Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Poockah

Possível Ameaça de Spyware? (nerofcheck)

Recommended Posts

Conforme as regras sobre posts nesta área, estou com uma possível ameaça de spyware com o processo nerofcheck.exe, cujo não descobri muito até agora, o google não ajudou muito...

Eu deveria postar um log do DSS porém possuo AutoCAD instalado no computador e ele identifica o arquivo dss.scr como um script do mesmo, rodando o DSS como apenas um bloco de notas cheio de símbolos.

Porém segue abaixo o log do Hijackthis, Malwarebytes, www.virustotal.com e do arquivo Gmer, conforme as regras sobre tópicos.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 20:44:28, on 26/10/2010

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16671)

Boot mode: Normal

Running processes:

C:\Windows\PLFSetI.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files (x86)\RocketDock\RocketDock.exe

C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe

C:\Program Files (x86)\Launch Manager\LManager.exe

C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe

C:\Windows\syswow64\nerofcheck.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

D:\Pokah\instaladores\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.minilua.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL

O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [VitaKeyPdtWzd] "C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe"

O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [NeroCheckFilter] nerofcheck.exe

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [Core Temp] "D:\Pokah\instaladores\CoreTemp\CoreTemp64\Core Temp.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105

O9 - Extra button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe

O9 - Extra 'Tools' menuitem: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe

O23 - Service: Connectify - Connectify - C:\Program Files (x86)\Connectify\Connectifyd.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: EgisTec Service (IGBASVC) - Egis Technology Inc. - C:\Program Files (x86)\Acer Bio Protection\BASVC.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NMSAccess - Unknown owner - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 10586 bytes

e agora o log do GMER

GMER 1.0.15.15477 - http://www.gmer.net

Rootkit scan 2010-10-26 21:02:04

Windows 6.1.7600

Running: gmer.exe

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF3 0x2E 0x8E 0x65 ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x0F 0xD4 0xBC 0x23 ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x95 0x38 0xA3 0xD8 ...

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF3 0x2E 0x8E 0x65 ...

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x0F 0xD4 0xBC 0x23 ...

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x95 0x38 0xA3 0xD8 ...

---- EOF - GMER 1.0.15 ----

não sei se foi detectado o nerofcheck no GMER..

quando passou pela pasta local do suposto aplicativo nerofcheck nada foi alterado no gmer..

informaçoes adicioanis: instalei o malwarebytes Anti-Spyware, fiz um scan rápido e ele detectou 6 coisas relacionadas ao nerofcheck, segue abaixo log de scan do mesmo:

Tempo decorrido: 5 minuto(s), 3 segundo(s)

Processos de Memória Infectados: 1

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 0

Valores de Registro Infectados: 1

Itens de Dados no Registro Infectados: 0

Pastas Infectadas: 0

Arquivos Infectados: 5

Processos de Memória Infectados:

C:\Windows\SysWOW64\nerofcheck.exe (Trojan.Agent) -> No action taken.

Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)

Chaves de Registro Infectadas:

(Não foram detectados ítens maliciosos)

Valores de Registro Infectados:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nerocheckfilter (Trojan.Agent) -> No action taken.

Itens de Dados no Registro Infectados:

(Não foram detectados ítens maliciosos)

Pastas Infectadas:

(Não foram detectados ítens maliciosos)

Arquivos Infectados:

C:\Windows\SysWOW64\nerofcheck.exe (Trojan.Agent) -> No action taken.

C:\Windows\System32\nerofcheck.exe (Trojan.Agent) -> No action taken.

C:\Users\Pookah\AppData\Local\Temp\comver.dll (Adware.GameSpyArcade) -> No action taken.

C:\Users\Pookah\AppData\Local\Temp\FlashPlayer4663185356750260346.exe (Rootkit.Agent) -> No action taken.

C:\SWSet\setup.exe (Trojan.Banker) -> No action taken.

e também pesquisei sobre o nerofcheck no site www.virustotal.com e segue linke e informaçoes:

http://www.virustotal.com/file-scan/report.html?id=dd51e0726b41084eb8dcde4c5fa973ad5d4d9f35463c8daf2c373740a3a03388-1288131689

0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.

File name: nerofcheck.exe

Submission date: 2010-10-26 22:21:29 (UTC)

Current status: finished

Result: 34/ 41 (82.9%)

VT Community

not reviewed

Safety score: -

Compact

Print results

Antivirus Version Last Update Result

AhnLab-V3 2010.10.27.00 2010.10.26 Win-Trojan/Xema.variant

AntiVir 7.10.13.46 2010.10.26 TR/Dropper.Gen

Antiy-AVL 2.0.3.7 2010.10.26 Worm/Win32.VBNA.gen

Authentium 5.2.0.5 2010.10.26 -

Avast 4.8.1351.0 2010.10.26 Win32:Dropper-gen

Avast5 5.0.594.0 2010.10.26 Win32:Dropper-gen

AVG 9.0.0.851 2010.10.26 Dropper.Generic2.ACJI

BitDefender 7.2 2010.10.26 Gen:Trojan.Heur.VP.Vm3@aqpsRGI

CAT-QuickHeal 11.00 2010.10.26 Win32.VirTool.VBInject.gen!DG.3

ClamAV 0.96.2.0-git 2010.10.26 Trojan.VB-19909

Comodo 6520 2010.10.26 TrojWare.Win32.VBInject.IK

DrWeb 5.0.2.03300 2010.10.27 Trojan.MulDrop1.41051

Emsisoft 5.0.0.50 2010.10.26 Trojan-Dropper!IK

eTrust-Vet 36.1.7937 2010.10.26 -

F-Prot 4.6.2.117 2010.10.26 -

F-Secure 9.0.16160.0 2010.10.26 Gen:Trojan.Heur.VP.Vm3@aqpsRGI

Fortinet 4.2.249.0 2010.10.26 W32/Refroso.BLC!tr

GData 21 2010.10.27 Gen:Trojan.Heur.VP.Vm3@aqpsRGI

Ikarus T3.1.1.90.0 2010.10.26 Trojan-Dropper

Jiangmin 13.0.900 2010.10.26 Trojan/Generic.ajil

K7AntiVirus 9.66.2838 2010.10.26 Riskware

Kaspersky 7.0.0.125 2010.10.27 Trojan.Win32.VBKrypt.ham

McAfee 5.400.0.1158 2010.10.27 Generic.dx!tik

McAfee-GW-Edition 2010.1C 2010.10.26 Generic.dx!tik

Microsoft 1.6301 2010.10.26 Trojan:Win32/VB.AAX

NOD32 5565 2010.10.26 Win32/Induc.A

Norman 6.06.10 2010.10.26 W32/VBTroj.CYBG

nProtect 2010-10-26.01 2010.10.26 -

Panda 10.0.2.7 2010.10.26 Trj/CI.A

PCTools 7.0.3.5 2010.10.27 Trojan.Gen

Prevx 3.0 2010.10.27 Medium Risk Malware Dropper

Rising 22.71.00.03 2010.10.26 Trojan.Win32.Generic.5220AB89

Sophos 4.58.0 2010.10.26 Mal/Generic-L

Sunbelt 7146 2010.10.26 Trojan.Win32.Generic!BT

SUPERAntiSpyware 4.40.0.1006 2010.10.27 -

TheHacker 6.7.0.1.067 2010.10.26 Trojan/Injector.cij

TrendMicro 9.120.0.1004 2010.10.26 TROJ_GEN.R47C2GL

TrendMicro-HouseCall 9.120.0.1004 2010.10.26 TROJ_GEN.R47C2GL

VBA32 3.12.14.1 2010.10.25 -

ViRobot 2010.10.25.4110 2010.10.26 -

VirusBuster 12.70.6.0 2010.10.26 Trojan.VB.KGRG

Additional informationShow all

MD5 : 73d051269befd999059c918c5b6a7204

SHA1 : ad79385df33f5be0f2621c934580645bc5d51105

SHA256: dd51e0726b41084eb8dcde4c5fa973ad5d4d9f35463c8daf2c373740a3a03388

ssdeep: 12288:gRgPUPr5FgTiYvy+3IpXd9C/N1j1/tcsWG0U8s19LS95yx1iAeU5ZJHWbEC:HPUPr5Wi6

nRlc/oDLSSx1iNYlC

File size : 781368 bytes

First seen: 2010-07-16 16:28:45

Last seen : 2010-10-26 22:21:29

TrID:

