Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Reinaldo Alves

Ajuda

Recommended Posts

Meu pc anda lento, travando e reiniciando sozinho. Peço por favor que analizem os logs para verificar qual procedimento devo tomar. Desde já agradeço.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 1/8/2010 13:43:43

System Uptime: 8/7/2010 22:24:16 (731 hours ago)

Motherboard: FOXCONN | | A6VMX

Processor: AMD Athlon II X2 245 Processor | Socket 940 | 2900/200mhz

==== Disk Partitions =========================

A: is Removable

C: is FIXED (NTFS) - 105 GiB total, 28,951 GiB free.

D: is FIXED (NTFS) - 44 GiB total, 43,973 GiB free.

E: is CDROM ()

F: is CDROM ()

G: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 1/8/2010 13:47:56 - Ponto de verificação do sistema

RP2: 1/8/2010 14:05:32 - DirectX instalado

RP3: 1/8/2010 14:18:07 - Atualizar para driver não assinado

RP4: 1/8/2010 15:04:43 - Installed AVG Free 8.0

RP5: 1/8/2010 15:19:19 - Instalado Nero 7 Ultra Edition

RP6: 1/8/2010 15:23:44 - Installed PowerDVD

RP7: 1/8/2010 15:38:56 - Instalado Windows Live Messenger

RP8: 1/8/2010 15:39:15 - Installed Windows Live Sign-in Assistant

RP9: 1/8/2010 15:44:27 - Instalado Microsoft Office Professional Edição 2003

RP10: 1/8/2010 19:58:52 - SPTD setup V1.62

RP11: 1/8/2010 20:38:20 - Windows Internet Explorer 8 Instalado.

RP12: 1/8/2010 21:05:17 - Installed Prince of Persia The Forgotten Sands™

RP13: 1/8/2010 22:20:42 - DirectX instalado

RP14: 2/8/2010 03:00:17 - Software Distribution Service 3.0

RP15: 2/8/2010 16:38:26 - Installed ChaosLegion

RP16: 2/8/2010 16:44:14 - Installed ChaosLegion

RP17: 2/8/2010 16:44:17 - Installed ChaosLegion

RP18: 3/8/2010 17:37:35 - Ponto de verificação do sistema

RP19: 3/8/2010 17:42:50 - Installed AVG Free 9.0

RP20: 3/8/2010 18:16:31 - Removed AVG Free 9.0

RP21: 3/8/2010 18:21:04 - Installed AVG Free 9.0

RP22: 3/8/2010 20:35:03 - Installed Windows XP MSCompPackV1.

RP23: 3/8/2010 21:04:37 - Software Distribution Service 3.0

RP24: 4/8/2010 04:33:37 - avast! Free Antivirus Setup

RP25: 4/8/2010 04:36:35 - Removed AVG Free 9.0

RP26: 4/8/2010 04:38:34 - Installed AVG Free 9.0

RP27: 4/8/2010 04:53:59 - Software Distribution Service 3.0

RP28: 4/8/2010 12:13:14 - Software Distribution Service 3.0

RP29: 4/8/2010 15:24:26 - Software Distribution Service 3.0

RP30: 4/8/2010 15:29:01 - Software Distribution Service 3.0

RP31: 4/8/2010 21:20:00 - Software Distribution Service 3.0

RP32: 5/8/2010 22:01:08 - Ponto de verificação do sistema

RP33: 6/8/2010 03:00:22 - Software Distribution Service 3.0

RP34: 6/8/2010 04:22:12 - Installed Age of Empires III

RP35: 7/8/2010 15:45:30 - Ponto de verificação do sistema

RP36: 7/8/2010 17:38:04 - Installed Dual-Core Optimizer.

==== Installed Programs ======================

ACE Mega CoDecS Pack

Adobe Flash Player 10 ActiveX

Adobe Flash Player Plugin

Age of Empires III

Arquivo do WinRAR

Assistente de Conexão do Windows Live

ATI - Software Uninstall Utility

µTorrent

Atualização de Segurança para o Windows Media Player (KB954155)

Atualização de Segurança para o Windows Media Player (KB973540)

Atualização de Segurança para o Windows Media Player (KB978695)

Atualização de Segurança para Windows Internet Explorer 8 (KB971961)

Atualização de Segurança para Windows Internet Explorer 8 (KB981332)

Atualização de Segurança para Windows Internet Explorer 8 (KB982381)

Atualização de Segurança para Windows XP (KB2229593)

Atualização de Segurança para Windows XP (KB2286198)

Atualização de Segurança para Windows XP (KB923561)

Atualização de Segurança para Windows XP (KB946648)

Atualização de Segurança para Windows XP (KB950760)

Atualização de Segurança para Windows XP (KB950762)

Atualização de Segurança para Windows XP (KB950974)

Atualização de Segurança para Windows XP (KB951376-v2)

Atualização de Segurança para Windows XP (KB951748)

Atualização de Segurança para Windows XP (KB952004)

Atualização de Segurança para Windows XP (KB952954)

Atualização de Segurança para Windows XP (KB954459)

Atualização de Segurança para Windows XP (KB955069)

Atualização de Segurança para Windows XP (KB956572)

