[Resolvido] &nbspAnálise de log

cassiano óliver · Fevereiro 22, 2011

Boa noite pessoal,

Ultimamente percebi alguns serviços/processos desconhecidos em meu notebook.

Peço que por gentileza, analisem o log (hijackthis) abaixo:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:29:44, on 22/02/2011

Platform: Unknown Windows (WinNT 6.01.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16671)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\System32\StikyNot.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll

O3 - Toolbar: Foxit Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')

O8 - Extra context menu item: Adicionar ao Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000

O9 - Extra button: &Teclado virtual - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll

O9 - Extra button: Verificação de U&RLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O13 - Gopher Prefix:

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll

O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\xampp\apache\bin\httpd.exe

O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe

O23 - Service: @C:\Program Files\DigitalPersona\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe

O23 - Service: MySQL - Unknown owner - C:\Program Files\xampp\mysql\bin\mysqld.exe

O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - c:\Windows\system32\vfsFPService.exe

--

End of file - 4970 bytes

Desde já agradeço pela atenção

Renato Utsch · Fevereiro 23, 2011

Olá!

Seja bem vindo à seção de Remoção de Malwares do IMasters Fóruns.

Por favor, siga as instruções abaixo:

<< 1 >>

Siga o tutorial abaixo e execute o Ad-Remover. Utilize a opção CLEAN. Poste o log gerado.

Tutorial do Ad-Remover

<< 2 >>

Faça o Download do DDS e salve no Desktop (Área de trabalho).

Temporariamente desative os seus programas de proteção.
Duplo clique em dds.scr.
Irá surgir uma tela preta com algumas informações. Não clique em nada, apenas aguarde!
Quando terminar, duas janelas abrirão: DDS.txt e Attach.txt.
Salve o resultado e cole-o no seu tópico.

OBS: Caso o link disponibilizado não funcione, tente baixar o DDS por ESTE link.

Abraços :D

cassiano óliver · Fevereiro 24, 2011

Segue os logs.

AD REPORT

======= REPORT FROM AD-REMOVER 2.0.0.2,E | ONLY XP/VISTA/7 =======

Updated by TeamXscript on 21/02/11

Contact: AdRemover[DOT]contact[AT]gmail[DOT]com

website: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 10:35:48 on 24/02/2011, Normal boot

Microsoft Windows 7 Professional (X86)

Cassiano@HPD-V5-1240BR (Hewlett-Packard HP Pavilion DV5)

============== ACTION(S) ==============

File deleted: C:\Windows\system32\Tasks\Scheduled Update for Ask Toolbar

Folder deleted: C:\Program Files\Ask.com

Folder deleted: C:\Users\Cassiano\AppData\LocalLow\AskToolbar

(!) -- Temporary files deleted.

Key deleted: HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}

Key deleted: HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key deleted: HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Key deleted: HKLM\Software\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key deleted: HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Key deleted: HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Key deleted: HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}

Key deleted: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd

Key deleted: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1

Key deleted: HKLM\Software\Classes\AppID\GenericAskToolbar.DLL

Key deleted: HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}

Key deleted: HKCU\Software\Ask.com

Key deleted: HKCU\Software\AppDataLow\AskToolbarInfo

Key deleted: HKCU\Software\AppDataLow\Software\AskToolbar

Key deleted: HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF

Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

Key deleted: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

Key deleting error: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar

Value deleted: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{D4027C7F-154A-4066-A1AD-4243D8127440}

Value deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}

============== ADDITIONNAL SCAN ==============

**** Mozilla Firefox Version [3.6.13 (pt-BR)] ****

HKCU_MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0 (x)

Searchplugins\buscape.xml (hxxp://busca.buscape.com.br/cprocura)

Searchplugins\mercadolivre.xml (hxxp://pmstrk.mercadolivre.com.br/jm/PmsTrk)

Searchplugins\wikipedia-br.xml (hxxp://pt.wikipedia.org/wiki/Especial:Busca)

Searchplugins\yahoo-br.xml (hxxp://br.search.yahoo.com/search)

HKLM_Extensions|otis@digitalpersona.com - C:\Program Files\DigitalPersona\Bin\FirefoxExt\

-- C:\Users\Cassiano\AppData\Roaming\Mozilla\FireFox\Profiles\wxpjbukp.default --

Extensions\screencaptureelite@plugin (Screen Capture Elite)

Extensions\{02450954-cdd9-410f-b1da-db804e18c671} (Screengrab)

Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} (Easy Youtube Video Downloader)

Prefs.js - browser.download.lastDir, C:\\Users\\Cassiano\\Desktop

Prefs.js - browser.startup.homepage, hxxp://www.google.com.br/

Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.13

========================================

**** Google Chrome Version [9.0.597.98] ****

-- C:\Users\Cassiano\AppData\Local\Google\Chrome\User Data\Default --

Preferences - default_search_provider: "Google" (Enabled: true) (?)

