Ir ao conteúdo
  • Cadastre-se
samuel192

Vírus na memória RAM

Recommended Posts

Oi peguei um virus Backdoor (Backdoor:Win32/IRCbot.gen!M) pelo MSN, eu removo ele, mas, todas as vezes que ligo meu notebook ele roda de novo e o antivírus acusa a presença de programa mal intencionado.

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_11-03-05.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 19/06/2010 10:57:42

System Uptime: 15/03/2011 22:02:27 (2 hours ago)

.

Motherboard: Acer | | Aspire 4741

Processor: Intel® Core i3 CPU M 330 @ 2.13GHz | CPU 1 | 917/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 286 GiB total, 114,94 GiB free.

D: is CDROM ()

E: is CDROM (CDFS)

F: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP267: 24/02/2011 20:06:34 - Windows Update

RP268: 26/02/2011 23:07:33 - Windows Update

RP269: 28/02/2011 00:05:42 - Windows Update

RP270: 01/03/2011 09:58:44 - Windows Update

RP271: 02/03/2011 11:12:38 - Windows Update

RP272: 03/03/2011 10:36:28 - Windows Update

RP273: 04/03/2011 12:00:57 - Windows Update

RP274: 04/03/2011 12:29:48 - Removed Skype™ 4.1

RP275: 04/03/2011 12:49:07 - Removed Skype™ 4.1

RP276: 05/03/2011 16:39:28 - Windows Update

RP277: 06/03/2011 23:42:44 - Windows Update

RP278: 07/03/2011 21:15:33 - Windows Update

RP279: 08/03/2011 21:23:52 - Windows Update

RP280: 09/03/2011 14:07:38 - Windows Update

RP281: 09/03/2011 21:49:57 - Windows Update

RP282: 10/03/2011 21:58:02 - Windows Update

RP283: 12/03/2011 08:39:32 - Windows Update

RP284: 12/03/2011 11:59:41 - Windows Update

RP285: 13/03/2011 16:30:23 - Windows Update

RP286: 14/03/2011 11:31:18 - Windows Update

RP287: 14/03/2011 20:46:40 - Windows Update

RP288: 15/03/2011 11:01:01 - Windows Update

RP290: 15/03/2011 11:39:30 - Microsoft Antimalware Checkpoint

RP291: 15/03/2011 23:45:27 - Windows Update

.

==== Installed Programs ======================

.

2007 Microsoft Office Suite Service Pack 2 (SP2)

888poker

A Bíblia Sagrada Versão Digital 6.0 Freeware

Acer Backup Manager

Acer Crystal Eye webcam

Acer ePower Management

Acer eRecovery Management

Acer GameZone Console

Acer Registration

Acer ScreenSaver

Acer Updater

Acrobat.com

Adobe AIR

Adobe Community Help

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Media Player

Adobe Reader 9.2 MUI

Alcor Micro USB Card Reader

Apple Application Support

Apple Software Update

Arquivo do WinRAR

Ask.com Search Assistant 1.0.2

Atualização do produto Microsoft Office Excel 2007 Help (KB963678)

Atualização do produto Microsoft Office Powerpoint 2007 Help (KB963669)

Atualização do produto Microsoft Office Word 2007 Help (KB963665)

aTube Catcher

Backup Manager Basic

Bricx Command Center

Compatibility Pack for the 2007 Office system

Controle ActiveX do Windows Live Mesh para Conexões Remotas

CyberLink PowerDVD 9

D3DX10

Dream Day First Home

DVD Shrink 3.2

eBay Worldwide

eSobi v2

FM Screen Capture Codec (Remove Only)

Google Earth

Google Toolbar for Internet Explorer

Google Update Helper

Identity Card

Intel® Control Center

Intel® Graphics Media Accelerator Driver

Intel® Management Engine Components

Intel® Rapid Storage Technology

Launch Manager

LEGO MINDSTORMS NXT - English Language Pack

LEGO MINDSTORMS NXT Migration Package

LEGO MINDSTORMS NXT Software v2.0

Merriam Websters Spell Jam

Messenger Plus! 5

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Brazilian Portuguese Language Pack

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Access MUI (Portuguese (Brazil)) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Excel MUI (Portuguese (Brazil)) 2007

Microsoft Office Groove MUI (Portuguese (Brazil)) 2007

Microsoft Office Home and Student 2007

Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Portuguese (Brazil)) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing (Portuguese (Brazil)) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared MUI (Portuguese (Brazil)) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Suite Activation Assistant

