Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Entre para seguir isso  
edmu

Malware encontrado pelo Kaspersky Tool - Como remover?

Recommended Posts

Caros,

Tive um problema com a senha da minha conta de e-mail (de repente parou de funcionar) e desconfiei que poderia ser resultado de uma infecção.

Fiz o scan com a Kaspersky Removal Tool e ele registrou 4 "ameaças".

Gostaria de saber se vocês podem me ajudar a removê-las e a me certificar de que não existem outras infecções.

Colei abaixo os logs do DDS e do Gmer.

Agradeço desde ja.

Ed.

--

Log do DDS:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31

Run by DIEGO at 10:00:24 on 2012-04-27

Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.3959.2319 [GMT 2:00]

.

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe

C:\Program Files (x86)\Launch Manager\dsiwmis.exe

C:\Program Files (x86)\Acer\Registration\GREGsvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\system32\rundll32.exe

C:\Windows\system32\rundll32.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files\Acer\Acer Updater\UpdaterService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Elantech\ETDCtrl.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Microsoft LifeChat\LifeChat.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files\Elantech\ETDCtrlHelper.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Launch Manager\LManager.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe

C:\Program Files (x86)\Launch Manager\LMworker.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe

C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Windows\system32\taskhost.exe

C:\Windows\Explorer.EXE

C:\Windows\SysWOW64\ctfmon.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uSearch Page =

uSearch Bar =

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&m=aspire_5742g&r=273601118715l04f4z125v47022675

mSearchAssistant =

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Programme d'aide de l'Assistant de connexion Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRunOnce: [GrpConv] grpconv -o

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Free YouTube to MP3 Converter - C:\Users\DIEGO\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: DhcpNameServer = 212.27.40.240 212.27.40.241

TCP: Interfaces\{3FFD198C-BB7C-421E-9AC6-1AD395ABD02E} : DhcpNameServer = 212.27.40.240 212.27.40.241

TCP: Interfaces\{3FFD198C-BB7C-421E-9AC6-1AD395ABD02E}\361627F6C6D6162796 : DhcpNameServer = 212.27.40.240 212.27.40.241

TCP: Interfaces\{3FFD198C-BB7C-421E-9AC6-1AD395ABD02E}\5484543535D277966696 : DhcpNameServer = 172.16.15.254

TCP: Interfaces\{3FFD198C-BB7C-421E-9AC6-1AD395ABD02E}\64F42555D444543594D414745435 : DhcpNameServer = 192.168.126.254

TCP: Interfaces\{3FFD198C-BB7C-421E-9AC6-1AD395ABD02E}\7496C6461637F575966496 : DhcpNameServer = 212.27.40.240 212.27.40.241

TCP: Interfaces\{3FFD198C-BB7C-421E-9AC6-1AD395ABD02E}\77966696D2260796 : DhcpNameServer = 208.67.222.222 8.8.8.8 208.67.220.220 8.8.4.4

TCP: Interfaces\{3FFD198C-BB7C-421E-9AC6-1AD395ABD02E}\F62716E67656 : DhcpNameServer = 80.10.46.232

TCP: Interfaces\{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E} : DhcpNameServer = 10.0.1.11

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

{18DF081C-E8AD-4283-A596-FA578C2EBDC3}

{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}

{9030D464-4C02-4ABF-8ECC-5164760863C6}

{B164E929-A1B6-4A06-B104-2CD0E90A88FF}

{DBC80044-A445-435b-BC74-9C25C1C588A9}

{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}

{472734EA-242A-422B-ADF8-83D1E48CC825}

{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}

TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRunOnce-x64: [GrpConv] grpconv -o

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\DIEGO\AppData\Roaming\Mozilla\Firefox\Profiles\5iu5gzda.default\

FF - prefs.js: browser.startup.homepage - about:blank

FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Windows\system32\TVUAx\npTVUAx.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 41006346;41006346;C:\Windows\system32\DRIVERS\41006346.sys --> C:\Windows\system32\DRIVERS\41006346.sys [?]

