Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
kyrios

Desempenho comprometido.

Recommended Posts

Seguindo as instruções do fórum, aí vão os posts:

DDS (Ver_10-10-21.02) - NTFSx86

Run by Thiago at 14:54:56,61 on 26/10/2010

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Professional 6.1.7600.0.1252.55.1046.18.3071.1975 [GMT -2:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k hpdevmgmt

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\sppsvc.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\ASUS\SmartLogon\sensorsrv.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Syncrosoft\POS\H2O\cledx.exe

C:\Windows\System32\M-AudioTaskBarIcon.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\SearchIndexer.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Users\Thiago\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Thiago\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Thiago\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\rundll32.exe

C:\Windows\Yxagea.exe

C:\Users\Thiago\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Thiago\Downloads\HiJackThis.exe

C:\Users\Thiago\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Thiago\AppData\Local\Temp\Yfm.exe

C:\Users\Thiago\AppData\Local\Temp\Yfl.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Thiago\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Thiago\Downloads\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

uRun: [Google Update] "c:\users\thiago\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [Metropolis] rundll32.exe c:\windows\system32\sshnas21.dll,GetHandle

uRun: [u36VRSFLG6] c:\users\thiago\appdata\local\temp\Yfl.exe

mRun: [<NO NAME>]

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [H2O] c:\program files\syncrosoft\pos\h2o\cledx.exe

mRun: [M-Audio Taskbar Icon] c:\windows\system32\M-AudioTaskBarIcon.exe

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRunOnce: [NCInstallQueue] rundll32 netman.dll,ProcessQueue

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xportar para o Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-10-7 11608]

R2 AntiVirSchedulerService;Avira AntiVir Programador;c:\program files\avira\antivir desktop\sched.exe [2010-10-7 108289]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-10-7 185089]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-10-7 56816]

R3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2010-7-31 625152]

R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2010-7-21 33792]

R3 netw5v32;Driver de adaptador Intel® Wireless WiFi Link 5000 Series para Windows Vista 32 Bits;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 MAUSBFASTTRACKPRO;Service for M-Audio FastTrack Pro;c:\windows\system32\drivers\MAudioFastTrackPro.sys [2009-11-9 158600]

S3 PaeFireStudio;PreSonus FireStudio;c:\windows\system32\drivers\PaeFireStudio.sys [2010-8-4 130912]

S3 PaeFireStudioAudio;PreSonus FireStudio Audio;c:\windows\system32\drivers\PaeFireStudioAudio.sys [2010-8-4 28384]

S3 PaeFireStudioMidi;PreSonus FireStudio MIDI;c:\windows\system32\drivers\PaeFireStudioMidi.sys [2010-8-4 31456]

S3 StorSvc;Serviço de Armazenamento;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\wat\WatAdminSvc.exe [2010-7-9 1343400]

=============== Created Last 30 ================

2010-10-26 16:27:20 270336 ----a-w- c:\windows\Yxagea.exe

2010-10-26 16:26:56 303104 ----a-w- c:\windows\system32\sshnas21.dll

2010-10-12 03:06:03 -------- d-----w- c:\program files\iPod

2010-10-12 03:04:46 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll

2010-10-12 03:04:46 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll

2010-10-12 03:04:46 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll

2010-10-12 03:04:46 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll

2010-10-12 03:04:46 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll

2010-10-12 03:04:46 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll

2010-10-12 03:04:46 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll

2010-10-12 03:03:31 -------- d-----w- c:\program files\Bonjour

2010-10-09 22:38:49 -------- d-----w- c:\users\thiago\appdata\roaming\Azureus

2010-10-09 22:38:18 -------- d-----w- c:\program files\Vuze

2010-10-09 00:13:34 -------- d-----w- c:\program files\ElcomSoft

2010-10-08 22:20:26 -------- d-----w- c:\users\thiago\appdata\roaming\dBpoweramp

2010-10-07 04:20:26 415408 ----a-w- c:\windows\system32\SpoonUninstall.exe

2010-10-07 04:20:26 -------- d-----w- c:\users\thiago\appdata\roaming\AccurateRip

2010-10-07 04:20:23 -------- d-----w- c:\program files\Illustrate

2010-10-07 03:53:18 -------- d-----w- C:\Dietadas

2010-10-07 03:47:00 -------- d-----w- c:\program files\DietMP3

2010-10-07 02:12:08 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-10-07 02:12:07 -------- d-----w- c:\program files\Avira

2010-10-07 02:12:07 -------- d-----w- c:\progra~2\Avira

2010-10-05 13:37:38 6084944 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{34403078-c76e-4f47-8bce-55405a2d2446}\mpengine.dll

2010-10-04 04:22:10 -------- d-----w- c:\program files\Justiça Eleitoral

2010-10-02 22:31:23 -------- d-----r- c:\program files\Skype

2010-09-29 06:00:30 190976 ----a-w- c:\windows\system32\drivers\ks.sys

2010-09-29 06:00:30 146304 ----a-w- c:\windows\system32\drivers\usbvideo.sys

2010-09-29 01:47:15 2048 ----a-w- c:\windows\system32\tzres.dll

2010-09-29 01:45:46 13312 ----a-w- c:\program files\internet explorer\iecompat.dll

==================== Find3M ====================

2010-09-08 14:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-09-08 14:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts

2010-08-21 05:32:37 316928 ----a-w- c:\windows\system32\spoolsv.exe

2010-07-29 06:30:49 197632 ----a-w- c:\windows\system32\ir32_32.dll

2010-07-29 06:30:34 82944 ----a-w- c:\windows\system32\iccvid.dll

============= FINISH: 14:55:29,25 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-10-21.02)

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 08/07/2010 15:23:43

System Uptime: 26/10/2010 14:17:32 (0 hours ago)

Motherboard: ASUSTeK Computer Inc. | | M50Vm

Processor: Intel® Core2 Duo CPU T9400 @ 2.53GHz | Socket 478 | 2534/267mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 98 GiB total, 34,951 GiB free.

D: is FIXED (NTFS) - 200 GiB total, 33,069 GiB free.

E: is CDROM ()

F: is FIXED (NTFS) - 0 GiB total, 0,069 GiB free.