Win32 Executable Generic (68.0%)

Generic Win/DOS Executable (15.9%)

DOS Executable Generic (15.9%)

Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)

sigcheck:

publisher....: ebhREVSDCVH

copyright....: n/a

product......: wrvcrbbhjwvr

description..: n/a

original name: wrvcrbbhjwvr.exe

internal name: wrvcrbbhjwvr

file version.: 264.457.0234

comments.....: n/a

signers......: -

signing date.: -

verified.....: Unsigned

PEInfo: PE structure information

[[ basic data ]]

entrypointaddress: 0x10E0

timedatestamp....: 0x4C3B44A1 (Mon Jul 12 16:36:49 2010)

machinetype......: 0x14c (I386)

[[ 3 section(s) ]]

name, viradd, virsiz, rawdsiz, ntropy, md5

.text, 0x1000, 0x3FF4, 0x4000, 4.95, c553e0332ead33da559f6a87f617cd0c

.data, 0x5000, 0x1B64, 0x0, 0.00, d41d8cd98f00b204e9800998ecf8427e

.rsrc, 0x7000, 0x914, 0x1000, 2.04, a6623c4e8957f2a2d6f95ddccba9f112

[[ 1 import(s) ]]

MSVBVM60.DLL: MethCallEngine, -, -, -, EVENT_SINK_AddRef, DllFunctionCall, EVENT_SINK_Release, EVENT_SINK_QueryInterface, __vbaExceptHandler, -, -, -, -, -, ProcCallEngine, -, -, -, -, -, -

Prevx Info:

http://info.prevx.com/aboutprogramtext.asp?PX5=EB36A8FA38B919CEECAD0B5EA5C6050034C2C557

ExifTool:

file metadata

CharacterSet: Unicode

CodeSize: 16384

CompanyName: ebhREVSDCVH

EntryPoint: 0x10e0

FileFlagsMask: 0x0000

FileOS: Win32

FileSize: 763 kB

FileSubtype: 0

FileType: Win32 EXE

FileVersion: 264.457.0234

FileVersionNumber: 264.457.0.234

ImageVersion: 264.457

InitializedDataSize: 12288

InternalName: wrvcrbbhjwvr

LanguageCode: Spanish (Modern)

LinkerVersion: 6.0

MIMEType: application/octet-stream

MachineType: Intel 386 or later, and compatibles

OSVersion: 4.0

ObjectFileType: Executable application

OriginalFilename: wrvcrbbhjwvr.exe

PEType: PE32

ProductName: wrvcrbbhjwvr

ProductVersion: 264.457.0234

ProductVersionNumber: 264.457.0.234

Subsystem: Windows GUI

SubsystemVersion: 4.0

TimeStamp: 2010:07:12 18:36:49+02:00

UninitializedDataSize: 0

VT Community

This file has never been reviewed by any VT Community member. Be the first one to comment on it!

VirusTotal Team

Não apliquei nenhum processo de remoção, apenas desativeio no msconfig sem sucesso pois quando reiniciei ele abriu novamente.

Obrigado.

Atenciosamente, Paulo Macedo.

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • DSS.txt:

    DDS (Ver_10-10-21.02) - NTFS_AMD64

    Run by Pookah at 0:28:33,06 on 27/10/2010

    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20

    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1046.18.3997.1785 [GMT -2:00]

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe

    C:\Windows\system32\lsm.exe

    C:\Windows\system32\svchost.exe -k DcomLaunch

    C:\Windows\system32\svchost.exe -k RPCSS

    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

    C:\Windows\system32\svchost.exe -k netsvcs

    C:\Windows\system32\svchost.exe -k LocalService

    C:\Windows\system32\svchost.exe -k NetworkService

    C:\Program Files\Common Files\SPBA\upeksvr.exe

    C:\Windows\System32\spoolsv.exe

    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

    C:\Windows\SysWOW64\svchost.exe -k Akamai

    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

    C:\Program Files (x86)\Acer Bio Protection\CompPtcVUI.exe

    C:\Program Files (x86)\Bonjour\mDNSResponder.exe

    C:\Program Files (x86)\Connectify\Connectifyd.exe

    C:\Windows\system32\Dwm.exe

    C:\Windows\system32\taskhost.exe

    C:\Windows\Explorer.EXE

    C:\Program Files (x86)\Acer Bio Protection\BASVC.exe

    C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe

    C:\Windows\system32\svchost.exe -k imgsvc

    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

    C:\Windows\PLFSetI.exe

    C:\Windows\System32\igfxtray.exe

    C:\Windows\system32\igfxsrvc.exe

    C:\Windows\System32\igfxpers.exe

    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

    C:\Users\Pookah\AppData\Local\Temp\RtkBtMnt.exe

    C:\Windows\system32\wbem\wmiprvse.exe

    C:\Program Files (x86)\RocketDock\RocketDock.exe

    C:\Program Files\Windows Sidebar\sidebar.exe

    C:\Windows\system32\SearchIndexer.exe

    D:\Pokah\instaladores\CoreTemp\CoreTemp64\Core Temp.exe

    C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

    C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe

    C:\Program Files (x86)\Launch Manager\LManager.exe

    C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe

    C:\Program Files\Windows Media Player\wmpnetwk.exe

    C:\Windows\syswow64\nerofcheck.exe

    C:\Windows\System32\svchost.exe -k LocalServicePeerNet

    C:\Windows\system32\DllHost.exe

    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    C:\Windows\System32\svchost.exe -k secsvcs

    C:\Windows\system32\svchost.exe -k SDRSVC

    C:\Windows\system32\AUDIODG.EXE

    C:\Program Files (x86)\Windows Media Player\wmplayer.exe

    C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe

    C:\Program Files (x86)\Skype\Phone\Skype.exe

    C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe

    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

    C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    C:\Windows\system32\SearchProtocolHost.exe

    C:\Windows\system32\SearchFilterHost.exe

    C:\Users\Pookah\Downloads\dds.pif

    C:\Windows\system32\conhost.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://search.minilua.com/

    uInternet Settings,ProxyOverride = *.local

    mWinlogon: Userinit=userinit.exe

    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL

    BHO: Auxiliar de Conexão do Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll

    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL

    BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

    uRun: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"

    uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

    uRun: [Core Temp] "D:\Pokah\instaladores\CoreTemp\CoreTemp64\Core Temp.exe"

    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

    uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

    mRun: [VitaKeyPdtWzd] "C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe"

    mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe

    mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

    mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

    mRun: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot

    mRun: [NeroCheckFilter] nerofcheck.exe

    mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

    mPolicies-explorer: NoActiveDesktop = 1 (0x1)

    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

    mPolicies-system: EnableLUA = 0 (0x0)

    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

    mPolicies-system: DisableCAD = 1 (0x1)