R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]

R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]

R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]

R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-3-17 44768]

R2 Browser Defender Update Service;Browser Defender Update Service;C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe [2011-7-12 337872]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-7-25 321104]

R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-7-13 13336]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe [2012-2-23 103440]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-7-13 2320920]

R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-7-13 243232]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]

R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]

R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]

R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]

R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]

R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

RUnknown 19723129;19723129; [x]

RUnknown 9006737drv;9006737drv; [x]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Service Google Update (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-10 135664]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]

S3 gupdatem;Service Google Update (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-10 135664]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

S3 NisSrv;Inspection réseau Microsoft;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Service Windows Activation Technologies;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-04-26 23:43:56 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{60576E54-9143-41D0-98B6-1E870B59BEA4}\offreg.dll

2012-04-26 23:42:00 8917360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{60576E54-9143-41D0-98B6-1E870B59BEA4}\mpengine.dll

2012-04-26 17:42:19 460888 ----a-w- C:\Windows\System32\drivers\41006346.sys

2012-04-26 14:19:33 -------- d-----w- C:\Games

2012-04-12 00:10:51 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-04-12 00:10:50 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-04-12 00:10:49 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-04-12 00:08:54 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys

2012-04-12 00:08:53 81408 ----a-w- C:\Windows\System32\imagehlp.dll

2012-04-12 00:08:53 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll

2012-04-12 00:08:51 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll

2012-04-12 00:08:50 5120 ----a-w- C:\Windows\SysWow64\wmi.dll

2012-04-12 00:08:50 5120 ----a-w- C:\Windows\System32\wmi.dll

2012-04-12 00:08:50 220672 ----a-w- C:\Windows\System32\wintrust.dll

2012-04-10 19:40:50 291600 ----a-w- C:\Windows\SysWow64\temp.003

2012-04-10 19:40:50 166160 ----a-w- C:\Windows\SysWow64\temp.002

2012-04-10 19:40:50 131856 ----a-w- C:\Windows\SysWow64\temp.001

2012-04-10 19:40:35 58938 ----a-w- C:\Windows\SysWow64\temp.000

2012-04-10 19:40:35 246784 ----a-w- C:\Windows\SysWow64\ActiveSkin.ocx

2012-04-10 19:40:20 162304 ----a-w- C:\UNWISE.EXE

2012-04-10 19:39:28 258048 ----a-w- C:\Windows\SysWow64\drmclien.dll

2012-04-04 05:53:56 182160 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll

2012-04-04 05:53:56 182160 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll

.

==================== Find3M ====================

.

2012-03-08 19:20:30 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-03-07 00:15:19 41184 ----a-w- C:\Windows\avastSS.scr

2012-03-07 00:04:06 819032 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2012-03-07 00:02:20 53080 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys

2012-03-07 00:01:52 69976 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2012-03-06 21:35:35 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll

2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll

2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll

2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll

2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys

2012-01-31 12:44:20 279656 ------w- C:\Windows\System32\MpSigStub.exe

2012-01-28 10:26:54 564792 ----a-w- C:\Windows\System32\drivers\sptd.sys

.

============= FINISH: 10:01:18,83 ===============

---

Log do Gmer:

GMER 1.0.15.15641 - http://www.gmer.net

Rootkit scan 2012-04-27 11:25:40

Windows 6.1.7601 Service Pack 1

Running: gmer.exe

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x04 0x4E 0x7D 0xBC ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xFA 0x97 0x6C 0x99 ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x04 0x4E 0x7D 0xBC ...

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xFA 0x97 0x6C 0x99 ...

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...

---- EOF - GMER 1.0.15 ----

Compartilhar este post


Link para o post
Compartilhar em outros sites

Vejo que tem dois antivírus instalado, o ideal é apenas um.

Corrija isso primeiro e depois poste um novo log do DDS para darmos inicio.

  • Curtir 1

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • Ok Renato, removi o Security Essencials.

    Ai vai o log:

    .

    DDS (Ver_2011-08-26.01) - NTFSAMD64

    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31

    Run by DIEGO at 12:55:36 on 2012-05-01

    Microsoft Windows*7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.3959.2486 [GMT 2:00]

    .

    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    .

    ============== Running Processes ===============

    .