Plugin - Octoshape Streaming Services (Enabled: true) (C:\Users\Cassiano\AppData\Roaming\Mozilla\plugins\npoctoshape.dll)

Plugin - Octoshape Streaming Services (Enabled: true) (C:\Users\Cassiano\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1010120-0-npoctoshape.dll)

Plugin - "Octoshape Streaming Services" (Enabled: true)

========================================

**** Internet Explorer Version [8.0.7600.16385] ****

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896

HKCU_Main|Start Page - hxxp://fr.msn.com/

HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896

HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm

HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM_Main|Start Page - hxxp://fr.msn.com/

HKCU_SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} - "?" (?)

HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - C:\Windows\System32\wpcer.exe (x)

HKLM_ElevationPolicy\{09E9B8FC-3D94-4A9B-AD2E-A64255121895} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbws.exe (Kaspersky Lab)

HKLM_ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695} - C:\Windows\System32\winfxdocobj.exe (x)

HKLM_ElevationPolicy\{4671F4B7-89F5-4701-B641-570278D5C856} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe (Kaspersky Lab)

HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files\Internet Explorer\iedw.exe (x)

========================================

C:\Program Files\Ad-Remover\Quarantine: 12 File(s)

C:\Program Files\Ad-Remover\Backup: 14 File(s)

C:\Ad-Report-CLEAN[1].txt - 24/02/2011 10:37:56 (6180 Byte(s))

End at: 10:39:12, 24/02/2011

============== E.O.F ==============

DDS.txt

DDS (Ver_10-12-12.02) - NTFSx86

Run by Cassiano at 10:45:54,42 on 24/02/2011

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Professional 6.1.7600.0.1252.55.1046.18.2814.1792 [GMT -3:00]

AV: Kaspersky Internet Security *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}

FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\svchost.exe -k LocalService

c:\Windows\system32\vfsFPService.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\DigitalPersona\Bin\DpHostW.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\xampp\apache\bin\httpd.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\xampp\mysql\bin\mysqld.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\xampp\apache\bin\httpd.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\System32\StikyNot.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Cassiano\Desktop\dds.scr

C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uWindow Title =

BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2010\ievkbd.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~1\office14\GROOVEEX.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~1\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe

mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe"

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: Adicionar ao Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2010\ie_banner_deny.htm

IE: E&xportar para o Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000

IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll

IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Notify: klogon - c:\windows\system32\klogon.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~1\office14\GROOVEEX.DLL

LSA: Notification Packages = scecli DPPWDFLT

================= FIREFOX ===================

FF - ProfilePath - c:\users\cassiano\appdata\roaming\mozilla\firefox\profiles\wxpjbukp.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/

FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll

FF - component: c:\users\cassiano\appdata\roaming\mozilla\firefox\profiles\wxpjbukp.default\extensions\{0b457caa-602d-484a-8fe7-c1d894a011ba}\platform\winnt_x86-msvc\components\SSSLauncher.dll

FF - plugin: c:\progra~1\micros~1\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~1\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll

FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll

FF - plugin: c:\users\cassiano\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\users\cassiano\appdata\roaming\mozilla\plugins\npoctoshape.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru

FF - Ext: Screengrab: {02450954-cdd9-410f-b1da-db804e18c671} - %profile%\extensions\{02450954-cdd9-410f-b1da-db804e18c671}

FF - Ext: Easy Youtube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}

FF - Ext: FireShot: {0b457cAA-602d-484a-8fe7-c1d894a011ba} - %profile%\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}

FF - Ext: Screen Capture Elite: screencaptureelite@plugin - %profile%\extensions\screencaptureelite@plugin

============= SERVICES / DRIVERS ===============

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]

