Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
rodolfo.cm

email: "convite especial"

Recommended Posts

Olá!

Uma pessoa está me enviando emails com vírus e ela me disse que eu mandei um para ela com o título "convite especial" então talvez eu também esteja infectado.

Estou usando o W7 e o KIV2010 executei o DDS e obtive o seguinte log:

DDS (Ver_10-03-17.01) - NTFSX64

Run by Rodolfo at 15:22:28,70 on 01/05/2010

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.55.1046.18.4063.2927 [GMT -3:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\Hpservice.exe

c:\Windows\system32\vfsFPService.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe

c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe

C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files (x86)\RocketDock\RocketDock.exe

C:\Users\Rodolfo\AppData\Local\Google\Update\1.2.183.23\GoogleCrashHandler.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe

C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe

C:\Program Files (x86)\HP\QuickPlay\QPService.exe

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe

C:\Program Files\DigitalPersona\Bin\DPAgent.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\wbem\wmiprvse.exe

c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Users\Rodolfo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rodolfo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rodolfo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rodolfo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rodolfo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rodolfo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rodolfo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rodolfo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\ehome\ehmsas.exe

C:\Users\Rodolfo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

D:\Desktop\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank

mLocal Page = c:\windows\syswow64\blank.htm

mWinlogon: Userinit=userinit.exe

BHO: DigitalPersona Personal Extension: {395610ae-c624-4f58-b89e-23733ea00f9a} - c:\program files (x86)\digitalpersona\bin\DpOtsPluginIe8.dll

BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files (x86)\kaspersky lab\kaspersky internet security 2010\ievkbd.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll

BHO: Auxiliar de Conexão do Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll

BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files (x86)\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll

uRun: [Google Update] "c:\users\rodolfo\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [RocketDock] "c:\program files (x86)\rocketdock\RocketDock.exe"

uRun: [googletalk] c:\users\rodolfo\appdata\roaming\google\google talk\googletalk.exe /autostart

uRun: [skype] "c:\program files (x86)\skype\\phone\Skype.exe" /nosplash /minimized

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

mRun: [QlbCtrl.exe] c:\program files (x86)\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start

mRun: [WirelessAssistant] c:\program files (x86)\hewlett-packard\hp wireless assistant\HPWAMain.exe

mRun: [DpAgent] c:\program files (x86)\digitalpersona\bin\dpagent.exe

mRun: [QPService] "c:\program files (x86)\hp\quickplay\QPService.exe"

mRun: [GrooveMonitor] "c:\program files (x86)\microsoft office\office12\GrooveMonitor.exe"

mRun: [AVP] "c:\program files (x86)\kaspersky lab\kaspersky internet security 2010\avp.exe"

mRun: [sunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe"

mRun: [AdobeCS4ServiceManager] "c:\program files (x86)\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin

StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Adicionar ao Antifaixas - c:\program files (x86)\kaspersky lab\kaspersky internet security 2010\ie_banner_deny.htm

IE: E&xportar para o Microsoft Excel - c:\progra~2\micros~2\office12\EXCEL.EXE/3000

IE: Enviar imagem para Dispositivo &Bluetooth... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Enviar página para Dispositivo &Bluetooth ... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~2\office12\ONBttnIE.dll

IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files (x86)\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~2\office12\REFIEBAR.DLL

IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files (x86)\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files (x86)\microsoft office\office12\GrooveSystemServices.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL

AppInit_DLLs: c:\progra~2\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~2\kasper~1\kasper~1\sbhook.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll

LSA: Notification Packages = scecli DPPWDFLT

{395610AE-C624-4f58-B89E-23733EA00F9A}

{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}

{9030D464-4C02-4ABF-8ECC-5164760863C6}

{E33CF602-D945-461A-83F0-819F76A199F8}

mRun-x64: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun-x64: [sysTrayApp] c:\program files\idt\wdm\sttray64.exe

mRun-x64: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

AppInit_DLLs-X64: c:\progra~2\kasper~1\kasper~1\x64\sbhook64.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\rodolfo\appdata\roaming\mozilla\firefox\profiles\zm1nk45v.default\

FF - component: c:\program files (x86)\digitalpersona\bin\firefoxext\components\dpffcli.dll