    C:\Windows\system32\wininit.exe

    C:\Windows\system32\lsm.exe

    C:\Windows\system32\svchost.exe -k DcomLaunch

    C:\Windows\system32\svchost.exe -k RPCSS

    C:\Windows\system32\atiesrxx.exe

    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

    C:\Windows\system32\svchost.exe -k netsvcs

    C:\Windows\system32\svchost.exe -k LocalService

    C:\Windows\system32\atieclxx.exe

    C:\Windows\system32\svchost.exe -k NetworkService

    C:\Program Files\AVAST Software\Avast\AvastSvc.exe

    C:\Windows\system32\WLANExt.exe

    C:\Windows\system32\conhost.exe

    C:\Windows\system32\taskhost.exe

    C:\Windows\system32\Dwm.exe

    C:\Windows\Explorer.EXE

    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

    C:\Program Files\Elantech\ETDCtrl.exe

    C:\Program Files\Microsoft LifeChat\LifeChat.exe

    C:\Program Files\Windows Sidebar\sidebar.exe

    C:\Windows\System32\spoolsv.exe

    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

    C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe

    C:\Program Files (x86)\Launch Manager\dsiwmis.exe

    C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

    C:\Program Files (x86)\Acer\Registration\GREGsvc.exe

    C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

    c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe

    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

    C:\Windows\system32\svchost.exe -k imgsvc

    C:\Windows\system32\rundll32.exe

    C:\Windows\system32\rundll32.exe

    C:\Windows\SysWOW64\rundll32.exe

    C:\Program Files (x86)\Launch Manager\LManager.exe

    C:\Program Files\Acer\Acer Updater\UpdaterService.exe

    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

    C:\Program Files\AVAST Software\Avast\AvastUI.exe

    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

    C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe

    C:\Program Files (x86)\Launch Manager\LMworker.exe

    C:\Windows\system32\wbem\unsecapp.exe

    C:\Windows\system32\wbem\wmiprvse.exe

    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

    C:\Windows\system32\SearchIndexer.exe

    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

    C:\Program Files\Windows Media Player\wmpnetwk.exe

    C:\Program Files\Elantech\ETDCtrlHelper.exe

    C:\Windows\System32\svchost.exe -k LocalServicePeerNet

    C:\Windows\system32\DllHost.exe

    C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

    C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe

    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe

    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

    C:\Windows\splwow64.exe

    C:\Windows\system32\taskhost.exe

    C:\Windows\servicing\TrustedInstaller.exe

    C:\Windows\system32\msiexec.exe

    C:\Windows\System32\svchost.exe -k secsvcs

    C:\Windows\SysWOW64\ctfmon.exe

    C:\Windows\system32\DllHost.exe

    C:\Windows\system32\DllHost.exe

    C:\Windows\SysWOW64\cmd.exe

    C:\Windows\system32\conhost.exe

    C:\Windows\SysWOW64\cscript.exe

    C:\Windows\system32\wbem\wmiprvse.exe

    .

    ============== Pseudo HJT Report ===============

    .

    uStart Page = about:blank

    uSearch Page =

    uSearch Bar =

    mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&m=aspire_5742g&r=273601118715l04f4z125v47022675

    mSearchAssistant =

    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

    uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll

    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll

    BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

    BHO: Programme d'aide de l'Assistant de connexion Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

    BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

    TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll

    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

    uRun: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler

    uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

    mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

    mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

    mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe

    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

    mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

    mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

    IE: Free YouTube to MP3 Converter - C:\Users\DIEGO\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

    TCP: DhcpNameServer = 212.27.40.240 212.27.40.241

    TCP: Interfaces\{3FFD198C-BB7C-421E-9AC6-1AD395ABD02E} : DhcpNameServer = 212.27.40.240 212.27.40.241

    TCP: Interfaces\{3FFD198C-BB7C-421E-9AC6-1AD395ABD02E}\361627F6C6D6162796 : DhcpNameServer = 212.27.40.240 212.27.40.241

    TCP: Interfaces\{3FFD198C-BB7C-421E-9AC6-1AD395ABD02E}\5484543535D277966696 : DhcpNameServer = 172.16.15.254

    TCP: Interfaces\{3FFD198C-BB7C-421E-9AC6-1AD395ABD02E}\64F42555D444543594D414745435 : DhcpNameServer = 192.168.126.254