R1 FldSafe;FldSafe;c:\windows\system32\drivers\FldSafe.sys [2010-10-25 10240]

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2009-9-14 21520]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

R2 Apache2.2;Apache2.2;c:\program files\xampp\apache\bin\httpd.exe [2010-10-25 24640]

R2 AVP;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe [2009-10-20 340520]

R2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-9-16 599344]

R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2010-10-24 54784]

R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472]

R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]

R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2011-2-6 27632]

R3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [2008-9-16 40752]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2011-2-6 13224]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]

S3 StorSvc;Serviço de Armazenamento;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128]

S4 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2010-10-24 19456]

S4 KMService;KMService;c:\windows\system32\srvany.exe [2010-11-20 8192]

S4 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

=============== Created Last 30 ================

2011-02-24 13:35:12 -------- d-----w- c:\program files\Ad-Remover

2011-02-24 08:24:40 5890896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{b2854f14-4056-40f3-a7c4-40e4bd3b37cd}\mpengine.dll

2011-02-24 08:22:14 276992 ----a-w- c:\windows\system32\wcncsvc.dll

2011-02-24 08:19:08 101760 ----a-w- c:\windows\system32\consent.exe

2011-02-24 08:16:47 987136 ----a-w- c:\program files\common files\system\ado\msado15.dll

2011-02-24 08:16:47 573440 ----a-w- c:\windows\system32\odbc32.dll

2011-02-24 08:16:47 372736 ----a-w- c:\program files\common files\system\ado\msadox.dll

2011-02-24 08:16:46 352256 ----a-w- c:\program files\common files\system\ado\msadomd.dll

2011-02-24 08:16:46 208896 ----a-w- c:\program files\common files\system\msadc\msadco.dll

2011-02-24 08:16:31 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2011-02-24 08:16:31 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys

2011-02-24 08:16:31 107520 ----a-w- c:\windows\system32\cdd.dll

2011-02-22 21:28:43 -------- d-----w- c:\program files\Trend Micro

2011-02-09 12:03:37 -------- d-----w- c:\users\cassiano\appdata\roaming\Mp3tag

2011-02-09 12:03:19 -------- d-----w- c:\program files\Mp3tag

2011-02-06 23:56:23 27632 ----a-w- c:\windows\system32\drivers\seehcri.sys

2011-02-06 23:55:27 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys

2011-02-06 23:55:27 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys

2011-02-06 23:53:44 -------- d-----w- c:\program files\Sony Ericsson

2011-01-28 13:15:18 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2011-01-28 13:15:18 49472 ----a-w- c:\windows\system32\netfxperf.dll

2011-01-28 13:15:17 297808 ----a-w- c:\windows\system32\mscoree.dll

2011-01-28 13:15:17 295264 ----a-w- c:\windows\system32\PresentationHost.exe

2011-01-28 13:15:17 1130824 ----a-w- c:\windows\system32\dfshim.dll

2011-01-28 12:53:48 -------- d-----w- c:\windows\system32\Wat

2011-01-26 22:15:46 -------- d-----w- c:\windows\system32\appmgmt

==================== Find3M ====================

2011-02-02 20:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-01-28 12:53:50 409088 ----a-w- c:\windows\system32\systemcpl.dll

2011-01-28 12:53:47 811520 ----a-w- c:\windows\system32\user32.dll

2011-01-17 05:38:38 161792 ----a-w- c:\windows\system32\d3d10_1.dll

2011-01-07 07:31:10 442880 ----a-w- c:\windows\system32\XpsPrint.dll

2011-01-07 07:31:10 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2011-01-07 07:27:11 34304 ----a-w- c:\windows\system32\atmlib.dll

