobe InDesign CS4 Application Feature Set Files (Roman)

Adobe InDesign CS4 Common Base Files

Adobe InDesign CS4 Icon Handler

Adobe Linguistics CS4

Adobe Media Encoder CS4

Adobe Media Encoder CS4 Additional Exporter

Adobe Media Encoder CS4 Dolby

Adobe Media Encoder CS4 Exporter

Adobe Media Encoder CS4 Importer

Adobe Media Player

Adobe MotionPicture Color Files CS4

Adobe OnLocation CS4

Adobe Output Module

Adobe PDF Library Files CS4

Adobe Photoshop CS4

Adobe Photoshop CS4 Support

Adobe Premiere Pro CS4

Adobe Premiere Pro CS4 Functional Content

Adobe Premiere Pro CS4 Third Party Content

Adobe Search for Help

Adobe Service Manager Extension

Adobe Setup

Adobe SGM CS4

Adobe SING CS4

Adobe Soundbooth CS4

Adobe Soundbooth CS4 Codecs

Adobe Type Support CS4

Adobe Update Manager CS4

Adobe Version Cue CS4 Server

Adobe WinSoft Linguistics Plugin

Adobe XMP Panels CS4

AdobeColorCommonSetCMYK

AdobeColorCommonSetRGB

Apple Software Update

Ashampoo Burning Studio 2012 v10.0.15

CCleaner

Connect

Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Google Chrome

K-Lite Codec Pack 8.1.0 (Full)

kuler

Microsoft DirectX SDK (June 2010)

Microsoft Office Access MUI (Portuguese (Brazil)) 2010

Microsoft Office Excel MUI (Portuguese (Brazil)) 2010

Microsoft Office Groove MUI (Portuguese (Brazil)) 2010

Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (Portuguese (Brazil)) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (Portuguese (Brazil)) 2010

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010

Microsoft Office Shared MUI (Portuguese (Brazil)) 2010

Microsoft Office Word MUI (Portuguese (Brazil)) 2010

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Mozilla Firefox 9.0.1 (x86 pt-BR)

NVIDIA Display Control Panel

NVIDIA Drivers

NVIDIA PhysX

NVIDIA Stereoscopic 3D Driver

Opera 11.60

PDF Settings CS4

Photoshop Camera Raw

Pixel Bender Toolkit

QuickTime

Realtek High Definition Audio Driver

Security Update for Microsoft InfoPath 2010 (KB2510065)

Security Update for Microsoft Office 2010 (KB2289078)

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553353) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft Publisher 2010 (KB2409055)

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Security Update for Microsoft Word 2010 (KB2345000)

Suite Shared Configuration CS4

Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition

Update for Microsoft Office 2010 (KB2202188)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2523113)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition

Update for Microsoft Outlook Social Connector (KB2583935)

WinRAR archiver

.

==== End Of File ===========================

gmer.txt

GMER 1.0.15.15641 - http://www.gmer.net

Rootkit scan 2012-01-16 10:41:36

Windows 6.1.7600 Harddisk0\DR0 -> \Device\0000005b SAMSUNG_ rev.1AG0

Running: gmer.exe; Driver: C:\Users\Rick\AppData\Local\Temp\kxldrpoc.sys

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82A895D9 1 Byte [06]

.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82AAE092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

? C:\Users\Rick\AppData\Local\Temp\mbr.sys O sistema não pode encontrar o arquivo especificado. !

---- Devices - GMER 1.0.15 ----

Device \Driver\ACPI_HAL \Device\00000043 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Compartilhar este post


Link para o post
Compartilhar em outros sites

Configure o Windows para mostrar todos os arquivos

Acesse este site: http://virustotal.com/

Em File to upload coloque: C:\windows\explorer.exe

Em seguida clique em Submit

Copie e poste o resultado deste exame.

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • Resultado do Exame:

    File already analysed

    This file was already analysed by VirusTotal on 2012-01-17 21:23:41. It was detected by 0/43 scanners.

    You can take a look at the last analysis or analyse it again now.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Leia as instruções contidas neste link:

    Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

    1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

    [*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).[*]Duplo clique no icone desktopicon.png que está no desktop.[*]Leia e aceite as condições, digitando 1 e enter.[*]Computadores com Windows XP deverão instalar o Console de Recuperação:

    • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
    • Clique em "OK" ao EULA.
    • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

    [*]O ComboFix será executado, por favor seja paciente e aguarde. [*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.[*]Poderá surgir o aviso que é necessário reiniciar o computador.

    NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

    NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

    • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
    • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
    • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Segue o log do ComboFix:

    ComboFix 12-01-21.02 - Rick 23/01/2012 10:31:52.1.3 - x64

    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1046.18.4095.2857 [GMT -2:00]

    Executando de: c:\users\Rick\Desktop\ComboFix.exe

    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    .

    .

    ((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    c:\windows\svchost.exe

    D:\autorun.inf

    E:\Autorun.inf

    .

    .

    ((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    -------\Service_PowerManager

    .

    .

    (((((((((((((((( Arquivos/Ficheiros criados de 2011-12-23 to 2012-01-23 ))))))))))))))))))))))))))))

    .

    .

    2012-01-23 12:18 . 2012-01-23 12:18 -------- d-----w- c:\program files (x86)\Safari

    2012-01-23 12:18 . 2012-01-23 12:18 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll

    2012-01-23 12:18 . 2012-01-23 12:18 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll

    2012-01-23 12:18 . 2012-01-23 12:18 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll

    2012-01-23 12:18 . 2012-01-23 12:18 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll

    2012-01-23 12:18 . 2012-01-23 12:18 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll

    2012-01-23 12:18 . 2012-01-23 12:18 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll

    2012-01-23 12:18 . 2012-01-23 12:18 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll

    2012-01-23 12:18 . 2012-01-23 12:18 -------- d-----w- c:\program files (x86)\QuickTime

    2012-01-23 12:18 . 2012-01-23 12:18 -------- d-----w- c:\programdata\Apple Computer

    2012-01-23 12:17 . 2012-01-23 12:17 -------- d-----w- c:\program files (x86)\Common Files\Apple

    2012-01-23 12:17 . 2012-01-23 12:17 -------- d-----w- c:\program files (x86)\Apple Software Update

    2012-01-21 21:59 . 2012-01-21 22:16 -------- d-----w- c:\programdata\regid.1986-12.com.adobe

    2012-01-21 21:00 . 2012-01-21 21:00 -------- d-----w- c:\program files\Sony

    2012-01-21 20:59 . 2012-01-21 20:59 -------- d-----w- c:\windows\system32\appmgmt

    2012-01-21 20:29 . 2012-01-21 20:30 -------- d-----r- c:\program files (x86)\Skype

    2012-01-21 20:29 . 2012-01-21 20:29 -------- d-----w- c:\programdata\Skype

    2012-01-21 20:15 . 2012-01-21 20:15 -------- d-----w- c:\programdata\Sony

    2012-01-21 20:15 . 2012-01-21 20:15 -------- d-----w- c:\program files (x86)\Sony

    2012-01-21 20:09 . 2012-01-21 20:09 -------- d-----w- c:\program files\Common Files\MainConcept

    2012-01-21 19:17 . 2012-01-21 19:17 -------- d-----w- c:\windows\SysWow64\Macromed

    2012-01-21 19:07 . 2012-01-21 19:27 -------- d-----w- c:\program files (x86)\Common Files\Adobe

    2012-01-21 19:01 . 2012-01-21 19:01 -------- d-----w- c:\windows\SysWow64\Wat

    2012-01-21 19:01 . 2012-01-21 19:01 -------- d-----w- c:\windows\system32\Wat

    2012-01-21 18:52 . 2009-09-10 06:28 311808 ----a-w- c:\windows\system32\msv1_0.dll

    2012-01-21 18:52 . 2009-09-10 05:52 257024 ----a-w- c:\windows\SysWow64\msv1_0.dll

    2012-01-21 18:49 . 2009-11-25 14:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll

    2012-01-21 18:49 . 2009-11-25 14:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll

    2012-01-21 18:49 . 2009-11-25 14:47 48960 ----a-w- c:\windows\system32\netfxperf.dll

    2012-01-21 18:49 . 2009-11-25 14:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll

    2012-01-21 18:49 . 2009-11-25 14:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe

    2012-01-21 18:49 . 2009-11-25 14:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll

    2012-01-21 18:49 . 2009-11-25 14:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll

    2012-01-21 18:49 . 2009-11-25 14:47 444752 ----a-w- c:\windows\system32\mscoree.dll

    2012-01-21 18:49 . 2009-11-25 14:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe

    2012-01-21 18:49 . 2009-11-25 14:47 1942856 ----a-w- c:\windows\system32\dfshim.dll

    2012-01-21 18:39 . 2012-01-21 18:39 -------- d-----w- c:\programdata\Apple

    2012-01-21 18:33 . 2012-01-21 18:33 -------- d-----w- c:\program files (x86)\Nero

    2012-01-21 18:33 . 2012-01-21 18:33 -------- d-----w- c:\program files (x86)\Common Files\Nero

    2012-01-21 18:31 . 2012-01-21 12:38 -------- d-----w- c:\windows\Panther

    2012-01-21 18:08 . 2012-01-21 18:08 -------- d-----w- c:\programdata\ashampoo

    2012-01-21 18:08 . 2012-01-21 18:08 -------- d-----w- c:\program files (x86)\Ashampoo

    2012-01-21 18:07 . 2012-01-21 18:07 -------- d-----w- c:\program files (x86)\FreeTime

    2012-01-21 18:06 . 2012-01-21 18:06 -------- d-----w- c:\program files (x86)\Photodex Presenter

    2012-01-21 18:06 . 2012-01-21 18:06 -------- d-----w- c:\program files (x86)\Photodex

    2012-01-21 18:05 . 2012-01-21 18:06 -------- d-----w- c:\programdata\Photodex

    2012-01-21 17:51 . 2012-01-21 17:51 -------- d-----w- c:\windows\PCHEALTH

    2012-01-21 17:51 . 2012-01-21 17:51 -------- d-----w- c:\program files (x86)\Microsoft.NET

    2012-01-21 17:49 . 2012-01-21 17:49 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services

    2012-01-21 17:48 . 2012-01-21 17:56 -------- d-----w- c:\programdata\Microsoft Help

    2012-01-21 17:48 . 2012-01-23 12:18 -------- d-sh--w- c:\windows\Installer

    2012-01-21 17:48 . 2012-01-21 17:48 -------- d-----r- C:\MSOCache

    2012-01-21 13:21 . 2010-12-23 06:07 1118720 ----a-w- c:\windows\system32\sbe.dll

    2012-01-21 13:21 . 2010-12-23 06:07 961024 ----a-w- c:\windows\system32\CPFilters.dll

    2012-01-21 13:21 . 2010-12-23 06:02 259072 ----a-w- c:\windows\system32\mpg2splt.ax

    2012-01-21 13:21 . 2010-12-23 05:28 850432 ----a-w- c:\windows\SysWow64\sbe.dll

    2012-01-21 13:21 . 2010-12-23 05:28 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll

    2012-01-21 13:21 . 2010-12-23 05:24 199680 ----a-w- c:\windows\SysWow64\mpg2splt.ax

    2012-01-21 13:18 . 2011-02-12 06:14 267776 ----a-w- c:\windows\system32\FXSCOVER.exe

    2012-01-21 13:17 . 2010-12-18 06:11 714752 ----a-w- c:\windows\system32\kerberos.dll

    2012-01-21 13:17 . 2010-12-18 05:29 541184 ----a-w- c:\windows\SysWow64\kerberos.dll

    2012-01-21 13:15 . 2010-06-29 05:39 2085376 ----a-w- c:\windows\system32\ole32.dll

    2012-01-21 13:15 . 2010-06-29 05:35 4582912 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe

    2012-01-21 13:15 . 2010-06-29 05:02 1413632 ----a-w- c:\windows\SysWow64\ole32.dll

    2012-01-21 13:15 . 2010-06-29 04:57 4247040 ----a-w- c:\program files (x86)\Windows NT\Accessories\wordpad.exe

    2012-01-21 13:15 . 2010-05-05 07:37 483840 ----a-w- c:\windows\system32\StructuredQuery.dll

    2012-01-21 13:15 . 2010-05-05 06:46 363520 ----a-w- c:\windows\SysWow64\StructuredQuery.dll

    2012-01-21 13:15 . 2011-07-09 02:44 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

