Tweet
Boa noite !
Estou com uma praga virtual aqui ; que ao iniciar o sistema; não deixa conectar de imediato a internet. Fica como se estivesse procurando a conexão primeiro; demora uns 2 minutos para iniciar/conectar . Acho que é um rootkit .
Enquete :
Os rootkits são sobras de vários softwares ?
( ) Sim ( ) Não
Os mesmos diblam os AV`s ?
( ) Sim ( ) Não
Ao detectá - los ; transformam - se em outros ?
( ) Sim ( ) Não
Comentem !
Logs :
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by User at 20:56:13 on 2012-04-20
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.2070.18.1981.1296 [GMT -3:00]
.
AV: Panda Cloud Antivirus *Enabled/Updated* {86971480-9989-6750-B122-681A86518D59}
SP: Panda Cloud Antivirus *Enabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\UI0Detect.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Gadwin PrintScreen] "c:\program files\gadwin systems\printscreen\PrintScreen.exe" /nosplash
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [PSUNMain] "c:\program files\panda security\panda cloud antivirus\PSUNMain.exe" /Traybar
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xportar para o Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 189.7.96.15 189.7.96.16
TCP: Interfaces\{D51D7741-3282-47CA-800C-6AC86A36E52E} : DhcpNameServer = 189.7.96.15 189.7.96.16
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\prof iles\dy8vvbn4.default\
FF - prefs.js: browser.startup.homepage - Apenas usuários registrados e ativados podem ver os links., Clique aqui para se cadastrar...
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\user\appdata\local\google\update\1.3.21.1 11\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_20 2_233.dll
.
============= SERVICES / DRIVERS ===============
.
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKN C.sys [2011-11-23 126216]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\panda security\panda cloud antivirus\PSANHost.exe [2011-4-28 140608]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSIN Aflt.sys [2012-1-5 144136]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSIN File.sys [2011-4-28 99400]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSIN Proc.sys [2011-4-28 111176]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSIN Prot.sys [2011-11-30 112904]
R3 RTL8167;Controlador Realtek 8167 NT;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\ v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPl ayerUpdateService.exe [2012-3-29 253088]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-4-12 62464]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssflt r.sys [2012-4-6 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominipor t.sys [2010-11-20 15872]
S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2011-9-10 77184]
S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2011-4-12 25600]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\wat\WatAdminSvc.exe [2012-3-14 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
SUnknown TsUsbFlt;TsUsbFlt; [x]
SUnknown tsusbhub;tsusbhub; [x]
.
=============== Created Last 30 ================
.
2012-04-20 12:07:27 6734704 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{945c584d-d0c3-49bd-a1ea-dabc9b933a08}\mpengine.dll
2012-04-20 12:03:38 -------- d-----w- c:\users\user\appdata\local\{E8CAF5A5-676A-41FB-8ED0-1AF9FBC3770E}
2012-04-20 12:03:24 -------- d-----w- c:\users\user\appdata\local\{0E461955-FCDE-40BE-9332-D4FED006587D}
2012-04-19 14:04:45 -------- d-----w- c:\users\user\appdata\local\{9E1041D7-7480-4F64-8447-7CBB74D3F985}
2012-04-19 14:04:22 -------- d-----w- c:\users\user\appdata\local\{C339C454-4FAE-4427-AA53-8E12E7FDD42F}
2012-04-19 02:03:53 -------- d-----w- c:\users\user\appdata\local\{9EB9E103-36AF-4449-A1A9-94E10EC8CC6F}
2012-04-19 02:03:30 -------- d-----w- c:\users\user\appdata\local\{F5A863D3-B830-43AE-8ED3-7495941A0264}
2012-04-18 14:03:01 -------- d-----w- c:\users\user\appdata\local\{4BD4B40A-3505-41D8-AB61-71BE426D8717}
2012-04-18 14:02:43 -------- d-----w- c:\users\user\appdata\local\{7E8EB873-BAD2-4F8D-A3F9-D6197DAE67F2}
2012-04-17 17:45:13 -------- d-----w- c:\users\user\appdata\local\{7AFDC4D5-E27E-47F0-915B-6E1765EC8325}
2012-04-17 17:45:00 -------- d-----w- c:\users\user\appdata\local\{B81E000B-443C-464F-BE80-2C94102725CB}