H: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID:

Description: Dispositivo do sistema básico

Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_18971043&REV_12\4&1558D9F&0&0AF0

Manufacturer:

Name: Dispositivo do sistema básico

PNP Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_18971043&REV_12\4&1558D9F&0&0AF0

Service:

Class GUID:

Description:

Device ID: ACPI\ITE8708\4&1AEC2D69&0

Manufacturer:

Name:

PNP Device ID: ACPI\ITE8708\4&1AEC2D69&0

Service:

Class GUID:

Description: Dispositivo do sistema básico

Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_18971043&REV_12\4&1558D9F&0&0BF0

Manufacturer:

Name: Dispositivo do sistema básico

PNP Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_18971043&REV_12\4&1558D9F&0&0BF0

Service:

==== System Restore Points ===================

RP107: 13/10/2010 21:05:46 - Ponto de Verificação Agendado

RP108: 20/10/2010 21:55:23 - Instalador de Módulos do Windows

==== Installed Programs ======================

32 Bit HP CIO Components Installer

Adobe Flash Player 10 ActiveX

Adobe Reader 9.3 - Português

Alcor Micro USB Card Reader

Antares AVOX Evo VST RTAS v3.0.2

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Applied Acoustics Lounge Lizard EP VSTi DXi v3.0

apTrigga2 2.3.2

Arquivo do WinRAR

Ask Toolbar

Assistente de Conexão do Windows Live

ASUS LifeFrame3

ASUS SmartLogon

Atualização do produto Microsoft Office Excel 2007 Help (KB963678)

Atualização do produto Microsoft Office Outlook 2007 Help (KB963677)

Atualização do produto Microsoft Office Powerpoint 2007 Help (KB963669)

Atualização do produto Microsoft Office Word 2007 Help (KB963665)

aTube Catcher

Audacity 1.3.12 (Unicode)

AuthenTec TrueSuite

Avira AntiVir Personal - Free Antivirus

Bonjour

BufferChm

Bíblia Hábil 2.0

Camersoft Webcam Capture 2.2.32

Claro

Copy

dBpoweramp m4a Codec

dBpoweramp Music Converter

dBpoweramp Windows Media Audio 10 Codec

Destinations

DeviceDiscovery

Divulga 2010 versão 1.1.0

DJ_AIO_05_F4400_Software_Min

F4400

Ferramenta de Carregamento do Windows Live

FM Screen Capture Codec (Remove Only)

Focusrite Saffire Bundle VST v1.0

Free iPod Video Converter V 2.93

Google Chrome

GPBaseService2

HP Customer Participation Program 14.0

HP Deskjet F4400 Printer Driver Software 14.0 Rel. 5

HP Imaging Device Functions 14.0

HP Smart Web Printing 4.60

HP Solution Center 14.0

HP Update

HPPhotoGadget

HPProductAssistant

HPSSupply

iTunes

Java Auto Updater

Java 6 Update 20

M-Audio FastTrackPro Driver 6.0.2 (x86)

M-Audio FireWire Driver 6.0.1 (x86)

MarketResearch

Media Player Codec Pack 3.9.6

Melodyne 3.2

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Access MUI (Portuguese (Brazil)) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (Portuguese (Brazil)) 2007

Microsoft Office Groove MUI (Portuguese (Brazil)) 2007

Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (Portuguese (Brazil)) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (Portuguese (Brazil)) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007

Microsoft Office Shared MUI (Portuguese (Brazil)) 2007

Microsoft Office Word MUI (Portuguese (Brazil)) 2007

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Native Instruments B4 v1.11

NVIDIA Drivers

Power Suite 5

PreSonus Universal Control 3.5.2.8028

QuickTime

RMVB Converter 1.8

Scan

Security Update for 2007 Microsoft Office System (KB2277947)

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for 2007 Microsoft Office System (KB982312)

Security Update for 2007 Microsoft Office System (KB982331)

Security Update for Microsoft Office Access 2007 (KB979440)

Security Update for Microsoft Office Excel 2007 (KB982308)

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office Outlook 2007 (KB2288953)

Security Update for Microsoft Office PowerPoint 2007 (KB982158)

Security Update for Microsoft Office Publisher 2007 (KB982124)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2251419)

Shop for HP Supplies

Skype Toolbars

Skype™ 4.2

SmartWebPrinting

SolutionCenter

Spider Wizard version 2.0.0

Status

Steinberg HALionOne

Steinberg HALionOne GM Drum Set

Steinberg HALionOne GM Set

Steinberg HALionOne Pro Set

Steinberg HALionOne Studio Drum Set

Steinberg HALionOne Studio Set

Steinberg Hypersonic 2

Steinberg Nuendo 4

Steinberg Nuendo Expansion Kit

Steinberg Nuendo v3.2.0.1128

Steinberg The Grand 2

Steinberg The Grand 2 v2.0.0.1152

Syncrosoft's License Control

SyncroSoft Emu (Remove only)

TC Native Bundle v3.1

Toolbox

TrayApp

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft Office OneNote 2007 (KB980729)

Update for Outlook 2007 Junk Email Filter (kb2291599)

VLC media player 1.1.4

Vuze

Waves Mercury Complete VST DX RTAS v1.01

WebReg

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Messenger

Windows Media Player Firefox Plugin

WinPcap 4.1.1

==== End Of File ===========================

GMER 1.0.15.15477 - http://www.gmer.net

Rootkit scan 2010-10-26 15:39:33

Windows 6.1.7600

Running: gmer.exe; Driver: C:\Users\Thiago\AppData\Local\Temp\fxryipow.sys

---- System - GMER 1.0.15 ----

SSDT 93297C0C ZwCreateThread

SSDT 93297BF8 ZwOpenProcess

SSDT 93297BFD ZwOpenThread

SSDT 93297C07 ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82C51599 1 Byte [06]

.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C75F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

.text ntkrnlpa.exe!RtlSidHashLookup + 34C 82C7D85C 4 Bytes [0C, 7C, 29, 93]

.text ntkrnlpa.exe!RtlSidHashLookup + 4E8 82C7D9F8 4 Bytes [F8, 7B, 29, 93] {CLC ; JNP 0x2c; XCHG EBX, EAX}

.text ntkrnlpa.exe!RtlSidHashLookup + 508 82C7DA18 4 Bytes CALL AC43D79F

.text ntkrnlpa.exe!RtlSidHashLookup + 7B8 82C7DCC8 4 Bytes [07, 7C, 29, 93] {POP ES; JL 0x2c; XCHG EBX, EAX}

? System32\Drivers\spqb.sys O sistema não pode encontrar o caminho especificado. !