FF - component: c:\program files (x86)\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll

FF - plugin: c:\program files (x86)\k-lite codec pack\real\browser\plugins\nppl3260.dll

FF - plugin: c:\program files (x86)\k-lite codec pack\real\browser\plugins\nprpjplug.dll

FF - plugin: c:\program files (x86)\microsoft\office live\npOLW.dll

FF - plugin: c:\users\rodolfo\appdata\local\google\update\1.2.183.23\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 40464]

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2009-9-14 27152]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 59904]

R2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};Power Control [2010/03/30 13:03:08];c:\program files (x86)\hp\quickplay\000.fcl [2010-3-30 146928]

R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-3-2 89600]

R2 AVP;Kaspersky Internet Security;c:\program files (x86)\kaspersky lab\kaspersky internet security 2010\avp.exe [2009-10-20 340456]

R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2009-7-8 30520]

R2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-4-27 717104]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-3-30 35104]

R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2010-3-30 228408]

R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2008-4-28 64000]

R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-7-20 145496]

R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 21008]

R3 NETw5s64;Driver do adaptador Intel® Wireless WiFi Link para Windows 7 64 bits;c:\windows\system32\drivers\NETw5s64.sys [2010-1-13 7675392]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2009-3-1 187392]

R3 vfs101a;vfs101a;c:\windows\system32\drivers\vfs101a.sys [2008-4-27 49968]

S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\common files\macrovision shared\flexnet publisher\FNPLicensingService64.exe [2010-4-5 1038088]

S3 netw5v64;Driver de adaptador Intel® Wireless WiFi Link 5000 Series para Windows Vista 64 Bits;c:\windows\system32\drivers\netw5v64.sys [2009-6-10 5434368]

S3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-30 1255736]

=============== Created Last 30 ================

2010-04-30 09:10:42 14336 ----a-w- c:\windows\system32\drivers\sffp_sd.sys

2010-04-30 09:10:42 109056 ----a-w- c:\windows\system32\drivers\sdbus.sys

2010-04-30 09:09:35 223448 ----a-w- c:\windows\system32\drivers\fvevol.sys

2010-04-30 09:09:33 12867072 ----a-w- c:\windows\syswow64\shell32.dll

2010-04-30 09:09:32 96768 ----a-w- c:\windows\syswow64\sspicli.dll

2010-04-30 09:09:32 22016 ----a-w- c:\windows\syswow64\secur32.dll

2010-04-30 09:09:32 153160 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2010-04-30 09:09:32 1446912 ----a-w- c:\windows\system32\lsasrv.dll

2010-04-23 21:22:25 0 d-----w- c:\program files\Windows Sidebar

2010-04-14 13:50:45 5509008 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-04-14 13:50:44 3954568 ----a-w- c:\windows\syswow64\ntkrnlpa.exe

2010-04-14 13:50:44 3899280 ----a-w- c:\windows\syswow64\ntoskrnl.exe

2010-04-14 13:50:38 612352 ----a-w- c:\windows\system32\vbscript.dll

2010-04-14 13:50:38 427520 ----a-w- c:\windows\syswow64\vbscript.dll

2010-04-14 13:50:35 286720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2010-04-14 13:50:35 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2010-04-14 13:50:35 125952 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2010-04-14 13:36:33 220672 ----a-w- c:\windows\system32\wintrust.dll

2010-04-14 13:36:33 172032 ----a-w- c:\windows\syswow64\wintrust.dll

2010-04-14 13:36:02 139264 ----a-w- c:\windows\system32\cabview.dll

2010-04-14 13:36:02 132608 ----a-w- c:\windows\syswow64\cabview.dll

2010-04-08 16:04:26 0 d-----w- c:\users\rodolfo\appdata\roaming\Foxit Software

2010-04-05 18:48:56 0 d-----w- c:\programdata\FLEXnet

2010-04-05 18:48:02 0 d-----w- c:\program files\Adobe

2010-04-05 18:43:32 0 d-----w- c:\windows\syswow64\spool

2010-04-05 18:40:27 0 d-----w- c:\programdata\Adobe

2010-04-05 18:40:00 0 d-----w- c:\program files\common files\Macrovision Shared

2010-04-05 18:39:59 0 d-----w- c:\program files\common files\Adobe

2010-04-05 18:39:50 0 d-----w- c:\program files (x86)\common files\Macrovision Shared