    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000

    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105

    IE: {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe

    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

    TCP: 14775637F6D65602E4564777F627B6 = 8.8.8.8,8.8.4.4

    TCP: 75C414E4F54326 = 8.8.8.8,8.8.4.4

    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL

    LSA: Notification Packages = C:\Program Files (x86)\Acer Bio Protection\PwdFilterV64

    {72853161-30C5-4D22-B7F9-0BBC1D38A37E}

    {9030D464-4C02-4ABF-8ECC-5164760863C6}

    {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}

    {B4F3A835-0E21-4959-BA22-42B3008E02FF}

    mRun-x64: [PLFSetI] C:\Windows\PLFSetI.exe

    mRun-x64: [igfxTray] C:\Windows\system32\igfxtray.exe

    mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

    mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe

    mRun-x64: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe

    mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

    mRun-x64: [skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe

    IE-X64: {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe

    SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook

    ================= FIREFOX ===================

    FF - ProfilePath - C:\Users\Pookah\AppData\Roaming\Mozilla\Firefox\Profiles\1hznm1e7.default\

    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2567694&SearchSource=3&q={searchTerms}

    FF - prefs.js: browser.startup.homepage - hxxp://pt-BR.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:pt-BR:official

    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2567694&q=

    FF - component: C:\Users\Pookah\AppData\Roaming\Mozilla\Firefox\Profiles\1hznm1e7.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}\components\GbMzhBb.dll

    FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL

    FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL

    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

    FF - plugin: C:\Program Files (x86)\Google\Google Updater\2.4.1908.5032\npCIDetect14.dll

    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll

    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

    FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

    FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll

    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

    FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

    FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----

    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional

    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified

    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);

    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);

    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);

    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);

    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional

    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

    C:\Program Files (x86)\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

    ============= SERVICES / DRIVERS ===============

    R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 27136]

    R2 Connectify;Connectify;C:\Program Files (x86)\Connectify\Connectifyd.exe [2010-9-27 892992]

    R2 IGBASVC;EgisTec Service;C:\Program Files (x86)\Acer Bio Protection\BASVC.exe [2010-5-7 3453440]

    R3 connctfyMP;connctfyMP;C:\Windows\System32\drivers\connctfy.sys [2010-6-21 34880]

    R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2010-5-7 138752]

    R3 netw5v64;Driver de adaptador Intel® Wireless WiFi Link 5000 Series para Windows Vista 64 Bits;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]

    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-5-7 222208]

    R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]

    R3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]

    R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]

    R3 winbondcir;Winbond IR Transceiver;C:\Windows\System32\drivers\winbondcir.sys [2007-3-28 46592]

    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-7 136176]

    S3 connctfy;Connectify Service;C:\Windows\System32\drivers\connctfy.sys [2010-6-21 34880]

    S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-5-7 1038088]

    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2009-10-29 30603640]

    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-9-26 4924336]

    S3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-10-17 1255736]

    ============== File Associations ===============

    .scr=AutoCADScriptFile

    =============== Created Last 30 ================

    2010-10-26 22:17:05 -------- d-----w- C:\Users\Pookah\AppData\Roaming\Malwarebytes

    2010-10-26 22:16:58 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

    2010-10-26 22:16:57 24664 ----a-w- C:\Windows\System32\drivers\mbam.sys

    2010-10-26 22:16:57 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

    2010-10-26 22:16:57 -------- d-----w- C:\PROGRA~3\Malwarebytes

    2010-10-26 22:07:02 -------- d-----w- C:\Windows\pss

    2010-10-20 02:46:12 8192 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll

    2010-10-20 02:46:02 140864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll

    2010-10-20 02:45:48 94208 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll

    2010-10-20 02:45:45 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared

    2010-10-20 02:45:34 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll

    2010-10-20 02:45:34 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll

    2010-10-20 02:44:51 569397 ----a-w- C:\Program Files (x86)\Internet Explorer\PLUGINS\RichFX\Player\nprfxins.dll

    2010-10-20 02:43:21 191488 ----a-w- C:\Windows\System32\unrar.dll

    2010-10-20 02:43:20 136704 ----a-w- C:\Windows\System32\ff_vfw.dll

    2010-10-20 02:43:19 -------- d-----w- C:\Program Files\KLCP64

    2010-10-20 02:20:09 -------- d-----w- C:\Program Files (x86)\Real Alternative

    2010-10-20 01:53:36 -------- d--h--w- C:\Users\Pookah\InstallAnywhere

    2010-10-17 09:56:26 -------- d-----w- C:\Windows\SysWow64\Wat

    2010-10-17 09:56:25 -------- d-----w- C:\Windows\System32\Wat

    2010-10-16 17:17:14 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll

    2010-10-16 17:17:14 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll

    2010-10-16 17:17:14 320352 ----a-w- C:\Windows\System32\PresentationHost.exe

    2010-10-16 17:17:14 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll

    2010-10-16 17:17:14 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe

    2010-10-16 17:17:14 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll

    2010-10-16 17:17:14 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll

    2010-10-16 17:17:13 48960 ----a-w- C:\Windows\System32\netfxperf.dll

    2010-10-16 17:17:13 444752 ----a-w- C:\Windows\System32\mscoree.dll

    2010-10-16 17:17:13 1942856 ----a-w- C:\Windows\System32\dfshim.dll

    2010-10-15 06:42:03 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll

    2010-10-15 06:42:03 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll

    2010-10-15 06:36:41 84992 ----a-w- C:\Windows\System32\asycfilt.dll

    2010-10-15 06:35:59 5507968 ----a-w- C:\Windows\System32\ntoskrnl.exe

    2010-10-15 06:35:58 3955080 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

    2010-10-15 06:35:58 3899784 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

    2010-10-15 06:35:41 340992 ----a-w- C:\Windows\System32\schannel.dll

    2010-10-15 06:35:41 224256 ----a-w- C:\Windows\SysWow64\schannel.dll

    2010-10-15 06:35:29 633856 ----a-w- C:\Windows\System32\comctl32.dll

    2010-10-15 06:35:28 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll

    2010-10-15 06:35:26 52224 ----a-w- C:\Windows\System32\rtutils.dll

    2010-10-15 06:35:26 37376 ----a-w- C:\Windows\SysWow64\rtutils.dll

    2010-10-15 06:33:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

    2010-10-15 06:33:29 2048 ----a-w- C:\Windows\System32\tzres.dll

    2010-10-15 06:33:12 558592 ----a-w- C:\Windows\System32\spoolsv.exe

    2010-10-15 06:33:11 82944 ----a-w- C:\Windows\SysWow64\iccvid.dll

    2010-10-15 06:33:11 144384 ----a-w- C:\Windows\System32\cdd.dll

    2010-10-15 06:32:51 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll

    2010-10-15 06:32:51 1024512 ----a-w- C:\Windows\System32\wmpmde.dll

    2010-10-15 06:32:50 1877504 ----a-w- C:\Windows\System32\msxml3.dll

    2010-10-15 06:32:49 1233920 ----a-w- C:\Windows\SysWow64\msxml3.dll

    2010-10-15 06:32:04 46080 ----a-w- C:\Windows\System32\atmlib.dll

    2010-10-15 06:32:04 366080 ----a-w- C:\Windows\System32\atmfd.dll

    2010-10-15 06:32:04 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

    2010-10-15 06:32:04 293888 ----a-w- C:\Windows\SysWow64\atmfd.dll

    2010-10-15 06:30:41 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe

    2010-10-15 06:30:41 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe

    2010-10-15 06:30:41 12625920 ----a-w- C:\Windows\System32\wmploc.DLL

    2010-10-15 06:30:41 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL

    2010-10-15 06:29:28 9728 ----a-w- C:\Windows\SysWow64\sscore.dll

    2010-10-15 06:29:28 463360 ----a-w- C:\Windows\System32\drivers\srv.sys

    2010-10-15 06:29:28 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys

    2010-10-15 06:29:28 236032 ----a-w- C:\Windows\System32\srvsvc.dll

    2010-10-15 06:29:28 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys

    2010-10-15 06:28:13 3123712 ----a-w- C:\Windows\System32\win32k.sys

    2010-10-15 01:16:22 223448 ----a-w- C:\Windows\System32\drivers\fvevol.sys

    2010-10-15 00:20:32 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll

    2010-10-15 00:20:32 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll

    2010-10-15 00:20:31 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll

    2010-10-15 00:20:31 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll

    2010-10-15 00:20:20 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c037bab01cb6bfe05\DSETUP.dll

