Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
thiagonon

Analíse de LOG Hijackthis

Recommended Posts

Venho encarando problemas de conflito com o aplicativo explorer.exe, segue ai o log depois da analise rígida do antivírus.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 17:18:48, on 26/10/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\AVG\AVG9\avgchsvx.exe

C:\Arquivos de programas\AVG\AVG9\avgrsx.exe

C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe

C:\Arquivos de programas\cFosSpeed\spd.exe

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Arquivos de programas\LogMeIn Hamachi\hamachi-2.exe

C:\Arquivos de programas\AVG\AVG9\avgnsx.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\libusbd-nt.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Microsoft LifeCam\MSCamS32.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\AVG\AVG9\avgemc.exe

C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\ARQUIV~1\AVG\AVG9\avgtray.exe

C:\Arquivos de programas\cFosSpeed\cFosSpeed.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe

C:\WINDOWS\vVX1000.exe

C:\WINDOWS\system32\atwtusb.exe

C:\WINDOWS\system32\TBLMOUSE.EXE

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\uTorrent\uTorrent.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe

C:\Arquivos de programas\Skype\Phone\Skype.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Skype\Toolbars\Shared\SkypeNames2.exe

C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe

C:\Arquivos de programas\Arquivos comuns\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

C:\WINDOWS\system32\drwtsn32.exe

C:\WINDOWS\system32\drwtsn32.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\rundll32.exe

D:\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG9\avgssie.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [AVG9_TRAY] C:\ARQUIV~1\AVG\AVG9\avgtray.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [DelReg] C:\Arquivos de programas\MSI\DualCoreCenter\DelReg.exe

O4 - HKLM\..\Run: [cFosSpeed] C:\Arquivos de programas\cFosSpeed\cFosSpeed.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe

O4 - HKLM\..\Run: [LifeCam] "C:\Arquivos de programas\Microsoft LifeCam\LifeExp.exe"

O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta

O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Arquivos de programas\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Arquivos de programas\Arquivos comuns\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

O4 - HKLM\..\Run: [switchBoard] C:\Arquivos de programas\Arquivos comuns\Adobe\SwitchBoard\SwitchBoard.exe

O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Arquivos de programas\Arquivos comuns\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [uTorrent] "C:\Arquivos de programas\uTorrent\uTorrent.exe"

O4 - HKCU\..\Run: [steam] "C:\Arquivos de programas\Steam\Steam.exe" -silent

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - Startup: Neverwinter Nights_ Platinum Edition Registration.lnk = D:\Games\NWN\ereg\ATR1.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG9\avgpp.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG9\avgemc.exe

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe

O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Arquivos de programas\cFosSpeed\spd.exe

O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: ESET Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Arquivos de programas\LogMeIn Hamachi\hamachi-2.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Arquivos de programas\Arquivos comuns\Adobe\SwitchBoard\SwitchBoard.exe

--

End of file - 11407 bytes

Agradeço pela atenção antes de mais nada :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Leia o tópico "Leia Antes de Postar" e poste os logs solicitados.

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • Log DDS

    DDS (Ver_10-10-21.02) - NTFSx86

    Run by WinXP at 6:15:33,70 on qua 27/10/2010

    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22

    Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2045.883 [GMT -2:00]

    AV: ESET NOD32 Antivirus 4.2 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