2012-04-17 15:27:57 -------- d-----w- c:\users\user\appdata\roaming\Ad-Aware Antivirus
2012-04-17 15:03:48 -------- d-----w- c:\users\user\appdata\local\{97C58BA4-ACCF-4F0A-AFE6-EE0C053A8758}
2012-04-17 15:03:32 -------- d-----w- c:\users\user\appdata\local\{F1FC64C6-D184-44FB-9B5F-D681E6EF1DDA}
2012-04-17 01:04:57 -------- d-----w- c:\users\user\appdata\local\{7AF85887-2602-4EAB-B824-15C56B507218}
2012-04-17 01:04:35 -------- d-----w- c:\users\user\appdata\local\{E33AB11A-C719-4505-9664-CBADC6BB2614}
2012-04-16 13:04:07 -------- d-----w- c:\users\user\appdata\local\{265BFFEB-2564-4095-9B9D-C490A07BE65A}
2012-04-16 13:03:49 -------- d-----w- c:\users\user\appdata\local\{C5396508-6464-4E1C-9F68-5F630221A73C}
2012-04-15 14:06:30 -------- d-----w- c:\users\user\appdata\local\{6EDA112A-4E3E-4BDD-9306-FA8171D5CCE3}
2012-04-15 14:06:12 -------- d-----w- c:\users\user\appdata\local\{0C22F04F-D0B9-4C3F-819B-4CD7189016D7}
2012-04-14 22:34:19 -------- d-----w- c:\users\user\appdata\local\{7C182D3F-BC9A-4F16-99C5-A91E07E8B960}
2012-04-14 22:33:56 -------- d-----w- c:\users\user\appdata\local\{75845C5F-A757-4329-81BC-FEE8A2F17DF4}
2012-04-14 10:33:28 -------- d-----w- c:\users\user\appdata\local\{325545A7-0C40-4918-99D4-A2C407F148F4}
2012-04-14 10:33:11 -------- d-----w- c:\users\user\appdata\local\{03782FD9-0474-4940-AA70-52D1B6B34EF5}
2012-04-13 03:13:38 -------- d-----w- c:\users\user\appdata\local\{16D40B88-5CDE-4FCB-A42E-90D6077F37CB}
2012-04-13 03:13:21 -------- d-----w- c:\users\user\appdata\local\{E6E8A871-D244-45D0-960E-C6839E087022}
2012-04-12 11:44:01 -------- d-----w- c:\users\user\appdata\local\{40C685FC-B1C0-4775-BF82-68C3ACF61ADB}
2012-04-12 11:43:44 -------- d-----w- c:\users\user\appdata\local\{54A0F399-F44C-4543-923A-F2B36B14D057}
2012-04-11 12:11:01 -------- d-----w- c:\users\user\appdata\local\{72691CE1-4644-4400-96C6-80BF9E0E7763}
2012-04-11 12:10:38 -------- d-----w- c:\users\user\appdata\local\{05D99163-3354-4E77-9E29-4E065FE09C70}
2012-04-11 06:00:50 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 06:00:49 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 06:00:49 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 06:00:49 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 06:00:31 3972464 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-11 06:00:30 3916656 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 00:10:10 -------- d-----w- c:\users\user\appdata\local\{065B2E57-41AE-43D0-B881-30916FE7296D}
2012-04-11 00:09:55 -------- d-----w- c:\users\user\appdata\local\{7ACD79FB-073B-4B90-BCCF-28EA63A12BEF}
2012-04-10 09:27:31 -------- d-----w- c:\users\user\appdata\local\{147FEF8C-795D-4E4A-98CF-C4BA18EC3713}
2012-04-10 09:27:16 -------- d-----w- c:\users\user\appdata\local\{95C1168E-DDA6-4D68-B64D-BB8D456257E1}
2012-04-09 12:14:09 -------- d-----w- c:\users\user\appdata\local\{8B89E26E-5B10-4195-9F0C-9B0597BF3BA8}
2012-04-09 12:13:57 -------- d-----w- c:\users\user\appdata\local\{0A8C12D7-84D3-4A10-883C-86D6B8F7BE13}
2012-04-08 13:11:01 -------- d-----w- c:\users\user\appdata\local\{8AD486C7-18A9-4F7C-821F-2F80C08F4C67}
2012-04-08 13:10:43 -------- d-----w- c:\users\user\appdata\local\{4E9FF97B-137A-4B28-8D45-CDBD87FAB3AF}
2012-04-07 21:10:16 -------- d-----w- c:\users\user\appdata\local\{78F107A8-ACAB-44C7-B8B0-7D01A5A4C6AC}
2012-04-07 21:10:02 -------- d-----w- c:\users\user\appdata\local\{6B5A8DB3-07AB-43CE-BA1E-6C946F3CC7DD}
2012-04-06 14:12:59 -------- d-----w- c:\users\user\appdata\local\{F6624A52-E048-469F-9A5F-5237E9495D6E}
2012-04-06 14:12:36 -------- d-----w- c:\users\user\appdata\local\{761DD93D-9A2F-457C-ACC6-42D7662E916E}
2012-04-06 13:39:34 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2012-04-06 13:35:16 89944 ----a-w- c:\program files\common files\windows live\.cache\19bb84d11cd13fa01\DSETUP.dll
2012-04-06 13:35:16 537432 ----a-w- c:\program files\common files\windows live\.cache\19bb84d11cd13fa01\DXSETUP.exe
2012-04-06 13:35:16 1801048 ----a-w- c:\program files\common files\windows live\.cache\19bb84d11cd13fa01\dsetup32.dll
2012-04-06 13:35:16 15712 ----a-w- c:\program files\common files\windows live\.cache\1a6486851cd13fa02\MeshBetaRemover.exe
2012-04-06 13:33:45 -------- d-----w- c:\users\user\appdata\local\{E1322764-17A3-4559-B0E2-243F401CDD18}