    2010-10-15 00:20:20 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c037bab01cb6bfe05\DXSETUP.exe

    2010-10-15 00:20:20 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c037bab01cb6bfe05\dsetup32.dll

    2010-10-15 00:19:34 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a4c9148c1cb6bfe04\DSETUP.dll

    2010-10-15 00:19:34 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a4c9148c1cb6bfe04\DXSETUP.exe

    2010-10-15 00:19:34 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a4c9148c1cb6bfe04\dsetup32.dll

    2010-10-15 00:16:58 6260088 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\471113af1cb6bfe03\Silverlight.4.0.exe

    2010-10-15 00:12:48 1164800 ----a-w- C:\Windows\SysWow64\UIRibbonRes.dll

    2010-10-15 00:12:47 3860992 ----a-w- C:\Windows\System32\UIRibbon.dll

    2010-10-15 00:12:47 2983424 ----a-w- C:\Windows\SysWow64\UIRibbon.dll

    2010-10-15 00:12:47 1164800 ----a-w- C:\Windows\System32\UIRibbonRes.dll

    2010-10-15 00:10:24 206848 ----a-w- C:\Windows\System32\mfps.dll

    2010-10-15 00:10:23 257024 ----a-w- C:\Windows\System32\mfreadwrite.dll

    2010-10-15 00:10:22 4068864 ----a-w- C:\Windows\System32\mf.dll

    2010-10-15 00:10:22 196608 ----a-w- C:\Windows\SysWow64\mfreadwrite.dll

    2010-10-15 00:10:22 1888256 ----a-w- C:\Windows\System32\WMVDECOD.DLL

    2010-10-15 00:10:22 1619456 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL

    2010-10-15 00:10:21 3181568 ----a-w- C:\Windows\SysWow64\mf.dll

    2010-10-15 00:06:40 -------- d-----w- C:\Users\Pookah\AppData\Local\Windows Live

    2010-10-12 01:19:20 -------- d-----w- C:\Program Files (x86)\SopCast

    2010-10-12 01:19:20 -------- d-----w- C:\Program Files (x86)\Orban

    2010-10-11 19:45:34 -------- d-----w- C:\Users\Pookah\AppData\Local\Microsoft Games

    2010-10-05 03:19:51 2887680 ----a-w- C:\Windows\SysWow64\VagalumePluginWMP.dll

    2010-09-29 18:36:09 -------- d-----w- C:\Program Files (x86)\UltraVNC

    2010-09-27 22:31:30 -------- d-----w- C:\Users\Pookah\Games

    ==================== Find3M ====================

    2010-10-19 01:03:20 419840 ----a-w- C:\Windows\System32\systemcpl.dll

    2010-10-19 01:03:20 14848 ----a-w- C:\Windows\System32\slwga.dll

    2010-10-19 01:03:20 13824 ----a-w- C:\Windows\SysWow64\slwga.dll

    2010-10-19 01:03:18 833024 ----a-w- C:\Windows\SysWow64\user32.dll

    2010-10-19 01:03:18 1008640 ----a-w- C:\Windows\System32\user32.dll

    2010-09-23 03:47:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll

    2010-09-23 03:32:56 301936 ----a-w- C:\Windows\WLXPGSS.SCR

    2010-09-21 17:49:02 252800 ----a-w- C:\Windows\System32\LIVESSP.DLL

    2010-09-21 17:03:14 208768 ----a-w- C:\Windows\SysWow64\LIVESSP.DLL

    2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll

    2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll

    2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll

    2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll

    2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec

    2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

    2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec

    2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

    2010-08-26 05:27:28 148992 ----a-w- C:\Windows\System32\t2embed.dll

    2010-08-26 04:39:58 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll

    2010-07-31 22:43:36 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll

    2010-06-18 12:20:46 1757696 ----a-w- C:\Program Files (x86)\wplotpr.exe

    ============= FINISH: 0:29:01,96 ===============

    Attach.txt :

    DDS (Ver_10-10-21.02)

    Microsoft Windows 7 Ultimate

    Boot Device: \Device\HarddiskVolume2

    Install Date: 07/05/2010 08:48:04

    System Uptime: 26/10/2010 20:13:26 (4 hours ago)

    Motherboard: Acer | | Makalu

    Processor: Intel® Core2 Duo CPU T6400 @ 2.00GHz | U2E1 | 2000/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 143 GiB total, 84,444 GiB free.

    D: is FIXED (NTFS) - 139 GiB total, 28,506 GiB free.

    E: is CDROM ()

    F: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP89: 20/10/2010 00:28:09 - Installed Real Alternative

    ==== Installed Programs ======================

    A309 DeviceStage 1.0.0.1

    A310 DeviceStage 1.0.0.1

    Acer Bio Protection

    Acer Crystal Eye Webcam

    Adobe Anchor Service CS4

    Adobe Bridge CS4

    Adobe CMaps CS4

    Adobe Color - Photoshop Specific CS4

    Adobe Color EU Extra Settings CS4

    Adobe Color JA Extra Settings CS4

    Adobe Color NA Recommended Settings CS4

    Adobe Color Video Profiles CS CS4

    Adobe CSI CS4

    Adobe Default Language CS4

    Adobe ExtendScript Toolkit CS4

    Adobe Flash Player 10 ActiveX

    Adobe Flash Player 10 Plugin

    Adobe Fonts All

    Adobe Linguistics CS4

    Adobe Output Module

    Adobe PDF Library Files CS4

    Adobe Photoshop CS4

    Adobe Photoshop CS4 Support

    Adobe Reader 9.4.0 - Português

    Adobe Search for Help

    Adobe Service Manager Extension

    Adobe Setup

    Adobe Type Support CS4

    Adobe Update Manager CS4

    Adobe WinSoft Linguistics Plugin

    Adobe XMP Panels CS4

    AdobeColorCommonSetCMYK

    AdobeColorCommonSetRGB

    Akamai NetSession Interface

    Apple Application Support

    Apple Software Update

    µTorrent

    AVerMedia A309 (MiniCard, DVB-T) 1.0.64.61

    AVerMedia A310 (MiniCard, DVB-T) 1.1.64.30

    CDBurnerXP

    Combat Arms

    Connect

    Counter-Strike 1.6

    D3DX10

    Dev-C++ 5 beta 9 release (4.9.9.2)

    EVEREST Ultimate Edition v5.02

    ffdshow [rev 2527] [2008-12-19]