.text USBPORT.SYS!DllUnload 92726CA0 5 Bytes JMP 8687E1D8

.text arwcv0id.SYS 97141000 12 Bytes [44, 38, 02, 83, EE, 36, 02, ...] {INC ESP; CMP [EDX], AL; SUB ESI, 0x36; ADD AL, [EBX-0x7cfde860]}

.text arwcv0id.SYS 9714100D 9 Bytes [17, 02, 83, 48, 3B, 02, 83, ...] {POP SS; ADD AL, [EBX-0x7cfdc4b8]; ADD [EAX], AL}

.text arwcv0id.SYS 97141017 20 Bytes [00, DE, F7, 1A, 8B, E6, F5, ...]

.text arwcv0id.SYS 9714102C 149 Bytes [00, 00, 00, 00, D0, C1, C4, ...]

.text arwcv0id.SYS 971410C3 8 Bytes [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}

.text ...

PAGE spsys.sys!?SPRevision@@3PADA + 4F90 9E629000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]

PAGE spsys.sys!?SPRevision@@3PADA + 50B3 9E629123 629 Bytes [45, 62, 9E, FE, 05, 34, 45, ...]

PAGE spsys.sys!?SPRevision@@3PADA + 5329 9E629399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...]

PAGE spsys.sys!?SPRevision@@3PADA + 538F 9E6293FF 51 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...]

PAGE spsys.sys!?SPRevision@@3PADA + 53C3 9E629433 96 Bytes [61, 9E, 85, C9, 7C, 18, 8D, ...]

PAGE ...

---- User code sections - GMER 1.0.15 ----

.text C:\Users\Thiago\AppData\Local\Google\Chrome\Application\chrome.exe[1432] ntdll.dll!NtCreateFile + 6 76F24A36 4 Bytes [28, 00, 17, 00]

.text C:\Users\Thiago\AppData\Local\Google\Chrome\Application\chrome.exe[1432] ntdll.dll!NtCreateFile + B 76F24A3B 1 Byte [E2]

.text C:\Users\Thiago\AppData\Local\Google\Chrome\Application\chrome.exe[1432] ntdll.dll!NtMapViewOfSection + 6 76F25096 1 Byte [28]

.text C:\Users\Thiago\AppData\Local\Google\Chrome\Application\chrome.exe[1432] ntdll.dll!NtMapViewOfSection + 6 76F25096 4 Bytes [28, 03, 17, 00]

.text C:\Users\Thiago\AppData\Local\Google\Chrome\Application\chrome.exe[1432] ntdll.dll!NtMapViewOfSection + B 76F2509B 1 Byte [E2]

.text C:\Users\Thiago\AppData\Local\Google\Chrome\Application\chrome.exe[1432] ntdll.dll!NtOpenFile + 6 76F25146 4 Bytes [68, 00, 17, 00]

.text C:\Users\Thiago\AppData\Local\Google\Chrome\Application\chrome.exe[1432] ntdll.dll!NtOpenFile + B 76F2514B 1 Byte [E2]

.text C:\Users\Thiago\AppData\Local\Google\Chrome\Application\chrome.exe[1432] ntdll.dll!NtOpenProcess + 6 76F251F6 4 Bytes [A8, 01, 17, 00]

.text C:\Users\Thiago\AppData\Local\Google\Chrome\Application\chrome.exe[1432] ntdll.dll!NtOpenProcess + B 76F251FB 1 Byte [E2]

.text C:\Users\Thiago\AppData\Local\Google\Chrome\Application\chrome.exe[1432] ntdll.dll!NtOpenProcessToken + 6 76F25206 4 Bytes CALL 75F2690C C:\Windows\system32\SHELL32.dll (DLL comum do Shell do Windows/Microsoft Corporation)

.text C:\Users\Thiago\AppData\Local\Google\Chrome\Application\chrome.exe[1432] ntdll.dll!NtOpenProcessToken + B 76F2520B 1 Byte [E2]

.text C:\Users\Thiago\AppData\Local\Google\Chrome\Application\chrome.exe[1432] ntdll.dll!NtOpenProcessTokenEx + 6 76F25216 4 Bytes [A8, 02, 17, 00]

.text C:\Users\Thiago\AppData\Local\Google\Chrome\Application\chrome.exe[1432] ntdll.dll!NtOpenProcessTokenEx + B 76F2521B 1 Byte [E2]

.text C:\Users\Thiago\AppData\Local\Google\Chrome\Application\chrome.exe[1432] ntdll.dll!NtOpenThread + 6 76F25276 4 Bytes [68, 01, 17, 00]

.text C:\Users\Thiago\AppData\Local\Google\Chrome\Application\chrome.exe[1432] ntdll.dll!NtOpenThread + B 76F2527B 1 Byte [E2]

.text C:\Users\Thiago\AppData\Local\Google\Chrome\Application\chrome.exe[1432] ntdll.dll!NtOpenThreadToken + 6 76F25286 4 Bytes [68, 02, 17, 00]

.text C:\Users\Thiago\AppData\Local\Google\Chrome\Application\chrome.exe[1432] ntdll.dll!NtOpenThreadToken + B 76F2528B 1 Byte [E2]

.text C:\Users\Thiago\AppData\Local\Google\Chrome\Application\chrome.exe[1432] ntdll.dll!NtOpenThreadTokenEx + 6 76F25296 4 Bytes CALL 75F2699D C:\Windows\system32\SHELL32.dll (DLL comum do Shell do Windows/Microsoft Corporation)

.text C:\Users\Thiago\AppData\Local\Google\Chrome\Application\chrome.exe[1432] ntdll.dll!NtOpenThreadTokenEx + B 76F2529B 1 Byte [E2]