Atualização de Segurança para Windows XP (KB956744)

Atualização de Segurança para Windows XP (KB956802)

Atualização de Segurança para Windows XP (KB956803)

Atualização de Segurança para Windows XP (KB956844)

Atualização de Segurança para Windows XP (KB958644)

Atualização de Segurança para Windows XP (KB958869)

Atualização de Segurança para Windows XP (KB959426)

Atualização de Segurança para Windows XP (KB960225)

Atualização de Segurança para Windows XP (KB960803)

Atualização de Segurança para Windows XP (KB960859)

Atualização de Segurança para Windows XP (KB961501)

Atualização de Segurança para Windows XP (KB969059)

Atualização de Segurança para Windows XP (KB970238)

Atualização de Segurança para Windows XP (KB970430)

Atualização de Segurança para Windows XP (KB971468)

Atualização de Segurança para Windows XP (KB971657)

Atualização de Segurança para Windows XP (KB972270)

Atualização de Segurança para Windows XP (KB973507)

Atualização de Segurança para Windows XP (KB973869)

Atualização de Segurança para Windows XP (KB973904)

Atualização de Segurança para Windows XP (KB974112)

Atualização de Segurança para Windows XP (KB974318)

Atualização de Segurança para Windows XP (KB974392)

Atualização de Segurança para Windows XP (KB974571)

Atualização de Segurança para Windows XP (KB975025)

Atualização de Segurança para Windows XP (KB975467)

Atualização de Segurança para Windows XP (KB975560)

Atualização de Segurança para Windows XP (KB975561)

Atualização de Segurança para Windows XP (KB975562)

Atualização de Segurança para Windows XP (KB975713)

Atualização de Segurança para Windows XP (KB977816)

Atualização de Segurança para Windows XP (KB977914)

Atualização de Segurança para Windows XP (KB978037)

Atualização de Segurança para Windows XP (KB978338)

Atualização de Segurança para Windows XP (KB978542)

Atualização de Segurança para Windows XP (KB978601)

Atualização de Segurança para Windows XP (KB978706)

Atualização de Segurança para Windows XP (KB979309)

Atualização de Segurança para Windows XP (KB979482)

Atualização de Segurança para Windows XP (KB979559)

Atualização de Segurança para Windows XP (KB979683)

Atualização de Segurança para Windows XP (KB980195)

Atualização de Segurança para Windows XP (KB980218)

Atualização de Segurança para Windows XP (KB980232)

Atualização para Windows Internet Explorer 8 (KB976662)

Atualização para Windows XP (KB898461)

Atualização para Windows XP (KB951978)

Atualização para Windows XP (KB955759)

Atualização para Windows XP (KB961503)

Atualização para Windows XP (KB967715)

Atualização para Windows XP (KB968389)

Atualização para Windows XP (KB971737)

Atualização para Windows XP (KB973687)

Atualização para Windows XP (KB973815)

avast! Free Antivirus

ChaosLegion

DAEMON Tools Toolbar

Discador iG V9.00

Dual-Core Optimizer

DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.0.9.0

Easy CD-DA Extractor 11

Ferramenta de Carregamento do Windows Live

Google Chrome

Google Earth

Google Update Helper

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB954550-v5)

Hotfix para Windows XP (KB952287)

Hotfix para Windows XP (KB961118)

Hotfix para Windows XP (KB981793)

InterApp Control 2.55

Megacubo 7.5.0

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Office Professional Edição 2003

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Nero 7 Ultra Edition

neroxml

NVIDIA Drivers

NVIDIA PhysX

OGA Notifier 2.0.0048.0

Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0

PCI SoftV92 Modem

PowerDVD

PowerDVD Ultra

Prince of Persia The Forgotten Sands™

Realtek High Definition Audio Driver

Segoe UI

The Sims™ histórias de Bichos

Ubisoft Game Launcher

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Windows Internet Explorer 8

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Messenger

Windows Media Format 11 runtime

Windows Media Player 11

==== End Of File ===========================

DDS (Ver_10-03-17.01) - NTFSx86

Run by reinaldo at 9:10:31,23 on dom 08/08/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1023.462 [GMT -3:00]

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe

C:\Arquivos de programas\qubnfe\qubnfe.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\iG\discador.exe

C:\WINDOWS\system32\OSK.exe

C:\WINDOWS\system32\MSSWCHX.EXE

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\Arquivos de programas\uTorrent\uTorrent.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Documents and Settings\reinaldo\Desktop\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.br/

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll

TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\arquivos de programas\daemon tools toolbar\DTToolbar.dll

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

uRun: [msnmsgr] "c:\arquivos de programas\windows live\messenger\msnmsgr.exe" /background

uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\arquivos de programas\arquivos comuns\ahead\lib\NMBgMonitor.exe"

uRun: [DAEMON Tools Lite] "c:\arquivos de programas\daemon tools lite\DTLite.exe" -autorun