    Fingerprint Solution

    Garena 2010

    Google Apps

    Google Chrome

    Google Earth

    Google Update Helper

    Google Updater

    GTA San Andreas

    ImgBurn

    Java Auto Updater

    Java 6 Update 20

    kuler

    Last.fm 1.5.4.24567

    Launch Manager

    Malwarebytes' Anti-Malware

    Messenger Plus! Live

    Microsoft Office Access MUI (English) 2010 (Beta)

    Microsoft Office Access Setup Metadata MUI (English) 2010 (Beta)

    Microsoft Office Excel MUI (English) 2010 (Beta)

    Microsoft Office Groove MUI (English) 2010 (Beta)

    Microsoft Office InfoPath MUI (English) 2010 (Beta)

    Microsoft Office OneNote MUI (English) 2010 (Beta)

    Microsoft Office Outlook MUI (English) 2010 (Beta)

    Microsoft Office PowerPoint MUI (English) 2010 (Beta)

    Microsoft Office Professional Plus 2010

    Microsoft Office Professional Plus 2010 (Beta)

    Microsoft Office Proof (English) 2010 (Beta)

    Microsoft Office Proof (French) 2010 (Beta)

    Microsoft Office Proof (Spanish) 2010 (Beta)

    Microsoft Office Proofing (English) 2010 (Beta)

    Microsoft Office Publisher MUI (English) 2010 (Beta)

    Microsoft Office Shared MUI (English) 2010 (Beta)

    Microsoft Office Shared Setup Metadata MUI (English) 2010 (Beta)

    Microsoft Office Word MUI (English) 2010 (Beta)

    Microsoft Silverlight

    Microsoft SQL Server 2005 Compact Edition [ENU]

    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

    Mozilla Firefox (3.6.11)

    MSVCRT

    Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0

    Pando Media Booster

    PDF Settings CS4

    Photoshop Camera Raw

    Real Alternative 2.0.2

    RealPlayer

    Realtek High Definition Audio Driver

    Realtek USB 2.0 Card Reader

    RocketDock 1.3.5

    Skype™ 3.2

    Spelling Dictionaries Support For Adobe Reader 9

    Suite Shared Configuration CS4

    sXe Injected

    TeamSpeak 2 RC2

    UltraVNC 1.0.4 RC8

    VisuAlg 2.0.0.12 (20/09/06)

    VobSub v2.23 (Remove Only)

    Windows Live Communications Platform

    Windows Live Essentials

    Windows Live Galeria de Fotos

    Windows Live Installer

    Windows Live Messenger

    Windows Live Movie Maker

    Windows Live Photo Common

    Windows Live Photo Gallery

    Windows Live PIMT Platform

    Windows Live SOXE

    Windows Live SOXE Definitions

    Windows Live Sync

    Windows Live UX Platform

    Windows Live UX Platform Language Pack

    Windows Media Player Firefox Plugin

    ==== End Of File ===========================

    Não sabia que o link alternativo vinha em outra extensão.

    Peço desculpas.

    Obrigado

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Por gentileza, instale um antivírus antes de darmos inicio aos procedimentos.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Instalei o Kaspersky Anti-Virus 2011 (30 dias de teste).

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Perfeito. Agora rode novo scan do DDS.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Acabei de reiniciar ele, e parece que o kapersky já fez um pouco do trabalho,

    o processo não se encontra mais no gerenciador de tarefas e parece que o aplicativo nerofcheck foi excluído da pasta system32..

    aí vai os logs:

    DSS:

    DDS (Ver_10-10-21.02) - NTFS_AMD64

    Run by Pookah at 8:30:20,91 on 29/10/2010

    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20

    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1046.18.3997.2372 [GMT -2:00]

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe

    C:\Windows\system32\lsm.exe

    C:\Windows\system32\svchost.exe -k DcomLaunch

    C:\Windows\system32\svchost.exe -k RPCSS

    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

    C:\Windows\system32\svchost.exe -k netsvcs

    C:\Windows\system32\AUDIODG.EXE

    C:\Windows\system32\svchost.exe -k LocalService

    C:\Windows\system32\svchost.exe -k NetworkService

    C:\Program Files\Common Files\SPBA\upeksvr.exe

    C:\Program Files (x86)\Acer Bio Protection\CompPtcVUI.exe

    C:\Windows\System32\spoolsv.exe

    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

    C:\Windows\SysWOW64\svchost.exe -k Akamai

    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe

    C:\Program Files (x86)\Bonjour\mDNSResponder.exe

    C:\Program Files (x86)\Acer Bio Protection\BASVC.exe

    C:\Windows\system32\taskeng.exe

    C:\Windows\system32\taskhost.exe

    C:\Windows\system32\Dwm.exe

    C:\Windows\system32\taskeng.exe

    C:\Windows\Explorer.EXE

    C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe

    C:\Windows\system32\svchost.exe -k imgsvc

    C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe

    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

    C:\Windows\system32\SearchIndexer.exe

    C:\Windows\PLFSetI.exe

    C:\Windows\System32\igfxtray.exe

    C:\Windows\system32\igfxsrvc.exe

    C:\Windows\System32\igfxpers.exe

    C:\Windows\system32\SearchProtocolHost.exe

    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

    C:\Users\Pookah\AppData\Local\Temp\RtkBtMnt.exe

    C:\Program Files (x86)\RocketDock\RocketDock.exe

    C:\Program Files\Windows Sidebar\sidebar.exe

    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

    C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

    C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe

    C:\Program Files (x86)\Launch Manager\LManager.exe

    C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe

    C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe

    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe

    C:\Windows\system32\taskmgr.exe

    C:\Windows\system32\wbem\wmiprvse.exe

    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    C:\Windows\System32\svchost.exe -k secsvcs

    C:\Program Files\Windows Media Player\wmpnetwk.exe

    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    C:\Windows\system32\wbem\wmiprvse.exe

    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    C:\Windows\System32\svchost.exe -k LocalServicePeerNet

    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    C:\Windows\system32\DllHost.exe

    C:\Windows\system32\SearchFilterHost.exe

    C:\Windows\system32\SearchProtocolHost.exe

    \\?\C:\Windows\system32\wbem\WMIADAP.EXE

    D:\Software\dds.pif

    C:\Windows\system32\conhost.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://search.minilua.com/

    uInternet Settings,ProxyOverride = *.local

    mWinlogon: Userinit=userinit.exe

    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll

    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL

    BHO: Auxiliar de Conexão do Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll

    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL

    BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

    BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll

    uRun: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"

    uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

    uRun: [Core Temp] "D:\Pokah\instaladores\CoreTemp\CoreTemp64\Core Temp.exe"

    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

    uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

    mRun: [VitaKeyPdtWzd] "C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe"

    mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe

    mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

    mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

    mRun: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot

    mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe"

    mPolicies-explorer: NoActiveDesktop = 1 (0x1)

    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

    mPolicies-system: EnableLUA = 0 (0x0)

    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

    mPolicies-system: DisableCAD = 1 (0x1)

    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000

    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105

    IE: {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe

    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

    IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll

    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

    IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll

    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

    TCP: 14775637F6D65602E4564777F627B6 = 8.8.8.8,8.8.4.4

    TCP: 75C414E4F54326 = 8.8.8.8,8.8.4.4

    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

    AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll

    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL

    LSA: Notification Packages = C:\Program Files (x86)\Acer Bio Protection\PwdFilterV64