2012-04-06 13:33:11 -------- d-----w- c:\users\user\appdata\local\{F230A2E3-3959-48A8-B9A3-6733B2474E70}
2012-04-05 12:29:33 -------- d-----w- c:\users\user\appdata\local\{164A9AF4-A51D-4D1E-8EFC-FC0DEF424DD8}
2012-04-04 23:03:42 -------- d-----w- c:\users\user\appdata\local\{CF30FD36-68FD-4413-B44E-1C7CBFA26B52}
2012-04-04 23:03:19 -------- d-----w- c:\users\user\appdata\local\{913CAB28-B7E6-4E52-84DD-0E5AD7C36DAA}
2012-04-04 22:19:42 -------- d-----w- c:\users\user\appdata\local\{5E630F7D-D807-4DCB-B8B4-E18027919C10}
2012-04-04 22:19:30 -------- d-----w- c:\users\user\appdata\local\{5227A6C2-9287-4704-BC85-4F583DC7B918}
2012-04-04 18:25:23 -------- d-----w- c:\users\user\appdata\local\{098B23A4-5C78-4707-9901-40013D6820B5}
2012-04-04 18:25:05 -------- d-----w- c:\users\user\appdata\local\{06057BC2-19A3-4115-9310-7A386F69C524}
2012-04-03 23:05:26 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-03 21:39:06 -------- d-----w- c:\users\user\appdata\local\{EA46E76A-8C09-4501-8101-CC712F3D727E}
2012-04-03 21:38:50 -------- d-----w- c:\users\user\appdata\local\{83290A20-550F-4E9E-9F86-C48657439365}
2012-04-03 21:28:50 -------- d-----w- c:\users\user\appdata\local\{CEF9DA1F-0573-4DBE-99D1-7BE1A2BB191A}
2012-04-03 21:28:38 -------- d-----w- c:\users\user\appdata\local\{D2551545-60E2-4853-931A-A7100D846897}
2012-04-03 21:22:56 -------- d-----w- c:\users\user\appdata\local\{A418242A-86DB-4835-B25E-F95C4CD664E9}
2012-04-03 21:22:39 -------- d-----w- c:\users\user\appdata\local\{FF3FC3CA-A2D4-419B-AFC0-A511D19CFB62}
2012-04-03 21:15:13 -------- d-----w- c:\users\user\appdata\local\{D1749CA1-B6B3-4F23-A7C4-0A143A543C87}
2012-04-03 20:21:34 -------- d-----w- c:\users\user\appdata\local\{94A2A17F-D51A-44A2-86F0-EE8E6278475D}
2012-04-03 20:21:18 -------- d-----w- c:\users\user\appdata\local\{75505C6A-D9E2-4425-8300-95B5F5488DC5}
2012-04-03 19:00:55 -------- d-----w- c:\users\user\appdata\local\{57EF249F-FBFD-4FFC-92EB-62DD249277F6}
2012-04-03 19:00:38 -------- d-----w- c:\users\user\appdata\local\{7D3C7A35-0FEE-439B-B0E5-847421E3B6C0}
2012-04-03 13:00:50 -------- d-----w- c:\users\user\appdata\local\{A8E9CB8C-0492-4470-B0C9-D0D895C42867}
2012-04-03 13:00:25 -------- d-----w- c:\users\user\appdata\local\{B08C0DBE-CEAB-447B-ADC8-C2CDFD21E50F}
2012-04-02 23:04:29 -------- d-----w- c:\users\user\appdata\local\{2908DCB5-0925-4231-BE77-3286AD3C7E58}
2012-04-02 11:03:54 -------- d-----w- c:\users\user\appdata\local\{3DB1FFEB-622C-4ADA-86F2-88AB89EB9E0B}
2012-04-01 23:03:17 -------- d-----w- c:\users\user\appdata\local\{5D31926C-E6D1-4DA1-A160-2E8AC92B86DD}
2012-04-01 11:02:41 -------- d-----w- c:\users\user\appdata\local\{2275CFE7-B649-43DD-A146-51BE9D61F11A}
2012-03-31 11:01:50 -------- d-----w- c:\users\user\appdata\local\{9B244555-C6E5-4944-A6CB-15D1AC45AA2F}
2012-03-30 12:36:15 -------- d-----w- c:\users\user\appdata\local\{E274A9B8-1752-4F21-B6B7-BA903CAC1F67}
2012-03-29 23:11:43 -------- d-----w- c:\users\user\appdata\local\{97D16505-62F3-44A3-AFC4-7D42165814BF}
2012-03-29 20:02:26 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-29 11:11:15 -------- d-----w- c:\users\user\appdata\local\{E732AD21-C2E8-447B-9E88-0F26C514DA22}
2012-03-28 13:54:42 -------- d-----w- c:\users\user\appdata\local\{9F11C12B-17AD-4C93-819E-A665E28FE570}
2012-03-28 13:54:27 -------- d-----w- c:\users\user\appdata\local\{B0D43A8E-963B-41B7-9010-19BEE1D30417}
2012-03-28 00:20:16 -------- d-----w- c:\users\user\appdata\local\{284BB12F-8CD2-4C29-9EB3-CC206F1469BA}
2012-03-28 00:19:54 -------- d-----w- c:\users\user\appdata\local\{72021CFC-050C-4078-8810-3E0F31928DF3}
2012-03-27 14:07:10 -------- d-----w- c:\users\user\appdata\local\Opera
2012-03-27 12:19:26 -------- d-----w- c:\users\user\appdata\local\{E87E5529-DE2D-4079-A28A-61D689BB0F41}
2012-03-27 12:19:03 -------- d-----w- c:\users\user\appdata\local\{260CCC81-A5E4-4F67-B76B-1E06292258BB}
2012-03-27 00:18:37 -------- d-----w- c:\users\user\appdata\local\{FAEDC9FC-BDC9-4958-AD5F-D35F78957448}
2012-03-27 00:18:14 -------- d-----w- c:\users\user\appdata\local\{CCBF2734-D50F-4F2D-B554-4C6EC383FA3C}
2012-03-26 12:17:48 -------- d-----w- c:\users\user\appdata\local\{8A5463CE-CA7C-418B-B8A7-9F26B3C06613}
2012-03-26 12:17:25 -------- d-----w- c:\users\user\appdata\local\{B84D1859-7375-4D5C-86DB-48CD3C910F35}