    2012-01-21 13:15 . 2011-05-04 02:51 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

    2012-01-21 13:15 . 2011-05-04 02:51 126464 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

    2012-01-21 13:15 . 2011-04-25 02:44 499712 ----a-w- c:\windows\system32\drivers\afd.sys

    2012-01-21 13:13 . 2011-03-11 06:19 1395712 ----a-w- c:\windows\system32\mfc42.dll

    2012-01-21 13:13 . 2011-03-11 06:19 1359872 ----a-w- c:\windows\system32\mfc42u.dll

    2012-01-21 13:13 . 2011-03-11 05:40 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll

    2012-01-21 13:13 . 2011-03-11 05:40 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll

    2012-01-21 13:13 . 2010-06-19 06:53 52224 ----a-w- c:\windows\system32\rtutils.dll

    2012-01-21 13:13 . 2010-06-19 06:23 37376 ----a-w- c:\windows\SysWow64\rtutils.dll

    2012-01-21 13:13 . 2010-08-21 06:29 558592 ----a-w- c:\windows\system32\spoolsv.exe

    2012-01-21 13:13 . 2011-02-19 06:36 46080 ----a-w- c:\windows\system32\atmlib.dll

    2012-01-21 13:13 . 2011-02-19 05:32 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

    2012-01-21 13:13 . 2011-02-19 04:13 367104 ----a-w- c:\windows\system32\atmfd.dll

    2012-01-21 13:13 . 2011-02-19 03:37 294912 ----a-w- c:\windows\SysWow64\atmfd.dll

    2012-01-21 13:13 . 2009-10-19 14:46 100864 ----a-w- c:\windows\system32\fontsub.dll

    2012-01-21 13:13 . 2009-10-19 14:10 70656 ----a-w- c:\windows\SysWow64\fontsub.dll

    2012-01-21 13:12 . 2010-07-29 06:30 82944 ----a-w- c:\windows\SysWow64\iccvid.dll

    2012-01-21 13:12 . 2011-03-03 06:17 182272 ----a-w- c:\windows\system32\dnsrslvr.dll

    2012-01-21 13:12 . 2011-03-03 06:14 30208 ----a-w- c:\windows\system32\dnscacheugc.exe

    2012-01-21 13:12 . 2011-03-03 05:27 28672 ----a-w- c:\windows\SysWow64\dnscacheugc.exe

    2012-01-21 13:10 . 2010-06-08 06:02 1233920 ----a-w- c:\windows\SysWow64\msxml3.dll

    2012-01-21 13:10 . 2010-06-08 05:36 1877504 ----a-w- c:\windows\system32\msxml3.dll

    2012-01-21 13:08 . 2011-05-24 11:21 404992 ----a-w- c:\windows\system32\umpnpmgr.dll

    2012-01-21 13:08 . 2011-05-24 10:34 64512 ----a-w- c:\windows\SysWow64\devobj.dll

    2012-01-21 13:08 . 2011-05-24 10:34 44544 ----a-w- c:\windows\SysWow64\devrtl.dll

    2012-01-21 13:08 . 2011-05-24 10:34 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll

    2012-01-21 13:08 . 2011-05-24 10:32 252928 ----a-w- c:\windows\SysWow64\drvinst.exe

    2012-01-21 13:08 . 2011-05-03 05:21 976896 ----a-w- c:\windows\system32\inetcomm.dll

    2012-01-21 13:08 . 2011-05-03 04:50 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll

    2012-01-21 13:08 . 2011-11-24 05:00 3141632 ----a-w- c:\windows\system32\win32k.sys

    2012-01-21 13:06 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll

    2012-01-21 13:06 . 2011-11-19 14:06 67072 ----a-w- c:\windows\SysWow64\packager.dll

    2012-01-21 12:49 . 2009-12-29 08:03 220672 ----a-w- c:\windows\system32\wintrust.dll

    2012-01-21 12:49 . 2009-12-29 06:55 172032 ----a-w- c:\windows\SysWow64\wintrust.dll

    2012-01-21 12:49 . 2010-01-09 07:19 139264 ----a-w- c:\windows\system32\cabview.dll

    2012-01-21 12:49 . 2010-01-09 06:52 132608 ----a-w- c:\windows\SysWow64\cabview.dll

    2012-01-21 12:48 . 2012-01-17 06:39 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{905303EA-E58A-4C44-A2F1-426A21C133B7}\mpengine.dll

    2012-01-21 12:48 . 2011-11-15 16:29 270720 ------w- c:\windows\system32\MpSigStub.exe

    2012-01-21 12:40 . 2012-01-21 12:40 -------- d-----w- C:\Ativando Todas Versões Windows 7.exe

    .

