Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Entre para seguir isso  
Evertonxd

Pc Infectado = /

Recommended Posts

Olá , recentemente formatei meu hd mal entrei na internet e do nada meu gerenciador de tarefas foi desativado e não consigo fazer mudanças de registro no computador, não consigo executar nenhum programa ant virus ou ant spyware. :o

desde ja agradeço pela atenção, dia dia estarei olhando e esperando uma resposta e agradecerei mesmo que não resolve meu problema..

agora estarei postando os logs. ~

DDS (Ver_09-02-01.01) - NTFSx86

Run by Everton-PC at 0:04:31,98 on s*b 14/03/2009

Internet Explorer: 7.0.5730.13

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.3071.2671 [GMT -3:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

C:\WINDOWS\system32\svchost -k rpcss

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Thomson\SpeedTouch USB\Dragdiag.exe

C:\Arquivos de programas\Telefonica\Speedy\SATUF.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\IDA\ida.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\DOCUME~1\EVERTO~1\CONFIG~1\Temp\wintiqhy.exe

C:\DOCUME~1\EVERTO~1\CONFIG~1\Temp\pxwoyt.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\DOCUME~1\EVERTO~1\CONFIG~1\Temp\winurnxh.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Documents and Settings\Everton-PC\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.br/

BHO: IE 4.x-6.x BHO for Internet Download Accelerator: {2a646672-9c3a-4c28-9a7a-1fb0f63f28b6} - c:\arquiv~1\ida\idaiehlp.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\arquivos de programas\spybot - search & destroy\SDHelper.dll

BHO: PCTools Site Guard: {5c8b2a36-3db1-42a4-a3cb-d426709bbfeb} - c:\arquiv~1\spywar~1\tools\iesdsg.dll

BHO: PCTools Browser Monitor: {b56a7d7d-6927-48c8-a975-17df180c71ac} - c:\arquiv~1\spywar~1\tools\iesdpb.dll

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

uRun: [internet Download Accelerator] c:\arquivos de programas\ida\ida.exe -autorun

uRun: [spybotSD TeaTimer] c:\arquivos de programas\spybot - search & destroy\TeaTimer.exe

uRun: [MSMSGS] "c:\arquivos de programas\messenger\msmsgs.exe" /background

uRun: [cdoosoft] c:\windows\system32\olhrwef.exe

uRun: [spyware Doctor] "c:\arquivos de programas\spyware doctor\swdoctor.exe" /Q

mRun: [speedTouch USB Diagnostics] "c:\arquivos de programas\thomson\speedtouch usb\Dragdiag.exe" /icon

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [HDAudDeck] c:\arquivos de programas\via\viaudioi\hdadeck\HDeck.exe 1

mRun: [tspuf] c:\arquivos de programas\telefonica\speedy\SATUF.exe

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [avast!] c:\arquiv~1\alwils~1\avast4\ashDisp.exe

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRun: [spyware Doctor] "c:\arquivos de programas\spyware doctor\swdoctor.exe" /Q

uPolicies-explorer: NoPublishingWizard = 0 (0x0)

uPolicies-explorer: NoWebServices = 0 (0x0)

uPolicies-explorer: NoOnlinePrintsWizard = 0 (0x0)

uPolicies-system: DisableTaskMgr = 1 (0x1)

uPolicies-system: DisableRegistryTools = 1 (0x1)

mPolicies-system: EnableLUA = 0 (0x0)

IE: Download ALL with IDA - c:\arquivos de programas\ida\idaieall.htm

IE: Download with IDA - c:\arquivos de programas\ida\idaie.htm

IE: {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - c:\arquivos de programas\ida\ida.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

IE: {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - {A1EDC4A1-940F-48E0-8DFD-E38F1D501021} - c:\arquiv~1\spywar~1\tools\iesdpb.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\arquivos de programas\spybot - search & destroy\SDHelper.dll

LSP: %SYSTEMROOT%\system32\nvLsp.dll

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1236967625505

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

TCP: {318E0B78-3CDA-481D-9568-D2804DB9013C} = 200.204.0.10 200.204.0.138

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\everto~1\dadosd~1\mozilla\firefox\profiles\qg10d6gz.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/

---- FIREFOX POLICIES ----

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-3-13 114768]

R1 ikhfile;File Security Kernel Anti-Spyware Driver;c:\windows\system32\drivers\ikhfile.sys [2009-3-13 30592]

R1 ikhlayer;Kernel Anti-Spyware Driver;c:\windows\system32\drivers\ikhlayer.sys [2009-3-13 51072]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-3-13 20560]

R3 alcan5ln;SpeedTouch USB ADSL RFC1483 Networking Driver (NDIS);c:\windows\system32\drivers\alcan5ln.sys [2009-3-13 36256]

R3 asc3360pr;asc3360pr;\??\c:\windows\system32\drivers\ngmhin.sys --> c:\windows\system32\drivers\ngmhin.sys [?]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-3-13 238080]

=============== Created Last 30 ================

2009-03-13 23:43 51,072 a------- c:\windows\system32\drivers\ikhlayer.sys

2009-03-13 23:43 30,592 a------- c:\windows\system32\drivers\ikhfile.sys

2009-03-13 23:43 <DIR> --d----- c:\docume~1\everto~1\dadosd~1\PC Tools

2009-03-13 23:43 <DIR> --d----- c:\arquivos de programas\Spyware Doctor

2009-03-13 23:35 109,504 ---shr-- c:\windows\system32\olhrwef.exe

2009-03-13 23:34 <DIR> --d----- c:\arquivos de programas\CCleaner

2009-03-13 22:59 268,648 a------- c:\windows\system32\mucltui.dll

2009-03-13 22:59 208,744 a------- c:\windows\system32\muweb.dll

2009-03-13 22:59 27,496 a------- c:\windows\system32\mucltui.dll.mui

2009-03-13 15:43 <DIR> -cdsh--- c:\arquivos de programas\arquivos comuns\WindowsLiveInstaller

2009-03-13 15:36 <DIR> --d----- c:\arquivos de programas\MSXML 4.0

2009-03-13 15:35 272,384 -c------ c:\windows\system32\dllcache\bthport.sys

2009-03-13 15:35 272,384 -------- c:\windows\system32\drivers\bthport.sys

2009-03-13 15:35 2,140,160 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe

2009-03-13 15:35 2,184,576 -c------ c:\windows\system32\dllcache\ntoskrnl.exe

2009-03-13 15:35 2,061,952 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe

2009-03-13 15:35 2,019,840 -c------ c:\windows\system32\dllcache\ntkrpamp.exe

2009-03-13 15:34 453,632 -c------ c:\windows\system32\dllcache\mrxsmb.sys

2009-03-13 15:33 109,504 ---shr-- C:\uxkl0apt.bat

2009-03-13 15:33 94,720 ---shr-- c:\windows\system32\nmdfgds1.dll

2009-03-13 15:32 107,564 ---shr-- C:\hyetn1i.exe

2009-03-13 15:32 110 ---shr-- C:\autorun.inf

2009-03-13 15:32 94,720 ---shr-- c:\windows\system32\nmdfgds0.dll

2009-03-13 15:28 <DIR> --d----- c:\windows\system32\pt-br

2009-03-13 15:25 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Spybot - Search & Destroy

2009-03-13 15:25 <DIR> --d----- c:\arquivos de programas\Spybot - Search & Destroy

2009-03-13 15:24 <DIR> --d----- c:\windows\network diagnostic

2009-03-13 15:23 <DIR> --d----- c:\docume~1\everto~1\dadosd~1\Malwarebytes

2009-03-13 15:23 15,504 a------- c:\windows\system32\drivers\mbam.sys

2009-03-13 15:23 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys

2009-03-13 15:23 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Malwarebytes

2009-03-13 15:23 <DIR> --d----- c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-03-13 15:20 2,455,488 -c------ c:\windows\system32\dllcache\ieapfltr.dat

2009-03-13 15:20 1,024,000 -c------ c:\windows\system32\dllcache\ieframe.dll.mui

2009-03-13 15:20 459,264 -c------ c:\windows\system32\dllcache\msfeeds.dll

2009-03-13 15:20 267,776 -c------ c:\windows\system32\dllcache\iertutil.dll

2009-03-13 15:20 52,224 -c------ c:\windows\system32\dllcache\msfeedsbs.dll

2009-03-13 15:20 13,824 -c------ c:\windows\system32\dllcache\ieudinit.exe

2009-03-13 15:20 383,488 -c------ c:\windows\system32\dllcache\ieapfltr.dll

2009-03-13 15:20 6,066,688 -c------ c:\windows\system32\dllcache\ieframe.dll

2009-03-13 15:20 63,488 -c------ c:\windows\system32\dllcache\icardie.dll

2009-03-13 15:18 <DIR> --d-h--- c:\windows\system32\GroupPolicy

2009-03-13 15:18 <DIR> --d----- C:\Downloads

2009-03-13 15:17 <DIR> --d----- C:\eb65b5463a3afefddaba1cc7

2009-03-13 15:15 <DIR> --d----- c:\docume~1\everto~1\dadosd~1\Internet Download Accelerator