.text C:\Users\Thiago\AppData\Local\Google\Chrome\Application\chrome.exe[1432] ntdll.dll!NtQueryAttributesFile + 6 76F253A6 4 Bytes [A8, 00, 17, 00]

.text C:\Users\Thiago\AppData\Local\Google\Chrome\Application\chrome.exe[1432] ntdll.dll!NtQueryAttributesFile + B 76F253AB 1 Byte [E2]

.text C:\Users\Thiago\AppData\Local\Google\Chrome\Application\chrome.exe[1432] ntdll.dll!NtQueryFullAttributesFile + 6 76F25456 4 Bytes CALL 75F26B5B C:\Windows\system32\SHELL32.dll (DLL comum do Shell do Windows/Microsoft Corporation)

.text C:\Users\Thiago\AppData\Local\Google\Chrome\Application\chrome.exe[1432] ntdll.dll!NtQueryFullAttributesFile + B 76F2545B 1 Byte [E2]

.text C:\Users\Thiago\AppData\Local\Google\Chrome\Application\chrome.exe[1432] ntdll.dll!NtSetInformationFile + 6 76F25AA6 4 Bytes [28, 01, 17, 00]

.text C:\Users\Thiago\AppData\Local\Google\Chrome\Application\chrome.exe[1432] ntdll.dll!NtSetInformationFile + B 76F25AAB 1 Byte [E2]

.text C:\Users\Thiago\AppData\Local\Google\Chrome\Application\chrome.exe[1432] ntdll.dll!NtSetInformationThread + 6 76F25B06 4 Bytes [28, 02, 17, 00]

.text C:\Users\Thiago\AppData\Local\Google\Chrome\Application\chrome.exe[1432] ntdll.dll!NtSetInformationThread + B 76F25B0B 1 Byte [E2]

.text C:\Users\Thiago\AppData\Local\Google\Chrome\Application\chrome.exe[1432] ntdll.dll!NtUnmapViewOfSection + 6 76F25E26 1 Byte [68]

.text C:\Users\Thiago\AppData\Local\Google\Chrome\Application\chrome.exe[1432] ntdll.dll!NtUnmapViewOfSection + 6 76F25E26 4 Bytes [68, 03, 17, 00]

.text C:\Users\Thiago\AppData\Local\Google\Chrome\Application\chrome.exe[1432] ntdll.dll!NtUnmapViewOfSection + B 76F25E2B 1 Byte [E2]

.text C:\Users\Thiago\AppData\Local\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtCreateFile + 6 76F24A36 4 Bytes [28, 00, 07, 00]

.text C:\Users\Thiago\AppData\Local\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtCreateFile + B 76F24A3B 1 Byte [E2]

.text C:\Users\Thiago\AppData\Local\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtMapViewOfSection + 6 76F25096 1 Byte [28]

.text C:\Users\Thiago\AppData\Local\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtMapViewOfSection + 6 76F25096 4 Bytes [28, 03, 07, 00]

.text C:\Users\Thiago\AppData\Local\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtMapViewOfSection + B 76F2509B 1 Byte [E2]

.text C:\Users\Thiago\AppData\Local\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtOpenFile + 6 76F25146 4 Bytes [68, 00, 07, 00]

.text C:\Users\Thiago\AppData\Local\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtOpenFile + B 76F2514B 1 Byte [E2]

.text C:\Users\Thiago\AppData\Local\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtOpenProcess + 6 76F251F6 4 Bytes [A8, 01, 07, 00]

.text C:\Users\Thiago\AppData\Local\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtOpenProcess + B 76F251FB 1 Byte [E2]

.text C:\Users\Thiago\AppData\Local\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtOpenProcessToken + 6 76F25206 4 Bytes CALL 75F2590C C:\Windows\system32\SHELL32.dll (DLL comum do Shell do Windows/Microsoft Corporation)

.text C:\Users\Thiago\AppData\Local\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtOpenProcessToken + B 76F2520B 1 Byte [E2]

.text C:\Users\Thiago\AppData\Local\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtOpenProcessTokenEx + 6 76F25216 4 Bytes [A8, 02, 07, 00]

.text C:\Users\Thiago\AppData\Local\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtOpenProcessTokenEx + B 76F2521B 1 Byte [E2]

.text C:\Users\Thiago\AppData\Local\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtOpenThread + 6 76F25276 4 Bytes [68, 01, 07, 00]

.text C:\Users\Thiago\AppData\Local\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtOpenThread + B 76F2527B 1 Byte [E2]

.text C:\Users\Thiago\AppData\Local\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtOpenThreadToken + 6 76F25286 4 Bytes [68, 02, 07, 00]

.text C:\Users\Thiago\AppData\Local\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtOpenThreadToken + B 76F2528B 1 Byte [E2]

.text C:\Users\Thiago\AppData\Local\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtOpenThreadTokenEx + 6 76F25296 4 Bytes CALL 75F2599D C:\Windows\system32\SHELL32.dll (DLL comum do Shell do Windows/Microsoft Corporation)

.text C:\Users\Thiago\AppData\Local\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtOpenThreadTokenEx + B 76F2529B 1 Byte [E2]

.text C:\Users\Thiago\AppData\Local\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtQueryAttributesFile + 6 76F253A6 4 Bytes [A8, 00, 07, 00]

.text C:\Users\Thiago\AppData\Local\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtQueryAttributesFile + B 76F253AB 1 Byte [E2]

.text C:\Users\Thiago\AppData\Local\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtQueryFullAttributesFile + 6 76F25456 4 Bytes CALL 75F25B5B C:\Windows\system32\SHELL32.dll (DLL comum do Shell do Windows/Microsoft Corporation)

.text C:\Users\Thiago\AppData\Local\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtQueryFullAttributesFile + B 76F2545B 1 Byte [E2]

.text C:\Users\Thiago\AppData\Local\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtSetInformationFile + 6 76F25AA6 4 Bytes [28, 01, 07, 00]

.text C:\Users\Thiago\AppData\Local\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtSetInformationFile + B 76F25AAB 1 Byte [E2]