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [NeroFilterCheck] c:\arquivos de programas\arquivos comuns\ahead\lib\NeroCheck.exe

mRun: [RemoteControl] "c:\arquivos de programas\cyberlink\powerdvd\PDVDServ.exe"

mRun: [LanguageShortcut] "c:\arquivos de programas\cyberlink\powerdvd\language\Language.exe"

mRun: [avast5] c:\arquiv~1\alwils~1\avast5\avastUI.exe /nogui

mRun: [qubnfe] c:\arquivos de programas\qubnfe\qubnfe.exe /auto

mRun: [amd_dc_opt] c:\arquivos de programas\amd\dual-core optimizer\amd_dc_opt.exe

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\discad~1.lnk - c:\arquivos de programas\ig\discador.exe

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~2\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~2\office11\REFIEBAR.DLL

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-8-4 165456]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-8-4 17744]

R2 avast! Antivirus;avast! Antivirus;c:\arquivos de programas\alwil software\avast5\AvastSvc.exe [2010-8-4 40384]

R2 StarWindServiceAE;StarWind AE Service;c:\arquivos de programas\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]

S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\google\update\GoogleUpdate.exe [2010-8-3 136176]

S3 avast! Mail Scanner;avast! Mail Scanner;c:\arquivos de programas\alwil software\avast5\AvastSvc.exe [2010-8-4 40384]

S3 avast! Web Scanner;avast! Web Scanner;c:\arquivos de programas\alwil software\avast5\AvastSvc.exe [2010-8-4 40384]

S3 FXDrv32;FXDrv32;\??\e:\fxdrv32.sys --> e:\FXDrv32.sys [?]

=============== Created Last 30 ================

2010-08-08 12:00:21 0 d-----w- c:\arquivos de programas\Alcohol Soft

2010-08-07 20:38:06 34304 ----a-w- c:\windows\system32\drivers\AmdLLD.sys

2010-08-07 20:38:05 0 d-----w- c:\arquivos de programas\AMD

2010-08-06 19:05:06 151 ----a-w- c:\documents and settings\reinaldo\default.pls

2010-08-06 07:43:08 0 d-----w- c:\arquivos de programas\GameVicio

2010-08-06 07:28:44 0 d-----w- c:\arquivos de programas\Microsoft Games

2010-08-05 19:30:03 69 ----a-w- c:\windows\NeroDigital.ini

2010-08-04 22:16:06 0 d-----w- c:\arquivos de programas\uTorrent

2010-08-04 22:14:55 0 d-----w- c:\docume~1\reinaldo\dadosd~1\uTorrent

2010-08-04 18:39:52 106496 ----a-w- c:\windows\system32\ldrsrvc.exe

2010-08-04 18:39:52 0 d-----w- c:\docume~1\alluse~1\dadosd~1\InterApp

2010-08-04 18:39:48 662288 ----a-w- c:\windows\system32\mscomct2.ocx

2010-08-04 18:39:48 608448 ----a-w- c:\windows\system32\comctl32.ocx

2010-08-04 18:39:48 372736 ----a-w- c:\windows\system32\wintbr.ocx

2010-08-04 18:39:48 203976 ----a-w- c:\windows\system32\richtx32.ocx

2010-08-04 18:39:48 166200 ----a-w- c:\windows\system32\msmask32.ocx

2010-08-04 18:39:48 140488 ----a-w- c:\windows\system32\comdlg32.ocx

2010-08-04 18:39:47 115920 ----a-w- c:\windows\system32\msinet.ocx

2010-08-04 18:39:47 0 d-sh--w- c:\arquivos de programas\qubnfe

2010-08-04 18:32:50 0 d-----w- c:\windows\system32\XPSViewer

2010-08-04 18:32:17 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2010-08-04 18:32:17 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2010-08-04 18:32:17 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll

2010-08-04 18:32:17 575488 ------w- c:\windows\system32\xpsshhdr.dll

2010-08-04 18:32:17 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll

2010-08-04 18:32:17 1676288 ------w- c:\windows\system32\xpssvcs.dll

2010-08-04 18:32:17 117760 ------w- c:\windows\system32\prntvpt.dll

2010-08-04 18:32:17 0 d-----w- C:\e9c15aaa781c8647bbc0

2010-08-04 07:33:43 38848 ----a-w- c:\windows\avastSS.scr

2010-08-04 07:33:37 0 d-----w- c:\docume~1\alluse~1\dadosd~1\Alwil Software

2010-08-04 00:09:49 0 d-----w- c:\windows\system32\KB905474

2010-08-04 00:04:57 0 d-----w- c:\arquivos de programas\MSXML 4.0

2010-08-03 23:36:19 0 d-----w- c:\arquivos de programas\Windows Media Connect 2

2010-08-03 21:59:38 0 d-----w- c:\arquivos de programas\SopCast

2010-08-03 21:59:38 0 d-----w- c:\arquivos de programas\Orban

2010-08-03 21:59:27 0 d-----w- c:\arquivos de programas\Megacubo

2010-08-03 20:42:37 0 d-----w- c:\windows\SxsCaPendDel

2010-08-03 19:24:02 0 d-----w- c:\documents and settings\reinaldo\Tracing

2010-08-03 19:21:19 0 d-----w- c:\arquivos de programas\Microsoft

2010-08-03 19:21:01 0 d-----w- c:\arquivos de programas\Windows Live SkyDrive

2010-08-03 18:59:30 2194176 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe

2010-08-03 18:59:28 2150400 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe

2010-08-03 18:59:27 2028544 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe

2010-08-03 18:56:24 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2010-08-03 18:56:24 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2010-08-03 18:56:22 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2010-08-03 18:56:22 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2010-08-03 18:56:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2010-08-03 18:56:21 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll

2010-08-03 18:56:21 11076096 -c----w- c:\windows\system32\dllcache\ieframe.dll

2010-08-03 18:15:08 274288 ----a-w- c:\windows\system32\mucltui.dll

2010-08-03 18:15:08 215920 ----a-w- c:\windows\system32\muweb.dll

2010-08-03 18:15:08 17264 ----a-w- c:\windows\system32\mucltui.dll.mui

2010-08-02 19:44:21 0 d-----w- c:\arquivos de programas\directx

2010-08-02 19:38:27 0 d-----w- c:\arquivos de programas\CAPCOM

2010-08-02 07:38:20 272384 -c----w- c:\windows\system32\dllcache\bthport.sys

2010-08-02 07:38:20 272384 ------w- c:\windows\system32\drivers\bthport.sys

2010-08-02 07:04:50 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys

2010-08-02 06:00:24 0 d-----w- c:\windows\system32\PreInstall

2010-08-02 03:02:50 0 d-----w- c:\arquivos de programas\arquivos comuns\Windows Live