2009-03-13 15:14 <DIR> --d----- c:\arquivos de programas\IDA

2009-03-13 15:12 <DIR> --d----- c:\windows\system32\CatRoot_bak

2009-03-13 15:10 <DIR> --d----- c:\windows\system32\PreInstall

2009-03-13 15:10 <DIR> --d-h--- c:\windows\$hf_mig$

2009-03-13 15:07 31,768 a------- c:\windows\system32\wucltui.dll.mui

2009-03-13 15:07 18,968 a------- c:\windows\system32\wuaueng.dll.mui

2009-03-13 15:07 27,672 a------- c:\windows\system32\wuaucpl.cpl.mui

2009-03-13 15:07 27,672 a------- c:\windows\system32\wuapi.dll.mui

2009-03-13 15:07 <DIR> --d----- c:\windows\system32\SoftwareDistribution

2009-03-13 15:06 <DIR> --ds---- c:\documents and settings\everton-pc\UserData

2009-03-13 14:54 117,248 a----r-- c:\windows\system32\drivers\viamraid.sys

2009-03-13 14:51 26,496 ac------ c:\windows\system32\dllcache\usbstor.sys

2009-03-13 14:48 8,704 a----r-- c:\windows\system32\viahdcpl.cpl

2009-03-13 14:47 <DIR> --d----- c:\arquivos de programas\VIA

2009-03-13 14:45 <DIR> --d----- c:\windows\system32\ReinstallBackups

2009-03-13 14:45 33,792 a------- c:\windows\system32\drivers\AmdPPM.sys

2009-03-13 14:45 <DIR> --d----- c:\arquivos de programas\AMD

2009-03-13 14:43 <DIR> --d----- c:\windows\AsusInstAll

2009-03-13 14:40 <DIR> --d----- c:\arquivos de programas\NVIDIA Corporation

2009-03-13 14:39 217,076 a------- c:\windows\system32\nvdspsky.chm

2009-03-13 14:39 <DIR> --d----- c:\arquivos de programas\Thomson

2009-03-13 14:38 <DIR> --d----- c:\arquivos de programas\arquivos comuns\InstallShield

2009-03-13 14:38 5,810 a----r-- c:\windows\system32\drivers\ASACPI.sys

2009-03-13 14:38 <DIR> --d----- c:\arquivos de programas\Telefonica

2009-03-13 14:38 31,577 a------- c:\windows\Ascd_tmp.ini

2009-03-13 14:38 10,296 a------- c:\windows\system32\drivers\ASUSHWIO.SYS

2009-03-13 14:38 45,056 a------- c:\windows\system32\msxml4a.dll

2009-03-13 14:38 24,576 a------- c:\windows\system32\msxml3a.dll

2009-03-13 14:35 <DIR> --d-h--- c:\documents and settings\everton-pc\Ambiente de rede

2009-03-13 14:35 <DIR> --d-h--- c:\documents and settings\everton-pc\Ambiente de impressão

2009-03-13 14:35 <DIR> --d-hr-- c:\documents and settings\everton-pc\Dados de aplicativos

2009-03-13 14:35 <DIR> --d-h--- c:\documents and settings\everton-pc\Modelos

2009-03-13 14:35 <DIR> --d-h--- c:\documents and settings\everton-pc\Configurações locais

2009-03-13 14:35 <DIR> --d--r-- c:\documents and settings\everton-pc\Meus documentos

2009-03-13 14:35 <DIR> --d--r-- c:\documents and settings\everton-pc\Menu Iniciar

2009-03-13 14:35 <DIR> --d--r-- c:\documents and settings\everton-pc\Favoritos

2009-03-13 14:35 <DIR> --d----- c:\documents and settings\Everton-PC

2009-03-13 14:33 <DIR> --ds---- c:\windows\system32\Microsoft

2009-03-13 14:31 8,192 a------- c:\windows\REGLOCS.OLD

2009-03-13 14:29 92,416 ac------ c:\windows\system32\dllcache\mga.sys

2009-03-13 14:28 3,018 a------- c:\windows\system32\CONFIG.NT

2009-03-13 14:28 0 a------- c:\windows\control.ini

2009-03-13 14:28 23,392 a------- c:\windows\system32\nscompat.tlb

2009-03-13 14:28 16,832 a------- c:\windows\system32\amcompat.tlb

2009-03-13 14:28 316,640 a------- c:\windows\WMSysPr9.prx

2009-03-13 14:27 <DIR> --dsh--- c:\documents and settings\all users\DRM

2009-03-13 14:27 <DIR> --d-h--- c:\arquivos de programas\WindowsUpdate

2009-03-13 14:27 <DIR> --d----- c:\arquivos de programas\Serviços on-line

2009-03-13 14:27 <DIR> --d----- c:\arquivos de programas\arquivos comuns\Serviços

2009-03-13 14:26 <DIR> --d----- c:\arquivos de programas\arquivos comuns\MSSoap

2009-03-13 14:25 <DIR> --d----- c:\arquivos de programas\Messenger

2009-03-13 14:25 <DIR> --d----- c:\arquivos de programas\MSN Gaming Zone

2009-03-13 14:25 <DIR> --d----- c:\arquivos de programas\Windows NT

2009-03-13 11:16 <DIR> --d----- c:\arquivos de programas\arquivos comuns\ODBC

2009-03-13 11:16 <DIR> --d----- c:\arquivos de programas\arquivos comuns\SpeechEngines

2009-03-13 11:16 <DIR> --d-h--- c:\documents and settings\all users\Modelos

2009-03-13 11:16 <DIR> --d--r-- c:\documents and settings\all users\Menu Iniciar

2009-03-13 11:16 <DIR> --d--r-- c:\documents and settings\all users\Documentos

2009-03-13 11:16 <DIR> --d----- c:\documents and settings\all users\Favoritos

2009-03-13 11:14 <DIR> --d-hr-- c:\documents and settings\all users\Dados de aplicativos

==================== Find3M ====================

2009-03-13 14:59 344,380 a------- c:\windows\system32\perfh016.dat

2009-03-13 14:59 48,628 a------- c:\windows\system32\perfc016.dat

2009-03-13 14:28 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat

2009-03-13 14:26 21,844 a------- c:\windows\system32\emptyregdb.dat

2009-03-12 14:41 331,184 -------- c:\windows\system32\difxapi.dll

2009-01-16 21:16 3,594,752 -------- c:\windows\system32\SET1D7.tmp

2008-12-20 19:47 826,368 a------- c:\windows\system32\wininet.dll

2008-12-20 19:47 826,368 -------- c:\windows\system32\SET1CE.tmp

2008-12-20 19:47 233,472 -------- c:\windows\system32\SET1CF.tmp

2008-12-20 19:47 1,160,192 -------- c:\windows\system32\SET1D0.tmp

2008-12-20 19:47 105,984 -------- c:\windows\system32\SET1D1.tmp

2008-12-20 19:47 477,696 -------- c:\windows\system32\SET1D6.tmp

2008-12-20 19:46 459,264 -------- c:\windows\system32\SET1D9.tmp

2008-12-20 19:46 52,224 -------- c:\windows\system32\SET1D8.tmp

2008-12-20 19:46 267,776 -------- c:\windows\system32\SET1DD.tmp

2008-12-20 19:46 6,066,688 -------- c:\windows\system32\SET1E0.tmp

2008-12-20 19:46 383,488 -------- c:\windows\system32\SET1E2.tmp

2008-12-20 19:46 214,528 -------- c:\windows\system32\SET1E9.tmp

2008-12-20 19:46 63,488 -------- c:\windows\system32\SET1E8.tmp

2008-12-20 19:46 347,136 -------- c:\windows\system32\SET1EA.tmp

2008-12-20 19:46 124,928 -------- c:\windows\system32\SET1EB.tmp

============= FINISH: 0:04:52,59 ===============

-====================-=====================-

GMER 1.0.15.14939 - http://www.gmer.net

Rootkit scan 2009-03-14 02:59:49

Windows 5.1.2600 Service Pack 2

---- Kernel code sections - GMER 1.0.15 ----

? C:\WINDOWS\system32\drivers\ngmhin.sys O sistema não pode encontrar o arquivo especificado. !

? C:\WINDOWS\TEMP\mc211.tmp O sistema não pode encontrar o arquivo especificado. !

---- User code sections - GMER 1.0.15 ----

.text C:\Arquivos de programas\Telefonica\Speedy\SATUF.exe[132] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]

.text C:\Arquivos de programas\Telefonica\Speedy\SATUF.exe[132] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}

.text C:\Arquivos de programas\Telefonica\Speedy\SATUF.exe[132] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A

.text C:\Arquivos de programas\Telefonica\Speedy\SATUF.exe[132] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A

.text C:\Arquivos de programas\Telefonica\Speedy\SATUF.exe[132] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A

.text C:\DOCUME~1\EVERTO~1\CONFIG~1\Temp\winodipxc.exe[192] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]

.text C:\DOCUME~1\EVERTO~1\CONFIG~1\Temp\winodipxc.exe[192] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}

.text C:\DOCUME~1\EVERTO~1\CONFIG~1\Temp\winodipxc.exe[192] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A

.text C:\DOCUME~1\EVERTO~1\CONFIG~1\Temp\winodipxc.exe[192] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A

.text C:\DOCUME~1\EVERTO~1\CONFIG~1\Temp\winodipxc.exe[192] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A

.text C:\DOCUME~1\EVERTO~1\CONFIG~1\Temp\winodipxc.exe[192] kernel32.dll!FreeLibrary + 15 7C80AA7B 4 Bytes CALL 5F00003D

.text C:\WINDOWS\system32\NOTEPAD.EXE[244] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\NOTEPAD.EXE[244] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}

.text C:\WINDOWS\system32\NOTEPAD.EXE[244] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A

.text C:\WINDOWS\system32\NOTEPAD.EXE[244] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A

.text C:\WINDOWS\system32\NOTEPAD.EXE[244] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A

.text C:\WINDOWS\system32\NOTEPAD.EXE[244] kernel32.dll!FreeLibrary + 15 7C80AA7B 4 Bytes CALL 5F00003D