.text C:\Users\Thiago\AppData\Local\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtSetInformationThread + 6 76F25B06 4 Bytes [28, 02, 07, 00]

.text C:\Users\Thiago\AppData\Local\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtSetInformationThread + B 76F25B0B 1 Byte [E2]

.text C:\Users\Thiago\AppData\Local\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtUnmapViewOfSection + 6 76F25E26 1 Byte [68]

.text C:\Users\Thiago\AppData\Local\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtUnmapViewOfSection + 6 76F25E26 4 Bytes [68, 03, 07, 00]

.text C:\Users\Thiago\AppData\Local\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtUnmapViewOfSection + B 76F25E2B 1 Byte [E2]

.text C:\Users\Thiago\AppData\Local\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtCreateFile + 6 76F24A36 4 Bytes [28, 00, 07, 00]

.text C:\Users\Thiago\AppData\Local\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtCreateFile + B 76F24A3B 1 Byte [E2]

.text C:\Users\Thiago\AppData\Local\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtMapViewOfSection + 6 76F25096 1 Byte [28]

.text C:\Users\Thiago\AppData\Local\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtMapViewOfSection + 6 76F25096 4 Bytes [28, 03, 07, 00]

.text C:\Users\Thiago\AppData\Local\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtMapViewOfSection + B 76F2509B 1 Byte [E2]

.text C:\Users\Thiago\AppData\Local\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtOpenFile + 6 76F25146 4 Bytes [68, 00, 07, 00]

.text C:\Users\Thiago\AppData\Local\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtOpenFile + B 76F2514B 1 Byte [E2]

.text C:\Users\Thiago\AppData\Local\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtOpenProcess + 6 76F251F6 4 Bytes [A8, 01, 07, 00]

.text C:\Users\Thiago\AppData\Local\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtOpenProcess + B 76F251FB 1 Byte [E2]

.text C:\Users\Thiago\AppData\Local\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtOpenProcessToken + 6 76F25206 4 Bytes CALL 75F2590C C:\Windows\system32\SHELL32.dll (DLL comum do Shell do Windows/Microsoft Corporation)

.text C:\Users\Thiago\AppData\Local\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtOpenProcessToken + B 76F2520B 1 Byte [E2]

.text C:\Users\Thiago\AppData\Local\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtOpenProcessTokenEx + 6 76F25216 4 Bytes [A8, 02, 07, 00]

.text C:\Users\Thiago\AppData\Local\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtOpenProcessTokenEx + B 76F2521B 1 Byte [E2]

.text C:\Users\Thiago\AppData\Local\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtOpenThread + 6 76F25276 4 Bytes [68, 01, 07, 00]

.text C:\Users\Thiago\AppData\Local\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtOpenThread + B 76F2527B 1 Byte [E2]

.text C:\Users\Thiago\AppData\Local\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtOpenThreadToken + 6 76F25286 4 Bytes [68, 02, 07, 00]

.text C:\Users\Thiago\AppData\Local\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtOpenThreadToken + B 76F2528B 1 Byte [E2]

.text C:\Users\Thiago\AppData\Local\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtOpenThreadTokenEx + 6 76F25296 4 Bytes CALL 75F2599D C:\Windows\system32\SHELL32.dll (DLL comum do Shell do Windows/Microsoft Corporation)

.text C:\Users\Thiago\AppData\Local\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtOpenThreadTokenEx + B 76F2529B 1 Byte [E2]

.text C:\Users\Thiago\AppData\Local\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtQueryAttributesFile + 6 76F253A6 4 Bytes [A8, 00, 07, 00]

.text C:\Users\Thiago\AppData\Local\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtQueryAttributesFile + B 76F253AB 1 Byte [E2]

.text C:\Users\Thiago\AppData\Local\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtQueryFullAttributesFile + 6 76F25456 4 Bytes CALL 75F25B5B C:\Windows\system32\SHELL32.dll (DLL comum do Shell do Windows/Microsoft Corporation)

.text C:\Users\Thiago\AppData\Local\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtQueryFullAttributesFile + B 76F2545B 1 Byte [E2]

.text C:\Users\Thiago\AppData\Local\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtSetInformationFile + 6 76F25AA6 4 Bytes [28, 01, 07, 00]

.text C:\Users\Thiago\AppData\Local\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtSetInformationFile + B 76F25AAB 1 Byte [E2]

.text C:\Users\Thiago\AppData\Local\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtSetInformationThread + 6 76F25B06 4 Bytes [28, 02, 07, 00]

.text C:\Users\Thiago\AppData\Local\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtSetInformationThread + B 76F25B0B 1 Byte [E2]

.text C:\Users\Thiago\AppData\Local\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtUnmapViewOfSection + 6 76F25E26 1 Byte [68]

.text C:\Users\Thiago\AppData\Local\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtUnmapViewOfSection + 6 76F25E26 4 Bytes [68, 03, 07, 00]

.text C:\Users\Thiago\AppData\Local\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtUnmapViewOfSection + B 76F25E2B 1 Byte [E2]

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8B0B3042] \SystemRoot\System32\Drivers\spqb.sys

IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8B0B36D6] \SystemRoot\System32\Drivers\spqb.sys

IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8B0B3800] \SystemRoot\System32\Drivers\spqb.sys

IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8B0B313E] \SystemRoot\System32\Drivers\spqb.sys

IAT \SystemRoot\System32\Drivers\arwcv0id.SYS[ataport.SYS!AtaPortNotification] 00147880

IAT \SystemRoot\System32\Drivers\arwcv0id.SYS[ataport.SYS!AtaPortQuerySystemTime] 78800C75

IAT \SystemRoot\System32\Drivers\arwcv0id.SYS[ataport.SYS!AtaPortReadPortUchar] 06750015

IAT \SystemRoot\System32\Drivers\arwcv0id.SYS[ataport.SYS!AtaPortStallExecution] C25DC033

IAT \SystemRoot\System32\Drivers\arwcv0id.SYS[ataport.SYS!AtaPortWritePortUchar] 458B0008

IAT \SystemRoot\System32\Drivers\arwcv0id.SYS[ataport.SYS!AtaPortWritePortUlong] 6A006A08

