[Resolvido] &nbspPC suspeita de Virus

[dekinho 0]

Olá Boa noite

Passei o Antivirus Avira no meu PC, ele detectou 2 ameaças que foram movida para quarenta.

Gostaria da ajuda de vocês para retirar.

 

São elas:

...\LocalMicrosoft\Windows\Temporary Internet Files\Low\Content.IE5\ZJPVQQSF\index[1].htm

...\LocalLow\Sun\Java\Deployyment\cache\6.0\15\3084712-486c6850

 

Desda ja agradeço

[wings 22]

Olá dekinho

 

 

Leia a regra 2 da sala.

[dekinho 0]

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 23:49:56, on 10/05/2011

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16700)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10o_ActiveX.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\HiJackThis\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{D45BE973-9948-4BB2-B75B-0B01318A3593}: NameServer = 8.8.8.8,10.0.0.253

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 8476 bytes

[wings 22]

1.

*Baixe o DDS e salve-o no desktop

*Execute-o e salve os relatórios (DDS.txt e Attach.txt) no desktop

*Cole o relatório DDS.txt

[dekinho 0]

Segue Relatorio

 

 

.

DDS (Ver_11-03-05.01) - NTFS_AMD64

Run by Sonia Abreu at 23:57:49,85 on 10/05/2011

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.2070.18.2013.895 [GMT -3:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\conhost.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\svchost.exe -k HPService

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10o_ActiveX.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\HiJackThis\HiJackThis.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\Sonia Abreu\Desktop\dds.scr

C:\Windows\system32\conhost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com.br/

mWinlogon: Userinit=userinit.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Programa Auxiliar de Início de Sessão do Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

{555d4d79-4bd2-4094-a395-cfc534424a05}

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xportar para o Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

TCP: {D45BE973-9948-4BB2-B75B-0B01318A3593} = 8.8.8.8,10.0.0.253

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

{9030D464-4C02-4ABF-8ECC-5164760863C6}

EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File

mRun-x64: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

.

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2010-10-24 188928]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-1-9 136360]

R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-1-9 269480]

R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2011-1-9 83120]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-8-6 320040]

R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2010-10-24 40832]

R3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 72064]

R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]

.

=============== Created Last 30 ================

.

2011-05-11 02:48:19 -------- d-----w- C:\HiJackThis

2011-05-10 22:39:52 8802128 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{52F0A943-A644-447C-B734-0450755AED5D}\mpengine.dll

2011-05-10 21:34:52 -------- d-----w- C:\Users\SONIAA~1\AppData\Local\{C3C37391-603B-4992-9FEF-30D928345280}

2011-05-09 22:17:18 -------- d-----w- C:\Users\SONIAA~1\AppData\Local\{88739CEE-2F2E-42A6-9290-75F1532620B6}

2011-05-08 21:00:08 -------- d-----w- C:\Users\SONIAA~1\AppData\Local\{150838DB-15D9-48EB-B3D2-62DFF8A2ED02}

2011-05-08 08:17:14 -------- d-----w- C:\Users\SONIAA~1\AppData\Local\{58C7E6A0-13C9-42AF-B56C-61974906DA17}

2011-05-07 09:52:48 -------- d-----w- C:\Users\SONIAA~1\AppData\Local\{C8608A31-71A0-4F5D-A1D0-6144583F9DBD}

2011-05-06 15:31:12 -------- d-----w- C:\Users\SONIAA~1\AppData\Local\{A0699FEA-2A13-493E-B15B-6ED27D66F0A5}

2011-05-06 03:23:57 -------- d-----w- C:\Users\SONIAA~1\AppData\Local\{169501B8-0C65-4134-A09E-BCBEEDE9F277}

2011-05-05 15:23:31 -------- d-----w- C:\Users\SONIAA~1\AppData\Local\{7AA28918-4A28-4BF7-81CC-B6CFDF8D99A5}

2011-05-04 15:09:56 -------- d-----w- C:\Users\SONIAA~1\AppData\Local\{829ED141-0A02-4421-BE30-0F7D7AD6EE10}

2011-05-03 23:12:38 -------- d-----w- C:\Users\SONIAA~1\AppData\Local\{C079A114-C14C-45D6-9C02-972E989467B6}

2011-05-02 22:01:10 -------- d-----w- C:\Users\SONIAA~1\AppData\Local\{E46E49FA-F749-4495-8AA2-94E22B4E0E13}

2011-05-02 03:25:21 -------- d-----w- C:\Users\SONIAA~1\AppData\Local\{14F4FA59-3B43-4981-B34F-E5656B481E6A}

2011-05-01 16:53:44 -------- d-----w- C:\Adjustment Program

2011-05-01 15:24:56 -------- d-----w- C:\Users\SONIAA~1\AppData\Local\{610E51CF-C422-41EE-8CD7-3F9E82B454B9}

2011-04-30 15:59:02 -------- d-----w- C:\Users\SONIAA~1\AppData\Local\{09C70303-835F-4F6B-B11E-EE7D5E00216B}

2011-04-30 03:58:37 -------- d-----w- C:\Users\SONIAA~1\AppData\Local\{261095B6-9A31-4014-A01C-549F1E4AF906}

2011-04-29 15:09:31 -------- d-----w- C:\Users\SONIAA~1\AppData\Local\{FE154301-9730-436F-8046-F4BA0E5114DA}