.text C:\Arquivos de programas\Thomson\SpeedTouch USB\Dragdiag.exe[660] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]

.text C:\Arquivos de programas\Thomson\SpeedTouch USB\Dragdiag.exe[660] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}

.text C:\Arquivos de programas\Thomson\SpeedTouch USB\Dragdiag.exe[660] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A

.text C:\Arquivos de programas\Thomson\SpeedTouch USB\Dragdiag.exe[660] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A

.text C:\Arquivos de programas\Thomson\SpeedTouch USB\Dragdiag.exe[660] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A

.text C:\WINDOWS\system32\csrss.exe[688] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\csrss.exe[688] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}

.text C:\WINDOWS\system32\csrss.exe[688] KERNEL32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A

.text C:\WINDOWS\system32\csrss.exe[688] KERNEL32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A

.text C:\WINDOWS\system32\csrss.exe[688] KERNEL32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A

.text C:\WINDOWS\system32\winlogon.exe[712] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\winlogon.exe[712] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}

.text C:\WINDOWS\system32\winlogon.exe[712] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A

.text C:\WINDOWS\system32\winlogon.exe[712] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A

.text C:\WINDOWS\system32\winlogon.exe[712] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A

.text C:\WINDOWS\system32\services.exe[756] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\services.exe[756] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}

.text C:\WINDOWS\system32\services.exe[756] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A

.text C:\WINDOWS\system32\services.exe[756] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A

.text C:\WINDOWS\system32\services.exe[756] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A

.text C:\WINDOWS\system32\lsass.exe[776] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\lsass.exe[776] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}

.text C:\WINDOWS\system32\lsass.exe[776] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A

.text C:\WINDOWS\system32\lsass.exe[776] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A

.text C:\WINDOWS\system32\lsass.exe[776] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A

.text C:\WINDOWS\system32\RUNDLL32.EXE[908] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\RUNDLL32.EXE[908] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}

.text C:\WINDOWS\system32\RUNDLL32.EXE[908] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A

.text C:\WINDOWS\system32\RUNDLL32.EXE[908] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A

.text C:\WINDOWS\system32\RUNDLL32.EXE[908] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A

.text C:\WINDOWS\system32\svchost.exe[928] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\svchost.exe[928] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}

.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A

.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A

.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A

.text C:\WINDOWS\system32\svchost.exe[984] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\svchost.exe[984] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}

.text C:\WINDOWS\system32\svchost.exe[984] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A

.text C:\WINDOWS\system32\svchost.exe[984] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A

.text C:\WINDOWS\system32\svchost.exe[984] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A

.text C:\WINDOWS\System32\svchost.exe[1024] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\System32\svchost.exe[1024] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}

.text C:\WINDOWS\System32\svchost.exe[1024] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A

.text C:\WINDOWS\System32\svchost.exe[1024] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A

.text C:\WINDOWS\System32\svchost.exe[1024] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A

.text C:\DOCUME~1\EVERTO~1\CONFIG~1\Temp\pxwoyt.exe[1088] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]

.text C:\DOCUME~1\EVERTO~1\CONFIG~1\Temp\pxwoyt.exe[1088] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}

.text C:\DOCUME~1\EVERTO~1\CONFIG~1\Temp\pxwoyt.exe[1088] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A

.text C:\DOCUME~1\EVERTO~1\CONFIG~1\Temp\pxwoyt.exe[1088] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A

.text C:\DOCUME~1\EVERTO~1\CONFIG~1\Temp\pxwoyt.exe[1088] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A

.text C:\WINDOWS\system32\svchost.exe[1104] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\svchost.exe[1104] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}

.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A

.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A

.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A

.text C:\WINDOWS\system32\svchost.exe[1140] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\svchost.exe[1140] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}

.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A

.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A

.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A

.text C:\WINDOWS\system32\spoolsv.exe[1236] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\spoolsv.exe[1236] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}

.text C:\WINDOWS\system32\spoolsv.exe[1236] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A

.text C:\WINDOWS\system32\spoolsv.exe[1236] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A

.text C:\WINDOWS\system32\spoolsv.exe[1236] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A

.text C:\WINDOWS\system32\nvsvc32.exe[1404] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\nvsvc32.exe[1404] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}

.text C:\WINDOWS\system32\nvsvc32.exe[1404] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A

.text C:\WINDOWS\system32\nvsvc32.exe[1404] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A

.text C:\WINDOWS\system32\nvsvc32.exe[1404] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A

.text C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[1660] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]

.text C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[1660] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}

.text C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[1660] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A

.text C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[1660] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A

.text C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[1660] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A

.text C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[1708] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]

.text C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[1708] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}

.text C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[1708] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A

.text C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[1708] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A

.text C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[1708] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A

.text C:\WINDOWS\system32\ctfmon.exe[1736] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\ctfmon.exe[1736] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}

.text C:\WINDOWS\system32\ctfmon.exe[1736] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A

.text C:\WINDOWS\system32\ctfmon.exe[1736] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A

.text C:\WINDOWS\system32\ctfmon.exe[1736] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A

.text C:\Arquivos de programas\Messenger\msmsgs.exe[1832] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]

.text C:\Arquivos de programas\Messenger\msmsgs.exe[1832] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}

.text C:\Arquivos de programas\Messenger\msmsgs.exe[1832] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A

.text C:\Arquivos de programas\Messenger\msmsgs.exe[1832] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A

.text C:\Arquivos de programas\Messenger\msmsgs.exe[1832] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A

.text C:\DOCUME~1\EVERTO~1\CONFIG~1\Temp\wintiqhy.exe[1948] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]

.text C:\DOCUME~1\EVERTO~1\CONFIG~1\Temp\wintiqhy.exe[1948] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}

.text C:\DOCUME~1\EVERTO~1\CONFIG~1\Temp\wintiqhy.exe[1948] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A

.text C:\DOCUME~1\EVERTO~1\CONFIG~1\Temp\wintiqhy.exe[1948] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A

.text C:\DOCUME~1\EVERTO~1\CONFIG~1\Temp\wintiqhy.exe[1948] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A

.text C:\WINDOWS\Explorer.EXE[1960] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\Explorer.EXE[1960] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}

.text C:\WINDOWS\Explorer.EXE[1960] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A

.text C:\WINDOWS\Explorer.EXE[1960] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A

.text C:\WINDOWS\Explorer.EXE[1960] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A

.text C:\DOCUME~1\EVERTO~1\CONFIG~1\Temp\winurnxh.exe[3464] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]

.text C:\DOCUME~1\EVERTO~1\CONFIG~1\Temp\winurnxh.exe[3464] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}

.text C:\DOCUME~1\EVERTO~1\CONFIG~1\Temp\winurnxh.exe[3464] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A

.text C:\DOCUME~1\EVERTO~1\CONFIG~1\Temp\winurnxh.exe[3464] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A

.text C:\DOCUME~1\EVERTO~1\CONFIG~1\Temp\winurnxh.exe[3464] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A

.text C:\DOCUME~1\EVERTO~1\CONFIG~1\Temp\lqyx.exe[3736] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]

.text C:\DOCUME~1\EVERTO~1\CONFIG~1\Temp\lqyx.exe[3736] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}

.text C:\DOCUME~1\EVERTO~1\CONFIG~1\Temp\lqyx.exe[3736] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A

.text C:\DOCUME~1\EVERTO~1\CONFIG~1\Temp\lqyx.exe[3736] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A

.text C:\DOCUME~1\EVERTO~1\CONFIG~1\Temp\lqyx.exe[3736] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A

.text C:\DOCUME~1\EVERTO~1\CONFIG~1\Temp\lqyx.exe[3736] kernel32.dll!FreeLibrary + 15 7C80AA7B 4 Bytes CALL 5F00003D

.text C:\DOCUME~1\EVERTO~1\CONFIG~1\Temp\winrdbb.exe[4264] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]

.text C:\DOCUME~1\EVERTO~1\CONFIG~1\Temp\winrdbb.exe[4264] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}

.text C:\DOCUME~1\EVERTO~1\CONFIG~1\Temp\winrdbb.exe[4264] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A

.text C:\DOCUME~1\EVERTO~1\CONFIG~1\Temp\winrdbb.exe[4264] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A

.text C:\DOCUME~1\EVERTO~1\CONFIG~1\Temp\winrdbb.exe[4264] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A

.text C:\DOCUME~1\EVERTO~1\CONFIG~1\Temp\winrdbb.exe[4264] kernel32.dll!FreeLibrary + 15 7C80AA7B 4 Bytes CALL 5F00003D

.text C:\DOCUME~1\EVERTO~1\CONFIG~1\Temp\winvkiwc.exe[4484] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]

.text C:\DOCUME~1\EVERTO~1\CONFIG~1\Temp\winvkiwc.exe[4484] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}

.text C:\DOCUME~1\EVERTO~1\CONFIG~1\Temp\winvkiwc.exe[4484] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A

.text C:\DOCUME~1\EVERTO~1\CONFIG~1\Temp\winvkiwc.exe[4484] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A

.text C:\DOCUME~1\EVERTO~1\CONFIG~1\Temp\winvkiwc.exe[4484] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A

.text C:\DOCUME~1\EVERTO~1\CONFIG~1\Temp\winvkiwc.exe[4484] kernel32.dll!FreeLibrary + 15 7C80AA7B 4 Bytes CALL 5F00003D

.text C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[9440] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]

.text C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[9440] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}

.text C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[9440] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A

.text C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[9440] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A

.text C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[9440] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A