2011-01-07 05:33:11 294400 ----a-w- c:\windows\system32\atmfd.dll

2011-01-05 05:37:33 428032 ----a-w- c:\windows\system32\vbscript.dll

2011-01-05 03:37:38 2329088 ----a-w- c:\windows\system32\win32k.sys

2010-12-21 05:38:24 73728 ----a-w- c:\windows\system32\wscsvc.dll

2010-12-21 05:38:24 51200 ----a-w- c:\windows\system32\wscapi.dll

2010-12-21 05:38:22 981504 ----a-w- c:\windows\system32\wininet.dll

2010-12-21 05:38:22 350720 ----a-w- c:\windows\system32\winhttp.dll

2010-12-21 05:38:21 204800 ----a-w- c:\windows\system32\WebClnt.dll

2010-12-21 05:38:19 204288 ----a-w- c:\windows\system32\upnp.dll

2010-12-21 05:38:16 14336 ----a-w- c:\windows\system32\slwga.dll

2010-12-21 05:36:17 1389568 ----a-w- c:\windows\system32\msxml6.dll

2010-12-21 05:36:16 1236992 ----a-w- c:\windows\system32\msxml3.dll

2010-12-21 05:34:12 80384 ----a-w- c:\windows\system32\davclnt.dll

2010-12-19 15:35:15 472064 ----a-w- c:\windows\AutoKMS.exe

2010-12-18 05:29:31 541184 ----a-w- c:\windows\system32\kerberos.dll

============= FINISH: 10:47:09,83 ===============

attach.txt

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 25/10/2010 12:12:32

System Uptime: 24/02/2011 10:40:36 (0 hours ago)

Motherboard: Quanta | | 30F2

Processor: AMD Turion X2 Dual-Core Mobile RM-72 | Socket M2/S1G1 | 2100/1800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 83 GiB total, 49,892 GiB free.

D: is FIXED (NTFS) - 150 GiB total, 8,53 GiB free.

E: is CDROM (CDFS)

G: is Removable

H: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP51: 19/02/2011 00:13:37 - Ponto de Verificação Agendado

RP52: 24/02/2011 05:19:47 - Windows Update

==== Installed Programs ======================

Ad-Remover By C_XX

Adobe AIR

Adobe Community Help

Adobe Creative Suite 5 Design Premium

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Media Player

Arquivo do WinRAR

Atualização para o Microsoft Outlook Social Connector (KB2289116)

Camtasia Studio 6

CCleaner

Citrix XenApp Web Plugin

CloneCD

CloneDVD 4.0

CorelDRAW® Graphics Suite X4 - Windows Shell Extension

D3DX10

Definition update for Microsoft Office 2010 (KB982726)

DigitalPersona Personal 4.0

FileZilla Client 3.3.5-rc1

Folder Defence 1.0.0.17

Foxit Reader

Google Chrome

HijackThis 2.0.2

HP Quick Launch Buttons

IETester v0.4.4 (remove only)

Java 6 Update 13

K-Lite Mega Codec Pack 5.8.3

Kaspersky Internet Security 2010

KeePass Password Safe 2.10

Malwarebytes' Anti-Malware

Messenger Plus! Live

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Client Profile PTB Language Pack

Microsoft .NET Framework 4 Extended

Microsoft .NET Framework 4 Extended PTB Language Pack

Microsoft Application Error Reporting

Microsoft Office Access MUI (Portuguese (Brazil)) 2010

Microsoft Office Excel MUI (Portuguese (Brazil)) 2010

Microsoft Office Groove MUI (Portuguese (Brazil)) 2010

Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (Portuguese (Brazil)) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (Portuguese (Brazil)) 2010

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010

Microsoft Office Shared MUI (Portuguese (Brazil)) 2010

Microsoft Office Word MUI (Portuguese (Brazil)) 2010

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Mozilla Firefox (3.6.13)

Mp3tag v2.48

MSVCRT

MSVCRT Redists

Nero 8 Lite 8.2.8.0

Octoshape Streaming Services

Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)

Pacote de Idiomas do Microsoft .NET Framework 4 Extended - Português (Brasil)

PDF Settings CS5

PhotoScape

phpDesigner 7 version 7.2.1

QLBCASL

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft Office 2010 (KB2289078)

Security Update for Microsoft Office 2010 (KB2289161)

Security Update for Microsoft Publisher 2010 (KB2409055)

Security Update for Microsoft Word 2010 (KB2345000)

Sony Ericsson Update Service

SWiSH Max3

Synaptics Pointing Device Driver

Tomb Raider: Legend 1.0

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft Office 2010 (KB2202188)

Update for Microsoft Office 2010 (KB2413186)

Update for Microsoft OneNote 2010 (KB2433299)

Update for Microsoft Outlook Social Connector (KB2289116)

Validity Sensors software

Vegas Pro 10.0

VirtualCloneDrive

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Messenger

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Xilisoft HD Video Converter

==== End Of File ===========================

Renato Utsch · Fevereiro 27, 2011

Olá!