    .

    .

    ((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    .

    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

    .

    .

    *Nota* entradas vazias e legítimas por padrão não são apresentadas.

    REGEDIT4

    .

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17387656]

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

    "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 553448]

    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]

    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "ConsentPromptBehaviorAdmin"= 5 (0x5)

    "ConsentPromptBehaviorUser"= 3 (0x3)

    "EnableUIADesktopToggle"= 0 (0x0)

    .

    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

    R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 553448]

    R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]

    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

    .

    .

    --- =Outros Serviços/Drivers Na Memória ---

    .

    *NewlyCreated* - WS2IFSL

    .

    Conteúdo da pasta 'Tarefas Agendadas'

    .

    2012-01-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4115198021-1004272725-1742673159-1000Core.job

    - c:\users\Rick\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-21 12:49]

    .

    2012-01-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4115198021-1004272725-1742673159-1000UA.job

    - c:\users\Rick\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-21 12:49]

    .

    .

    --------- x86-64 -----------

    .

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 536560]

    "combofix"="c:\combofix\CF21952.3XE" [2009-07-14 344576]

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

    "LoadAppInit_DLLs"=0x0

    .

    ------- Scan Suplementar -------

    .

    uLocal Page = c:\windows\system32\blank.htm

    mLocal Page = c:\windows\SysWOW64\blank.htm

    TCP: DhcpNameServer = 200.204.0.10 200.204.0.138

    FF - ProfilePath - c:\users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\vrjpgj22.default\

    .

    .

    --------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

    @Denied: (A 2) (Everyone)

    @="FlashBroker"

    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe,-101"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

    "Enabled"=dword:00000001

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

    @Denied: (A 2) (Everyone)

    @="Shockwave Flash Object"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx"

    "ThreadingModel"="Apartment"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

    @="0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

    @="ShockwaveFlash.ShockwaveFlash.10"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx, 1"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

    @="1.0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

    @="ShockwaveFlash.ShockwaveFlash"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

    @Denied: (A 2) (Everyone)

    @="Macromedia Flash Factory Object"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx"

    "ThreadingModel"="Apartment"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

    @="FlashFactory.FlashFactory.1"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx, 1"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

    @="1.0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

    @="FlashFactory.FlashFactory"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

    @Denied: (A 2) (Everyone)

    @="IFlashBroker4"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

    @="{00020424-0000-0000-C000-000000000046}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    "Version"="1.0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

    @Denied: (A) (Everyone)

    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

    @Denied: (A) (Everyone)

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

    "Key"="ActionsPane3"

    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

    @Denied: (Full) (Everyone)

    .

    ------------------------ Outros Processos em Execução ------------------------

    .

    c:\program files (x86)\Photodex\ProShowProducer\ScsiAccess.exe

    .

    **************************************************************************

    .

    Tempo para conclusão: 2012-01-23 10:40:43 - Máquina reiniciou

    ComboFix-quarantined-files.txt 2012-01-23 12:40

    .

    Pré-execução: 39.551.455.232 bytes disponíveis

    Pós execução: 38.869.491.712 bytes disponíveis

    .

    - - End Of File - - 744745DC20433A95E80AB12BA5CDBB73

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Por gentileza, instale um antivírus antes de continuarmos.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • AVG 2012 instalado. Pronto para prosseguir.

    Logo Após a instalação do AVG 2012, ele começa a reconhecer todos os meus arquivos como "Infectados". Tendo uma incrível dificuldade para sua desinstalação. Qual antivírus devo utilizar?

    Editado por Ricardoeditor
    !Observação!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Segue o novo log:

    DDS.txt

    .

    DDS (Ver_2011-08-26.01) - NTFSAMD64

    Internet Explorer: 8.0.7600.16385

    Run by Rick at 13:22:16 on 2012-01-27

    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1046.18.4095.2979 [GMT -2:00]

    .