.text C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[9440] kernel32.dll!FreeLibrary + 15 7C80AA7B 4 Bytes CALL 5F00003D

.text C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[9440] USER32.dll!DialogBoxParamW 77D36702 5 Bytes JMP 4367F341 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[9440] USER32.dll!DialogBoxParamA 77D388E1 5 Bytes JMP 43811844 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[9440] USER32.dll!DialogBoxIndirectParamW 77D42598 5 Bytes JMP 4381187F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[9440] USER32.dll!MessageBoxIndirectA 77D4AEF1 5 Bytes JMP 43811800 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[9440] USER32.dll!MessageBoxExW 77D60559 5 Bytes JMP 4381178C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[9440] USER32.dll!MessageBoxExA 77D6057D 5 Bytes JMP 438117C6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[9440] USER32.dll!DialogBoxIndirectParamA 77D66CED 5 Bytes JMP 438118BA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[9440] USER32.dll!MessageBoxIndirectW 77D760B7 5 Bytes JMP 436A16F6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\DOCUME~1\EVERTO~1\CONFIG~1\Temp\olree.exe[9656] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]

.text C:\DOCUME~1\EVERTO~1\CONFIG~1\Temp\olree.exe[9656] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}

.text C:\DOCUME~1\EVERTO~1\CONFIG~1\Temp\olree.exe[9656] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A

.text C:\DOCUME~1\EVERTO~1\CONFIG~1\Temp\olree.exe[9656] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A

.text C:\DOCUME~1\EVERTO~1\CONFIG~1\Temp\olree.exe[9656] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A

.text C:\DOCUME~1\EVERTO~1\CONFIG~1\Temp\olree.exe[9656] kernel32.dll!FreeLibrary + 15 7C80AA7B 4 Bytes CALL 5F00003D

.text C:\DOCUME~1\EVERTO~1\CONFIG~1\Temp\winwimek.exe[10088] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]

.text C:\DOCUME~1\EVERTO~1\CONFIG~1\Temp\winwimek.exe[10088] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}

.text C:\DOCUME~1\EVERTO~1\CONFIG~1\Temp\winwimek.exe[10088] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A

.text C:\DOCUME~1\EVERTO~1\CONFIG~1\Temp\winwimek.exe[10088] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A

.text C:\DOCUME~1\EVERTO~1\CONFIG~1\Temp\winwimek.exe[10088] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A

.text C:\DOCUME~1\EVERTO~1\CONFIG~1\Temp\winwimek.exe[10088] kernel32.dll!FreeLibrary + 15 7C80AA7B 4 Bytes CALL 5F00003D

.text C:\DOCUME~1\EVERTO~1\CONFIG~1\Temp\winudder.exe[10712] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]

.text C:\DOCUME~1\EVERTO~1\CONFIG~1\Temp\winudder.exe[10712] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}

.text C:\DOCUME~1\EVERTO~1\CONFIG~1\Temp\winudder.exe[10712] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A

.text C:\DOCUME~1\EVERTO~1\CONFIG~1\Temp\winudder.exe[10712] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A

.text C:\DOCUME~1\EVERTO~1\CONFIG~1\Temp\winudder.exe[10712] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A

.text C:\DOCUME~1\EVERTO~1\CONFIG~1\Temp\winudder.exe[10712] kernel32.dll!FreeLibrary + 15 7C80AA7B 4 Bytes CALL 5F00003D

.text C:\DOCUME~1\EVERTO~1\CONFIG~1\Temp\vefsk.exe[11508] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]

.text C:\DOCUME~1\EVERTO~1\CONFIG~1\Temp\vefsk.exe[11508] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}

.text C:\DOCUME~1\EVERTO~1\CONFIG~1\Temp\vefsk.exe[11508] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A

.text C:\DOCUME~1\EVERTO~1\CONFIG~1\Temp\vefsk.exe[11508] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A

.text C:\DOCUME~1\EVERTO~1\CONFIG~1\Temp\vefsk.exe[11508] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A

.text C:\DOCUME~1\EVERTO~1\CONFIG~1\Temp\vefsk.exe[11508] kernel32.dll!FreeLibrary + 15 7C80AA7B 4 Bytes CALL 5F00003D

.text C:\Documents and Settings\Everton-PC\Desktop\gmer.exe[12312] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]

.text C:\Documents and Settings\Everton-PC\Desktop\gmer.exe[12312] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}

.text C:\Documents and Settings\Everton-PC\Desktop\gmer.exe[12312] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A

.text C:\Documents and Settings\Everton-PC\Desktop\gmer.exe[12312] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A

.text C:\Documents and Settings\Everton-PC\Desktop\gmer.exe[12312] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A

.text C:\Documents and Settings\Everton-PC\Desktop\gmer.exe[12312] kernel32.dll!FreeLibrary + 15 7C80AA7B 4 Bytes CALL 5F00003D

.text C:\WINDOWS\system32\NOTEPAD.EXE[12840] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\NOTEPAD.EXE[12840] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}

.text C:\WINDOWS\system32\NOTEPAD.EXE[12840] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A

.text C:\WINDOWS\system32\NOTEPAD.EXE[12840] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A

.text C:\WINDOWS\system32\NOTEPAD.EXE[12840] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A

.text C:\WINDOWS\system32\NOTEPAD.EXE[12840] kernel32.dll!FreeLibrary + 15 7C80AA7B 4 Bytes CALL 5F00003D

.text C:\WINDOWS\system32\NOTEPAD.EXE[14012] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\NOTEPAD.EXE[14012] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}

.text C:\WINDOWS\system32\NOTEPAD.EXE[14012] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A

.text C:\WINDOWS\system32\NOTEPAD.EXE[14012] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A

.text C:\WINDOWS\system32\NOTEPAD.EXE[14012] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A

.text C:\WINDOWS\system32\NOTEPAD.EXE[14012] kernel32.dll!FreeLibrary + 15 7C80AA7B 4 Bytes CALL 5F00003D

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[756] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00370002

IAT C:\WINDOWS\system32\services.exe[756] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00370000

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations ???3?????5?6?5??? ???????4???????????????????????????????f??? ???????????????????????????????? ??????f??? ???????3????????????????????????\W?????f??? ???????$???????????????????????????????f??? ??????????????????????????????????????????? ???????$???????????????????????????????f??? ????????????????????????????????Vs?????f??? ????????????????????????????????@??????f??? ??????? ???????????????????????????????f??? ???????%????????????????????????ED?????????0???3???s??????????????????????????C:\DOCUME~1\EVERTO~1\CONFIG~1\Temp\winmkhbyr.exe:*:Enabled:ipsec?s???-|??3??????????????????????????????C:\DOCUME~1\EVERTO~1\CONFIG~1\Temp\lyjpml.exe:*:Enabled:ipsec????????????4???4???3???/???3???\???????????????????????e??C:\DOCUME~1\EVERTO~1\CONFIG~1\Temp\winomodf.exe:*:Enabled:ipsec?vou???.~??3???m???????????????????????s??C:\DOCUME~1\EVERTO~1\CONFIG~1\Temp\winthwn.exe:*:Enabled:ipsec?!\????.~??3??????????????????????????????C:\DOCUME~1\EVERTO~1\CONFIG~1\Temp\winkmif.exe:*:Enabled:ipsec?3?3???????????4???3???3???+x??3???o?

---- EOF - GMER 1.0.15 ----

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

Leia as instruções contidas neste link:

Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

  1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

[*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

[*]Duplo clique no icone desktopicon.png que está no desktop.

[*]Leia e aceite as condições, digitando 1 e enter.

[*]Computadores com Windows XP deverão instalar o Console de Recuperação:

  • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
  • Clique em "OK" ao EULA.
  • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

[*]O ComboFix será executado, por favor seja paciente e aguarde.

[*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.

[*]Poderá surgir o aviso que é necessário reiniciar o computador.

NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.

[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

  • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
  • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
  • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

Abraço

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • Nada mudou = /

    ComboFix 09-03-15.01 - Everton-PC 2009-03-16 17:28:34.1 - NTFSx86

    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.3071.2624 [GMT -3:00]

    Executando de: c:\documents and settings\Everton-PC\Desktop\ComboFix.exe

    * Criado um novo ponto de restauro

    .

    ((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    c:\arquivos de programas\Gravity\Ragnarok Online\skin\default\basic_interface\_desktop.ini

    c:\arquivos de programas\Gravity\Ragnarok Online\skin\Scribbling Kid\_desktop.ini

    c:\arquivos de programas\Gravity\Ragnarok Online\skin\Scribbling Kid\basic_interface\_desktop.ini

    C:\Autorun.inf

    C:\uxkl0apt.bat

    c:\windows\system32\nmdfgds0.dll

    c:\windows\system32\nmdfgds1.dll

    c:\windows\system32\olhrwef.exe

    .

    ((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    -------\Legacy_ASC3360PR

    -------\Service_asc3360pr

    (((((((((((((((( Arquivos/Ficheiros criados de 2009-02-16 to 2009-03-16 ))))))))))))))))))))))))))))

    .