    {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}

    {72853161-30C5-4D22-B7F9-0BBC1D38A37E}

    {9030D464-4C02-4ABF-8ECC-5164760863C6}

    {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}

    {B4F3A835-0E21-4959-BA22-42B3008E02FF}

    {E33CF602-D945-461A-83F0-819F76A199F8}

    mRun-x64: [PLFSetI] C:\Windows\PLFSetI.exe

    mRun-x64: [igfxTray] C:\Windows\system32\igfxtray.exe

    mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

    mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe

    mRun-x64: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe

    mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

    mRun-x64: [skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe

    IE-X64: {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe

    SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook

    ================= FIREFOX ===================

    FF - ProfilePath - C:\Users\Pookah\AppData\Roaming\Mozilla\Firefox\Profiles\1hznm1e7.default\

    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2567694&SearchSource=3&q={searchTerms}

    FF - prefs.js: browser.startup.homepage - hxxp://pt-BR.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:pt-BR:official

    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2567694&q=

    FF - component: C:\Users\Pookah\AppData\Roaming\Mozilla\Firefox\Profiles\1hznm1e7.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}\components\GbMzhBb.dll

    FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL

    FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL

    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

    FF - plugin: C:\Program Files (x86)\Google\Google Updater\2.4.1908.5032\npCIDetect14.dll

    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll

    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

    FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

    FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll

    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

    FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

    FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----

    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional

    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified

    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);

    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);

    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);

    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);

    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional

    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

    C:\Program Files (x86)\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

    ============= SERVICES / DRIVERS ===============

    R1 kl2;kl2;C:\Windows\System32\drivers\kl2.sys [2010-6-9 11864]

    R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2010-4-22 27736]

    R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 27136]

    R2 AVP;Serviço do Kaspersky Anti-Virus;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe [2010-7-1 352976]

    R2 IGBASVC;EgisTec Service;C:\Program Files (x86)\Acer Bio Protection\BASVC.exe [2010-5-7 3453440]

    R2 TeamViewer5;TeamViewer 5;C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-10-28 2011944]

    R3 connctfyMP;connctfyMP;C:\Windows\System32\drivers\connctfy.sys [2010-6-21 34880]

    R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2010-5-7 138752]

    R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2009-11-2 22544]

    R3 netw5v64;Driver de adaptador Intel® Wireless WiFi Link 5000 Series para Windows Vista 64 Bits;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]

    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-5-7 222208]

    R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]

    R3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]

    R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]

    R3 winbondcir;Winbond IR Transceiver;C:\Windows\System32\drivers\winbondcir.sys [2007-3-28 46592]

    S2 Connectify;Connectify;C:\Program Files (x86)\Connectify\Connectifyd.exe [2010-9-27 892992]

    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-7 136176]

    S3 connctfy;Connectify Service;C:\Windows\System32\drivers\connctfy.sys [2010-6-21 34880]

    S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-5-7 1038088]

    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2009-10-29 30603640]

    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-9-26 4924336]

    S3 WatAdminSvc;WatAdminSvc;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-10-17 1255736]

    ============== File Associations ===============

    .scr=AutoCADScriptFile

    =============== Created Last 30 ================

    2010-10-28 20:23:02 -------- d-----w- C:\Users\Pookah\AppData\Roaming\TeamViewer

    2010-10-28 20:22:53 -------- d-----w- C:\Program Files (x86)\TeamViewer

    2010-10-28 19:44:14 150200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll

    2010-10-28 19:43:07 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab

    2010-10-28 19:43:07 -------- d-----w- C:\PROGRA~3\Kaspersky Lab

    2010-10-28 19:41:31 -------- d-----w- C:\PROGRA~3\Kaspersky Lab Setup Files

    2010-10-27 03:41:14 -------- d-----w- C:\Program Files (x86)\VideoLAN

    2010-10-26 22:17:05 -------- d-----w- C:\Users\Pookah\AppData\Roaming\Malwarebytes

    2010-10-26 22:16:58 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

    2010-10-26 22:16:57 24664 ----a-w- C:\Windows\System32\drivers\mbam.sys

    2010-10-26 22:16:57 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

    2010-10-26 22:16:57 -------- d-----w- C:\PROGRA~3\Malwarebytes

    2010-10-26 22:07:02 -------- d-----w- C:\Windows\pss

    2010-10-20 02:46:12 8192 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll

    2010-10-20 02:46:02 140864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll

    2010-10-20 02:45:48 94208 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll

    2010-10-20 02:45:45 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared

    2010-10-20 02:45:34 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll

    2010-10-20 02:45:34 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll

    2010-10-20 02:44:51 569397 ----a-w- C:\Program Files (x86)\Internet Explorer\PLUGINS\RichFX\Player\nprfxins.dll

    2010-10-20 02:43:21 191488 ----a-w- C:\Windows\System32\unrar.dll

    2010-10-20 02:43:20 136704 ----a-w- C:\Windows\System32\ff_vfw.dll

    2010-10-20 02:43:19 -------- d-----w- C:\Program Files\KLCP64

    2010-10-20 02:20:09 -------- d-----w- C:\Program Files (x86)\Real Alternative

    2010-10-20 01:53:36 -------- d--h--w- C:\Users\Pookah\InstallAnywhere

    2010-10-17 09:56:26 -------- d-----w- C:\Windows\SysWow64\Wat

    2010-10-17 09:56:25 -------- d-----w- C:\Windows\System32\Wat

    2010-10-16 17:17:14 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll

    2010-10-16 17:17:14 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll

    2010-10-16 17:17:14 320352 ----a-w- C:\Windows\System32\PresentationHost.exe

    2010-10-16 17:17:14 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll

    2010-10-16 17:17:14 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe

    2010-10-16 17:17:14 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll

    2010-10-16 17:17:14 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll

    2010-10-16 17:17:13 48960 ----a-w- C:\Windows\System32\netfxperf.dll

    2010-10-16 17:17:13 444752 ----a-w- C:\Windows\System32\mscoree.dll

    2010-10-16 17:17:13 1942856 ----a-w- C:\Windows\System32\dfshim.dll

    2010-10-15 06:42:03 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll

    2010-10-15 06:42:03 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll

    2010-10-15 06:36:41 84992 ----a-w- C:\Windows\System32\asycfilt.dll

    2010-10-15 06:35:59 5507968 ----a-w- C:\Windows\System32\ntoskrnl.exe

    2010-10-15 06:35:58 3955080 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

    2010-10-15 06:35:58 3899784 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