2010-04-05 18:15:43 0 d-----w- c:\users\rodolfo\appdata\roaming\SmartDraw

2010-04-05 18:13:48 0 d-----w- c:\program files (x86)\SmartDraw 2009

2010-04-04 22:53:39 0 d-----w- c:\users\rodolfo\appdata\roaming\FTPRush

2010-04-04 22:53:24 0 d-----w- c:\program files (x86)\FTPRush

2010-04-04 22:22:20 18944 ----a-w- c:\windows\eraser.exe

2010-04-04 22:22:20 0 d-----w- c:\program files (x86)\LeechFTP

2010-04-04 01:49:48 0 d-----w- c:\windows\syswow64\Adobe

2010-04-03 22:37:34 0 d-----w- c:\programdata\Macromedia

2010-04-03 22:37:00 0 d-----w- c:\program files (x86)\Macromedia

2010-04-03 22:37:00 0 d-----w- c:\program files (x86)\common files\Macromedia

2010-04-03 22:36:21 0 d-----w- c:\windows\Downloaded Installations

2010-04-03 21:37:33 0 d-----w- c:\program files (x86)\Flash Menu Labs Pro v2

2010-04-03 21:29:59 34308 ----a-w- c:\windows\syswow64\BASSMOD.dll

2010-04-03 21:29:33 0 d-----w- c:\program files (x86)\Flash Website Design

==================== Find3M ====================

2010-04-30 09:20:00 149773 ----a-w- c:\windows\system32\drivers\klin.dat

2010-04-30 09:20:00 106765 ----a-w- c:\windows\system32\drivers\klick.dat

2010-04-02 04:55:29 56 ---ha-w- c:\programdata\ezsidmv.dat

2010-03-30 21:13:55 654470 ----a-w- c:\windows\system32\prfh0416.dat

2010-03-30 21:13:55 124922 ----a-w- c:\windows\system32\prfc0416.dat

2010-03-30 20:46:39 411368 ----a-w- c:\windows\syswow64\deploytk.dll

2010-03-30 20:46:39 153376 ----a-w- c:\windows\syswow64\javaws.exe

2010-03-30 20:46:39 145184 ----a-w- c:\windows\syswow64\javaw.exe

2010-03-30 20:46:39 145184 ----a-w- c:\windows\syswow64\java.exe

2010-03-30 16:03:44 3063561 ----a-w- c:\programdata\MobileTV.exe

2010-03-30 16:03:44 2989660 ----a-w- c:\programdata\DVD.exe

2010-03-30 16:03:44 2864396 ----a-w- c:\programdata\MPV.exe

2010-03-30 16:03:44 2331174 ----a-w- c:\programdata\Karaoke.exe

2010-03-30 16:03:44 2231606 ----a-w- c:\programdata\Games.exe

2010-03-30 14:24:50 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf

2010-03-30 13:42:51 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf

2010-03-30 05:09:46 419840 ----a-w- c:\windows\system32\systemcpl.dll

2010-03-30 05:09:46 14848 ----a-w- c:\windows\system32\slwga.dll

2010-03-30 05:09:46 13824 ----a-w- c:\windows\syswow64\slwga.dll

2010-03-30 05:09:45 833024 ----a-w- c:\windows\syswow64\user32.dll

2010-03-30 05:09:45 1008640 ----a-w- c:\windows\system32\user32.dll

2010-03-14 18:00:00 85504 ----a-w- c:\windows\syswow64\ff_vfw.dll

2010-03-14 18:00:00 6656 ----a-w- c:\windows\syswow64\pndx5016.dll

2010-03-14 18:00:00 5632 ----a-w- c:\windows\syswow64\pndx5032.dll

2010-03-14 18:00:00 278528 ----a-w- c:\windows\syswow64\pncrt.dll

2010-03-14 18:00:00 185920 ----a-w- c:\windows\syswow64\rmoc3260.dll

2010-02-24 13:16:06 212864 ------w- c:\windows\system32\MpSigStub.exe

2010-02-23 08:22:50 1192960 ----a-w- c:\windows\system32\wininet.dll

2010-02-23 07:56:00 977920 ----a-w- c:\windows\syswow64\wininet.dll

2010-02-23 07:55:56 1225216 ----a-w- c:\windows\syswow64\urlmon.dll

2010-02-23 07:55:45 606208 ----a-w- c:\windows\syswow64\mstime.dll

2010-02-23 07:55:43 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll

2010-02-23 07:55:43 5964800 ----a-w- c:\windows\syswow64\mshtml.dll

2010-02-23 07:55:24 10978816 ----a-w- c:\windows\syswow64\ieframe.dll

2010-02-23 07:55:20 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll

2010-02-10 17:13:48 165376 ----a-w- c:\windows\syswow64\unrar.dll

2010-02-02 08:36:47 2048 ----a-w- c:\windows\system32\tzres.dll

2010-02-02 07:45:54 2048 ----a-w- c:\windows\syswow64\tzres.dll