2010-08-02 00:52:47 0 d-----w- c:\documents and settings\reinaldo\Contacts

2010-08-02 00:50:23 268 ---ha-w- C:\sqmdata02.sqm

2010-08-02 00:50:23 244 ---ha-w- C:\sqmnoopt02.sqm

2010-08-02 00:12:56 0 d-----w- c:\windows\Logs

2010-08-01 23:45:37 0 d-sh--w- c:\documents and settings\reinaldo\IECompatCache

2010-08-01 23:44:13 0 d-sh--w- c:\documents and settings\reinaldo\PrivacIE

2010-08-01 23:43:27 0 d-sh--w- c:\documents and settings\reinaldo\IETldCache

2010-08-01 23:38:48 0 d-----w- c:\windows\Offline Web Pages

2010-08-01 23:38:02 26144 ----a-w- c:\windows\system32\spupdsvc.exe

2010-08-01 23:37:11 0 dc-h--w- c:\windows\ie8

2010-08-01 23:07:03 0 d-----w- c:\arquivos de programas\DAEMON Tools Toolbar

2010-08-01 22:58:54 691696 ----a-w- c:\windows\system32\drivers\sptd.sys

2010-08-01 22:58:31 0 d-----w- c:\arquivos de programas\DAEMON Tools Lite

2010-08-01 22:58:22 0 d-----w- c:\docume~1\reinaldo\dadosd~1\DAEMON Tools Lite

2010-08-01 22:58:18 0 d-----w- c:\docume~1\alluse~1\dadosd~1\DAEMON Tools Lite

2010-08-01 22:16:31 268 ---ha-w- C:\sqmdata01.sqm

2010-08-01 22:16:31 244 ---ha-w- C:\sqmnoopt01.sqm

2010-08-01 22:12:36 268 ---ha-w- C:\sqmdata00.sqm

2010-08-01 22:12:36 244 ---ha-w- C:\sqmnoopt00.sqm

2010-08-01 21:23:52 87608 ----a-w- c:\docume~1\reinaldo\dadosd~1\inst.exe

2010-08-01 21:23:52 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys

2010-08-01 21:23:52 47360 ----a-w- c:\docume~1\reinaldo\dadosd~1\pcouffin.sys

2010-08-01 21:23:43 0 d-----w- c:\arquivos de programas\DVDFab 5

2010-08-01 19:40:51 0 d-----w- c:\arquivos de programas\iG

2010-08-01 19:37:58 0 d-----w- c:\windows\system32\SoftwareDistribution

2010-08-01 19:29:10 0 d-sh--w- c:\documents and settings\reinaldo\UserData

2010-08-01 19:00:42 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys

2010-08-01 18:53:05 0 d-----w- c:\windows\Easy CD-DA Extractor 11.0.3

2010-08-01 18:53:05 0 d-----w- c:\arquivos de programas\Easy CD-DA Extractor 11

2010-08-01 18:46:44 421 ----a-w- c:\windows\ODBC.INI

2010-08-01 18:46:33 28040 ----a-w- c:\windows\system32\mdimon.dll

2010-08-01 18:44:37 0 d-----w- c:\windows\SHELLNEW

2010-08-01 18:40:00 0 d--h--w- c:\windows\$hf_mig$

2010-08-01 18:29:05 53248 ----a-w- c:\windows\system32\vp6dec_settings.cpl

2010-08-01 18:28:45 0 d-----w- c:\arquivos de programas\ACE Mega CoDecS Pack

2010-08-01 18:23:54 505392 ----a-w- c:\windows\system32\msvcp71.dll

2010-08-01 18:23:54 353840 ----a-w- c:\windows\system32\msvcr71.dll

2010-08-01 18:19:23 0 d-----w- c:\docume~1\alluse~1\dadosd~1\Nero

2010-08-01 18:19:23 0 d-----w- c:\arquivos de programas\Nero

2010-08-01 18:19:23 0 d-----w- c:\arquivos de programas\arquivos comuns\Ahead

2010-08-01 18:18:51 0 d-----w- c:\windows\RegisteredPackages

2010-08-01 18:04:44 0 d-----w- c:\arquivos de programas\AVG

2010-08-01 17:18:19 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys

2010-08-01 17:18:19 16128 ----a-w- c:\windows\system32\drivers\MODEMCSA.sys

2010-08-01 17:18:12 172032 ----a-r- c:\windows\system32\Uci32114.dll

2010-08-01 17:18:11 94208 ----a-r- c:\windows\system32\mdmxsdk.dll

2010-08-01 17:18:11 144201 ----a-r- c:\windows\system32\drivers\HSFProf.cty

2010-08-01 17:18:11 0 d-----w- c:\arquivos de programas\CONEXANT

2010-08-01 17:18:10 12672 ----a-r- c:\windows\system32\drivers\mdmxsdk.sys

2010-08-01 17:18:09 989696 ----a-r- c:\windows\system32\drivers\HSF_DPV.sys

2010-08-01 17:18:09 257408 ----a-r- c:\windows\system32\drivers\HSFHWBS2.sys

2010-08-01 17:18:08 730112 ----a-r- c:\windows\system32\drivers\HSF_CNXT.sys

2010-08-01 17:15:51 940794 ----a-w- c:\windows\system32\LoopyMusic.wav

2010-08-01 17:15:51 146650 ----a-w- c:\windows\system32\BuzzingBee.wav

2010-08-01 17:15:50 0 d-----w- c:\windows\system32\Lang

2010-08-01 17:13:48 0 d-----w- c:\windows\system32\ReinstallBackups

2010-08-01 17:13:42 0 d-----w- c:\arquivos de programas\ATI Technologies

2010-08-01 17:13:19 0 d-----w- c:\arquivos de programas\arquivos comuns\InstallShield

2010-08-01 17:11:52 16862720 ----a-r- c:\windows\RTHDCPL.EXE

2010-08-01 17:11:50 4742144 ----a-r- c:\windows\system32\drivers\RtkHDAud.sys

2010-08-01 17:11:49 4096 -c--a-w- c:\windows\system32\dllcache\ksuser.dll

2010-08-01 17:11:49 4096 ----a-w- c:\windows\system32\ksuser.dll

2010-08-01 17:11:49 146048 -c--a-w- c:\windows\system32\dllcache\portcls.sys

2010-08-01 17:11:49 146048 ----a-w- c:\windows\system32\drivers\portcls.sys

2010-08-01 17:11:48 60160 -c--a-w- c:\windows\system32\dllcache\drmk.sys

2010-08-01 17:11:48 60160 ----a-w- c:\windows\system32\drivers\drmk.sys

2010-08-01 17:11:48 129536 -c--a-w- c:\windows\system32\dllcache\ksproxy.ax

2010-08-01 17:11:48 129536 ----a-w- c:\windows\system32\ksproxy.ax

2010-08-01 17:11:47 0 d-----w- C:\ATI

2010-08-01 17:08:05 73728 ----a-r- c:\windows\system32\RtNicProp32.dll

2010-08-01 17:08:05 120064 ----a-r- c:\windows\system32\drivers\Rtenicxp.sys

2010-08-01 16:59:01 0 d-----w- c:\arquivos de programas\arquivos comuns\Wise Installation Wizard

2010-08-01 16:39:58 0 d-sh--w- c:\documents and settings\all users\DRM

2010-08-01 16:39:39 0 d--h--w- c:\arquivos de programas\WindowsUpdate

2010-08-01 16:39:35 0 d-----w- c:\arquivos de programas\Serviços on-line

2010-08-01 16:39:02 0 d-----w- c:\arquivos de programas\arquivos comuns\Serviços

2010-08-01 16:38:58 0 d-----w- c:\arquivos de programas\arquivos comuns\MSSoap

2010-08-01 16:37:00 0 d-----w- c:\arquivos de programas\Messenger

2010-08-01 16:36:56 0 d-----w- c:\arquivos de programas\MSN Gaming Zone

2010-08-01 16:36:31 0 d-----w- c:\arquivos de programas\Windows NT

2010-08-01 13:32:05 0 d-----w- c:\arquivos de programas\arquivos comuns\ODBC

2010-08-01 13:32:01 0 d-----w- c:\arquivos de programas\arquivos comuns\SpeechEngines

2010-08-01 13:31:31 0 d--h--w- c:\documents and settings\all users\Modelos

2010-08-01 13:31:31 0 d-----w- c:\documents and settings\all users\Favoritos

2010-08-01 13:31:31 0 d-----r- c:\documents and settings\all users\Menu Iniciar

2010-08-01 13:31:31 0 d-----r- c:\documents and settings\all users\Documentos

2010-08-01 13:29:57 0 d--h--r- c:\documents and settings\all users\Dados de aplicativos