    2010-10-15 06:35:41 340992 ----a-w- C:\Windows\System32\schannel.dll

    2010-10-15 06:35:41 224256 ----a-w- C:\Windows\SysWow64\schannel.dll

    2010-10-15 06:35:29 633856 ----a-w- C:\Windows\System32\comctl32.dll

    2010-10-15 06:35:28 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll

    2010-10-15 06:35:26 52224 ----a-w- C:\Windows\System32\rtutils.dll

    2010-10-15 06:35:26 37376 ----a-w- C:\Windows\SysWow64\rtutils.dll

    2010-10-15 06:33:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

    2010-10-15 06:33:29 2048 ----a-w- C:\Windows\System32\tzres.dll

    2010-10-15 06:33:12 558592 ----a-w- C:\Windows\System32\spoolsv.exe

    2010-10-15 06:33:11 82944 ----a-w- C:\Windows\SysWow64\iccvid.dll

    2010-10-15 06:33:11 144384 ----a-w- C:\Windows\System32\cdd.dll

    2010-10-15 06:32:51 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll

    2010-10-15 06:32:51 1024512 ----a-w- C:\Windows\System32\wmpmde.dll

    2010-10-15 06:32:50 1877504 ----a-w- C:\Windows\System32\msxml3.dll

    2010-10-15 06:32:49 1233920 ----a-w- C:\Windows\SysWow64\msxml3.dll

    2010-10-15 06:32:04 46080 ----a-w- C:\Windows\System32\atmlib.dll

    2010-10-15 06:32:04 366080 ----a-w- C:\Windows\System32\atmfd.dll

    2010-10-15 06:32:04 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

    2010-10-15 06:32:04 293888 ----a-w- C:\Windows\SysWow64\atmfd.dll

    2010-10-15 06:30:41 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe

    2010-10-15 06:30:41 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe

    2010-10-15 06:30:41 12625920 ----a-w- C:\Windows\System32\wmploc.DLL

    2010-10-15 06:30:41 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL

    2010-10-15 06:29:28 9728 ----a-w- C:\Windows\SysWow64\sscore.dll

    2010-10-15 06:29:28 463360 ----a-w- C:\Windows\System32\drivers\srv.sys

    2010-10-15 06:29:28 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys

    2010-10-15 06:29:28 236032 ----a-w- C:\Windows\System32\srvsvc.dll

    2010-10-15 06:29:28 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys

    2010-10-15 06:28:13 3123712 ----a-w- C:\Windows\System32\win32k.sys

    2010-10-15 01:16:22 223448 ----a-w- C:\Windows\System32\drivers\fvevol.sys

    2010-10-15 00:20:32 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll

    2010-10-15 00:20:32 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll

    2010-10-15 00:20:31 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll

    2010-10-15 00:20:31 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll

    2010-10-15 00:20:20 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c037bab01cb6bfe05\DSETUP.dll

    2010-10-15 00:20:20 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c037bab01cb6bfe05\DXSETUP.exe

    2010-10-15 00:20:20 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c037bab01cb6bfe05\dsetup32.dll

    2010-10-15 00:19:34 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a4c9148c1cb6bfe04\DSETUP.dll

    2010-10-15 00:19:34 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a4c9148c1cb6bfe04\DXSETUP.exe

    2010-10-15 00:19:34 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a4c9148c1cb6bfe04\dsetup32.dll

    2010-10-15 00:16:58 6260088 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\471113af1cb6bfe03\Silverlight.4.0.exe

    2010-10-15 00:12:48 1164800 ----a-w- C:\Windows\SysWow64\UIRibbonRes.dll

    2010-10-15 00:12:47 3860992 ----a-w- C:\Windows\System32\UIRibbon.dll

    2010-10-15 00:12:47 2983424 ----a-w- C:\Windows\SysWow64\UIRibbon.dll

    2010-10-15 00:12:47 1164800 ----a-w- C:\Windows\System32\UIRibbonRes.dll

    2010-10-15 00:10:24 206848 ----a-w- C:\Windows\System32\mfps.dll

    2010-10-15 00:10:23 257024 ----a-w- C:\Windows\System32\mfreadwrite.dll

    2010-10-15 00:10:22 4068864 ----a-w- C:\Windows\System32\mf.dll

    2010-10-15 00:10:22 196608 ----a-w- C:\Windows\SysWow64\mfreadwrite.dll

    2010-10-15 00:10:22 1888256 ----a-w- C:\Windows\System32\WMVDECOD.DLL

    2010-10-15 00:10:22 1619456 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL

    2010-10-15 00:10:21 3181568 ----a-w- C:\Windows\SysWow64\mf.dll

    2010-10-15 00:06:40 -------- d-----w- C:\Users\Pookah\AppData\Local\Windows Live

    2010-10-12 01:19:20 -------- d-----w- C:\Program Files (x86)\SopCast

    2010-10-12 01:19:20 -------- d-----w- C:\Program Files (x86)\Orban

    2010-10-11 19:45:34 -------- d-----w- C:\Users\Pookah\AppData\Local\Microsoft Games

    2010-10-05 03:19:51 2887680 ----a-w- C:\Windows\SysWow64\VagalumePluginWMP.dll

    2010-09-29 18:36:09 -------- d-----w- C:\Program Files (x86)\UltraVNC

    ==================== Find3M ====================

    2010-10-19 01:03:20 419840 ----a-w- C:\Windows\System32\systemcpl.dll

    2010-10-19 01:03:20 14848 ----a-w- C:\Windows\System32\slwga.dll

    2010-10-19 01:03:20 13824 ----a-w- C:\Windows\SysWow64\slwga.dll

    2010-10-19 01:03:18 833024 ----a-w- C:\Windows\SysWow64\user32.dll

    2010-10-19 01:03:18 1008640 ----a-w- C:\Windows\System32\user32.dll

    2010-09-23 03:47:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll

    2010-09-23 03:32:56 301936 ----a-w- C:\Windows\WLXPGSS.SCR

    2010-09-21 17:49:02 252800 ----a-w- C:\Windows\System32\LIVESSP.DLL

    2010-09-21 17:03:14 208768 ----a-w- C:\Windows\SysWow64\LIVESSP.DLL

    2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll

    2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll

    2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll

    2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll

    2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec

    2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

    2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec

    2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

    2010-08-26 05:27:28 148992 ----a-w- C:\Windows\System32\t2embed.dll

    2010-08-26 04:39:58 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll

    2010-07-31 22:43:36 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll

    2010-06-18 12:20:46 1757696 ----a-w- C:\Program Files (x86)\wplotpr.exe

    ============= FINISH: 8:31:50,05 ===============

    ATTACH:

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-10-21.02)

    Microsoft Windows 7 Ultimate

    Boot Device: \Device\HarddiskVolume2

    Install Date: 07/05/2010 08:48:04

    System Uptime: 29/10/2010 08:24:30 (0 hours ago)

    Motherboard: Acer | | Makalu

    Processor: Intel® Core2 Duo CPU T6400 @ 2.00GHz | U2E1 | 2000/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 143 GiB total, 82,381 GiB free.

    D: is FIXED (NTFS) - 139 GiB total, 28,505 GiB free.

    E: is CDROM ()

    F: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP89: 20/10/2010 00:28:09 - Installed Real Alternative

    RP90: 27/10/2010 10:39:22 - Ponto de Verificação Agendado

    RP91: 28/10/2010 17:42:35 - Kaspersky Anti-Virus 2011 instalado.

    ==== Installed Programs ======================

    A309 DeviceStage 1.0.0.1

    A310 DeviceStage 1.0.0.1

    Acer Bio Protection

    Acer Crystal Eye Webcam

    Adobe Anchor Service CS4

    Adobe Bridge CS4

    Adobe CMaps CS4

    Adobe Color - Photoshop Specific CS4

    Adobe Color EU Extra Settings CS4

    Adobe Color JA Extra Settings CS4

    Adobe Color NA Recommended Settings CS4

    Adobe Color Video Profiles CS CS4

    Adobe CSI CS4

    Adobe Default Language CS4

    Adobe ExtendScript Toolkit CS4

    Adobe Flash Player 10 ActiveX

    Adobe Flash Player 10 Plugin

    Adobe Fonts All

    Adobe Linguistics CS4

    Adobe Output Module

    Adobe PDF Library Files CS4

    Adobe Photoshop CS4

    Adobe Photoshop CS4 Support

    Adobe Reader 9.4.0 - Português

    Adobe Search for Help

    Adobe Service Manager Extension

    Adobe Setup

    Adobe Type Support CS4

    Adobe Update Manager CS4

    Adobe WinSoft Linguistics Plugin

    Adobe XMP Panels CS4

    AdobeColorCommonSetCMYK

    AdobeColorCommonSetRGB

    Akamai NetSession Interface

    Apple Application Support

    Apple Software Update

    µTorrent

    AVerMedia A309 (MiniCard, DVB-T) 1.0.64.61

    AVerMedia A310 (MiniCard, DVB-T) 1.1.64.30

    CDBurnerXP

    Combat Arms

    Connect

    Counter-Strike 1.6

    D3DX10

    Dev-C++ 5 beta 9 release (4.9.9.2)