2011-04-29 02:21:19 -------- d-----w- C:\Brasfoot2011

2011-04-28 20:36:12 -------- d-----w- C:\Users\SONIAA~1\AppData\Local\{3310B242-8129-421B-B084-551E00888BC2}

2011-04-27 21:30:05 -------- d-----w- C:\Users\SONIAA~1\AppData\Local\{C99FBF3E-6606-49B0-8D94-1D8453E9B0F7}

2011-04-26 15:01:15 -------- d-----w- C:\Users\SONIAA~1\AppData\Local\{E26E3D5C-FE94-40CE-A7D3-6904FACF7955}

2011-04-25 15:37:11 -------- d-----w- C:\Users\SONIAA~1\AppData\Local\{B8C072CD-B31E-4424-82D6-7852C5F04948}

2011-04-24 21:07:10 -------- d-----w- C:\Users\SONIAA~1\AppData\Local\{5D52887B-D3A0-4A6C-ADEF-F86B71E38418}

2011-04-24 09:06:46 -------- d-----w- C:\Users\SONIAA~1\AppData\Local\{69CC0FCD-15FB-4F8B-869B-0DA8EFD7B212}

2011-04-23 16:46:18 -------- d-----w- C:\Users\SONIAA~1\AppData\Local\{50A27BE9-C56B-49A0-99EB-EEEA19DBA169}

2011-04-23 14:57:05 -------- d-----w- C:\Users\SONIAA~1\AppData\Local\{1F815C92-95DE-40A2-ACA3-EAEAA718F9DB}

2011-04-22 13:02:35 -------- d-----w- C:\Users\SONIAA~1\AppData\Local\{8A688D97-B979-49FC-9F61-3EF988E41FFD}

2011-04-21 20:58:30 -------- d-----w- C:\Users\SONIAA~1\AppData\Local\{8E860824-22D7-4917-9543-9EBFD655891C}

2011-04-21 04:37:36 -------- d-----w- C:\Users\SONIAA~1\AppData\Local\{EFCEB7B6-7D0A-4516-977C-BB586D5A0808}

2011-04-21 00:17:35 -------- d-----w- C:\Users\SONIAA~1\AppData\Local\{3BA0E7A4-02E6-4A0B-AFF8-5D1663B86E01}

2011-04-20 11:09:38 -------- d-----w- C:\Users\SONIAA~1\AppData\Local\{C889F24F-2D74-4E9B-AD6C-9E59C8647F22}

2011-04-19 18:38:40 -------- d-----w- C:\Users\SONIAA~1\AppData\Local\{386C14ED-4E04-45D2-B994-B3BF38883EE2}

2011-04-19 01:16:55 -------- d-----w- C:\Users\SONIAA~1\AppData\Local\{CEE610C5-83A2-4FE0-8CA4-45F92689776C}

2011-04-18 15:07:39 -------- d-----w- C:\Users\SONIAA~1\AppData\Local\{1C626194-D727-4589-B9BB-714D23E1693E}

2011-04-18 02:53:27 -------- d-----w- C:\Users\SONIAA~1\AppData\Local\{9AFF8965-E61C-4790-B221-0F0DB077E2B0}

2011-04-16 16:02:28 -------- d-----w- C:\Users\SONIAA~1\AppData\Local\{13FB0E62-C00E-4C74-B55A-B9C699EC8B13}

2011-04-16 04:02:03 -------- d-----w- C:\Users\SONIAA~1\AppData\Local\{40E9C765-FA0D-48F1-A3EE-DBF0F47ACE20}

2011-04-15 14:39:39 -------- d-----w- C:\Users\SONIAA~1\AppData\Local\{E139289E-54DA-44A4-B6CA-87CBD3BB36F2}

2011-04-14 22:21:16 -------- d-----w- C:\Users\SONIAA~1\AppData\Local\{5C80E400-C794-4D7B-B2A0-BEE3739E5D39}

2011-04-13 15:49:56 -------- d-----w- C:\Users\SONIAA~1\AppData\Local\{B91B44E7-70CC-4857-9F19-3A8295A75A3A}

2011-04-13 02:57:01 -------- d-----w- C:\Users\SONIAA~1\AppData\Local\{8903BB48-7628-44CD-AA27-FB69B1C3C0DE}

2011-04-12 14:56:36 -------- d-----w- C:\Users\SONIAA~1\AppData\Local\{4883A793-193D-472B-92A3-F24A0FCF7093}

2011-04-12 01:11:27 -------- d-----w- C:\Users\SONIAA~1\AppData\Local\{244ED35B-3D77-483C-8444-7D28A5377AF1}

2011-04-11 23:22:06 -------- d-----w- C:\Users\SONIAA~1\AppData\Local\{55B6ED09-96EB-4F28-8086-2E2482D5917B}

2011-04-11 11:21:40 -------- d-----w- C:\Users\SONIAA~1\AppData\Local\{FC916521-460B-40F5-B9A6-DB5918148A2D}

.

==================== Find3M ====================

.

2011-04-05 23:46:38 2872992 ----a-w- C:\Users\Sonia Abreu\install_flash_player_10_active_x.exe

2011-04-01 02:34:51 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

.

============= FINISH: 23:58:04,57 ===============

[wings 22]

O log está limpo.

 

 

Delete o DDS e seus relatórios.

 

Se o antivírus enviou para a quarentena, não há nenhum problema.

[dekinho 0]

Muito Obrigado Amigo

[wings 22]

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.