    ============== Running Processes ===============

    C:\WINDOWS\system32\nvsvc32.exe

    C:\WINDOWS\system32\svchost -k DcomLaunch

    svchost.exe

    C:\WINDOWS\System32\svchost.exe -k netsvcs

    svchost.exe

    svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    svchost.exe

    C:\Arquivos de programas\cFosSpeed\spd.exe

    C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

    C:\Arquivos de programas\LogMeIn Hamachi\hamachi-2.exe

    C:\Arquivos de programas\Java\jre6\bin\jqs.exe

    C:\WINDOWS\system32\libusbd-nt.exe

    C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

    C:\Arquivos de programas\Microsoft LifeCam\MSCamS32.exe

    C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

    C:\WINDOWS\system32\svchost.exe -k imgsvc

    C:\WINDOWS\system32\wbem\wmiapsrv.exe

    C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

    C:\Arquivos de programas\cFosSpeed\cFosSpeed.exe

    C:\WINDOWS\RTHDCPL.EXE

    C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

    C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe

    C:\WINDOWS\vVX1000.exe

    C:\WINDOWS\system32\atwtusb.exe

    C:\WINDOWS\system32\TBLMOUSE.EXE

    C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

    C:\Arquivos de programas\uTorrent\uTorrent.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe

    C:\Arquivos de programas\Skype\Phone\Skype.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

    C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe

    C:\Arquivos de programas\Arquivos comuns\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

    C:\WINDOWS\system32\drwtsn32.exe

    C:\WINDOWS\system32\drwtsn32.exe

    C:\WINDOWS\explorer.exe

    D:\Downloads\HiJackThis.exe

    C:\Arquivos de programas\Mozilla Firefox\firefox.exe

    C:\Arquivos de programas\Skype\Toolbars\Shared\SkypeNames2.exe

    C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe

    C:\WINDOWS\system32\WISPTIS.EXE

    C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

    C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

    D:\Downloads\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com.br/

    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelperShim.dll

    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\arquivos de programas\avg\avg9\avgssie.dll

    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

    BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll

    BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\arquivos de programas\skype\toolbars\internet explorer\skypeieplugin.dll

    BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\arquivos de programas\java\jre6\bin\jp2ssv.dll

    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

    uRun: [msnmsgr] "c:\arquivos de programas\windows live\messenger\msnmsgr.exe" /background

    uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\arquivos de programas\arquivos comuns\ahead\lib\NMBgMonitor.exe"

    uRun: [uTorrent] "c:\arquivos de programas\utorrent\uTorrent.exe"

    uRun: [steam] "c:\arquivos de programas\steam\Steam.exe" -silent

    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

    uRun: [DAEMON Tools Lite] "c:\arquivos de programas\daemon tools lite\DTLite.exe" -autorun

    uRun: [skype] "c:\arquivos de programas\skype\phone\Skype.exe" /nosplash /minimized

    mRun: [RemoteControl] "c:\arquivos de programas\cyberlink\powerdvd\PDVDServ.exe"

    mRun: [LanguageShortcut] "c:\arquivos de programas\cyberlink\powerdvd\language\Language.exe"

    mRun: [NeroFilterCheck] c:\arquivos de programas\arquivos comuns\ahead\lib\NeroCheck.exe

    mRun: [DelReg] c:\arquivos de programas\msi\dualcorecenter\DelReg.exe

    mRun: [cFosSpeed] c:\arquivos de programas\cfosspeed\cFosSpeed.exe

    mRun: [RTHDCPL] RTHDCPL.EXE

    mRun: [Alcmtr] ALCMTR.EXE

    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

    mRun: [sunJavaUpdateSched] "c:\arquivos de programas\arquivos comuns\java\java update\jusched.exe"

    mRun: [egui] "c:\arquivos de programas\eset\eset nod32 antivirus\egui.exe" /hide /waitservice

    mRun: [VX1000] c:\windows\vVX1000.exe

    mRun: [LifeCam] "c:\arquivos de programas\microsoft lifecam\LifeExp.exe"

    mRun: [atwtusb] atwtusb.exe beta

    mRun: [googletalk] c:\arquivos de programas\google\google talk\googletalk.exe /autostart

    mRun: [Adobe Reader Speed Launcher] "c:\arquivos de programas\adobe\reader 9.0\reader\Reader_sl.exe"

    mRun: [Adobe ARM] "c:\arquivos de programas\arquivos comuns\adobe\arm\1.0\AdobeARM.exe"

    mRun: [LogMeIn Hamachi Ui] "c:\arquivos de programas\logmein hamachi\hamachi-2-ui.exe" --auto-start