    2009-03-16 16:55 . 2008-05-09 07:55 512,000 -----c--- c:\windows\system32\dllcache\jscript.dll

    2009-03-16 16:55 . 2008-05-09 07:55 430,080 -----c--- c:\windows\system32\dllcache\vbscript.dll

    2009-03-16 16:55 . 2008-05-09 07:55 180,224 -----c--- c:\windows\system32\dllcache\scrobj.dll

    2009-03-16 16:55 . 2008-05-09 07:55 172,032 -----c--- c:\windows\system32\dllcache\scrrun.dll

    2009-03-16 16:55 . 2008-05-08 08:24 155,648 -----c--- c:\windows\system32\dllcache\wscript.exe

    2009-03-16 16:55 . 2008-05-09 05:45 135,168 -----c--- c:\windows\system32\dllcache\cscript.exe

    2009-03-16 16:55 . 2008-05-09 07:55 90,112 -----c--- c:\windows\system32\dllcache\wshext.dll

    2009-03-15 20:38 . 2008-04-13 23:20 221,184 --a------ c:\windows\system32\wmpns.dll

    2009-03-15 20:33 . 2009-03-15 20:35 6,646 --a------ c:\windows\system32\spupdsvc.inf

    2009-03-15 20:31 . 2009-03-15 20:31 <DIR> d-------- c:\windows\system32\bits

    2009-03-15 20:31 . 2009-03-15 20:31 <DIR> d-------- c:\windows\l2schemas

    2009-03-15 20:30 . 2009-03-15 20:31 <DIR> d-------- c:\windows\ServicePackFiles

    2009-03-14 22:33 . 2009-03-14 22:33 82 --a------ c:\windows\mafosav.INI

    2009-03-14 21:45 . 2009-03-14 21:53 <DIR> d-------- c:\arquivos de programas\GoldWave

    2009-03-14 21:11 . 2009-03-14 21:11 <DIR> d-------- c:\arquivos de programas\SystemRequirementsLab

    2009-03-14 20:58 . 2009-03-14 20:58 <DIR> d-------- c:\arquivos de programas\Adobe Media Player

    2009-03-14 20:42 . 2009-03-14 20:42 <DIR> d-------- c:\windows\Sun

    2009-03-14 20:42 . 2009-03-14 20:41 410,984 --a------ c:\windows\system32\deploytk.dll

    2009-03-14 20:42 . 2009-03-14 20:41 73,728 --a------ c:\windows\system32\javacpl.cpl

    2009-03-14 20:19 . 2009-03-14 20:19 <DIR> d-------- c:\documents and settings\Everton-PC\.jpi_cache

    2009-03-14 20:19 . 2009-03-14 20:19 <DIR> d-------- c:\documents and settings\Everton-PC\.java

    2009-03-14 20:16 . 2009-03-14 20:16 <DIR> d-------- c:\documents and settings\Everton-PC\.javaws

    2009-03-14 20:16 . 2009-03-14 20:16 <DIR> d-------- c:\arquivos de programas\Java Web Start

    2009-03-14 20:16 . 2009-03-14 20:41 <DIR> d-------- c:\arquivos de programas\Java

    2009-03-14 18:54 . 2009-03-14 18:54 <DIR> d-------- c:\documents and settings\Everton-PC\Dados de aplicativos\Foxit

    2009-03-14 18:54 . 2009-03-14 18:54 <DIR> d-------- c:\arquivos de programas\Foxit Software

    2009-03-14 13:36 . 2009-03-14 17:54 <DIR> d-------- c:\documents and settings\Everton-PC\Dados de aplicativos\Winamp

    2009-03-14 13:36 . 2009-03-14 13:37 <DIR> d-------- c:\arquivos de programas\Winamp

    2009-03-14 12:09 . 2009-03-14 12:11 <DIR> d-a------ c:\documents and settings\All Users\Dados de aplicativos\TEMP

    2009-03-14 01:58 . 2003-07-20 06:17 5,174 --a------ c:\windows\system32\nppt9x.vxd

    2009-03-14 01:58 . 2005-01-03 21:43 4,682 --a------ c:\windows\system32\npptNT2.sys

    2009-03-14 01:39 . 2009-03-14 01:39 <DIR> d-------- c:\arquivos de programas\Gravity

    2009-03-14 00:48 . 2009-03-14 00:56 <DIR> d-------- c:\documents and settings\Everton-PC\Dados de aplicativos\BSplayer PRO

    2009-03-14 00:48 . 2009-03-14 00:48 <DIR> d-------- c:\arquivos de programas\Webteh

    2009-03-13 23:43 . 2009-03-14 12:11 <DIR> d-------- c:\arquivos de programas\Spyware Doctor

    2009-03-13 23:34 . 2009-03-13 23:34 <DIR> d-------- c:\arquivos de programas\CCleaner

    2009-03-13 22:59 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll

    2009-03-13 22:59 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll

    2009-03-13 22:59 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui

    2009-03-13 15:43 . 2009-03-14 12:14 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\WLInstaller

    2009-03-13 15:43 . 2009-03-13 15:43 <DIR> d-------- c:\arquivos de programas\Windows Live

    2009-03-13 15:43 . 2009-03-13 15:44 <DIR> d--hsc--- c:\arquivos de programas\Arquivos comuns\WindowsLiveInstaller

    2009-03-13 15:38 . 2008-10-15 13:36 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll

    2009-03-13 15:36 . 2009-03-13 15:36 <DIR> d-------- c:\arquivos de programas\MSXML 4.0

    2009-03-13 15:35 . 2008-08-14 10:24 2,193,408 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe

    2009-03-13 15:35 . 2008-08-14 10:24 2,149,376 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe

    2009-03-13 15:35 . 2008-08-14 10:24 2,070,272 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe

    2009-03-13 15:35 . 2008-08-14 10:24 2,028,032 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe

    2009-03-13 15:35 . 2008-06-14 14:34 272,384 --------- c:\windows\system32\drivers\bthport.sys

    2009-03-13 15:35 . 2008-06-14 14:34 272,384 -----c--- c:\windows\system32\dllcache\bthport.sys

    2009-03-13 15:34 . 2008-10-24 08:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys

    2009-03-13 15:34 . 2008-05-08 11:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys

    2009-03-13 15:34 . 2009-03-13 15:34 0 --a------ c:\windows\nsreg.dat

    2009-03-13 15:33 . 2008-12-11 07:57 333,952 -----c--- c:\windows\system32\dllcache\srv.sys

    2009-03-13 15:32 . 2009-02-17 02:54 107,564 -r-hs---- C:\hyetn1i.exe

    2009-03-13 15:28 . 2009-03-15 20:31 <DIR> d-------- c:\windows\system32\pt-br

    2009-03-13 15:27 . 2008-04-11 16:05 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll

    2009-03-13 15:25 . 2009-03-13 15:32 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

    2009-03-13 15:25 . 2009-03-13 15:25 <DIR> d-------- c:\arquivos de programas\Spybot - Search & Destroy

    2009-03-13 15:23 . 2009-03-13 15:23 <DIR> d-------- c:\documents and settings\Everton-PC\Dados de aplicativos\Malwarebytes

    2009-03-13 15:23 . 2009-03-13 15:23 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

    2009-03-13 15:23 . 2009-03-13 15:23 <DIR> d-------- c:\arquivos de programas\Malwarebytes' Anti-Malware

    2009-03-13 15:23 . 2008-12-03 19:59 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

    2009-03-13 15:23 . 2008-12-03 19:59 15,504 --a------ c:\windows\system32\drivers\mbam.sys

    2009-03-13 15:20 . 2008-12-20 19:46 6,066,688 -----c--- c:\windows\system32\dllcache\ieframe.dll

    2009-03-13 15:20 . 2007-04-17 06:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat

    2009-03-13 15:20 . 2007-03-08 02:12 1,024,000 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui

    2009-03-13 15:20 . 2008-12-20 19:46 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll

    2009-03-13 15:20 . 2008-12-20 19:46 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll

    2009-03-13 15:20 . 2008-12-20 19:46 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll

    2009-03-13 15:20 . 2008-12-20 19:46 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll

    2009-03-13 15:20 . 2008-12-20 19:46 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll

    2009-03-13 15:20 . 2008-12-19 06:10 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe

    2009-03-13 15:18 . 2009-03-13 15:18 <DIR> d--h----- c:\windows\system32\GroupPolicy

    2009-03-13 15:18 . 2009-03-14 21:39 <DIR> d-------- C:\Downloads

    2009-03-13 15:17 . 2009-03-13 15:22 <DIR> d-------- C:\eb65b5463a3afefddaba1cc7

    2009-03-13 15:15 . 2009-03-13 15:25 <DIR> d-------- c:\documents and settings\Everton-PC\Dados de aplicativos\Internet Download Accelerator

    2009-03-13 15:14 . 2009-03-13 15:15 <DIR> d-------- c:\arquivos de programas\IDA

    2009-03-13 15:11 . 2009-03-13 15:11 <DIR> d-------- c:\arquivos de programas\Alwil Software

    2009-03-13 15:10 . 2009-03-16 17:19 <DIR> d--h----- c:\windows\$hf_mig$

    2009-03-13 15:07 . 2008-10-16 14:09 43,544 --a------ c:\windows\system32\wups2.dll

    2009-03-13 15:07 . 2008-10-16 14:09 31,768 --a------ c:\windows\system32\wucltui.dll.mui

    2009-03-13 15:07 . 2008-10-16 14:08 27,672 --a------ c:\windows\system32\wuaucpl.cpl.mui

    2009-03-13 15:07 . 2008-10-16 14:08 27,672 --a------ c:\windows\system32\wuapi.dll.mui

    2009-03-13 15:07 . 2008-10-16 14:07 18,968 --a------ c:\windows\system32\wuaueng.dll.mui

    2009-03-13 15:06 . 2009-03-13 15:06 <DIR> d---s---- c:\documents and settings\Everton-PC\UserData

    .