2012-03-26 00:17:00 -------- d-----w- c:\users\user\appdata\local\{004DE5B1-2218-4CB8-B44A-45A91D0EDB75}
2012-03-25 12:16:22 -------- d-----w- c:\users\user\appdata\local\{B0CC1651-8FD4-4CAC-A85D-FBEAB3D3676D}
2012-03-25 12:16:08 -------- d-----w- c:\users\user\appdata\local\{732C3853-8AD6-4110-ACAE-53BA6F2A5F57}
2012-03-24 15:47:24 -------- d-----w- c:\users\user\appdata\local\{45EB680A-6ED7-49AC-8980-A2B5D6A7BB66}
2012-03-24 15:47:00 -------- d-----w- c:\users\user\appdata\local\{29A8ECED-3408-4369-99BE-DC1EE80B4698}
2012-03-22 17:21:43 -------- d-----w- c:\users\user\appdata\local\Microsoft Games
2012-03-22 16:29:45 -------- d-----w- c:\program files\Gadwin Systems
2012-03-22 12:03:24 -------- d-----w- c:\users\user\appdata\local\{A3C79A24-7C9F-41C6-AD45-1B01C421838D}
2012-03-22 12:03:03 -------- d-----w- c:\users\user\appdata\local\{5A5843E0-56DB-41CB-901A-F3379B597C21}
.
==================== Find3M ====================
.
2012-04-14 10:35:10 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 18:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-08 21:50:28 49016 ----a-w- c:\windows\system32\sirenacm.dll
2012-03-08 21:37:20 302448 ----a-w- c:\windows\WLXPGSS.SCR
2012-03-07 00:15:19 41184 ----a-w- c:\windows\avastSS.scr
2012-02-28 01:18:55 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-23 13:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 05:34:22 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-02-17 05:30:02 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 04:13:22 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-17 04:09:59 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-10 05:38:43 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-02-07 14:02:40 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-03 04:13:43 2351104 ----a-w- c:\windows\system32\win32k.sys
2012-01-25 05:32:35 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 05:32:34 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 05:27:51 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
============= FINISH: 20:56:54,53 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 13/03/2012 13:52:56
System Uptime: 20/04/2012 16:07:43 (4 hours ago)
.
Motherboard: MEGA | | G41T-M7 LGT
Processor: Intel(R) Celeron(R) CPU E3400 @ 2.60GHz | CPU 1 | 2593/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 447,041 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP86: 17/04/2012 18:49:20 - LCCD PS SA AT 2061 CD TBM
RP87: 18/04/2012 16:40:25 - Windows Update
RP88: 19/04/2012 22:31:46 - LCCD PS SA AT 2061 CD TBM EMP CD TBM SEM MSE
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3) - Português
Atualização do produto Microsoft Office Excel 2007 Help (KB963678)
Atualização do produto Microsoft Office Outlook 2007 Help (KB963677)
Atualização do produto Microsoft Office Powerpoint 2007 Help (KB963669)
Atualização do produto Microsoft Office Word 2007 Help (KB963665)
Compressor WinRAR
Controle ActiveX do Windows Live Mesh para Conexões Remotas
D3DX10
Gadwin PrintScreen
Google Chrome
Java Auto Updater
Java(TM) 6 Update 31
Junk Mail filter update
Malwarebytes Anti-Malware versão 1.61.0.1400
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (Portuguese (Brazil)) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Portuguese (Brazil)) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (Portuguese (Brazil)) 2007
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (Portuguese (Brazil)) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (Portuguese (Brazil)) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007
Microsoft Office Shared MUI (Portuguese (Brazil)) 2007
Microsoft Office Word MUI (Portuguese (Brazil)) 2007
Microsoft Primary Interoperability Assemblies 2005
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 11.0 (x86 pt-BR)
MSVCRT
Panda Cloud Antivirus
Revo Uninstaller 1.93
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Galeria de Fotos
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== End Of File ===========================
Obrigado
Estou com uma praga virtual aqui ; que ao iniciar o sistema; não deixa conectar de imediato a internet. Fica como se estivesse procurando a conexão primeiro; demora uns 2 minutos para iniciar/conectar . Acho que é um rootkit .