    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    .

    ============== Running Processes ===============

    .

    C:\Windows\system32\wininit.exe

    C:\Windows\system32\lsm.exe

    C:\Windows\system32\svchost.exe -k DcomLaunch

    C:\Windows\system32\svchost.exe -k RPCSS

    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

    C:\Windows\system32\svchost.exe -k netsvcs

    C:\Windows\system32\svchost.exe -k LocalService

    C:\Windows\system32\svchost.exe -k NetworkService

    C:\Windows\System32\spoolsv.exe

    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

    C:\Windows\system32\taskhost.exe

    C:\Windows\system32\Dwm.exe

    C:\Windows\Explorer.EXE

    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

    C:\Program Files\Windows Media Player\wmpnetwk.exe

    C:\Windows\System32\svchost.exe -k secsvcs

    C:\Windows\svchost.exe

    C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

    C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

    C:\Windows\system32\wbem\wmiprvse.exe

    C:\Windows\system32\SearchIndexer.exe

    C:\Windows\system32\DllHost.exe

    C:\Windows\system32\DllHost.exe

    C:\Windows\SysWOW64\cmd.exe

    C:\Windows\system32\conhost.exe

    C:\Windows\SysWOW64\cscript.exe

    C:\Windows\system32\wbem\wmiprvse.exe

    .

    ============== Pseudo HJT Report ===============

    .

    mWinlogon: Userinit=userinit.exe

    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

    uRun: [Google Update] "C:\Users\Rick\AppData\Local\Google\Update\GoogleUpdate.exe" /c

    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

    mPolicies-explorer: NoActiveDesktop = 1 (0x1)

    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

    IE: Free YouTube Download - C:\Users\Rick\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

    TCP: DhcpNameServer = 200.204.0.10 200.204.0.138

    TCP: Interfaces\{9EFB30BB-E58D-4796-93A6-D4C7B9A91DA5} : DhcpNameServer = 200.204.0.10 200.204.0.138

    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

    {B4F3A835-0E21-4959-BA22-42B3008E02FF}

    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

    .

    ================= FIREFOX ===================

    .

    FF - ProfilePath - C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\25luvcrv.default\

    FF - prefs.js: network.proxy.type - 0

    FF - plugin: C:\Users\Rick\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll

    .

    ============= SERVICES / DRIVERS ===============

    .

    R2 PowerManager;Power Manager;C:\Windows\svchost.exe [2001-8-24 36352]

    R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

    .

    =============== Created Last 30 ================

    .

    2012-01-27 15:05:08 -------- d-----w- C:\Windows\PCHEALTH

    2012-01-27 15:03:08 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services

    2012-01-27 15:02:38 -------- d-----w- C:\Users\Rick\AppData\Local\Microsoft Help

    2012-01-27 12:12:30 -------- d-----w- C:\Windows\SysWow64\QuickTime

    2012-01-27 12:12:20 -------- d-----w- C:\Program Files (x86)\Common Files\TechSmith Shared

    2012-01-27 12:03:38 -------- d-----w- C:\Users\Rick\AppData\Local\Windows Live

    2012-01-27 12:03:37 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live

    2012-01-27 11:54:51 -------- d-----w- C:\Program Files (x86)\Nero

    2012-01-27 11:50:59 508264 ----a-w- C:\Windows\System32\d3dx10_36.dll

    2012-01-27 11:16:49 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1EB255C7-E89E-4FB9-8445-3F3B2FC5CCED}\mpengine.dll

    2012-01-27 11:16:48 279096 ------w- C:\Windows\System32\MpSigStub.exe

    2012-01-27 11:11:40 -------- d-----w- C:\Users\Rick\AppData\Local\Google

    2012-01-27 11:10:33 175616 ----a-w- C:\Windows\SysWow64\unrar.dll

    2012-01-27 11:10:32 839680 ----a-w- C:\Windows\SysWow64\lameACM.acm

    2012-01-27 11:10:32 79360 ----a-w- C:\Windows\SysWow64\ff_vfw.dll

    2012-01-27 11:10:32 650752 ----a-w- C:\Windows\SysWow64\xvidcore.dll

    2012-01-27 11:10:32 243200 ----a-w- C:\Windows\SysWow64\xvidvfw.dll

    2012-01-27 11:10:32 151552 ----a-w- C:\Windows\SysWow64\ac3acm.acm

    2012-01-27 11:10:30 -------- d-----w- C:\Program Files (x86)\K-Lite Codec Pack

    2012-01-27 11:08:49 -------- d-----w- C:\Users\Rick\AppData\Roaming\DVDVideoSoftIEHelpers