==================== Find3M ====================

2010-08-06 06:13:29 79022 ----a-w- c:\windows\system32\perfc016.dat

2010-08-06 06:13:29 468108 ----a-w- c:\windows\system32\perfh016.dat

2010-08-01 16:37:35 21844 ----a-w- c:\windows\system32\emptyregdb.dat

============= FINISH: 9:11:01,84 ===============

ccccGMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-08-08 10:38:00

Windows 5.1.2600 Service Pack 3

Running: gmer.exe; Driver: C:\DOCUME~1\reinaldo\CONFIG~1\Temp\kgediaow.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF1EECCD2]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xF1EECB8E]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteKey [0xF1EED142]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xF1EED06C]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF1EEC764]

SSDT spdm.sys ZwEnumerateKey [0xF7401DA4]

SSDT spdm.sys ZwEnumerateValueKey [0xF7402132]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF1EECC68]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xF1EEC6A4]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xF1EEC708]

SSDT spdm.sys ZwQueryKey [0xF740220A]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF1EECD88]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xF1EED210]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF1EECD48]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF1EECEC8]

INT 0x62 ? 867D8BF8

INT 0x63 ? 865CFBF8

INT 0x63 ? 865CFBF8

INT 0x73 ? 865CFBF8

INT 0x73 ? 865CFBF8

INT 0x82 ? 867D8BF8

INT 0x83 ? 867D8BF8

INT 0x94 ? 865CFBF8

INT 0xB1 ? 8676ABF8

INT 0xB1 ? 8676ABF8

INT 0xB4 ? 865CFBF8

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xF1EF9B9C]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xF1EF99C0]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xF1EF9AFA]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntkrnlpa.exe!ZwLoadDriver 8058413A 7 Bytes JMP F1EF9AFE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)

PAGE ntkrnlpa.exe!NtCreateSection 805AB38E 7 Bytes JMP F1EF99C4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)

PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC502 5 Bytes JMP F1EF55B4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)

PAGE ntkrnlpa.exe!ObInsertObject 805C2F86 5 Bytes JMP F1EF6F6C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)

PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1134 7 Bytes JMP F1EF9BA0 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)

? spdm.sys O sistema não pode encontrar o arquivo especificado. !

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF4BCB360, 0x35483F, 0xE8000020]

.text USBPORT.SYS!DllUnload F4B8D8AC 5 Bytes JMP 865CF1D8

.text amnaqo95.SYS F48CC384 1 Byte [20]

.text amnaqo95.SYS F48CC384 37 Bytes [20, 00, 00, 68, 00, 00, 00, ...]

.text amnaqo95.SYS F48CC3AA 24 Bytes [00, 00, 20, 00, 00, E0, 00, ...]

.text amnaqo95.SYS F48CC3C4 3 Bytes [00, 00, 00]

.text amnaqo95.SYS F48CC3C9 1 Byte [00]

.text ...

.text ax7d8mnb.SYS F4893386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]

.text ax7d8mnb.SYS F48933AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]

.text ax7d8mnb.SYS F48933C4 3 Bytes [00, 80, 02]

.text ax7d8mnb.SYS F48933C9 1 Byte [30]

.text ax7d8mnb.SYS F48933C9 11 Bytes [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}

.text ...

C:\Arquivos de programas\CyberLink\PowerDVD\000.fcl entry point in "" section [0xB9C36000]

.clc C:\Arquivos de programas\CyberLink\PowerDVD\000.fcl unknown last section [0xB9C37000, 0x1000, 0x00000000]

---- User code sections - GMER 1.0.15 ----

.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3584] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 403354C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3584] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 40409AC9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3584] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 403FD0ED C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3584] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 4040DB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3584] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 4037467C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3584] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 4050480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3584] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 40504741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3584] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 405047AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3584] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 40504612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3584] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 40504674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3584] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 40504872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3584] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 405046D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3584] ole32.dll!CoCreateInstance 774E057E 5 Bytes JMP 4040DB78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3584] ole32.dll!OleLoadFromStream 77509C85 5 Bytes JMP 40504B77 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3588] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 403354C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3588] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 4040DB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3588] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 4050480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3588] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 40504741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3588] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 405047AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3588] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 40504612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3588] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 40504674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3588] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 40504872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3588] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 405046D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3844] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 403354C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3844] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 40409AC9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3844] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 403FD0ED C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3844] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 4040DB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3844] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 4037467C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3844] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 4050480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3844] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 40504741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3844] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 405047AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3844] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 40504612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3844] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 40504674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3844] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 40504872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3844] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 405046D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3844] ole32.dll!CoCreateInstance 774E057E 5 Bytes JMP 4040DB78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3844] ole32.dll!OleLoadFromStream 77509C85 5 Bytes JMP 40504B77 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F73EA042] spdm.sys

IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F73EA13E] spdm.sys

IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F73EA0C0] spdm.sys

IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F73EA800] spdm.sys

IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F73EA6D6] spdm.sys

IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F73F9B90] spdm.sys

IAT \SystemRoot\System32\Drivers\amnaqo95.SYS[HAL.dll!KfAcquireSpinLock] 00000034