Enquete :
Os rootkits são sobras de vários softwares ?
( ) Sim ( ) Não
Os mesmos diblam os AV`s ?
( ) Sim ( ) Não
Ao detectá - los ; transformam - se em outros ?
( ) Sim ( ) Não
Comentem !
Logs :
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by User at 20:56:13 on 2012-04-20
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.2070.18.1981.1296 [GMT -3:00]
.
AV: Panda Cloud Antivirus *Enabled/Updated* {86971480-9989-6750-B122-681A86518D59}
SP: Panda Cloud Antivirus *Enabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\UI0Detect.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Gadwin PrintScreen] "c:\program files\gadwin systems\printscreen\PrintScreen.exe" /nosplash
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [PSUNMain] "c:\program files\panda security\panda cloud antivirus\PSUNMain.exe" /Traybar
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xportar para o Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 189.7.96.15 189.7.96.16
TCP: Interfaces\{D51D7741-3282-47CA-800C-6AC86A36E52E} : DhcpNameServer = 189.7.96.15 189.7.96.16
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\prof iles\dy8vvbn4.default\
FF - prefs.js: browser.startup.homepage - Apenas usuários registrados e ativados podem ver os links., Clique aqui para se cadastrar...
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\user\appdata\local\google\update\1.3.21.1 11\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_20 2_233.dll
.
============= SERVICES / DRIVERS ===============
.
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKN C.sys [2011-11-23 126216]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\panda security\panda cloud antivirus\PSANHost.exe [2011-4-28 140608]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSIN Aflt.sys [2012-1-5 144136]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSIN File.sys [2011-4-28 99400]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSIN Proc.sys [2011-4-28 111176]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSIN Prot.sys [2011-11-30 112904]
R3 RTL8167;Controlador Realtek 8167 NT;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\ v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPl ayerUpdateService.exe [2012-3-29 253088]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-4-12 62464]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssflt r.sys [2012-4-6 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominipor t.sys [2010-11-20 15872]
S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2011-9-10 77184]
S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2011-4-12 25600]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\wat\WatAdminSvc.exe [2012-3-14 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
SUnknown TsUsbFlt;TsUsbFlt; [x]
SUnknown tsusbhub;tsusbhub; [x]
.
=============== Created Last 30 ================
.
2012-04-20 12:07:27 6734704 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{945c584d-d0c3-49bd-a1ea-dabc9b933a08}\mpengine.dll
2012-04-20 12:03:38 -------- d-----w- c:\users\user\appdata\local\{E8CAF5A5-676A-41FB-8ED0-1AF9FBC3770E}
2012-04-20 12:03:24 -------- d-----w- c:\users\user\appdata\local\{0E461955-FCDE-40BE-9332-D4FED006587D}
2012-04-19 14:04:45 -------- d-----w- c:\users\user\appdata\local\{9E1041D7-7480-4F64-8447-7CBB74D3F985}
2012-04-19 14:04:22 -------- d-----w- c:\users\user\appdata\local\{C339C454-4FAE-4427-AA53-8E12E7FDD42F}
2012-04-19 02:03:53 -------- d-----w- c:\users\user\appdata\local\{9EB9E103-36AF-4449-A1A9-94E10EC8CC6F}
2012-04-19 02:03:30 -------- d-----w- c:\users\user\appdata\local\{F5A863D3-B830-43AE-8ED3-7495941A0264}
2012-04-18 14:03:01 -------- d-----w- c:\users\user\appdata\local\{4BD4B40A-3505-41D8-AB61-71BE426D8717}
2012-04-18 14:02:43 -------- d-----w- c:\users\user\appdata\local\{7E8EB873-BAD2-4F8D-A3F9-D6197DAE67F2}
2012-04-17 17:45:13 -------- d-----w- c:\users\user\appdata\local\{7AFDC4D5-E27E-47F0-915B-6E1765EC8325}
2012-04-17 17:45:00 -------- d-----w- c:\users\user\appdata\local\{B81E000B-443C-464F-BE80-2C94102725CB}
2012-04-17 15:27:57 -------- d-----w- c:\users\user\appdata\roaming\Ad-Aware Antivirus