Por favor, utilize as tags

[ /quote], ao invés de
 [ /code].
Poste um novo log do DDS.

Abraços :D

cassiano óliver · Março 3, 2011

DDS

DDS (Ver_10-12-12.02) - NTFSx86

Run by Cassiano at 22:58:10,55 on 02/03/2011

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Professional 6.1.7600.0.1252.55.1046.18.2814.1771 [GMT -3:00]

AV: Kaspersky Internet Security *Enabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Kaspersky Internet Security *Enabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}

FW: Kaspersky Internet Security *Enabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

c:\Windows\system32\vfsFPService.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Program Files\DigitalPersona\Bin\DpHostW.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\xampp\apache\bin\httpd.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\xampp\mysql\bin\mysqld.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\xampp\apache\bin\httpd.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\WUDFHost.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\System32\StikyNot.exe

C:\Windows\system32\wuauclt.exe

\\?\C:\Windows\system32\wbem\WMIADAP.EXE

C:\Windows\system32\wbem\wmiprvse.exe

C:\Users\Cassiano\Desktop\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank

BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2010\ievkbd.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~1\office14\GROOVEEX.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~1\office14\URLREDIR.DLL

BHO: Foxit Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll

TB: Foxit Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe

mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe"

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: Adicionar ao Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2010\ie_banner_deny.htm

IE: E&xportar para o Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000

IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll

IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Notify: klogon - c:\windows\system32\klogon.dll

AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~1\kloehk.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~1\office14\GROOVEEX.DLL

LSA: Notification Packages = scecli DPPWDFLT

================= FIREFOX ===================

FF - ProfilePath - c:\users\cassiano\appdata\roaming\mozilla\firefox\profiles\wxpjbukp.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/

FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll

FF - component: c:\users\cassiano\appdata\roaming\mozilla\firefox\profiles\wxpjbukp.default\extensions\{0b457caa-602d-484a-8fe7-c1d894a011ba}\platform\winnt_x86-msvc\components\SSSLauncher.dll

FF - plugin: c:\progra~1\micros~1\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~1\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll

FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll

FF - plugin: c:\users\cassiano\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\users\cassiano\appdata\roaming\mozilla\plugins\npoctoshape.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru

FF - Ext: Screengrab: {02450954-cdd9-410f-b1da-db804e18c671} - %profile%\extensions\{02450954-cdd9-410f-b1da-db804e18c671}

FF - Ext: Easy Youtube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}

FF - Ext: FireShot: {0b457cAA-602d-484a-8fe7-c1d894a011ba} - %profile%\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}

FF - Ext: Screen Capture Elite: screencaptureelite@plugin - %profile%\extensions\screencaptureelite@plugin

============= SERVICES / DRIVERS ===============

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]

R1 FldSafe;FldSafe;c:\windows\system32\drivers\FldSafe.sys [2010-10-25 10240]

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2009-9-14 21520]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

R2 Apache2.2;Apache2.2;c:\program files\xampp\apache\bin\httpd.exe [2010-10-25 24640]

R2 AVP;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe [2009-10-20 340520]

R2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-9-16 599344]

R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2010-10-24 54784]

R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472]

R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]

R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2011-2-6 27632]

R3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [2008-9-16 40752]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2011-2-6 13224]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]

S3 StorSvc;Serviço de Armazenamento;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128]

S4 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2010-10-24 19456]

S4 KMService;KMService;c:\windows\system32\srvany.exe [2010-11-20 8192]

S4 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

=============== Created Last 30 ================

2011-02-27 19:56:58 5943120 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{03348ab8-e7e7-46d9-8a8b-9e8d47db782d}\mpengine.dll

2011-02-27 19:55:31 276992 ----a-w- c:\windows\system32\wcncsvc.dll

2011-02-27 19:51:59 314368 ----a-w- c:\windows\system32\webio.dll

2011-02-27 19:49:42 516096 ----a-w- c:\program files\windows mail\wab.exe

2011-02-27 19:46:01 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2011-02-27 19:46:01 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys

2011-02-27 19:46:00 107520 ----a-w- c:\windows\system32\cdd.dll

2011-02-22 21:28:43 -------- d-----w- c:\program files\Trend Micro

2011-02-09 12:03:37 -------- d-----w- c:\users\cassiano\appdata\roaming\Mp3tag

2011-02-09 12:03:19 -------- d-----w- c:\program files\Mp3tag

2011-02-06 23:56:23 27632 ----a-w- c:\windows\system32\drivers\seehcri.sys

2011-02-06 23:55:27 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys

2011-02-06 23:55:27 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys

2011-02-06 23:53:44 -------- d-----w- c:\program files\Sony Ericsson

==================== Find3M ====================

2011-02-02 20:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-01-28 12:53:50 409088 ----a-w- c:\windows\system32\systemcpl.dll

2011-01-28 12:53:47 811520 ----a-w- c:\windows\system32\user32.dll

2011-01-17 05:38:38 161792 ----a-w- c:\windows\system32\d3d10_1.dll

2011-01-07 07:31:10 442880 ----a-w- c:\windows\system32\XpsPrint.dll

2011-01-07 07:31:10 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2011-01-07 07:27:11 34304 ----a-w- c:\windows\system32\atmlib.dll

2011-01-07 05:33:11 294400 ----a-w- c:\windows\system32\atmfd.dll

2011-01-05 05:37:33 428032 ----a-w- c:\windows\system32\vbscript.dll

2011-01-05 03:37:38 2329088 ----a-w- c:\windows\system32\win32k.sys

2010-12-21 05:38:24 73728 ----a-w- c:\windows\system32\wscsvc.dll

2010-12-21 05:38:24 51200 ----a-w- c:\windows\system32\wscapi.dll

2010-12-21 05:38:22 981504 ----a-w- c:\windows\system32\wininet.dll

2010-12-21 05:38:22 350720 ----a-w- c:\windows\system32\winhttp.dll

2010-12-21 05:38:21 204800 ----a-w- c:\windows\system32\WebClnt.dll

2010-12-21 05:38:19 204288 ----a-w- c:\windows\system32\upnp.dll

2010-12-21 05:38:16 14336 ----a-w- c:\windows\system32\slwga.dll

2010-12-21 05:36:17 1389568 ----a-w- c:\windows\system32\msxml6.dll

2010-12-21 05:36:16 1236992 ----a-w- c:\windows\system32\msxml3.dll

2010-12-21 05:34:12 80384 ----a-w- c:\windows\system32\davclnt.dll

2010-12-19 15:35:15 472064 ----a-w- c:\windows\AutoKMS.exe

2010-12-18 05:29:40 44544 ----a-w- c:\windows\system32\licmgr10.dll

2010-12-18 05:29:31 541184 ----a-w- c:\windows\system32\kerberos.dll

2010-12-18 04:20:55 386048 ----a-w- c:\windows\system32\html.iec

2010-12-18 03:47:59 1638912 ----a-w- c:\windows\system32\mshtml.tlb

============= FINISH: 23:00:37,89 ===============

ATTACH

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 25/10/2010 12:12:32

System Uptime: 02/03/2011 22:11:17 (1 hours ago)

Motherboard: Quanta | | 30F2

Processor: AMD Turion X2 Dual-Core Mobile RM-72 | Socket M2/S1G1 | 2100/1800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 83 GiB total, 50,903 GiB free.

D: is FIXED (NTFS) - 150 GiB total, 10,215 GiB free.

E: is CDROM ()

G: is Removable

H: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP52: 27/02/2011 16:53:05 - Windows Update

==== Installed Programs ======================

Adobe AIR

Adobe Community Help

Adobe Creative Suite 5 Design Premium

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Media Player

Arquivo do WinRAR

Ask Toolbar

Atualização para o Microsoft Outlook Social Connector (KB2289116)

Camtasia Studio 6

CCleaner

Citrix XenApp Web Plugin

CloneCD

CloneDVD 4.0

CorelDRAW® Graphics Suite X4 - Windows Shell Extension

D3DX10

Definition update for Microsoft Office 2010 (KB982726)

DigitalPersona Personal 4.0

FileZilla Client 3.3.5-rc1

Folder Defence 1.0.0.17

Foxit Reader

Google Chrome

HijackThis 2.0.2

HP Quick Launch Buttons

IETester v0.4.4 (remove only)