IAT \SystemRoot\System32\Drivers\arwcv0id.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 50056A24

IAT \SystemRoot\System32\Drivers\arwcv0id.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 005AB7E8

IAT \SystemRoot\System32\Drivers\arwcv0id.SYS[ataport.SYS!AtaPortGetScatterGatherList] 0001B800

IAT \SystemRoot\System32\Drivers\arwcv0id.SYS[ataport.SYS!AtaPortGetParentBusType] C25D0000

IAT \SystemRoot\System32\Drivers\arwcv0id.SYS[ataport.SYS!AtaPortRequestCallback] CCCC0008

IAT \SystemRoot\System32\Drivers\arwcv0id.SYS[ataport.SYS!AtaPortWritePortBufferUshort] CCCCCCCC

IAT \SystemRoot\System32\Drivers\arwcv0id.SYS[ataport.SYS!AtaPortGetUnCachedExtension] CCCCCCCC

IAT \SystemRoot\System32\Drivers\arwcv0id.SYS[ataport.SYS!AtaPortCompleteRequest] CCCCCCCC

IAT \SystemRoot\System32\Drivers\arwcv0id.SYS[ataport.SYS!AtaPortCopyMemory] 53EC8B55

IAT \SystemRoot\System32\Drivers\arwcv0id.SYS[ataport.SYS!AtaPortEtwTraceLog] 800C5D8B

IAT \SystemRoot\System32\Drivers\arwcv0id.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 7500117B

IAT \SystemRoot\System32\Drivers\arwcv0id.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 127B806A

IAT \SystemRoot\System32\Drivers\arwcv0id.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 80647500

IAT \SystemRoot\System32\Drivers\arwcv0id.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 7500137B

IAT \SystemRoot\System32\Drivers\arwcv0id.SYS[ataport.SYS!AtaPortInitialize] 157B805E

IAT \SystemRoot\System32\Drivers\arwcv0id.SYS[ataport.SYS!AtaPortGetDeviceBase] 56587500

IAT \SystemRoot\System32\Drivers\arwcv0id.SYS[ataport.SYS!AtaPortDeviceStateChange] 8008758B

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[3116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73742494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73725624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [737256E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [7374250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73738573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73734D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [737350CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [737351A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [737366D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [737382CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73738819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7373907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7373E21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73734C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\system32\rundll32.exe[3364] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [74F85E25] C:\Windows\system32\apphelp.dll (Biblioteca de cliente de compatibilidade de aplicativos/Microsoft Corporation)

IAT C:\Windows\system32\rundll32.exe[3364] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [74F85E25] C:\Windows\system32\apphelp.dll (Biblioteca de cliente de compatibilidade de aplicativos/Microsoft Corporation)

IAT C:\Windows\system32\rundll32.exe[3364] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [74F85E25] C:\Windows\system32\apphelp.dll (Biblioteca de cliente de compatibilidade de aplicativos/Microsoft Corporation)

IAT C:\Windows\system32\rundll32.exe[3364] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [74F85E25] C:\Windows\system32\apphelp.dll (Biblioteca de cliente de compatibilidade de aplicativos/Microsoft Corporation)

IAT C:\Windows\system32\rundll32.exe[3364] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!GetProcAddress] [74F85E25] C:\Windows\system32\apphelp.dll (Biblioteca de cliente de compatibilidade de aplicativos/Microsoft Corporation)

IAT C:\Windows\system32\rundll32.exe[3364] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [74F85E25] C:\Windows\system32\apphelp.dll (Biblioteca de cliente de compatibilidade de aplicativos/Microsoft Corporation)

IAT C:\Windows\Yxagea.exe[3916] @ C:\Windows\system32\shlwapi.dll [uSER32.dll!DialogBoxParamW] [0041A052] C:\Windows\Yxagea.exe (Silvers/CJSC Computing Forces)

IAT C:\Windows\Yxagea.exe[3916] @ C:\Windows\system32\shlwapi.dll [uSER32.dll!DialogBoxParamA] [0041A052] C:\Windows\Yxagea.exe (Silvers/CJSC Computing Forces)

IAT C:\Windows\Yxagea.exe[3916] @ C:\Windows\system32\shlwapi.dll [uSER32.dll!CreateWindowExA] [00419E48] C:\Windows\Yxagea.exe (Silvers/CJSC Computing Forces)

IAT C:\Windows\Yxagea.exe[3916] @ C:\Windows\system32\shlwapi.dll [uSER32.dll!CreateWindowExW] [00419EC0] C:\Windows\Yxagea.exe (Silvers/CJSC Computing Forces)

IAT C:\Windows\Yxagea.exe[3916] @ C:\Windows\system32\shlwapi.dll [uSER32.dll!MessageBoxW] [0041A05E] C:\Windows\Yxagea.exe (Silvers/CJSC Computing Forces)

IAT C:\Windows\Yxagea.exe[3916] @ C:\Windows\system32\shell32.dll [uSER32.dll!MessageBoxW] [0041A05E] C:\Windows\Yxagea.exe (Silvers/CJSC Computing Forces)

IAT C:\Windows\Yxagea.exe[3916] @ C:\Windows\system32\shell32.dll [uSER32.dll!DialogBoxParamW] [0041A052] C:\Windows\Yxagea.exe (Silvers/CJSC Computing Forces)

IAT C:\Windows\Yxagea.exe[3916] @ C:\Windows\system32\shell32.dll [uSER32.dll!CreateWindowExW] [00419EC0] C:\Windows\Yxagea.exe (Silvers/CJSC Computing Forces)

IAT C:\Windows\Yxagea.exe[3916] @ C:\Windows\system32\shell32.dll [uSER32.dll!MessageBoxIndirectW] [0041A04C] C:\Windows\Yxagea.exe (Silvers/CJSC Computing Forces)

IAT C:\Windows\Yxagea.exe[3916] @ C:\Windows\system32\shell32.dll [uSER32.dll!SetWindowPos] [00419FE6] C:\Windows\Yxagea.exe (Silvers/CJSC Computing Forces)

IAT C:\Windows\Yxagea.exe[3916] @ C:\Windows\system32\shell32.dll [uSER32.dll!ShowWindow] [00419F38] C:\Windows\Yxagea.exe (Silvers/CJSC Computing Forces)