    TCP: Interfaces\{3FFD198C-BB7C-421E-9AC6-1AD395ABD02E}\75966696F53496E656D616478656175756 : DhcpNameServer = 10.0.0.254

    TCP: Interfaces\{3FFD198C-BB7C-421E-9AC6-1AD395ABD02E}\77966696D2260796 : DhcpNameServer = 208.67.222.222 8.8.8.8 208.67.220.220 8.8.4.4

    TCP: Interfaces\{3FFD198C-BB7C-421E-9AC6-1AD395ABD02E}\F62716E67656 : DhcpNameServer = 80.10.46.232

    TCP: Interfaces\{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E} : DhcpNameServer = 10.0.1.11

    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

    {18DF081C-E8AD-4283-A596-FA578C2EBDC3}

    {2A0F3D1B-0909-4FF4-B272-609CCE6054E7}

    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

    {8E5E2654-AD2D-48bf-AC2D-D17F00898D06}

    {9030D464-4C02-4ABF-8ECC-5164760863C6}

    {B164E929-A1B6-4A06-B104-2CD0E90A88FF}

    {DBC80044-A445-435b-BC74-9C25C1C588A9}

    {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}

    {472734EA-242A-422B-ADF8-83D1E48CC825}

    {8E5E2654-AD2D-48bf-AC2D-D17F00898D06}

    TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

    mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

    mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

    mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe

    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

    mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

    mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

    .

    ================= FIREFOX ===================

    .

    FF - ProfilePath - C:\Users\DIEGO\AppData\Roaming\Mozilla\Firefox\Profiles\5iu5gzda.default\

    FF - prefs.js: browser.startup.homepage - about:blank

    FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL

    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll

    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll

    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll

    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

    FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll

    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll

    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

    FF - plugin: C:\Windows\system32\TVUAx\npTVUAx.dll

    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

    .

    ============= SERVICES / DRIVERS ===============

    .

    R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]

    R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]

    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

    R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]

    R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]

    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-3-17 44768]

    R2 Browser Defender Update Service;Browser Defender Update Service;C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe [2011-7-12 337872]

    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

    R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-7-25 321104]

    R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]

    R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-7-13 13336]

    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe [2012-2-23 103440]

    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

    R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-7-13 2320920]

    R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-7-13 243232]

    R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

    R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

    R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]

    R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

    R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]

    R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

    R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]

    R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]

    R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]

    R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]

    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

    S2 gupdate;Service Google Update (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-10 135664]

    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]

    S3 gupdatem;Service Google Update (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-10 135664]

    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]

    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

    S3 WatAdminSvc;Service Windows Activation Technologies;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

    .

    =============== Created Last 30 ================

    .

    2012-04-27 20:31:46 40960 ----a-r- C:\Users\DIEGO\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe

    2012-04-27 20:31:46 40960 ----a-r- C:\Users\DIEGO\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe

    2012-04-26 14:19:33 -------- d-----w- C:\Games

    2012-04-12 00:10:51 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe

    2012-04-12 00:10:50 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

    2012-04-12 00:10:49 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

    2012-04-12 00:08:54 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys

    2012-04-12 00:08:53 81408 ----a-w- C:\Windows\System32\imagehlp.dll

    2012-04-12 00:08:53 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll

    2012-04-12 00:08:51 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll

    2012-04-12 00:08:50 5120 ----a-w- C:\Windows\SysWow64\wmi.dll

    2012-04-12 00:08:50 5120 ----a-w- C:\Windows\System32\wmi.dll

    2012-04-12 00:08:50 220672 ----a-w- C:\Windows\System32\wintrust.dll

    2012-04-10 19:40:50 291600 ----a-w- C:\Windows\SysWow64\temp.003

    2012-04-10 19:40:50 166160 ----a-w- C:\Windows\SysWow64\temp.002

    2012-04-10 19:40:50 131856 ----a-w- C:\Windows\SysWow64\temp.001

    2012-04-10 19:40:35 58938 ----a-w- C:\Windows\SysWow64\temp.000

    2012-04-10 19:40:35 246784 ----a-w- C:\Windows\SysWow64\ActiveSkin.ocx

    2012-04-10 19:40:20 162304 ----a-w- C:\UNWISE.EXE

    2012-04-10 19:39:28 258048 ----a-w- C:\Windows\SysWow64\drmclien.dll

    2012-04-04 05:53:56 182160 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll

    2012-04-04 05:53:56 182160 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll

    .