    EVEREST Ultimate Edition v5.02

    ffdshow [rev 2527] [2008-12-19]

    Fingerprint Solution

    Garena 2010

    Google Apps

    Google Chrome

    Google Earth

    Google Update Helper

    Google Updater

    GTA San Andreas

    ImgBurn

    Java Auto Updater

    Java 6 Update 20

    Kaspersky Anti-Virus 2011

    kuler

    Last.fm 1.5.4.24567

    Launch Manager

    Malwarebytes' Anti-Malware

    Messenger Plus! Live

    Microsoft Office Access MUI (English) 2010 (Beta)

    Microsoft Office Access Setup Metadata MUI (English) 2010 (Beta)

    Microsoft Office Excel MUI (English) 2010 (Beta)

    Microsoft Office Groove MUI (English) 2010 (Beta)

    Microsoft Office InfoPath MUI (English) 2010 (Beta)

    Microsoft Office OneNote MUI (English) 2010 (Beta)

    Microsoft Office Outlook MUI (English) 2010 (Beta)

    Microsoft Office PowerPoint MUI (English) 2010 (Beta)

    Microsoft Office Professional Plus 2010

    Microsoft Office Professional Plus 2010 (Beta)

    Microsoft Office Proof (English) 2010 (Beta)

    Microsoft Office Proof (French) 2010 (Beta)

    Microsoft Office Proof (Spanish) 2010 (Beta)

    Microsoft Office Proofing (English) 2010 (Beta)

    Microsoft Office Publisher MUI (English) 2010 (Beta)

    Microsoft Office Shared MUI (English) 2010 (Beta)

    Microsoft Office Shared Setup Metadata MUI (English) 2010 (Beta)

    Microsoft Office Word MUI (English) 2010 (Beta)

    Microsoft Silverlight

    Microsoft SQL Server 2005 Compact Edition [ENU]

    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

    Mozilla Firefox (3.6.11)

    MSVCRT

    Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0

    Pando Media Booster

    PDF Settings CS4

    Photoshop Camera Raw

    Real Alternative 2.0.2

    RealPlayer

    Realtek High Definition Audio Driver

    Realtek USB 2.0 Card Reader

    RocketDock 1.3.5

    Skype™ 3.2

    Spelling Dictionaries Support For Adobe Reader 9

    Suite Shared Configuration CS4

    sXe Injected

    TeamSpeak 2 RC2

    TeamViewer 5

    UltraVNC 1.0.4 RC8

    VisuAlg 2.0.0.12 (20/09/06)

    VLC media player 1.1.4

    VobSub v2.23 (Remove Only)

    Windows Live Communications Platform

    Windows Live Essentials

    Windows Live Galeria de Fotos

    Windows Live Installer

    Windows Live Messenger

    Windows Live Movie Maker

    Windows Live Photo Common

    Windows Live Photo Gallery

    Windows Live PIMT Platform

    Windows Live SOXE

    Windows Live SOXE Definitions

    Windows Live Sync

    Windows Live UX Platform

    Windows Live UX Platform Language Pack

    Windows Media Player Firefox Plugin

    ==== End Of File ===========================

    Porém nunca se sabe se tem mais coisas aí no meio...

    Editado por Poockah
    Complementar.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Este computador faz parte de uma rede?

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • É um notebook normal, uso pessoal, mas levo ele em vários lugares, casa de amigos, universidade, a internet de duas casas, onibus com wi-fi, sei lá..

    Uma rede fixa, que não é bem fixa é a do prédio da cidade onde estudo, fica a maior parte lá, mas deixo em rede pública e o mínimo de contato possível com os outros computadores da rede.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Tem uma configuração um tanto anormal de rede:

    TCP: 14775637F6D65602E4564777F627B6 = 8.8.8.8,8.8.4.4

    Sabe do que se trata?

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • esses números me lembram o DNS do google...

    Na casa do meu amigo é um modem+roteador d-link DSL-2640B, se não me engano, é meio antigo e difícil de configurar, então quando conectavamos ele dava erro de dns, e então pesquisamos no google pra saber uma alternativa, então sempre que estou na rede dele é preciso colocar o DNS pro manual e DNS1- 8.8.8.8 / DNS2- 8.8.4.4 se não ele não libera acesso a internet.

    E já usei esse dns no meu prédio também..

    Porém quanto ao TCP: 14775637F6D65602E4564777F627B6, não me lembra nada, talvez alguma configuração do modem/porta, nao sei.

    http://code.google.com/intl/pt-BR/speed/public-dns/

    Editado por Poockah

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Conhece o programa abaixo:

    D:\Pokah\instaladores\CoreTemp\CoreTemp64\Core Temp.exe

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Leia atentamente toda a instrução abaixo antes de executar o programa.

    Faça download do Kaspersky Removal Tool e salve em seu desktop.

    • Instale o programa normalmente, seguindo todas as instruções.
    • Uma pasta chamada Virus Removal Tool será criada no desktop.
    • Na tela do programa clique nas opções:
      • Meu computador
      • Hidden Startup objects
      • Disk boot sectors
      • System Memory

      [*]Clique no botão Start Scan.[*]Seja paciente, o scan é demorado![*]Conforme for scaneando provavelmente abrirá algumas janelas pequenas ao lado do relógio, não clique em nada.[*]Também há uma possibilidade de abrir uma janela maior contendo as seguintes opções:

      • Desinfection (quando possível)
      • Delete
      • Skip
    • Quando aparecer, marque primero a opção abaixo Apply to all objects e depois clique numa das opções acima.
    • Após completar tudo, clique no botão Reports, na janela que abrir nas opções acima deixe:
      • Autoscan
      • Group by result
      • All Events

      [*]Expanda Autoscan clicando no sinal ao lado de +[*]Expanda Result: Detected.[*]Clique com o botão direito do mouse e escolha Select all, e depois escolha Copy.[*]Atenção, ao fazer isso parece que o PC travou, mas não, aguarde uns minutos para liberar a memória.[*]Abra o Bloco de Notas e cole (ctrl + v)[*]Dê um nome para o arquivo e salve numa pasta de sua preferência.[*]Feche o resultado clicando no botão Exit.[*]Ao fazer isso será questionado se quer desinstalar a ferramenta, clique em Sim.[*]Reinicie o computador quando for pedido.[*]Poste o conteúdo desse arquivo em sua próxima resposta.

    OBSERVAÇÃO1:
    Atente para as janelas durante o scan elas possuem cores diferentes dependendo do risco. Portanto,

    • verde
      :
      baixo risco
    • amarelo
      :
      médio risco
    • vermelho
      :
      alto risco

    Antes de tomar qualquer medida verifique com cuidado o caminho/nome do arquivo para ver é de seu conhecimento, caso seja clique em
    Skip
    .

    OBSERVAÇÃO2:
    Se no resultado final do scan apenas tiver
    Result:
    OK
    , não precisa gerar um relatório, apenas informe deste.

    OBSERVAÇÃO3:
    Durante o scan pode ser que o Kaspersky acuse a seguinte pasta com vírus:
    c:\
    QooBox
    . Caso isto aconteça escolha a opção
    Skip
    , pois a mesma pertence ao
    ComboFix
    e será removida quando o mesmo for desinstalado.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×