Microsoft Office Word MUI (English) 2007

Microsoft Office Word MUI (Portuguese (Brazil)) 2007

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Works

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Minidicionário eletrônico Houaiss 2010

MSVCRT

MSXML 4.0 SP3 Parser (KB973685)

MyWinLocker

NTI Backup Now 5

NTI Backup Now Standard

NTI Media Maker 8

PhotoScape

PokerStars

QuickTime

QuipTabela 4.01

Realtek High Definition Audio Driver

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2289158)

Security Update for 2007 Microsoft Office System (KB2344875)

Security Update for 2007 Microsoft Office System (KB2345043)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for Microsoft Office Access 2007 (KB979440)

Security Update for Microsoft Office Excel 2007 (KB2345035)

Security Update for Microsoft Office Groove 2007 (KB2494047)

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB982158)

Security Update for Microsoft Office PowerPoint Viewer (KB2413381)

Security Update for Microsoft Office Publisher 2007 (KB2284697)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2344993)

Skype™ 5.1

Update for 2007 Microsoft Office System (KB2284654)

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office OneNote 2007 (KB980729)

Update for Microsoft Office Outlook 2007 (KB2412171)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Word 2007 Help (KB963665)

Update for Outlook 2007 Junk Email Filter (KB2508979)

VIVO INTERNET

Welcome Center

Windows Live Communications Platform

Windows Live Essentials

Windows Live Galeria de Fotos

Windows Live Installer

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

WinPcap 4.1.1

.

==== Event Viewer Messages From Past Week ========

.

14/03/2011 12:33:46, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.

11/03/2011 21:28:05, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Dispositivo Celular da Apple service to connect.

11/03/2011 21:28:05, Error: Service Control Manager [7000] - The Dispositivo Celular da Apple service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

11/03/2011 18:36:40, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR3.

11/03/2011 18:35:53, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.

11/03/2011 18:33:53, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.

09/03/2011 16:25:42, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

09/03/2011 16:22:07, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service.

09/03/2011 16:21:37, Error: Microsoft-Windows-BitLocker-Driver [24620] - Encrypted volume check: Volume information on G: cannot be read.

09/03/2011 16:20:39, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR10.

09/03/2011 16:14:56, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR8.

09/03/2011 16:10:24, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR7.

09/03/2011 16:01:23, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR5.

09/03/2011 14:57:58, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RasMan service.

09/03/2011 14:55:58, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wuauserv service.

09/03/2011 14:55:58, Error: Service Control Manager [7000] - The Windows Update service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

09/03/2011 13:50:19, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.

.

==== End Of File ===========================

.

DDS (Ver_11-03-05.01) - NTFS_AMD64

Run by user at 0:23:02,83 on 16/03/2011

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.55.1033.18.1781.516 [GMT -3:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Program Files (x86)\Launch Manager\dsiwmis.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Acer\Registration\GregHSRW.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Acer\Acer Updater\UpdaterService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe

C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\VIVO INTERNET\VIVO INTERNET.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe

C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe

C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe

C:\Windows\system32\igfxext.exe

C:\Program Files (x86)\Launch Manager\LManager.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Launch Manager\LMworker.exe

C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Apoint2K\ApMsgFwd.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Apoint2K\HidFind.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\SysWow64\Macromed\Flash\FlashUtil10d.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE

C:\Windows\splwow64.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\user\Desktop\virus\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com.br/

uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_4741&r=27360610l216l0418z125t4501k363

mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_4741&r=27360610l216l0418z125t4501k363

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_4741&r=27360610l216l0418z125t4501k363

mWinlogon: Userinit=userinit.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll

BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [Mobile Partner] "C:\Program Files (x86)\VIVO INTERNET\VIVO INTERNET.exe"

uRun: [cdrdxuat] C:\Users\user\AppData\Local\bretge.exe

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k

mRun: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe

mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe" 196609

mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

StartupFolder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\aftlt.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab

DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab

DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

TCP: {888EC925-9F4B-4527-A97F-345D3760BCCE} = 200.220.227.56 200.142.132.32

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

mRun-x64: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe

mRun-x64: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe

mRun-x64: [igfxTray] C:\Windows\system32\igfxtray.exe

mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe

mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

mRun-x64: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

mRun-x64: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

mRun-x64: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

mRun-x64: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

.