IAT \SystemRoot\System32\Drivers\amnaqo95.SYS[HAL.dll!READ_PORT_UCHAR] 0000008E

IAT \SystemRoot\System32\Drivers\amnaqo95.SYS[HAL.dll!KeGetCurrentIrql] 00000043

IAT \SystemRoot\System32\Drivers\amnaqo95.SYS[HAL.dll!KfRaiseIrql] 00000044

IAT \SystemRoot\System32\Drivers\amnaqo95.SYS[HAL.dll!KfLowerIrql] 000000C4

IAT \SystemRoot\System32\Drivers\amnaqo95.SYS[HAL.dll!HalGetInterruptVector] 000000DE

IAT \SystemRoot\System32\Drivers\amnaqo95.SYS[HAL.dll!HalTranslateBusAddress] 000000E9

IAT \SystemRoot\System32\Drivers\amnaqo95.SYS[HAL.dll!KeStallExecutionProcessor] 000000CB

IAT \SystemRoot\System32\Drivers\amnaqo95.SYS[HAL.dll!KfReleaseSpinLock] 00000054

IAT \SystemRoot\System32\Drivers\amnaqo95.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 0000007B

IAT \SystemRoot\System32\Drivers\amnaqo95.SYS[HAL.dll!READ_PORT_USHORT] 00000094

IAT \SystemRoot\System32\Drivers\amnaqo95.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 00000032

IAT \SystemRoot\System32\Drivers\amnaqo95.SYS[HAL.dll!WRITE_PORT_UCHAR] 000000A6

IAT \SystemRoot\System32\Drivers\amnaqo95.SYS[WMILIB.SYS!WmiSystemControl] 00000023

IAT \SystemRoot\System32\Drivers\amnaqo95.SYS[WMILIB.SYS!WmiCompleteRequest] 0000003D

IAT \SystemRoot\System32\Drivers\ax7d8mnb.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E

IAT \SystemRoot\System32\Drivers\ax7d8mnb.SYS[HAL.dll!READ_PORT_UCHAR] 1C959E88

IAT \SystemRoot\System32\Drivers\ax7d8mnb.SYS[HAL.dll!KeGetCurrentIrql] 9E880000

IAT \SystemRoot\System32\Drivers\ax7d8mnb.SYS[HAL.dll!KfRaiseIrql] 00001CB1

IAT \SystemRoot\System32\Drivers\ax7d8mnb.SYS[HAL.dll!KfLowerIrql] 0E798366

IAT \SystemRoot\System32\Drivers\ax7d8mnb.SYS[HAL.dll!HalGetInterruptVector] 74AAB000

IAT \SystemRoot\System32\Drivers\ax7d8mnb.SYS[HAL.dll!HalTranslateBusAddress] 8986C636

IAT \SystemRoot\System32\Drivers\ax7d8mnb.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C

IAT \SystemRoot\System32\Drivers\ax7d8mnb.SYS[HAL.dll!KfReleaseSpinLock] 1C8B86C6

IAT \SystemRoot\System32\Drivers\ax7d8mnb.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000

IAT \SystemRoot\System32\Drivers\ax7d8mnb.SYS[HAL.dll!READ_PORT_USHORT] 001C9686

IAT \SystemRoot\System32\Drivers\ax7d8mnb.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200

IAT \SystemRoot\System32\Drivers\ax7d8mnb.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CB2

IAT \SystemRoot\System32\Drivers\ax7d8mnb.SYS[WMILIB.SYS!WmiSystemControl] 8800001C

IAT \SystemRoot\System32\Drivers\ax7d8mnb.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB99E

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[768] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002

IAT C:\WINDOWS\system32\services.exe[768] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)

Device \FileSystem\Ntfs \Ntfs 867D71F8

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\sptd \Device\2139732518 spdm.sys

Device \Driver\PCI_PNP6268 \Device\00000042 spdm.sys

Device \Driver\PCI_PNP6268 \Device\00000042 spdm.sys

Device \Driver\PCI_PNP6268 \Device\00000043 spdm.sys

Device \Driver\PCI_PNP6268 \Device\00000043 spdm.sys

Device \Driver\usbohci \Device\USBPDO-0 865CE1F8

Device \Driver\dmio \Device\DmControl\DmIoDaemon 867681F8

Device \Driver\dmio \Device\DmControl\DmConfig 867681F8

Device \Driver\dmio \Device\DmControl\DmPnP 867681F8

Device \Driver\dmio \Device\DmControl\DmInfo 867681F8

Device \Driver\usbohci \Device\USBPDO-1 865CE1F8

Device \Driver\usbohci \Device\USBPDO-2 865CE1F8

Device \Driver\usbohci \Device\USBPDO-3 865CE1F8

Device \Driver\usbohci \Device\USBPDO-4 865CE1F8

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbehci \Device\USBPDO-5 865961F8

Device \Driver\Ftdisk \Device\HarddiskVolume1 867D91F8

Device \Driver\Ftdisk \Device\HarddiskVolume2 867D91F8

Device \Driver\Cdrom \Device\CdRom0 865871F8

Device \Driver\Cdrom \Device\CdRom1 865871F8

Device \Driver\atapi \Device\Ide\IdePort0 [F733DB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device \Driver\atapi \Device\Ide\IdePort1 [F733DB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device \Driver\atapi \Device\Ide\IdePort2 [F733DB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device \Driver\atapi \Device\Ide\IdePort3 [F733DB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-5 [F733DB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-12 [F733DB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device \Driver\Cdrom \Device\CdRom2 865871F8