    ==================== Find3M ====================

    .

    2012-03-08 19:20:30 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

    2012-03-07 00:15:19 41184 ----a-w- C:\Windows\avastSS.scr

    2012-03-07 00:04:06 819032 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

    2012-03-07 00:02:20 53080 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys

    2012-03-07 00:01:52 69976 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

    2012-03-06 21:35:35 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

    2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll

    2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll

    2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl

    2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

    2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll

    2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

    2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll

    2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

    2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

    2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll

    2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

    2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

    2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll

    2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll

    2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys

    .

    ============= FINISH: 12:56:40,76 ===============

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Fiz o scan com a Kaspersky Removal Tool e ele registrou 4 "ameaças".

    Preciso do log gerado pelo Kaspersky Removal Tool.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Cara, o log é imenso, tem 17.805 paginas de Word.

    Vou colar as ameaças detectadas ok?

    27/04/2012 08:02:51 Détectés: UDS:DangerousObject.Multi.Generic C:\Windows\Installer\$PatchCache$\Managed\AF620F15641523248AAB314647B00D35\1.0.4\Global_System_OLEAUT32_f2.8C0C59A0_7DC8_11D2_B95D_006097C4DE24 service KSN

    27/04/2012 07:54:39 Détectés: UDS:DangerousObject.Multi.Generic C:\Windows\Installer\$PatchCache$\Managed\AF620F15641523248AAB314647B00D35\1.0.4\Global_System_STDOLE_f1.8C0C59A0_7DC8_11D2_B95D_006097C4DE24 service KSN

    27/04/2012 07:54:28 Détectés: UDS:DangerousObject.Multi.Generic C:\Windows\Installer\$PatchCache$\Managed\AF620F15641523248AAB314647B00D35\1.0.4\Global_System_OLEAUT32_f3.8C0C59A0_7DC8_11D2_B95D_006097C4DE24 service KSN

    27/04/2012 07:53:44 Détectés: UDS:DangerousObject.Multi.Generic C:\Windows\Installer\$PatchCache$\Managed\AF620F15641523248AAB314647B00D35\1.0.4\Global_System_OLEPRO32_f0.8C0C59A0_7DC8_11D2_B95D_006097C4DE24 service KSN

    26/04/2012 22:27:51 Détectés: UDS:DangerousObject.Multi.Generic C:\Windows\Installer\$PatchCache$\Managed\AF620F15641523248AAB314647B00D35\1.0.4\Global_System_OLEAUT32_f2.8C0C59A0_7DC8_11D2_B95D_006097C4DE24 service KSN

    27/04/2012 08:02:51 Détectés: UDS:DangerousObject.Multi.Generic C:\Windows\Installer\$PatchCache$\Managed\AF620F15641523248AAB314647B00D35\1.0.4\Global_System_OLEAUT32_f2.8C0C59A0_7DC8_11D2_B95D_006097C4DE24 service KSN

    27/04/2012 07:58:29 Détectés: UDS:DangerousObject.Multi.Generic C:\Windows\SysWOW64\mscomctl.ocx Informations

    27/04/2012 07:58:13 Détectés: UDS:DangerousObject.Multi.Generic C:\Windows\SysWOW64\COMDLG32.OCX Informations

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Não se preocupe com as 'ameaças'. Isso não são infecções e sim pontos vulneráveis. O log apontou algum "infected"?

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Fiz uma busca no log completo e não encontrei nenhum infected.

    Você acha que devo fazer um novo scan?

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Não é necessário, seu computador não está infectado. Recomendo que entre em contato com o provedor de e-mail que fechou sua conta.

    • Curtir 1

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Ok Renato, muito obrigado.

    Pode dar o topico como resolvido.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com a moderação solicitando o desbloqueio.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Visitante
    Este tópico está impedido de receber novos posts.
    Entre para seguir isso  





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×