2012-04-17 15:03:48 -------- d-----w- c:\users\user\appdata\local\{97C58BA4-ACCF-4F0A-AFE6-EE0C053A8758}
2012-04-17 15:03:32 -------- d-----w- c:\users\user\appdata\local\{F1FC64C6-D184-44FB-9B5F-D681E6EF1DDA}
2012-04-17 01:04:57 -------- d-----w- c:\users\user\appdata\local\{7AF85887-2602-4EAB-B824-15C56B507218}
2012-04-17 01:04:35 -------- d-----w- c:\users\user\appdata\local\{E33AB11A-C719-4505-9664-CBADC6BB2614}
2012-04-16 13:04:07 -------- d-----w- c:\users\user\appdata\local\{265BFFEB-2564-4095-9B9D-C490A07BE65A}
2012-04-16 13:03:49 -------- d-----w- c:\users\user\appdata\local\{C5396508-6464-4E1C-9F68-5F630221A73C}
2012-04-15 14:06:30 -------- d-----w- c:\users\user\appdata\local\{6EDA112A-4E3E-4BDD-9306-FA8171D5CCE3}
2012-04-15 14:06:12 -------- d-----w- c:\users\user\appdata\local\{0C22F04F-D0B9-4C3F-819B-4CD7189016D7}
2012-04-14 22:34:19 -------- d-----w- c:\users\user\appdata\local\{7C182D3F-BC9A-4F16-99C5-A91E07E8B960}
2012-04-14 22:33:56 -------- d-----w- c:\users\user\appdata\local\{75845C5F-A757-4329-81BC-FEE8A2F17DF4}
2012-04-14 10:33:28 -------- d-----w- c:\users\user\appdata\local\{325545A7-0C40-4918-99D4-A2C407F148F4}
2012-04-14 10:33:11 -------- d-----w- c:\users\user\appdata\local\{03782FD9-0474-4940-AA70-52D1B6B34EF5}
2012-04-13 03:13:38 -------- d-----w- c:\users\user\appdata\local\{16D40B88-5CDE-4FCB-A42E-90D6077F37CB}
2012-04-13 03:13:21 -------- d-----w- c:\users\user\appdata\local\{E6E8A871-D244-45D0-960E-C6839E087022}
2012-04-12 11:44:01 -------- d-----w- c:\users\user\appdata\local\{40C685FC-B1C0-4775-BF82-68C3ACF61ADB}
2012-04-12 11:43:44 -------- d-----w- c:\users\user\appdata\local\{54A0F399-F44C-4543-923A-F2B36B14D057}
2012-04-11 12:11:01 -------- d-----w- c:\users\user\appdata\local\{72691CE1-4644-4400-96C6-80BF9E0E7763}
2012-04-11 12:10:38 -------- d-----w- c:\users\user\appdata\local\{05D99163-3354-4E77-9E29-4E065FE09C70}
2012-04-11 06:00:50 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 06:00:49 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 06:00:49 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 06:00:49 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 06:00:31 3972464 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-11 06:00:30 3916656 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 00:10:10 -------- d-----w- c:\users\user\appdata\local\{065B2E57-41AE-43D0-B881-30916FE7296D}
2012-04-11 00:09:55 -------- d-----w- c:\users\user\appdata\local\{7ACD79FB-073B-4B90-BCCF-28EA63A12BEF}
2012-04-10 09:27:31 -------- d-----w- c:\users\user\appdata\local\{147FEF8C-795D-4E4A-98CF-C4BA18EC3713}
2012-04-10 09:27:16 -------- d-----w- c:\users\user\appdata\local\{95C1168E-DDA6-4D68-B64D-BB8D456257E1}
2012-04-09 12:14:09 -------- d-----w- c:\users\user\appdata\local\{8B89E26E-5B10-4195-9F0C-9B0597BF3BA8}
2012-04-09 12:13:57 -------- d-----w- c:\users\user\appdata\local\{0A8C12D7-84D3-4A10-883C-86D6B8F7BE13}
2012-04-08 13:11:01 -------- d-----w- c:\users\user\appdata\local\{8AD486C7-18A9-4F7C-821F-2F80C08F4C67}
2012-04-08 13:10:43 -------- d-----w- c:\users\user\appdata\local\{4E9FF97B-137A-4B28-8D45-CDBD87FAB3AF}
2012-04-07 21:10:16 -------- d-----w- c:\users\user\appdata\local\{78F107A8-ACAB-44C7-B8B0-7D01A5A4C6AC}
2012-04-07 21:10:02 -------- d-----w- c:\users\user\appdata\local\{6B5A8DB3-07AB-43CE-BA1E-6C946F3CC7DD}
2012-04-06 14:12:59 -------- d-----w- c:\users\user\appdata\local\{F6624A52-E048-469F-9A5F-5237E9495D6E}
2012-04-06 14:12:36 -------- d-----w- c:\users\user\appdata\local\{761DD93D-9A2F-457C-ACC6-42D7662E916E}
2012-04-06 13:39:34 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2012-04-06 13:35:16 89944 ----a-w- c:\program files\common files\windows live\.cache\19bb84d11cd13fa01\DSETUP.dll
2012-04-06 13:35:16 537432 ----a-w- c:\program files\common files\windows live\.cache\19bb84d11cd13fa01\DXSETUP.exe
2012-04-06 13:35:16 1801048 ----a-w- c:\program files\common files\windows live\.cache\19bb84d11cd13fa01\dsetup32.dll
2012-04-06 13:35:16 15712 ----a-w- c:\program files\common files\windows live\.cache\1a6486851cd13fa02\MeshBetaRemover.exe
2012-04-06 13:33:45 -------- d-----w- c:\users\user\appdata\local\{E1322764-17A3-4559-B0E2-243F401CDD18}