2009-07-29 15:49:01 38536 ----a-w- c:\windows\inf\perflib\0416\perfd.dat

2009-07-29 15:49:01 38536 ----a-w- c:\windows\inf\perflib\0416\perfc.dat

2009-07-29 15:49:01 323154 ----a-w- c:\windows\inf\perflib\0416\perfi.dat

2009-07-29 15:49:01 323154 ----a-w- c:\windows\inf\perflib\0416\perfh.dat

2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini

2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini

2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat

2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe

2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 15:23:06,07 ===============

Quando inicio o GMER ele aparece a seguinte mensagem:

"C:\Windows\system32\config\system: O sistema não pode encontrar o arquivo especificado."

Porém ele abre normal e em seguida clico em >>> ficando na aba em "rootkit/malware"

as opções que ficaram selecionadas foram:

Services

Registry

Files

ADS

Tenho tres particoes e mantive somente a do sistema operacional selecionada, ao executa-lo o erro inicial apareceu novamente porém ele comecou a fazer o scan

e no final apareceu que nao foi encontrado nenhuma modificação

GMER hasn't found any system modification.

Está tudo ok????

Obrigado!!!

Editado por RenatoMejias
Manter tópico com 0 resposta. Leia o tópico "[url=http://forum.clubedohardware.com.br/leia-antes-postar/597599][b]Leia Antes de Postar[/b][/url]".

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá

Desculpe a demora :)

Se ainda precisa de ajuda refaça os logs, pois preciso dos mesmos com datas atualizadas: Leia Antes de Postar - Criando um novo Tópico

ATENÇÃO 1: Não precisa abrir um novo tópico, coloque os novos logs neste mesmo tópico, obrigado!

ATENÇÃO 2: Não edite seu tópico, use o botão responder, obrigado!

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tranquilo Diego!

Segue os resultados:

DDS (Ver_10-03-17.01) - NTFSX64

Run by Rodolfo at 21:17:17,73 on 05/05/2010

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.55.1046.18.4063.2659 [GMT -3:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\Hpservice.exe

c:\Windows\system32\vfsFPService.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe

c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe

C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Windows\System32\rundll32.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files (x86)\RocketDock\RocketDock.exe

C:\Users\Rodolfo\AppData\Local\Google\Update\1.2.183.23\GoogleCrashHandler.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Users\Rodolfo\AppData\Roaming\Google\Google Talk\googletalk.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe

C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\system32\wbem\wmiprvse.exe

c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Program Files (x86)\HP\QuickPlay\QPService.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\DigitalPersona\Bin\DPAgent.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe

C:\Windows\system32\DllHost.exe

C:\Windows\System32\svchost.exe -k secsvcs

D:\Desktop\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank

mLocal Page = c:\windows\syswow64\blank.htm

BHO: DigitalPersona Personal Extension: {395610ae-c624-4f58-b89e-23733ea00f9a} - c:\program files (x86)\digitalpersona\bin\DpOtsPluginIe8.dll

BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files (x86)\kaspersky lab\kaspersky internet security 2010\ievkbd.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll

BHO: Auxiliar de Conexão do Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll

BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files (x86)\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll

uRun: [Google Update] "c:\users\rodolfo\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [RocketDock] "c:\program files (x86)\rocketdock\RocketDock.exe"

uRun: [googletalk] c:\users\rodolfo\appdata\roaming\google\google talk\googletalk.exe /autostart

uRun: [skype] "c:\program files (x86)\skype\\phone\Skype.exe" /nosplash /minimized

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

mRun: [QlbCtrl.exe] c:\program files (x86)\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start

mRun: [WirelessAssistant] c:\program files (x86)\hewlett-packard\hp wireless assistant\HPWAMain.exe

mRun: [DpAgent] c:\program files (x86)\digitalpersona\bin\dpagent.exe

mRun: [QPService] "c:\program files (x86)\hp\quickplay\QPService.exe"

mRun: [GrooveMonitor] "c:\program files (x86)\microsoft office\office12\GrooveMonitor.exe"

mRun: [AVP] "c:\program files (x86)\kaspersky lab\kaspersky internet security 2010\avp.exe"

mRun: [sunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe"

mRun: [AdobeCS4ServiceManager] "c:\program files (x86)\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin

StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Adicionar ao Antifaixas - c:\program files (x86)\kaspersky lab\kaspersky internet security 2010\ie_banner_deny.htm

IE: E&xportar para o Microsoft Excel - c:\progra~2\micros~2\office12\EXCEL.EXE/3000

IE: Enviar imagem para Dispositivo &Bluetooth... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Enviar página para Dispositivo &Bluetooth ... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~2\office12\ONBttnIE.dll

IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files (x86)\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~2\office12\REFIEBAR.DLL

IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files (x86)\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files (x86)\microsoft office\office12\GrooveSystemServices.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL

AppInit_DLLs: c:\progra~2\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~2\kasper~1\kasper~1\sbhook.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll

LSA: Notification Packages = scecli DPPWDFLT

{395610AE-C624-4f58-B89E-23733EA00F9A}

{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}

{9030D464-4C02-4ABF-8ECC-5164760863C6}

{E33CF602-D945-461A-83F0-819F76A199F8}

mRun-x64: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun-x64: [sysTrayApp] c:\program files\idt\wdm\sttray64.exe

mRun-x64: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

AppInit_DLLs-X64: c:\progra~2\kasper~1\kasper~1\x64\sbhook64.dll,c:\progra~2\kasper~1\kasper~1\x64\kloehk.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\rodolfo\appdata\roaming\mozilla\firefox\profiles\zm1nk45v.default\

FF - component: c:\program files (x86)\digitalpersona\bin\firefoxext\components\dpffcli.dll

FF - component: c:\program files (x86)\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll

FF - plugin: c:\program files (x86)\k-lite codec pack\real\browser\plugins\nppl3260.dll

FF - plugin: c:\program files (x86)\k-lite codec pack\real\browser\plugins\nprpjplug.dll

FF - plugin: c:\program files (x86)\microsoft\office live\npOLW.dll

FF - plugin: c:\users\rodolfo\appdata\local\google\update\1.2.183.23\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 40464]

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2009-9-14 27152]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 59904]

R2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};Power Control [2010/03/30 13:03:08];c:\program files (x86)\hp\quickplay\000.fcl [2010-3-30 146928]

R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-3-2 89600]

R2 AVP;Kaspersky Internet Security;c:\program files (x86)\kaspersky lab\kaspersky internet security 2010\avp.exe [2009-10-20 340456]

R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2009-7-8 30520]

R2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-4-27 717104]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-3-30 35104]

R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2010-3-30 228408]

R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2008-4-28 64000]

R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-7-20 145496]

R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 21008]

R3 NETw5s64;Driver do adaptador Intel® Wireless WiFi Link para Windows 7 64 bits;c:\windows\system32\drivers\NETw5s64.sys [2010-1-13 7675392]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2009-3-1 187392]

R3 vfs101a;vfs101a;c:\windows\system32\drivers\vfs101a.sys [2008-4-27 49968]

S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\common files\macrovision shared\flexnet publisher\FNPLicensingService64.exe [2010-4-5 1038088]

S3 netw5v64;Driver de adaptador Intel® Wireless WiFi Link 5000 Series para Windows Vista 64 Bits;c:\windows\system32\drivers\netw5v64.sys [2009-6-10 5434368]