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2010-3-25 188928]

R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2009-6-3 22576]

R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2009-6-3 20016]

R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2009-6-3 60464]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]

R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-4-11 325200]

R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2010-4-11 865824]

R2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-8-28 1150496]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-2-10 13336]

R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-1-6 255744]

R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-11-5 144640]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-2-10 2320920]

R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-2-10 240160]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-2-10 56344]

R3 hwusbdev;Huawei DataCard USB PNP Device;C:\Windows\System32\drivers\ewusbdev.sys [2010-6-28 114560]

R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-4-11 158848]

R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-4-11 271872]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-10-16 321064]

R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2010-3-25 40832]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-20 136176]

S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2009-12-1 40448]

S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2010-4-11 52264]

S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-4-11 35104]

S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-12-12 48488]

S3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2009-12-2 305448]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 72064]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]

S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-11-5 50432]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-9-28 51712]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-20 1255736]

.

=============== Created Last 30 ================

.

2011-03-16 03:20:03 7947600 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{2D3794BF-A8E4-45BF-8E90-B6DAB0770CB8}\mpengine.dll

2011-03-16 02:27:12 -------- d-----w- C:\Users\user\AppData\Local\{7FAD383B-21AF-4ED1-A18B-D732208220BE}

2011-03-15 14:26:51 -------- d-----w- C:\Users\user\AppData\Local\{226A731B-9103-4EC0-A04A-DAA3E3768934}

2011-03-15 02:25:58 -------- d-----w- C:\Users\user\AppData\Local\{781B0304-703F-4172-88EB-48552D6351FC}

2011-03-15 00:15:06 -------- d-----w- C:\Users\user\AppData\Local\{6B688D07-FB55-4D8A-8C32-2A0519BC3F12}

2011-03-14 15:29:36 141312 --sh--r- C:\Users\user\AppData\Local\bretge.exe

2011-03-14 15:29:36 141312 --s---r- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\aftlt.exe

2011-03-14 12:14:39 -------- d-----w- C:\Users\user\AppData\Local\{EF802A8A-749E-4ED4-9685-5CF683E55D7B}

2011-03-13 19:17:48 -------- d-----w- C:\Users\user\AppData\Local\{30E89FCC-2828-42D6-900B-CB8DE3E97188}

2011-03-12 14:38:01 -------- d-----w- C:\Users\user\AppData\Local\{DB51EA68-E4C5-4EE1-B1A8-A6FA2AD0ECE0}

2011-03-12 01:45:49 -------- d-----w- C:\Users\user\AppData\Local\{D40493A3-0769-4414-9AF9-63E5A94603B8}

2011-03-11 13:45:25 -------- d-----w- C:\Users\user\AppData\Local\{B6C1BAD0-3405-4C77-8AC8-4953B992ACC4}

2011-03-10 14:52:36 -------- d-----w- C:\Users\user\AppData\Local\{8F82C113-8793-4C6F-AEBE-1194C4C265C1}

2011-03-10 02:52:08 -------- d-----w- C:\Users\user\AppData\Local\{7FE41471-754F-436B-8975-FF2910990655}

2011-03-09 14:51:49 -------- d-----w- C:\Users\user\AppData\Local\{A5B9FA5E-A45F-429A-AA4F-B4586116BBB7}

2011-03-09 10:58:25 3138048 ----a-w- C:\Windows\System32\mstscax.dll

2011-03-09 10:58:25 2690560 ----a-w- C:\Windows\SysWow64\mstscax.dll

2011-03-09 10:58:24 1097216 ----a-w- C:\Windows\System32\mstsc.exe

2011-03-09 10:58:24 1034240 ----a-w- C:\Windows\SysWow64\mstsc.exe

2011-03-09 10:57:18 961024 ----a-w- C:\Windows\System32\CPFilters.dll

2011-03-09 10:57:17 723968 ----a-w- C:\Windows\System32\EncDec.dll

2011-03-09 10:57:16 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll

2011-03-09 10:57:16 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll

2011-03-09 10:57:15 1118720 ----a-w- C:\Windows\System32\sbe.dll

2011-03-09 10:57:14 850432 ----a-w- C:\Windows\SysWow64\sbe.dll

2011-03-09 10:57:14 259072 ----a-w- C:\Windows\System32\mpg2splt.ax

2011-03-09 10:57:14 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax

2011-03-08 23:15:41 -------- d-----w- C:\Users\user\AppData\Local\{88915D2C-0774-4BD7-81E4-759E4EEB8A49}

2011-03-08 10:22:34 -------- d-----w- C:\Users\user\AppData\Local\{DB7CF383-F4E0-4761-8A07-F97B56830544}

2011-03-07 13:22:30 -------- d-----w- C:\Users\user\AppData\Local\{6560B1E7-6DE8-4722-AF87-4B116344A7ED}