2012-04-06 13:33:11 -------- d-----w- c:\users\user\appdata\local\{F230A2E3-3959-48A8-B9A3-6733B2474E70}
2012-04-05 12:29:33 -------- d-----w- c:\users\user\appdata\local\{164A9AF4-A51D-4D1E-8EFC-FC0DEF424DD8}
2012-04-04 23:03:42 -------- d-----w- c:\users\user\appdata\local\{CF30FD36-68FD-4413-B44E-1C7CBFA26B52}
2012-04-04 23:03:19 -------- d-----w- c:\users\user\appdata\local\{913CAB28-B7E6-4E52-84DD-0E5AD7C36DAA}
2012-04-04 22:19:42 -------- d-----w- c:\users\user\appdata\local\{5E630F7D-D807-4DCB-B8B4-E18027919C10}
2012-04-04 22:19:30 -------- d-----w- c:\users\user\appdata\local\{5227A6C2-9287-4704-BC85-4F583DC7B918}
2012-04-04 18:25:23 -------- d-----w- c:\users\user\appdata\local\{098B23A4-5C78-4707-9901-40013D6820B5}
2012-04-04 18:25:05 -------- d-----w- c:\users\user\appdata\local\{06057BC2-19A3-4115-9310-7A386F69C524}
2012-04-03 23:05:26 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-03 21:39:06 -------- d-----w- c:\users\user\appdata\local\{EA46E76A-8C09-4501-8101-CC712F3D727E}
2012-04-03 21:38:50 -------- d-----w- c:\users\user\appdata\local\{83290A20-550F-4E9E-9F86-C48657439365}
2012-04-03 21:28:50 -------- d-----w- c:\users\user\appdata\local\{CEF9DA1F-0573-4DBE-99D1-7BE1A2BB191A}
2012-04-03 21:28:38 -------- d-----w- c:\users\user\appdata\local\{D2551545-60E2-4853-931A-A7100D846897}
2012-04-03 21:22:56 -------- d-----w- c:\users\user\appdata\local\{A418242A-86DB-4835-B25E-F95C4CD664E9}
2012-04-03 21:22:39 -------- d-----w- c:\users\user\appdata\local\{FF3FC3CA-A2D4-419B-AFC0-A511D19CFB62}
2012-04-03 21:15:13 -------- d-----w- c:\users\user\appdata\local\{D1749CA1-B6B3-4F23-A7C4-0A143A543C87}
2012-04-03 20:21:34 -------- d-----w- c:\users\user\appdata\local\{94A2A17F-D51A-44A2-86F0-EE8E6278475D}
2012-04-03 20:21:18 -------- d-----w- c:\users\user\appdata\local\{75505C6A-D9E2-4425-8300-95B5F5488DC5}
2012-04-03 19:00:55 -------- d-----w- c:\users\user\appdata\local\{57EF249F-FBFD-4FFC-92EB-62DD249277F6}
2012-04-03 19:00:38 -------- d-----w- c:\users\user\appdata\local\{7D3C7A35-0FEE-439B-B0E5-847421E3B6C0}
2012-04-03 13:00:50 -------- d-----w- c:\users\user\appdata\local\{A8E9CB8C-0492-4470-B0C9-D0D895C42867}
2012-04-03 13:00:25 -------- d-----w- c:\users\user\appdata\local\{B08C0DBE-CEAB-447B-ADC8-C2CDFD21E50F}
2012-04-02 23:04:29 -------- d-----w- c:\users\user\appdata\local\{2908DCB5-0925-4231-BE77-3286AD3C7E58}
2012-04-02 11:03:54 -------- d-----w- c:\users\user\appdata\local\{3DB1FFEB-622C-4ADA-86F2-88AB89EB9E0B}
2012-04-01 23:03:17 -------- d-----w- c:\users\user\appdata\local\{5D31926C-E6D1-4DA1-A160-2E8AC92B86DD}
2012-04-01 11:02:41 -------- d-----w- c:\users\user\appdata\local\{2275CFE7-B649-43DD-A146-51BE9D61F11A}
2012-03-31 11:01:50 -------- d-----w- c:\users\user\appdata\local\{9B244555-C6E5-4944-A6CB-15D1AC45AA2F}
2012-03-30 12:36:15 -------- d-----w- c:\users\user\appdata\local\{E274A9B8-1752-4F21-B6B7-BA903CAC1F67}
2012-03-29 23:11:43 -------- d-----w- c:\users\user\appdata\local\{97D16505-62F3-44A3-AFC4-7D42165814BF}
2012-03-29 20:02:26 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-29 11:11:15 -------- d-----w- c:\users\user\appdata\local\{E732AD21-C2E8-447B-9E88-0F26C514DA22}
2012-03-28 13:54:42 -------- d-----w- c:\users\user\appdata\local\{9F11C12B-17AD-4C93-819E-A665E28FE570}
2012-03-28 13:54:27 -------- d-----w- c:\users\user\appdata\local\{B0D43A8E-963B-41B7-9010-19BEE1D30417}
2012-03-28 00:20:16 -------- d-----w- c:\users\user\appdata\local\{284BB12F-8CD2-4C29-9EB3-CC206F1469BA}
2012-03-28 00:19:54 -------- d-----w- c:\users\user\appdata\local\{72021CFC-050C-4078-8810-3E0F31928DF3}
2012-03-27 14:07:10 -------- d-----w- c:\users\user\appdata\local\Opera
2012-03-27 12:19:26 -------- d-----w- c:\users\user\appdata\local\{E87E5529-DE2D-4079-A28A-61D689BB0F41}
2012-03-27 12:19:03 -------- d-----w- c:\users\user\appdata\local\{260CCC81-A5E4-4F67-B76B-1E06292258BB}
2012-03-27 00:18:37 -------- d-----w- c:\users\user\appdata\local\{FAEDC9FC-BDC9-4958-AD5F-D35F78957448}
2012-03-27 00:18:14 -------- d-----w- c:\users\user\appdata\local\{CCBF2734-D50F-4F2D-B554-4C6EC383FA3C}
2012-03-26 12:17:48 -------- d-----w- c:\users\user\appdata\local\{8A5463CE-CA7C-418B-B8A7-9F26B3C06613}