S3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-30 1255736]

=============== Created Last 30 ================

2010-05-01 21:44:34 434637267 ----a-w- c:\windows\MEMORY.DMP

2010-05-01 20:29:05 0 d-----w- c:\program files (x86)\CCleaner

2010-05-01 19:15:34 0 d-----w- c:\users\rodolfo\appdata\roaming\Malwarebytes

2010-05-01 19:15:25 0 d-----w- c:\programdata\Malwarebytes

2010-05-01 19:15:24 24664 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-05-01 19:15:24 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2010-04-30 09:10:42 14336 ----a-w- c:\windows\system32\drivers\sffp_sd.sys

2010-04-30 09:10:42 109056 ----a-w- c:\windows\system32\drivers\sdbus.sys

2010-04-30 09:09:35 223448 ----a-w- c:\windows\system32\drivers\fvevol.sys

2010-04-30 09:09:33 12867072 ----a-w- c:\windows\syswow64\shell32.dll

2010-04-30 09:09:32 96768 ----a-w- c:\windows\syswow64\sspicli.dll

2010-04-30 09:09:32 22016 ----a-w- c:\windows\syswow64\secur32.dll

2010-04-30 09:09:32 153160 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2010-04-30 09:09:32 1446912 ----a-w- c:\windows\system32\lsasrv.dll

2010-04-23 21:22:25 0 d-----w- c:\program files\Windows Sidebar

2010-04-14 13:50:45 5509008 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-04-14 13:50:44 3954568 ----a-w- c:\windows\syswow64\ntkrnlpa.exe

2010-04-14 13:50:44 3899280 ----a-w- c:\windows\syswow64\ntoskrnl.exe

2010-04-14 13:50:38 612352 ----a-w- c:\windows\system32\vbscript.dll

2010-04-14 13:50:38 427520 ----a-w- c:\windows\syswow64\vbscript.dll

2010-04-14 13:50:35 286720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2010-04-14 13:50:35 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2010-04-14 13:50:35 125952 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2010-04-14 13:36:33 220672 ----a-w- c:\windows\system32\wintrust.dll