2011-03-07 13:15:00 -------- d-----w- C:\Users\user\AppData\Local\{CBCA26EA-4827-4E81-B65B-0A122DB2740E}

2011-03-07 13:12:22 -------- d-----w- C:\Users\user\AppData\Local\{4EF37103-0DBF-467A-8ADC-BA2FC0251AB6}

2011-03-06 15:40:43 -------- d-----w- C:\Users\user\AppData\Local\{B76BD565-272E-4E3D-AFF9-078FC3F256F3}

2011-03-05 15:13:42 -------- d-----w- C:\Users\user\AppData\Local\{AF3FA093-7070-425B-A20D-94EABFBACA1E}

2011-03-05 03:13:14 -------- d-----w- C:\Users\user\AppData\Local\{31D77A82-38EA-4EC6-874B-4275C598115E}

2011-03-04 15:50:06 -------- d-----r- C:\Program Files (x86)\Skype

2011-03-04 15:12:54 -------- d-----w- C:\Users\user\AppData\Local\{C4DE9478-3875-4A46-AF87-6C5B5914C00B}

2011-03-04 03:02:46 -------- d-----w- C:\Users\user\AppData\Local\{237A45B6-EC14-4768-B5DB-A31A7BC7879D}

2011-03-03 14:42:38 -------- d-----w- C:\Users\user\AppData\Local\{9ED824C9-13C4-4199-B7C4-BBEF7CE6D0B9}

2011-03-03 02:14:15 -------- d-----w- C:\Users\user\AppData\Local\{FEC31058-5D8E-4B5B-99E6-339D123A47AF}

2011-03-02 14:26:49 -------- d-----w- C:\Program Files (x86)\QuipTabela4.01

2011-03-02 13:57:36 -------- d-----w- C:\Users\user\AppData\Local\{A7A12E45-6C25-4DF9-8ACA-25FE92B476F8}

2011-03-02 00:46:20 -------- d-----w- C:\Users\user\AppData\Local\{883ED672-5315-45A1-896A-9FBB59CB8E79}

2011-03-01 14:47:42 -------- d-----w- C:\PROGRA~3\Messenger Plus!

2011-03-01 14:47:33 -------- d-----w- C:\Program Files (x86)\Yuna Software

2011-03-01 12:45:33 -------- d-----w- C:\Users\user\AppData\Local\{2DB45F74-5906-4272-8CAE-DD748F741B30}

2011-02-28 15:43:36 -------- d-----w- C:\Users\user\AppData\Local\{6E3E9FB1-9AFF-418D-BE32-972253A2C94C}

2011-02-28 02:55:26 -------- d-----w- C:\Users\user\AppData\Local\{A35B3364-D8A9-406C-8116-B0A3AFBB4DBC}

2011-02-27 12:35:49 -------- d-----w- C:\Users\user\AppData\Local\{1E94F3F2-F4CB-462C-A091-6F54106F7F8A}

2011-02-26 15:50:29 -------- d-----w- C:\Users\user\AppData\Local\{DDCAE7FA-25DD-4282-9429-EA540B044755}

2011-02-26 01:15:03 -------- d-----w- C:\Users\user\AppData\Local\{5D1CE349-8FCC-43BB-80D0-F7C20FC04F32}

2011-02-25 13:14:11 -------- d-----w- C:\Users\user\AppData\Local\{91148C37-6FA1-4EB4-BDB1-649CC3BD6799}

2011-02-25 08:48:00 -------- d-----w- C:\Users\user\AppData\Local\{153166BF-70C8-4F34-8DA1-08C1CC997FC7}

2011-02-24 13:23:38 -------- d-----w- C:\Users\user\AppData\Local\{ADAA0836-49E4-45FF-86F3-815182F937A0}

2011-02-24 01:23:19 -------- d-----w- C:\Users\user\AppData\Local\{65610413-1575-43E3-AEF5-0DD4E569B768}

2011-02-23 13:23:00 -------- d-----w- C:\Users\user\AppData\Local\{24768BD0-DF96-42AA-B156-14EA62108858}

2011-02-23 01:22:36 -------- d-----w- C:\Users\user\AppData\Local\{A008522C-DBBC-4038-853C-1CABAE6B983B}

2011-02-22 12:21:19 -------- d-----w- C:\Users\user\AppData\Local\{67935624-479C-41B6-889A-110A8D451D3E}

2011-02-21 22:41:08 -------- d-----w- C:\Users\user\AppData\Local\{2FEC85B2-4BA2-4005-8F5B-7DD4B63A9DC8}

2011-02-21 10:40:50 -------- d-----w- C:\Users\user\AppData\Local\{B600D060-255D-4D98-9AFB-BDE1F71B1739}