2012-03-26 12:17:25 -------- d-----w- c:\users\user\appdata\local\{B84D1859-7375-4D5C-86DB-48CD3C910F35}
2012-03-26 00:17:00 -------- d-----w- c:\users\user\appdata\local\{004DE5B1-2218-4CB8-B44A-45A91D0EDB75}
2012-03-25 12:16:22 -------- d-----w- c:\users\user\appdata\local\{B0CC1651-8FD4-4CAC-A85D-FBEAB3D3676D}
2012-03-25 12:16:08 -------- d-----w- c:\users\user\appdata\local\{732C3853-8AD6-4110-ACAE-53BA6F2A5F57}
2012-03-24 15:47:24 -------- d-----w- c:\users\user\appdata\local\{45EB680A-6ED7-49AC-8980-A2B5D6A7BB66}
2012-03-24 15:47:00 -------- d-----w- c:\users\user\appdata\local\{29A8ECED-3408-4369-99BE-DC1EE80B4698}
2012-03-22 17:21:43 -------- d-----w- c:\users\user\appdata\local\Microsoft Games
2012-03-22 16:29:45 -------- d-----w- c:\program files\Gadwin Systems
2012-03-22 12:03:24 -------- d-----w- c:\users\user\appdata\local\{A3C79A24-7C9F-41C6-AD45-1B01C421838D}
2012-03-22 12:03:03 -------- d-----w- c:\users\user\appdata\local\{5A5843E0-56DB-41CB-901A-F3379B597C21}
.
==================== Find3M ====================
.
2012-04-14 10:35:10 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 18:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-08 21:50:28 49016 ----a-w- c:\windows\system32\sirenacm.dll
2012-03-08 21:37:20 302448 ----a-w- c:\windows\WLXPGSS.SCR
2012-03-07 00:15:19 41184 ----a-w- c:\windows\avastSS.scr
2012-02-28 01:18:55 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-23 13:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 05:34:22 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-02-17 05:30:02 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 04:13:22 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-17 04:09:59 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-10 05:38:43 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-02-07 14:02:40 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-03 04:13:43 2351104 ----a-w- c:\windows\system32\win32k.sys
2012-01-25 05:32:35 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 05:32:34 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 05:27:51 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
============= FINISH: 20:56:54,53 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 13/03/2012 13:52:56
System Uptime: 20/04/2012 16:07:43 (4 hours ago)
.
Motherboard: MEGA | | G41T-M7 LGT
Processor: Intel(R) Celeron(R) CPU E3400 @ 2.60GHz | CPU 1 | 2593/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 447,041 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP86: 17/04/2012 18:49:20 - LCCD PS SA AT 2061 CD TBM
RP87: 18/04/2012 16:40:25 - Windows Update
RP88: 19/04/2012 22:31:46 - LCCD PS SA AT 2061 CD TBM EMP CD TBM SEM MSE
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3) - Português
Atualização do produto Microsoft Office Excel 2007 Help (KB963678)
Atualização do produto Microsoft Office Outlook 2007 Help (KB963677)
Atualização do produto Microsoft Office Powerpoint 2007 Help (KB963669)
Atualização do produto Microsoft Office Word 2007 Help (KB963665)
Compressor WinRAR
Controle ActiveX do Windows Live Mesh para Conexões Remotas
D3DX10
Gadwin PrintScreen
Google Chrome
Java Auto Updater
Java(TM) 6 Update 31
Junk Mail filter update
Malwarebytes Anti-Malware versão 1.61.0.1400
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (Portuguese (Brazil)) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Portuguese (Brazil)) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (Portuguese (Brazil)) 2007
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (Portuguese (Brazil)) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (Portuguese (Brazil)) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007
Microsoft Office Shared MUI (Portuguese (Brazil)) 2007
Microsoft Office Word MUI (Portuguese (Brazil)) 2007
Microsoft Primary Interoperability Assemblies 2005
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 11.0 (x86 pt-BR)
MSVCRT
Panda Cloud Antivirus
Revo Uninstaller 1.93
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Galeria de Fotos
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== End Of File ===========================
Obrigado