    ((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2009-03-14 23:16 --------- d--h--w c:\arquivos de programas\InstallShield Installation Information

    2009-03-13 17:54 --------- d-----w c:\arquivos de programas\VIA

    2009-03-13 17:51 --------- d-----w c:\arquivos de programas\Arquivos comuns\InstallShield

    2009-03-13 17:45 --------- d-----w c:\arquivos de programas\AMD

    2009-03-13 17:44 --------- d-----w c:\documents and settings\Everton-PC\Dados de aplicativos\InstallShield

    2009-03-13 17:40 --------- d-----w c:\arquivos de programas\NVIDIA Corporation

    2009-03-13 17:39 --------- d-----w c:\arquivos de programas\Thomson

    2009-03-13 17:38 --------- d-----w c:\arquivos de programas\Telefonica

    2009-03-13 17:29 --------- d-----w c:\arquivos de programas\microsoft frontpage

    2009-03-13 17:27 --------- d-----w c:\arquivos de programas\Serviços on-line

    2009-03-13 17:27 --------- d-----w c:\arquivos de programas\Arquivos comuns\Serviços

    .

    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

    .

    .

    *Nota* entradas vazias e legítimas por defeito não são mostradas.

    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

    "Internet Download Accelerator"="c:\arquivos de programas\IDA\ida.exe" [2006-04-10 2934784]

    "SpybotSD TeaTimer"="c:\arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]

    "MSMSGS"="c:\arquivos de programas\Messenger\msmsgs.exe" [2008-04-13 1768960]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "SpeedTouch USB Diagnostics"="c:\arquivos de programas\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 944640]

    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]

    "HDAudDeck"="c:\arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-05-14 29904896]

    "tspuf"="c:\arquivos de programas\Telefonica\Speedy\SATUF.exe" [2004-03-23 106496]

    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]

    "avast!"="c:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 154728]

    "WinampAgent"="c:\arquivos de programas\Winamp\winampa.exe" [2008-08-03 36352]

    "SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-03-14 136600]

    "nwiz"="nwiz.exe" [2007-06-28 c:\windows\system32\nwiz.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

    c:\documents and settings\Everton-PC\Menu Iniciar\Programas\Inicializar\

    Adobe Media Player.lnk - c:\arquivos de programas\Adobe Media Player\Adobe Media Player.exe [2009-03-14 261632]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

    "DisableTaskMgr"= 1 (0x1)

    "DisableRegistryTools"= 1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

    "NoPublishingWizard"= 0 (0x0)

    "NoWebServices"= 0 (0x0)

    "NoOnlinePrintsWizard"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]

    "AntiVirusOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "%windir%\\system32\\sessmgr.exe"=

    "c:\\Documents and Settings\\Everton-PC\\Meus documentos\\VT6421\\SETUP.EXE"=

    "c:\\Documents and Settings\\Everton-PC\\Meus documentos\\Setups\\IE7-WindowsXP-x86-ptb.exe"=

    "c:\\Arquivos de programas\\VIA\\VIAudioi\\HDADeck\\HDeck.exe"=

    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    "c:\\WINDOWS\\system32\\wuauclt.exe"=

    "c:\\ARQUIV~1\\ALWILS~1\\Avast4\\ashDisp.exe"=

    "c:\\WINDOWS\\system32\\wscntfy.exe"=

    "c:\\Arquivos de programas\\Malwarebytes' Anti-Malware\\mbam.exe"=

    "c:\\WINDOWS\\system32\\nwiz.exe"=

    "c:\\WINDOWS\\system32\\userinit.exe"=

    "c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

    "c:\\Arquivos de programas\\Telefonica\\Speedy\\SATUF.exe"=

    "c:\\Arquivos de programas\\Thomson\\SpeedTouch USB\\Dragdiag.exe"=

    "c:\\Arquivos de programas\\Java\\jre6\\bin\\jusched.exe"=

    "c:\\Arquivos de programas\\IDA\\ida.exe"=

    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-03-13 114768]

    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-03-13 20560]

    R3 alcan5ln;SpeedTouch USB ADSL RFC1483 Networking Driver (NDIS);c:\windows\system32\drivers\alcan5ln.sys [2009-03-13 36256]

    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-03-13 238080]

    --- ---

    *NewlyCreated* - ASC3360PR

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{35f0f22b-10ee-11de-80d3-0090d0df2e36}]

    \SHeLl\autoplAy\commaNd - F:\yodqm.cmd

    \SHeLl\AutoRun\command - F:\yodqm.cmd

    \SHeLl\EXploRe\COmmaNd - F:\yodqm.cmd

    \SHeLl\OPEN\coMmanD - F:\yodqm.cmd

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{70e58f89-0ff7-11de-9536-0090d0df2e36}]

    \Shell\AutoRun\command - G:\hyetn1i.exe

    \Shell\open\Command - G:\hyetn1i.exe

    .

    - - - - ORFÃOS REMOVIDOS - - - -

    HKCU-Run-cdoosoft - c:\windows\system32\olhrwef.exe

    .

    ------- Scan Suplementar -------

    .

    uStart Page = hxxp://www.google.com.br/

    IE: Download ALL with IDA - c:\arquivos de programas\IDA\idaieall.htm

    IE: Download with IDA - c:\arquivos de programas\IDA\idaie.htm

    LSP: %SYSTEMROOT%\system32\nvLsp.dll

    TCP: {318E0B78-3CDA-481D-9568-D2804DB9013C} = 200.204.0.10 200.204.0.138

    FF - ProfilePath - c:\documents and settings\Everton-PC\Dados de aplicativos\Mozilla\Firefox\Profiles\qg10d6gz.default\

    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/

    FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

    ---- FIREFOX POLICIES ----

    c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2009-03-16 17:31:23

    Windows 5.1.2600 Service Pack 3 NTFS

    Procurando processos ocultos ...

    Procurando entradas auto inicializáveis ocultas ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    HDAudDeck = c:\arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????????????

    Procurando ficheiros/arquivos ocultos ...

    Varredura completada com sucesso

    arquivos/ficheiros ocultos: 0

    **************************************************************************

    .

    --------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

    - - - - - - - > 'lsass.exe'(788)

    c:\windows\system32\nvLsp.dll

    .

    ------------------------ Outros Processos em Execução ------------------------

    .

    c:\arquivos de programas\Java\jre6\bin\jqs.exe

    c:\windows\system32\nvsvc32.exe

    c:\windows\system32\wdfmgr.exe

    c:\arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe

    c:\arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe

    c:\windows\system32\rundll32.exe

    c:\windows\system32\wscntfy.exe

    .

    **************************************************************************

    .

    Tempo para conclusão: 2009-03-16 17:34:02 - Máquina reiniciou

    ComboFix-quarantined-files.txt 2009-03-16 20:34:00

    Pré-execução: 11 pasta(s) 202.951.987.200 bytes disponíveis

    Pós execução: 11 pasta(s) 202,929,872,896 bytes disponíveis

    WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

    [boot loader]

    timeout=2

    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

    [operating systems]

    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

    246 --- E O F --- 2009-03-16 20:19:57

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Olá,

    ( 1 ) Nota muito importante: Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reactive as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

    ( 2 ) Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Mostrar":


    C:\hyetn1i.exe
    Registry::
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{35f0f22b-10ee-11de-80d3-0090d0df2e36}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{70e58f89-0ff7-11de-9536-0090d0df2e36}]
    File::

    • Salve este arquivo como: CFScript.txt
      CFScriptB-4.gif
    • Tal com exemplificado na foto acima, arraste o arquivo CFScript.txt para o ComboFix.exe
    • Quando a ferramenta terminar de rodar, gerará um log. Cole o conteúdo desse arquivo C:\ComboFix.txt.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • putz por um minuto deu tudo certo , mais ..

    logo em seguida tudo bloqueado de novo..

    acho melhor eu formatar esse pc de novo,

    por que devo estar tomando muito seu tempo né?

    vou aguardar se tiver outra solução sugestão, mais caso contrario obrigado pela atenção dada ao meu post e meu problema.

    ComboFix 09-03-15.01 - Everton-PC 2009-03-17 11:52:04.2 - NTFSx86

    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.3071.2657 [GMT -3:00]

    Executando de: c:\documents and settings\Everton-PC\Desktop\ComboFix.exe

    Comandos utilizados :: c:\documents and settings\Everton-PC\Desktop\CFScript.txt

    * Criado um novo ponto de restauro

    FILE ::

    C:\hyetn1i.exe

    .

    ((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    C:\hyetn1i.exe

    .

    ((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    -------\Legacy_ASC3360PR

    -------\Service_asc3360pr

    (((((((((((((((( Arquivos/Ficheiros criados de 2009-02-17 to 2009-03-17 ))))))))))))))))))))))))))))

    .