IAT C:\Windows\Yxagea.exe[3916] @ C:\Windows\system32\ole32.dll [uSER32.dll!CreateWindowExW] [00419EC0] C:\Windows\Yxagea.exe (Silvers/CJSC Computing Forces)

IAT C:\Windows\Yxagea.exe[3916] @ C:\Windows\system32\ole32.dll [uSER32.dll!DialogBoxParamW] [0041A052] C:\Windows\Yxagea.exe (Silvers/CJSC Computing Forces)

IAT C:\Windows\Yxagea.exe[3916] @ C:\Windows\system32\ole32.dll [uSER32.dll!MessageBoxW] [0041A05E] C:\Windows\Yxagea.exe (Silvers/CJSC Computing Forces)

IAT C:\Windows\Yxagea.exe[3916] @ C:\Windows\system32\ole32.dll [uSER32.dll!ShowWindow] [00419F38] C:\Windows\Yxagea.exe (Silvers/CJSC Computing Forces)

IAT C:\Windows\Yxagea.exe[3916] @ C:\Windows\system32\wininet.dll [uSER32.dll!DialogBoxParamW] [0041A052] C:\Windows\Yxagea.exe (Silvers/CJSC Computing Forces)

IAT C:\Windows\Yxagea.exe[3916] @ C:\Windows\system32\wininet.dll [uSER32.dll!CreateWindowExW] [00419EC0] C:\Windows\Yxagea.exe (Silvers/CJSC Computing Forces)

IAT C:\Windows\Yxagea.exe[3916] @ C:\Windows\system32\wininet.dll [uSER32.dll!MessageBoxW] [0041A05E] C:\Windows\Yxagea.exe (Silvers/CJSC Computing Forces)

IAT C:\Windows\Yxagea.exe[3916] @ C:\Windows\system32\wininet.dll [uSER32.dll!SetWindowPos] [00419FE6] C:\Windows\Yxagea.exe (Silvers/CJSC Computing Forces)

IAT C:\Users\Thiago\AppData\Local\Temp\Yfm.exe[3948] @ C:\Windows\system32\SHLWAPI.dll [uSER32.dll!CreateWindowExA] [00413023] C:\Users\Thiago\AppData\Local\Temp\Yfm.exe (Silvers/CJSC Computing Forces)

IAT C:\Users\Thiago\AppData\Local\Temp\Yfm.exe[3948] @ C:\Windows\system32\SHLWAPI.dll [uSER32.dll!CreateWindowExW] [0041309B] C:\Users\Thiago\AppData\Local\Temp\Yfm.exe (Silvers/CJSC Computing Forces)

IAT C:\Users\Thiago\AppData\Local\Temp\Yfm.exe[3948] @ C:\Windows\system32\SHELL32.dll [uSER32.dll!CreateWindowExW] [0041309B] C:\Users\Thiago\AppData\Local\Temp\Yfm.exe (Silvers/CJSC Computing Forces)

IAT C:\Users\Thiago\AppData\Local\Temp\Yfm.exe[3948] @ C:\Windows\system32\SHELL32.dll [uSER32.dll!SetWindowPos] [004131C1] C:\Users\Thiago\AppData\Local\Temp\Yfm.exe (Silvers/CJSC Computing Forces)

IAT C:\Users\Thiago\AppData\Local\Temp\Yfm.exe[3948] @ C:\Windows\system32\SHELL32.dll [uSER32.dll!ShowWindow] [00413113] C:\Users\Thiago\AppData\Local\Temp\Yfm.exe (Silvers/CJSC Computing Forces)

IAT C:\Users\Thiago\AppData\Local\Temp\Yfm.exe[3948] @ C:\Windows\system32\ole32.dll [uSER32.dll!CreateWindowExW] [0041309B] C:\Users\Thiago\AppData\Local\Temp\Yfm.exe (Silvers/CJSC Computing Forces)

IAT C:\Users\Thiago\AppData\Local\Temp\Yfm.exe[3948] @ C:\Windows\system32\ole32.dll [uSER32.dll!ShowWindow] [00413113] C:\Users\Thiago\AppData\Local\Temp\Yfm.exe (Silvers/CJSC Computing Forces)

IAT C:\Users\Thiago\AppData\Local\Temp\Yfm.exe[3948] @ C:\Windows\system32\wininet.DLL [uSER32.dll!CreateWindowExW] [0041309B] C:\Users\Thiago\AppData\Local\Temp\Yfm.exe (Silvers/CJSC Computing Forces)

IAT C:\Users\Thiago\AppData\Local\Temp\Yfm.exe[3948] @ C:\Windows\system32\wininet.DLL [uSER32.dll!SetWindowPos] [004131C1] C:\Users\Thiago\AppData\Local\Temp\Yfm.exe (Silvers/CJSC Computing Forces)

IAT C:\Users\Thiago\AppData\Local\Temp\Yfl.exe[4008] @ C:\Windows\system32\shlwapi.dll [uSER32.dll!CreateWindowExA] [0041AF3F] C:\Users\Thiago\AppData\Local\Temp\Yfl.exe (Silvers/CJSC Computing Forces)

IAT C:\Users\Thiago\AppData\Local\Temp\Yfl.exe[4008] @ C:\Windows\system32\shlwapi.dll [uSER32.dll!CreateWindowExW] [0041AFB9] C:\Users\Thiago\AppData\Local\Temp\Yfl.exe (Silvers/CJSC Computing Forces)

IAT C:\Users\Thiago\AppData\Local\Temp\Yfl.exe[4008] @ C:\Windows\system32\SHELL32.dll [uSER32.dll!CreateWindowExW] [0041AFB9] C:\Users\Thiago\AppData\Local\Temp\Yfl.exe (Silvers/CJSC Computing Forces)

IAT C:\Users\Thiago\AppData\Local\Temp\Yfl.exe[4008] @ C:\Windows\system32\SHELL32.dll [uSER32.dll!SetWindowPos] [0041B0E5] C:\Users\Thiago\AppData\Local\Temp\Yfl.exe (Silvers/CJSC Computing Forces)