2011-02-20 14:52:11 -------- d-----w- C:\Users\user\AppData\Local\{C1E284E3-7F9D-43D5-9C08-06C187467920}

2011-02-20 02:20:15 -------- d-----w- C:\Users\user\AppData\Local\{D63481F0-91AD-4550-8B2E-3C92F76393E6}

2011-02-19 13:15:41 -------- d-----w- C:\Users\user\AppData\Local\{87DBBD2F-0771-44CA-843F-431F842A744E}

2011-02-19 00:37:46 -------- d-----w- C:\Users\user\AppData\Local\{66E5BABA-BA9D-4686-93F1-340AB5F09ECB}

2011-02-18 13:09:06 521448 ----a-w- C:\Windows\System32\deployJava1.dll

2011-02-18 12:37:24 -------- d-----w- C:\Users\user\AppData\Local\{96BF15F6-0E8A-4AE6-AFBB-2B8F9414654A}

2011-02-18 00:37:01 -------- d-----w- C:\Users\user\AppData\Local\{447B9588-5282-4F2D-803B-AE8AD78AB056}

2011-02-17 17:10:04 -------- d-----w- C:\Users\user\AppData\Roaming\JoCar Consulting

2011-02-17 17:07:45 -------- d-----w- C:\Program Files (x86)\BricxCC

2011-02-17 17:07:34 796672 ----a-w- C:\Windows\GPInstall.exe

2011-02-17 14:06:19 -------- d-----w- C:\Program Files (x86)\National Instruments

2011-02-17 14:06:19 -------- d-----w- C:\Program Files (x86)\IVI Foundation

2011-02-17 12:36:39 -------- d-----w- C:\Users\user\AppData\Local\{90C6416B-C097-452F-8AE0-6B00CFEC2F5C}

2011-02-16 23:31:47 -------- d-----w- C:\Users\user\AppData\Local\{A1E0FF74-5EEF-4BA1-9A76-A435C23E8AF2}

2011-02-16 09:48:37 -------- d-----w- C:\Users\user\AppData\Local\{6628B648-006F-4DE2-8C89-6CB7FED5A80D}

2011-02-15 14:47:50 -------- d-----w- C:\Users\user\AppData\Local\{F7920602-7331-4E0F-BA6C-4406A116AC76}

2011-02-15 02:38:15 -------- d-----w- C:\Users\user\AppData\Local\{49AC253D-405A-4AD8-A36E-33A0186F881F}

2011-02-14 14:36:26 -------- d-----w- C:\Users\user\AppData\Local\{87A50EC6-E273-4069-93B3-8EF87D102240}

.

==================== Find3M ====================

.

2011-01-07 08:06:50 46080 ----a-w- C:\Windows\System32\atmlib.dll

2011-01-07 07:27:11 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2011-01-07 05:49:20 366080 ----a-w- C:\Windows\System32\atmfd.dll

2011-01-07 05:33:11 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll

2011-01-05 06:20:30 612352 ----a-w- C:\Windows\System32\vbscript.dll

2011-01-05 05:37:33 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll

2011-01-05 04:00:16 3127808 ----a-w- C:\Windows\System32\win32k.sys

2010-12-18 06:15:38 1197056 ----a-w- C:\Windows\System32\wininet.dll

2010-12-18 06:11:41 57856 ----a-w- C:\Windows\System32\licmgr10.dll

2010-12-18 06:11:34 714752 ----a-w- C:\Windows\System32\kerberos.dll

2010-12-18 05:32:22 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2010-12-18 05:29:40 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll

2010-12-18 05:29:31 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll

2010-12-18 04:55:03 482816 ----a-w- C:\Windows\System32\html.iec

2010-12-18 04:20:55 386048 ----a-w- C:\Windows\SysWow64\html.iec

2010-12-18 04:13:40 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2010-12-18 03:47:59 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

.

============= FINISH: 0:23:40,38 ===============

obrigado...

Compartilhar este post


Link para o post
Compartilhar em outros sites

Configure o Windows para mostrar todos os arquivos

Acesse este site: http://virustotal.com/

Em File to upload coloque: C:\Users\user\AppData\Local\bretge.exe

Em seguida clique em Submit

Copie e poste o resultado deste exame.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ele quem? Do que está falando?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Samuel,

Você configurou para mostrar todos os arquivos? Se sim, no site do Virus Total clique em "Selecionar Arquivo" e navegue até o arquivo indicado acima.

Compartilhar este post


Link para o post
Compartilhar em outros sites





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×