    2009-03-17 11:50 . 2009-03-17 11:50 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Adobe

    2009-03-16 16:55 . 2008-05-09 07:55 512,000 -----c--- c:\windows\system32\dllcache\jscript.dll

    2009-03-16 16:55 . 2008-05-09 07:55 430,080 -----c--- c:\windows\system32\dllcache\vbscript.dll

    2009-03-16 16:55 . 2008-05-09 07:55 180,224 -----c--- c:\windows\system32\dllcache\scrobj.dll

    2009-03-16 16:55 . 2008-05-09 07:55 172,032 -----c--- c:\windows\system32\dllcache\scrrun.dll

    2009-03-16 16:55 . 2008-05-08 08:24 155,648 -----c--- c:\windows\system32\dllcache\wscript.exe

    2009-03-16 16:55 . 2008-05-09 05:45 135,168 -----c--- c:\windows\system32\dllcache\cscript.exe

    2009-03-16 16:55 . 2008-05-09 07:55 90,112 -----c--- c:\windows\system32\dllcache\wshext.dll

    2009-03-15 20:38 . 2008-04-13 23:20 221,184 --a------ c:\windows\system32\wmpns.dll

    2009-03-15 20:33 . 2009-03-15 20:35 6,646 --a------ c:\windows\system32\spupdsvc.inf

    2009-03-15 20:31 . 2009-03-15 20:31 <DIR> d-------- c:\windows\system32\bits

    2009-03-15 20:31 . 2009-03-15 20:31 <DIR> d-------- c:\windows\l2schemas

    2009-03-15 20:30 . 2009-03-15 20:31 <DIR> d-------- c:\windows\ServicePackFiles

    2009-03-14 22:33 . 2009-03-14 22:33 82 --a------ c:\windows\mafosav.INI

    2009-03-14 21:45 . 2009-03-14 21:53 <DIR> d-------- c:\arquivos de programas\GoldWave

    2009-03-14 21:11 . 2009-03-14 21:11 <DIR> d-------- c:\arquivos de programas\SystemRequirementsLab

    2009-03-14 20:58 . 2009-03-14 20:58 <DIR> d-------- c:\arquivos de programas\Adobe Media Player

    2009-03-14 20:42 . 2009-03-14 20:42 <DIR> d-------- c:\windows\Sun

    2009-03-14 20:42 . 2009-03-14 20:41 410,984 --a------ c:\windows\system32\deploytk.dll

    2009-03-14 20:42 . 2009-03-14 20:41 73,728 --a------ c:\windows\system32\javacpl.cpl

    2009-03-14 20:19 . 2009-03-14 20:19 <DIR> d-------- c:\documents and settings\Everton-PC\.jpi_cache

    2009-03-14 20:19 . 2009-03-14 20:19 <DIR> d-------- c:\documents and settings\Everton-PC\.java

    2009-03-14 20:16 . 2009-03-14 20:16 <DIR> d-------- c:\documents and settings\Everton-PC\.javaws

    2009-03-14 20:16 . 2009-03-14 20:16 <DIR> d-------- c:\arquivos de programas\Java Web Start

    2009-03-14 20:16 . 2009-03-14 20:41 <DIR> d-------- c:\arquivos de programas\Java

    2009-03-14 18:54 . 2009-03-14 18:54 <DIR> d-------- c:\documents and settings\Everton-PC\Dados de aplicativos\Foxit

    2009-03-14 18:54 . 2009-03-14 18:54 <DIR> d-------- c:\arquivos de programas\Foxit Software

    2009-03-14 13:36 . 2009-03-14 17:54 <DIR> d-------- c:\documents and settings\Everton-PC\Dados de aplicativos\Winamp

    2009-03-14 13:36 . 2009-03-14 13:37 <DIR> d-------- c:\arquivos de programas\Winamp

    2009-03-14 12:09 . 2009-03-14 12:11 <DIR> d-a------ c:\documents and settings\All Users\Dados de aplicativos\TEMP

    2009-03-14 01:58 . 2003-07-20 06:17 5,174 --a------ c:\windows\system32\nppt9x.vxd

    2009-03-14 01:58 . 2005-01-03 21:43 4,682 --a------ c:\windows\system32\npptNT2.sys

    2009-03-14 01:39 . 2009-03-14 01:39 <DIR> d-------- c:\arquivos de programas\Gravity

    2009-03-14 00:48 . 2009-03-14 00:56 <DIR> d-------- c:\documents and settings\Everton-PC\Dados de aplicativos\BSplayer PRO

    2009-03-14 00:48 . 2009-03-14 00:48 <DIR> d-------- c:\arquivos de programas\Webteh

    2009-03-13 23:43 . 2009-03-14 12:11 <DIR> d-------- c:\arquivos de programas\Spyware Doctor

    2009-03-13 23:34 . 2009-03-13 23:34 <DIR> d-------- c:\arquivos de programas\CCleaner

    2009-03-13 22:59 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll

    2009-03-13 22:59 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll

    2009-03-13 22:59 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui

    2009-03-13 15:43 . 2009-03-14 12:14 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\WLInstaller

    2009-03-13 15:43 . 2009-03-13 15:43 <DIR> d-------- c:\arquivos de programas\Windows Live

    2009-03-13 15:43 . 2009-03-13 15:44 <DIR> d--hsc--- c:\arquivos de programas\Arquivos comuns\WindowsLiveInstaller

    2009-03-13 15:38 . 2008-10-15 13:36 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll

    2009-03-13 15:36 . 2009-03-13 15:36 <DIR> d-------- c:\arquivos de programas\MSXML 4.0

    2009-03-13 15:35 . 2008-08-14 10:24 2,193,408 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe

    2009-03-13 15:35 . 2008-08-14 10:24 2,149,376 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe

    2009-03-13 15:35 . 2008-08-14 10:24 2,070,272 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe

    2009-03-13 15:35 . 2008-08-14 10:24 2,028,032 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe

    2009-03-13 15:35 . 2008-06-14 14:34 272,384 --------- c:\windows\system32\drivers\bthport.sys

    2009-03-13 15:35 . 2008-06-14 14:34 272,384 -----c--- c:\windows\system32\dllcache\bthport.sys

    2009-03-13 15:34 . 2008-10-24 08:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys

    2009-03-13 15:34 . 2008-05-08 11:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys

    2009-03-13 15:34 . 2009-03-13 15:34 0 --a------ c:\windows\nsreg.dat

    2009-03-13 15:33 . 2008-12-11 07:57 333,952 -----c--- c:\windows\system32\dllcache\srv.sys

    2009-03-13 15:28 . 2009-03-15 20:31 <DIR> d-------- c:\windows\system32\pt-br

    2009-03-13 15:27 . 2008-04-11 16:05 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll

    2009-03-13 15:25 . 2009-03-13 15:32 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

    2009-03-13 15:25 . 2009-03-13 15:25 <DIR> d-------- c:\arquivos de programas\Spybot - Search & Destroy

    2009-03-13 15:23 . 2009-03-13 15:23 <DIR> d-------- c:\documents and settings\Everton-PC\Dados de aplicativos\Malwarebytes

    2009-03-13 15:23 . 2009-03-13 15:23 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

    2009-03-13 15:23 . 2009-03-13 15:23 <DIR> d-------- c:\arquivos de programas\Malwarebytes' Anti-Malware

    2009-03-13 15:23 . 2008-12-03 19:59 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

    2009-03-13 15:23 . 2008-12-03 19:59 15,504 --a------ c:\windows\system32\drivers\mbam.sys

    2009-03-13 15:20 . 2008-12-20 19:46 6,066,688 -----c--- c:\windows\system32\dllcache\ieframe.dll

    2009-03-13 15:20 . 2007-04-17 06:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat

    2009-03-13 15:20 . 2007-03-08 02:12 1,024,000 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui

    2009-03-13 15:20 . 2008-12-20 19:46 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll

    2009-03-13 15:20 . 2008-12-20 19:46 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll

    2009-03-13 15:20 . 2008-12-20 19:46 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll

    2009-03-13 15:20 . 2008-12-20 19:46 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll

    2009-03-13 15:20 . 2008-12-20 19:46 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll

    2009-03-13 15:20 . 2008-12-19 06:10 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe

    2009-03-13 15:18 . 2009-03-13 15:18 <DIR> d--h----- c:\windows\system32\GroupPolicy

    2009-03-13 15:18 . 2009-03-14 21:39 <DIR> d-------- C:\Downloads

    2009-03-13 15:17 . 2009-03-13 15:22 <DIR> d-------- C:\eb65b5463a3afefddaba1cc7

    2009-03-13 15:15 . 2009-03-16 21:42 <DIR> d-------- c:\documents and settings\Everton-PC\Dados de aplicativos\Internet Download Accelerator

    2009-03-13 15:14 . 2009-03-13 15:15 <DIR> d-------- c:\arquivos de programas\IDA

    2009-03-13 15:11 . 2009-03-13 15:11 <DIR> d-------- c:\arquivos de programas\Alwil Software

    2009-03-13 15:10 . 2009-03-16 17:19 <DIR> d--h----- c:\windows\$hf_mig$

    2009-03-13 15:07 . 2008-10-16 14:09 43,544 --a------ c:\windows\system32\wups2.dll

    2009-03-13 15:07 . 2008-10-16 14:09 31,768 --a------ c:\windows\system32\wucltui.dll.mui

    2009-03-13 15:07 . 2008-10-16 14:08 27,672 --a------ c:\windows\system32\wuaucpl.cpl.mui

    2009-03-13 15:07 . 2008-10-16 14:08 27,672 --a------ c:\windows\system32\wuapi.dll.mui

    2009-03-13 15:07 . 2008-10-16 14:07 18,968 --a------ c:\windows\system32\wuaueng.dll.mui

    2009-03-13 15:06 . 2009-03-13 15:06 <DIR> d--hs---- c:\documents and settings\Everton-PC\UserData

    .

    ((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2009-03-14 23:16 --------- d--h--w c:\arquivos de programas\InstallShield Installation Information

    2009-03-13 17:54 --------- d-----w c:\arquivos de programas\VIA

    2009-03-13 17:51 --------- d-----w c:\arquivos de programas\Arquivos comuns\InstallShield

    2009-03-13 17:45 --------- d-----w c:\arquivos de programas\AMD

    2009-03-13 17:44 --------- d-----w c:\documents and settings\Everton-PC\Dados de aplicativos\InstallShield

    2009-03-13 17:40 --------- d-----w c:\arquivos de programas\NVIDIA Corporation

    2009-03-13 17:39 --------- d-----w c:\arquivos de programas\Thomson

    2009-03-13 17:38 --------- d-----w c:\arquivos de programas\Telefonica

    2009-03-13 17:29 --------- d-----w c:\arquivos de programas\microsoft frontpage

    2009-03-13 17:27 --------- d-----w c:\arquivos de programas\Serviços on-line

    2009-03-13 17:27 --------- d-----w c:\arquivos de programas\Arquivos comuns\Serviços

    .