IAT C:\Users\Thiago\AppData\Local\Temp\Yfl.exe[4008] @ C:\Windows\system32\SHELL32.dll [uSER32.dll!ShowWindow] [0041B033] C:\Users\Thiago\AppData\Local\Temp\Yfl.exe (Silvers/CJSC Computing Forces)

IAT C:\Users\Thiago\AppData\Local\Temp\Yfl.exe[4008] @ C:\Windows\system32\ole32.dll [uSER32.dll!CreateWindowExW] [0041AFB9] C:\Users\Thiago\AppData\Local\Temp\Yfl.exe (Silvers/CJSC Computing Forces)

IAT C:\Users\Thiago\AppData\Local\Temp\Yfl.exe[4008] @ C:\Windows\system32\ole32.dll [uSER32.dll!ShowWindow] [0041B033] C:\Users\Thiago\AppData\Local\Temp\Yfl.exe (Silvers/CJSC Computing Forces)

IAT C:\Users\Thiago\AppData\Local\Temp\Yfl.exe[4008] @ C:\Windows\system32\WININET.dll [uSER32.dll!CreateWindowExW] [0041AFB9] C:\Users\Thiago\AppData\Local\Temp\Yfl.exe (Silvers/CJSC Computing Forces)

IAT C:\Users\Thiago\AppData\Local\Temp\Yfl.exe[4008] @ C:\Windows\system32\WININET.dll [uSER32.dll!SetWindowPos] [0041B0E5] C:\Users\Thiago\AppData\Local\Temp\Yfl.exe (Silvers/CJSC Computing Forces)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 855811F8

Device \Driver\volmgr \Device\VolMgrControl 8557C1F8

Device \Driver\usbuhci \Device\USBPDO-0 8687C1F8

Device \Driver\usbuhci \Device\USBPDO-1 8687C1F8

Device \Driver\usbuhci \Device\USBPDO-2 8687C1F8

Device \Driver\usbehci \Device\USBPDO-3 866EE500

Device \Driver\usbuhci \Device\USBPDO-4 8687C1F8

Device \Driver\usbuhci \Device\USBPDO-5 8687C1F8

Device \Driver\usbuhci \Device\USBPDO-6 8687C1F8

Device \Driver\volmgr \Device\HarddiskVolume1 8557C1F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\usbehci \Device\USBPDO-7 866EE500

Device \Driver\volmgr \Device\HarddiskVolume2 8557C1F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\NetBT \Device\NetBT_Tcpip_{2A501E9E-2486-4F75-B15D-DB048EBCCA9B} 866B0500

Device \Driver\cdrom \Device\CdRom0 866081F8

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 8557E1F8

Device \Driver\atapi \Device\Ide\IdePort0 8557E1F8

Device \Driver\atapi \Device\Ide\IdePort1 8557E1F8

Device \Driver\atapi \Device\Ide\IdePort2 8557E1F8

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 8557E1F8

Device \Driver\msahci \Device\Ide\PciIde0Channel0 8557F1F8

Device \Driver\msahci \Device\Ide\PciIde0Channel1 8557F1F8

Device \Driver\msahci \Device\Ide\PciIde0Channel5 8557F1F8

Device \Driver\volmgr \Device\HarddiskVolume3 8557C1F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom1 866081F8

Device \Driver\NetBT \Device\NetBt_Wins_Export 866B0500

Device \Driver\PCI_PNP4006 \Device\0000005a spqb.sys

Device \Driver\NetBT \Device\NetBT_Tcpip_{34F12572-65BE-4B3E-979E-06B7C8D8AEE7} 866B0500

Device \Driver\NetBT \Device\NetBT_Tcpip_{DC0B3201-471A-4341-BE75-B22C6521D168} 866B0500

Device \Driver\ACPI_HAL \Device\0000004f halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

Device \Driver\usbuhci \Device\USBFDO-0 8687C1F8

Device \Driver\usbuhci \Device\USBFDO-1 8687C1F8

Device \Driver\usbuhci \Device\USBFDO-2 8687C1F8

Device \Driver\sptd \Device\1283320008 spqb.sys

Device \Driver\usbehci \Device\USBFDO-3 866EE500

Device \Driver\usbuhci \Device\USBFDO-4 8687C1F8

Device \Driver\usbuhci \Device\USBFDO-5 8687C1F8

Device \Driver\usbuhci \Device\USBFDO-6 8687C1F8

Device \Driver\usbehci \Device\USBFDO-7 866EE500

Device \Driver\arwcv0id \Device\Scsi\arwcv0id1 868F6500

Device \Driver\arwcv0id \Device\Scsi\arwcv0id1Port3Path0Target0Lun0 868F6500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0015aff79a78

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x71 0x29 0xCC 0xAC ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF4 0x51 0x85 0xCA ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x06 0xF9 0xF2 0x4C ...

Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0015aff79a78 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x71 0x29 0xCC 0xAC ...

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF4 0x51 0x85 0xCA ...

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x06 0xF9 0xF2 0x4C ...

---- Files - GMER 1.0.15 ----

File C:\Users\Thiago\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5B04EHOT\background_gradientCAPV58DR 0 bytes

File C:\Users\Thiago\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RBIT4JK7\info_48CAVHVB5X 0 bytes

File C:\Users\Thiago\AppData\Roaming\Microsoft\Windows\Cookies\thiago@ad.harrenmedianetwork[2].txt 229 bytes

---- EOF - GMER 1.0.15 ----

Compartilhar este post


Link para o post
Compartilhar em outros sites

Configure o Windows para mostrar todos os arquivos

Acesse este site: http://virustotal.com/

Em File to upload coloque: C:\Users\Thiago\AppData\Local\Temp\Yfm.exe

Em seguida clique em Submit

Copie e poste o resultado deste exame.

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • Fiz o que foi solicitado só que não há arquivo no local indicado.

    O que fazer então?

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    O Windows foi configurado para mostrar todos os arquivos?

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Sim. Mas talvez seja porque eu mesmo já tenha removido.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Por gentileza, me informe dos procedimentos realizados para não perdermos tempo.

    Poste novo log do DDS.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×