    2012-01-27 11:08:40 -------- d-----w- C:\Program Files (x86)\DVDVideoSoft

    2012-01-27 11:08:40 -------- d-----w- C:\Program Files (x86)\Common Files\DVDVideoSoft

    2012-01-27 11:08:02 -------- d-----w- C:\Users\Rick\AppData\Local\Apple Computer

    2012-01-27 11:07:31 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll

    2012-01-27 11:07:31 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll

    2012-01-27 11:07:31 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll

    2012-01-27 11:07:31 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll

    2012-01-27 11:07:31 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll

    2012-01-27 11:07:31 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll

    2012-01-27 11:07:31 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll

    2012-01-27 11:06:50 -------- d-----w- C:\Users\Rick\AppData\Local\Apple

    2012-01-27 11:06:25 -------- d-sh--w- C:\Windows\Installer

    2012-01-27 03:08:27 -------- d-----w- C:\Windows\Panther

    2012-01-26 21:18:53 -------- d-----w- C:\Ativando Todas Versões Windows 7.exe

    .

    ==================== Find3M ====================

    .

    .

    ============= FINISH: 13:22:42,65 ===============

    Attach.txt

    .

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

    IF REQUESTED, ZIP IT UP & ATTACH IT

    .

    DDS (Ver_2011-08-26.01)

    .

    Microsoft Windows 7 Ultimate

    Boot Device: \Device\HarddiskVolume1

    Install Date: 26/01/2012 19:17:21

    System Uptime: 27/01/2012 08:54:27 (5 hours ago)

    .

    Motherboard: ECS | | GeForce6100PM-M2

    Processor: AMD Athlon II X3 425 Processor | CPU 1 | 783/200mhz

    .

    ==== Disk Partitions =========================

    .

    A: is Removable

    C: is FIXED (NTFS) - 78 GiB total, 49,276 GiB free.

    D: is FIXED (NTFS) - 20 GiB total, 12,968 GiB free.

    E: is FIXED (NTFS) - 834 GiB total, 124,309 GiB free.

    F: is CDROM (UDF)

    G: is FIXED (NTFS) - 466 GiB total, 124,105 GiB free.

    .

    ==== Disabled Device Manager Items =============

    .

    ==== System Restore Points ===================

    .

    RP1: 27/01/2012 09:02:06 - Installed Versão de Avaliação do Microsoft Office Home and Business 2010

    RP2: 27/01/2012 09:04:07 - Installed Versão de Avaliação do Microsoft Office Home and Business 2010

    RP3: 27/01/2012 09:07:33 - Installed Safari

    RP4: 27/01/2012 09:16:36 - Windows Update

    RP5: 27/01/2012 09:50:23 - DirectX instalado

    RP6: 27/01/2012 10:11:52 - Installed Camtasia Studio 7

    RP7: 27/01/2012 13:02:04 - Installed Versão de Avaliação do Microsoft Office Home and Business 2010

    .

    ==== Installed Programs ======================

    .

    Adobe Flash Player 10 ActiveX

    Apple Application Support

    Apple Software Update

    Camtasia Studio 7

    Definition update for Microsoft Office 2010 (KB982726)

    Free YouTube Download version 3.0.20.1228

    Google Chrome

    K-Lite Codec Pack 8.1.0 (Full)

    Microsoft Office 2010 Service Pack 1 (SP1)

    Microsoft Office Access MUI (Portuguese (Brazil)) 2010

    Microsoft Office Excel MUI (Portuguese (Brazil)) 2010

    Microsoft Office Home and Business 2010

    Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010

    Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010

    Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010

    Microsoft Office Proof (English) 2010

    Microsoft Office Proof (Portuguese (Brazil)) 2010

    Microsoft Office Proof (Spanish) 2010

    Microsoft Office Proofing (Portuguese (Brazil)) 2010

    Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010

    Microsoft Office Shared MUI (Portuguese (Brazil)) 2010

    Microsoft Office Single Image 2010

    Microsoft Office Word MUI (Portuguese (Brazil)) 2010

    Microsoft Visual C++ 2005 Redistributable

    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

    Mozilla Firefox 9.0.1 (x86 pt-BR)

    QuickTime

    Safari

    .