Java 6 Update 13

K-Lite Mega Codec Pack 5.8.3

Kaspersky Internet Security 2010

KeePass Password Safe 2.10

Malwarebytes' Anti-Malware

Messenger Plus! Live

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Client Profile PTB Language Pack

Microsoft .NET Framework 4 Extended

Microsoft .NET Framework 4 Extended PTB Language Pack

Microsoft Application Error Reporting

Microsoft Office Access MUI (Portuguese (Brazil)) 2010

Microsoft Office Excel MUI (Portuguese (Brazil)) 2010

Microsoft Office Groove MUI (Portuguese (Brazil)) 2010

Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (Portuguese (Brazil)) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (Portuguese (Brazil)) 2010

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010

Microsoft Office Shared MUI (Portuguese (Brazil)) 2010

Microsoft Office Word MUI (Portuguese (Brazil)) 2010

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Mozilla Firefox (3.6.13)

Mp3tag v2.48

MSVCRT

MSVCRT Redists

Nero 8 Lite 8.2.8.0

Octoshape Streaming Services

Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)

Pacote de Idiomas do Microsoft .NET Framework 4 Extended - Português (Brasil)

PDF Settings CS5

PhotoScape

phpDesigner 7 version 7.2.1

QLBCASL

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft Office 2010 (KB2289161)

Security Update for Microsoft Word 2010 (KB2345000)

Sony Ericsson Update Service

SWiSH Max3

Synaptics Pointing Device Driver

Tomb Raider: Legend 1.0

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft Office 2010 (KB2202188)

Update for Microsoft Outlook Social Connector (KB2289116)

Validity Sensors software

Vegas Pro 10.0

VirtualCloneDrive

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Messenger

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Xilisoft HD Video Converter

==== End Of File ===========================

Renato Utsch · Março 4, 2011

Olá!

Não detecto nada (além do AskToolbar) no seu pc... como está o computador?

Faça o download do Malwarebytes Anti-Malware e salve no seu Desktop (Área de trabalho).

Tenha certeza de que está conectado na Internet.
Duplo clique em mbam-setup.exe.
Vá seguindo a instalação, sem alterar nenhuma configuração.
Quando a instalação chegar ao fim, lembre-se de marcar as opções:
Atualizar Malwarebytes' Anti-Malware
Executar Malwarebytes' Anti-Malware
Então, clique em Concluir.
O MBAM abrirá e você receberá um aviso quanto à atualização, antes de iniciar o scan. Se alguma atualização estiver disponível, ele irá baixá-la.
Na aba de Verificação:
- Marque Verificação Completa
- Clique em Verificar
[*]Quando a verificação terminar, uma mensagem aparecerá. Clique em OK para verificar a mensagem e continuar com o processo.

[*]Verifique se tudo o que foi encontrado está marcado e, então, clique em Remover.

[*]Após a remoção, um log será gerado e aberto.

[*]O log é salvo automaticamente, e pode ser acessado pela aba Logs.

[*]Copie e cole o log em sua próxima resposta.

Abraços :D

cassiano óliver · Abril 1, 2011

Lord,

Desculpe a imensa demora em lhe dar retorno.

Percebo que aqui já normalizou, minha dúvida era somente mesmo com alguns serviços, pensei que eram maliciosos.

Agradeço muito sua ajuda!

Abração

Renato Utsch · Abril 3, 2011

PROBLEMA RESOLVIDO

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Arquivado

[Resolvido] &nbspAnálise de log

Recommended Posts

cassiano óliver 1

Compartilhar este post

Link para o post

Compartilhar em outros sites

Renato Utsch 24

Compartilhar este post

Link para o post

Compartilhar em outros sites

cassiano óliver 1

Compartilhar este post

Link para o post

Compartilhar em outros sites

Renato Utsch 24

Compartilhar este post

Link para o post

Compartilhar em outros sites

cassiano óliver 1

Compartilhar este post

Link para o post

Compartilhar em outros sites

Renato Utsch 24

Compartilhar este post

Link para o post

Compartilhar em outros sites

cassiano óliver 1

Compartilhar este post

Link para o post

Compartilhar em outros sites

Renato Utsch 24

Compartilhar este post

Link para o post

Compartilhar em outros sites

Fixar div até atingir uma certa altura

Ajuda com Extends e envio para o banco

PHP+Codeginiter - Orientação para Impressão

Fóruns

Tempo Real

Informação importante