    ((((((((((((((((((((((((((((( SnapShot@2009-03-16_17.32.25.93 )))))))))))))))))))))))))))))))))))))))))

    .

    + 2009-03-17 14:55:07 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_348.dat

    + 2009-03-17 14:54:54 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_5d0.dat

    .

    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

    .

    .

    *Nota* entradas vazias e legítimas por defeito não são mostradas.

    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

    "Internet Download Accelerator"="c:\arquivos de programas\IDA\ida.exe" [2006-04-10 2934784]

    "SpybotSD TeaTimer"="c:\arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]

    "MSMSGS"="c:\arquivos de programas\Messenger\msmsgs.exe" [2008-04-13 1768960]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "SpeedTouch USB Diagnostics"="c:\arquivos de programas\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 944640]

    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]

    "HDAudDeck"="c:\arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-05-14 29904896]

    "tspuf"="c:\arquivos de programas\Telefonica\Speedy\SATUF.exe" [2004-03-23 106496]

    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]

    "avast!"="c:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 154728]

    "WinampAgent"="c:\arquivos de programas\Winamp\winampa.exe" [2008-08-03 36352]

    "SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-03-14 136600]

    "nwiz"="nwiz.exe" [2007-06-28 c:\windows\system32\nwiz.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

    c:\documents and settings\Everton-PC\Menu Iniciar\Programas\Inicializar\

    Adobe Media Player.lnk - c:\arquivos de programas\Adobe Media Player\Adobe Media Player.exe [2009-03-14 261632]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "EnableLUA"= 0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

    "DisableTaskMgr"= 1 (0x1)

    "DisableRegistryTools"= 1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

    "NoPublishingWizard"= 0 (0x0)

    "NoWebServices"= 0 (0x0)

    "NoOnlinePrintsWizard"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]

    "AntiVirusOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "%windir%\\system32\\sessmgr.exe"=

    "c:\\Documents and Settings\\Everton-PC\\Meus documentos\\VT6421\\SETUP.EXE"=

    "c:\\Documents and Settings\\Everton-PC\\Meus documentos\\Setups\\IE7-WindowsXP-x86-ptb.exe"=

    "c:\\Arquivos de programas\\VIA\\VIAudioi\\HDADeck\\HDeck.exe"=

    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    "c:\\WINDOWS\\system32\\wuauclt.exe"=

    "c:\\ARQUIV~1\\ALWILS~1\\Avast4\\ashDisp.exe"=

    "c:\\WINDOWS\\system32\\wscntfy.exe"=

    "c:\\Arquivos de programas\\Malwarebytes' Anti-Malware\\mbam.exe"=

    "c:\\WINDOWS\\system32\\nwiz.exe"=

    "c:\\WINDOWS\\system32\\userinit.exe"=

    "c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

    "c:\\Arquivos de programas\\Telefonica\\Speedy\\SATUF.exe"=

    "c:\\Arquivos de programas\\Thomson\\SpeedTouch USB\\Dragdiag.exe"=

    "c:\\Arquivos de programas\\Java\\jre6\\bin\\jusched.exe"=

    "c:\\Arquivos de programas\\IDA\\ida.exe"=

    "c:\\Arquivos de programas\\Gravity\\Ragnarok Online\\npkhbid.dll"=

    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-03-13 114768]

    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-03-13 20560]

    R3 alcan5ln;SpeedTouch USB ADSL RFC1483 Networking Driver (NDIS);c:\windows\system32\drivers\alcan5ln.sys [2009-03-13 36256]

    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-03-13 238080]

    --- ---

    *NewlyCreated* - ASC3360PR

    .

    .

    ------- Scan Suplementar -------

    .

    uStart Page = hxxp://www.google.com.br/

    IE: Download ALL with IDA - c:\arquivos de programas\IDA\idaieall.htm

    IE: Download with IDA - c:\arquivos de programas\IDA\idaie.htm

    LSP: %SYSTEMROOT%\system32\nvLsp.dll

    TCP: {318E0B78-3CDA-481D-9568-D2804DB9013C} = 200.204.0.10 200.204.0.138

    FF - ProfilePath - c:\documents and settings\Everton-PC\Dados de aplicativos\Mozilla\Firefox\Profiles\qg10d6gz.default\

    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/

    FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

    ---- FIREFOX POLICIES ----

    c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2009-03-17 11:55:05

    Windows 5.1.2600 Service Pack 3 NTFS

    Procurando processos ocultos ...

    Procurando entradas auto inicializáveis ocultas ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    HDAudDeck = c:\arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????????????

    Procurando ficheiros/arquivos ocultos ...

    Varredura completada com sucesso

    arquivos/ficheiros ocultos: 0

    **************************************************************************

    .

    --------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

    - - - - - - - > 'lsass.exe'(788)

    c:\windows\system32\nvLsp.dll

    .

    ------------------------ Outros Processos em Execução ------------------------

    .

    c:\arquivos de programas\Java\jre6\bin\jqs.exe

    c:\windows\system32\nvsvc32.exe

    c:\windows\system32\wdfmgr.exe

    c:\arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe

    c:\arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe

    c:\windows\system32\rundll32.exe

    c:\windows\system32\wscntfy.exe

    .

    **************************************************************************

    .

    Tempo para conclusão: 2009-03-17 11:57:13 - Máquina reiniciou

    ComboFix-quarantined-files.txt 2009-03-17 14:57:11

    ComboFix2.txt 2009-03-16 20:34:03

    Pré-execução: 11 pasta(s) 202.353.123.328 bytes disponíveis

    Pós execução: 11 pasta(s) 202,465,513,472 bytes disponíveis

    234 --- E O F --- 2009-03-16 20:19:57

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Olá,

    Faça o download do Malwarebytes Anti-Malware:

    • Link1
    • Link alternativo
      • Duplo-clique em mbam-setup.exe, escolha a linguagem e siga as instruções para o software ser instalado.
      • Certifique-se que marca a caixa Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware, e clique em concluir.
      • Se existirem atualizações, elas serão baixadas e instaladas.
      • Quando as atualizações terminarem, abrirá uma janela do programa. Marque "Verificação Rápida", e depois clique no botão Verificar.
      • O scan iniciará e poderá ser demorado. Por favor seja paciente.
      • Quando o scan estiver completo, clique em Ok, depois em Mostrar Resultados para ver o log.
      • Se algo for encontrado, certifique-se que tudo está marcado e clique em Remover.
      • Quando a desinfecção terminar, automaticamente um log surgirá aberto num documento do Bloco de Notas e pode ser questionado para reiniciar o PC. (Leia a nota)
      • O log é automaticamente guardado e pode ser consultado clicando na tab Logs do menu principal.
      • Copie e cole o conteúdo desse log na sua próxima resposta, juntamente com um novo log do HijackThis.

    Nota: Em infecções mais complicadas, poderá haver a necessidade de reiniciar o PC. Caso lhe seja pedido para reiniciar o PC, por favor, faça-o imediatamente.

    Imprima ou salve estas instruções, pois vais segui-las sem acesso à internet!

    Faça o download do DrWeb-CureIt.

    Salve-o no seu ambiente/área de trabalho (desktop) mas não o utilize ainda.

    Reinicie o computador em Modo Seguro (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização)

    Faça um scan com o DrWeb-CureIt:

    • Duplo click no drweb-cureit.exe para o programa ser iniciado. Irá aparecer: "Express Scan of your PC".
    • Debaixo de "Start the Express Scan Now", Click "OK" para começar. É um pequeno scan para os arquivos que estão rodando na memoria e quando algo for encontrado, click no botão Yes quando lhe for perguntado se quer curar o arquivo.
    • Quando esse pequeno scan acabar, Clique em Options --» Change settings
    • Escolha "Scan tab" e UNcheck "Heuristic analysis"
    • Volte à janela principal, clique "Select drives" (um ponto vermelho irá mostrar quais os drives escolhidos)
    • Clique no botão "Start/Stop Scanning" (seta verde à direita) e o scan será começado.
    • Quando terminar, aparecerá a mensagem avisando se algum virus foi encontrado.
    • Click "Yes to all" se lhe for perguntado se quer curar/mover o arquivo (cure/move).
    • Quando o scan terminar, veja se consegue clicar no icone perto dos arquivos encontrados:
      checkan5.jpg
    • Se conseguir, clique nele e depois escolha "Move incurable", tal como a imagem abaixo:
      4tf829w.gif
      (Os arquivos serão movidos para: C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder se não puderem ser curados)
    • Em cima no menu do Dr.Web CureIt, clique file e escolha save report list.
    • Salve o log DrWeb.csv no seu desktop.
    • Saía do Dr.Web Cureit.
    • Importante! Reinicie o seu PC, para que seja possivel concluir o processo de mover ou apagar os arquivos.
    • Depois de reiniciar, cole o resultado do log do Dr.Web (DrWeb.cvs report)

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    De acordo com as regras deste fórum, tópicos inativos são arquivados, isto é, fechados e movidos para um fórum de "tópicos arquivados". Caso o autor do tópico necessite poderá entrar em contato com a moderação solicitando a reabertura deste tópico.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Visitante
    Este tópico está impedido de receber novos posts.
    Entre para seguir isso  





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×