    ==== End Of File ===========================

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Configure o Windows para mostrar todos os arquivos

    Acesse este site: http://virustotal.com/

    Em File to upload coloque: C:\Windows\explorer.exe

    Em seguida clique em Submit

    Copie e poste o resultado deste exame.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • File already analysed

    This file was already analysed by VirusTotal on 2012-01-20 08:55:12.

    Detection ratio: 0/41

    You can take a look at the last analysis or analyse it again now.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Logo Após a instalação do AVG 2012, ele começa a reconhecer todos os meus arquivos como "Infectados".

    Que infecção estava sendo acusada? E quando você diz "todos", você se refere a "todos" ou está usando alguma força de expressão?

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • A maioria dos arquivos, como os .EXE em execução, as que ia executar, até mesmo o próprio AVG.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Veja minha primeira pergunta acima:

    Que infecção estava sendo acusada?

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    O site do Virus Total entrou sem problema no seu computador ou você copiou o arquivo para um pendrive e usou outro computador?

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • O site do Virus Total entrou sem problema no seu computador ou você copiou o arquivo para um pendrive e usou outro computador?

    Entrou sem problemas.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Estranho essa identificação do Sality sendo que seu computador não apresenta sinais.

    Baixe o Kaspersky AVP Tool de um desses 2 links:

    http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/

    http://dnl-us6.kaspersky-labs.com/devbuilds/AVPTool/

    Você será conduzido a uma página da Kaspersky, solicitando um email para cadastro, nome e sobrenome. Somente o campo "email" é obrigatório.

    Informe seu email depois clique no botão Submit Form.

    A página será recarregada. Clique no botão Download

    Salve-o em sua área de trabalho.

    Execute o arquivo e aguarde a instalação.

    ** Usuários do Windows Vista e Windows 7:

    Clique com o direito sobre o arquivo, depois clique em Executar como administrador

    Na tela do contrato de licença, marque a opção I accept the license agreement e depois clique no botão Start. Aparentemente o programa congela e nada acontece. É normal, apenas aguarde até aparecer a tela inicial do programa, e então clique no ícone Settings:

    KRT_settings.png

    Nesta tela, marque a caixa ao lado de:

    • Meu Computador
    • Disco local (C:)

    Marque também todas as unidades que aparecem abaixo de Disco Local, caso houverem. Depois clique na aba Automatic Scan

    KRT_install2_.png

    De volta à tela inicial do programa, clique no botão Start scanning

    Tenha paciência, é um pouco demorado.

    Quando terminar, caso tenha detectado algo, o programa irá lhe perguntar o que fazer.

    Marque o quadradinho ao lado de Apply to all objects e depois clique em Skip (queremos apenas o log).

    KRT_detection_.png

    Enquanto durar o exame, a tela inicial exibirá uma barra de progresso. Quando terminar, o programa exibirá o status concluído e um botão que ficará na cor laranja, caso nada tenha sido detectado, e na cor vermelha, caso tenha encontrado algo.

    Caso tenha detectado algo, o programa também exibirá uma tela de alerta, avisando que o seu sistema está desprotegido e sugerindo um produto da Kaspersky. Clique no botão No, thanks.

    De volta à tela principal, caso tenha sido detectado algo, então salve o log. Se você fechar o programa e esquecer de salvar o log, terá que repetir todo o scan novamente.

    Para salvar o log, clique no ícone Reports (ao lado do ícone "Settings"). Na próxima janela, clique em Detected Threats, depois clique no ícone de disquete para salvar o log.

    Escolha um local de fácil acesso e salve como log.txt

    Copie todo o conteúdo desse bloco de notas e cole na sua próxima resposta.

    Se nada for detectado, então não precisa salvar o log. Apenas poste aqui avisando.

    Para sair do programa, basta clicar no X no canto superior direito.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×