2010-04-14 13:36:33 172032 ----a-w- c:\windows\syswow64\wintrust.dll

2010-04-14 13:36:02 139264 ----a-w- c:\windows\system32\cabview.dll

2010-04-14 13:36:02 132608 ----a-w- c:\windows\syswow64\cabview.dll

2010-04-08 16:04:26 0 d-----w- c:\users\rodolfo\appdata\roaming\Foxit Software

==================== Find3M ====================

2010-05-05 10:36:20 149773 ----a-w- c:\windows\system32\drivers\klin.dat

2010-05-05 10:36:20 106765 ----a-w- c:\windows\system32\drivers\klick.dat

2010-04-03 21:30:38 34308 ----a-w- c:\windows\syswow64\BASSMOD.dll

2010-04-02 04:55:29 56 ---ha-w- c:\programdata\ezsidmv.dat

2010-03-30 21:13:55 654470 ----a-w- c:\windows\system32\prfh0416.dat

2010-03-30 21:13:55 124922 ----a-w- c:\windows\system32\prfc0416.dat

2010-03-30 20:46:39 411368 ----a-w- c:\windows\syswow64\deploytk.dll

2010-03-30 20:46:39 153376 ----a-w- c:\windows\syswow64\javaws.exe

2010-03-30 20:46:39 145184 ----a-w- c:\windows\syswow64\javaw.exe

2010-03-30 20:46:39 145184 ----a-w- c:\windows\syswow64\java.exe

2010-03-30 16:03:44 3063561 ----a-w- c:\programdata\MobileTV.exe

2010-03-30 16:03:44 2989660 ----a-w- c:\programdata\DVD.exe

2010-03-30 16:03:44 2864396 ----a-w- c:\programdata\MPV.exe

2010-03-30 16:03:44 2331174 ----a-w- c:\programdata\Karaoke.exe

2010-03-30 16:03:44 2231606 ----a-w- c:\programdata\Games.exe

2010-03-30 14:24:50 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf

2010-03-30 13:42:51 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf

2010-03-30 05:09:46 419840 ----a-w- c:\windows\system32\systemcpl.dll

2010-03-30 05:09:46 14848 ----a-w- c:\windows\system32\slwga.dll

2010-03-30 05:09:46 13824 ----a-w- c:\windows\syswow64\slwga.dll

2010-03-30 05:09:45 833024 ----a-w- c:\windows\syswow64\user32.dll

2010-03-30 05:09:45 1008640 ----a-w- c:\windows\system32\user32.dll

2010-03-14 18:00:00 85504 ----a-w- c:\windows\syswow64\ff_vfw.dll

2010-03-14 18:00:00 6656 ----a-w- c:\windows\syswow64\pndx5016.dll

2010-03-14 18:00:00 5632 ----a-w- c:\windows\syswow64\pndx5032.dll

2010-03-14 18:00:00 278528 ----a-w- c:\windows\syswow64\pncrt.dll

2010-03-14 18:00:00 185920 ----a-w- c:\windows\syswow64\rmoc3260.dll

2010-02-24 13:16:06 212864 ------w- c:\windows\system32\MpSigStub.exe

2010-02-23 08:22:50 1192960 ----a-w- c:\windows\system32\wininet.dll

2010-02-23 07:56:00 977920 ----a-w- c:\windows\syswow64\wininet.dll

2010-02-23 07:55:56 1225216 ----a-w- c:\windows\syswow64\urlmon.dll

2010-02-23 07:55:45 606208 ----a-w- c:\windows\syswow64\mstime.dll

2010-02-23 07:55:43 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll

2010-02-23 07:55:43 5964800 ----a-w- c:\windows\syswow64\mshtml.dll

2010-02-23 07:55:24 10978816 ----a-w- c:\windows\syswow64\ieframe.dll

2010-02-23 07:55:20 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll

2010-02-10 17:13:48 165376 ----a-w- c:\windows\syswow64\unrar.dll

2009-07-29 15:49:01 38536 ----a-w- c:\windows\inf\perflib\0416\perfd.dat

2009-07-29 15:49:01 38536 ----a-w- c:\windows\inf\perflib\0416\perfc.dat

2009-07-29 15:49:01 323154 ----a-w- c:\windows\inf\perflib\0416\perfi.dat

2009-07-29 15:49:01 323154 ----a-w- c:\windows\inf\perflib\0416\perfh.dat

2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini

2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini

2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat

2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe

2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 21:18:14,44 ===============

Desta vez qd entrei no GMER deu o mesmo erro, porém quando eu clico em SCAN ele sai do programa.

Valeu.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro rodolfo.cm

Recomendo que salve este tópico em seus Favoritos para facilitar na hora de encontrá-lo.

Por favor, atente para o seguinte:

  • Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP);
  • O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
  • Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
  • Sempre coloque suas respostas neste tópico... Não abra outro!
  • Procure sempre me manter informado, durante a remoção, sobre o que acontece com seu computador.
  • Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

# Etapa nº 1 #

Faça o download do Malwarebytes Anti-Malware:

  • Link1
  • Link alternativo
    • Clique duas vezes em mbam-setup.exe, escolha a linguagem e siga as instruções para o software ser instalado.
    • Certifique-se que esteja marcada a caixa Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware, e clique em concluir.
    • Se existirem atualizações, elas serão baixadas e instaladas.
    • Quando as atualizações terminarem, abrirá uma janela do programa. Marque "Verificação Rápida", e depois clique no botão Verificar.
    • O scan iniciará e poderá ser demorado. Por favor seja paciente.
    • Quando o scan estiver completo, clique em Ok, depois em Mostrar Resultados para ver o log.
    • Se algo for encontrado, certifique-se que tudo está marcado e clique em Remover.
    • Quando a desinfecção terminar, automaticamente um log surgirá aberto num documento do Bloco de Notas e pode ser questionado para reiniciar o PC. (Leia a nota)
    • O log é automaticamente guardado e pode ser consultado clicando na tab Logs do menu principal.
    • Copie e cole o conteúdo desse log na sua próxima resposta.

Nota: Em infecções mais complicadas, poderá haver a necessidade de reiniciar o PC. Caso lhe seja pedido para reiniciar, por favor, faça-o imediatamente.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×