Device \Driver\NetBT \Device\NetBt_Wins_Export 865FD500

Device \Driver\NetBT \Device\NetbiosSmb 865FD500

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\sptd \Device\2139576268 spdm.sys

AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\NetBT \Device\NetBT_Tcpip_{CFBCD890-015A-42DF-A0B1-E67A17F4CDFB} 865FD500

Device \Driver\usbohci \Device\USBFDO-0 865CE1F8

Device \Driver\usbohci \Device\USBFDO-1 865CE1F8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 85B351F8

Device \Driver\usbohci \Device\USBFDO-2 865CE1F8

Device \FileSystem\MRxSmb \Device\LanmanRedirector 85B351F8

Device \Driver\usbohci \Device\USBFDO-3 865CE1F8

Device \Driver\usbohci \Device\USBFDO-4 865CE1F8

Device \Driver\Ftdisk \Device\FtControl 867D91F8

Device \Driver\usbehci \Device\USBFDO-5 865961F8

Device \Driver\ax7d8mnb \Device\Scsi\ax7d8mnb1Port4Path0Target0Lun0 86507500

Device \Driver\amnaqo95 \Device\Scsi\amnaqo951Port5Path0Target0Lun0 865061F8

Device \Driver\ax7d8mnb \Device\Scsi\ax7d8mnb1 86507500

Device \Driver\amnaqo95 \Device\Scsi\amnaqo951 865061F8

Device \FileSystem\Cdfs \Cdfs 86496500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Arquivos de programas\Alcohol Soft\Alcohol 120\

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x68 0x50 0xBC 0xF2 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xA2 0xD4 0x35 0x74 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x01 0xB0 0x4E 0xCC ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Arquivos de programas\DAEMON Tools Lite\

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB9 0xCE 0x85 0x88 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xAA 0xEC 0xAE 0xCF ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x00 0x96 0xCF 0x46 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Arquivos de programas\Alcohol Soft\Alcohol 120\

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x68 0x50 0xBC 0xF2 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xA2 0xD4 0x35 0x74 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x01 0xB0 0x4E 0xCC ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Arquivos de programas\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB9 0xCE 0x85 0x88 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xAA 0xEC 0xAE 0xCF ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x00 0x96 0xCF 0x46 ...

---- EOF - GMER 1.0.15 ----

Compartilhar este post


Link para o post
Compartilhar em outros sites

Leia atentamente toda a instrução abaixo antes de executar o programa.

Faça download do Kaspersky Removal Tool e salve em seu desktop.

  • Instale o programa normalmente, seguindo todas as instruções.
  • Uma pasta chamada Virus Removal Tool será criada no desktop.
  • Na tela do programa clique nas opções:
    • Meu computador
    • Hidden Startup objects
    • Disk boot sectors
    • System Memory

    [*]Clique no botão Start Scan.[*]Seja paciente, o scan é demorado![*]Conforme for scaneando provavelmente abrirá algumas janelas pequenas ao lado do relógio, não clique em nada.[*]Também há uma possibilidade de abrir uma janela maior contendo as seguintes opções:

    • Desinfection (quando possível)
    • Delete
    • Skip
  • Quando aparecer, marque primero a opção abaixo Apply to all objects e depois clique numa das opções acima.
  • Após completar tudo, clique no botão Reports, na janela que abrir nas opções acima deixe:
    • Autoscan
    • Group by result
    • All Events

    [*]Expanda Autoscan clicando no sinal ao lado de +[*]Expanda Result: Detected.[*]Clique com o botão direito do mouse e escolha Select all, e depois escolha Copy.[*]Atenção, ao fazer isso parece que o PC travou, mas não, aguarde uns minutos para liberar a memória.[*]Abra o Bloco de Notas e cole (ctrl + v)[*]Dê um nome para o arquivo e salve numa pasta de sua preferência.[*]Feche o resultado clicando no botão Exit.[*]Ao fazer isso será questionado se quer desinstalar a ferramenta, clique em Sim.[*]Reinicie o computador quando for pedido.[*]Poste o conteúdo desse arquivo em sua próxima resposta.

OBSERVAÇÃO1:
Atente para as janelas durante o scan elas possuem cores diferentes dependendo do risco. Portanto,

  • verde
    :
    baixo risco
  • amarelo
    :
    médio risco
  • vermelho
    :
    alto risco

Antes de tomar qualquer medida verifique com cuidado o caminho/nome do arquivo para ver é de seu conhecimento, caso seja clique em
Skip
.

OBSERVAÇÃO2:
Se no resultado final do scan apenas tiver
Result:
OK
, não precisa gerar um relatório, apenas informe deste.

OBSERVAÇÃO3:
Durante o scan pode ser que o Kaspersky acuse a seguinte pasta com vírus:
c:\
QooBox
. Caso isto aconteça escolha a opção
Skip
, pois a mesma pertence ao
ComboFix
e será removida quando o mesmo for desinstalado.

Compartilhar este post


Link para o post
Compartilhar em outros sites





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×