    mRun: [AdobeAAMUpdater-1.0] "c:\arquivos de programas\arquivos comuns\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"

    mRun: [switchBoard] c:\arquivos de programas\arquivos comuns\adobe\switchboard\SwitchBoard.exe

    mRun: [AdobeCS5ServiceManager] "c:\arquivos de programas\arquivos comuns\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin

    mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avgbrasil.com.br/br-pt.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYARQBVAFkAUwAtAFEAVgBKAFkATQ"&"inst=NwA3AC0AMwA1ADYAMgA1ADk"&"prod=90"&"ver=9.0.864

    StartupFolder: c:\docume~1\winxp\menuin~1\progra~1\inicia~1\neverw~1.lnk - d:\games\nwn\ereg\ATR1.EXE

    IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~2\office11\EXCEL.EXE/3000

    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\arquivos de programas\skype\toolbars\internet explorer\skypeieplugin.dll

    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~2\office11\REFIEBAR.DLL

    DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

    DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

    DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab

    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

    DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\arquivos de programas\skype\toolbars\internet explorer\skypeieplugin.dll

    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\arquiv~1\arquiv~1\skype\SKYPE4~1.DLL

    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\winxp\dadosd~1\mozilla\firefox\profiles\zmsalp03.default\

    FF - component: c:\arquivos de programas\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll

    FF - plugin: c:\arquivos de programas\java\jre6\bin\new_plugin\npdeployJava1.dll

    FF - plugin: c:\arquivos de programas\pando networks\media booster\npPandoWebPlugin.dll

    FF - plugin: d:\games\k-lite codec pack\real\browser\plugins\nppl3260.dll

    FF - plugin: d:\games\k-lite codec pack\real\browser\plugins\nprpjplug.dll

    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

    FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

    FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

    c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

    ============= SERVICES / DRIVERS ===============

    R1 aiptektp;HyperPen;c:\windows\system32\drivers\aiptektp.sys [2010-9-10 22272]

    R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-4-7 114984]

    R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2010-4-7 95872]

    R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2010-7-3 38144]

    R2 ekrn;ESET Service;c:\arquivos de programas\eset\eset nod32 antivirus\ekrn.exe [2010-4-7 810120]

    R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\arquivos de programas\logmein hamachi\hamachi-2.exe [2010-3-30 1107336]

    R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]

    R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2010-8-23 33792]

    R4 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys --> c:\windows\system32\drivers\avgtdix.sys [?]

    S3 apf001;apf001;\??\d:\games\wolfteamps\apf001.sys --> d:\games\wolfteamps\apf001.sys [?]

    S3 DualCoreCenter;DualCoreCenter;\??\c:\arquivos de programas\msi\dualcorecenter\ntglm7x.sys --> c:\arquivos de programas\msi\dualcorecenter\NTGLM7X.sys [?]

    S3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8187b.sys --> c:\windows\system32\drivers\RTL8187B.sys [?]

    S3 RushTopDevice2;RushTopDevice2;\??\c:\arquivos de programas\msi\dualcorecenter\rushtop.sys --> c:\arquivos de programas\msi\dualcorecenter\RushTop.sys [?]

    S3 SwitchBoard;SwitchBoard;c:\arquivos de programas\arquivos comuns\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

    S3 XDva359;XDva359;\??\c:\windows\system32\xdva359.sys --> c:\windows\system32\XDva359.sys [?]

    S3 XDva360;XDva360;c:\windows\system32\XDva360.sys [2010-10-8 73416]

    S3 zlportio;zlportio;\??\d:\games\ultra star\ultrastar deluxe\zlportio.sys --> d:\games\ultra star\ultrastar deluxe\zlportio.sys [?]

    =============== Created Last 30 ================

    2010-10-26 23:59:59 -------- d-----w- c:\docume~1\winxp\dadosd~1\TS3Client

    2010-10-26 00:16:14 -------- d-----w- c:\docume~1\alluse~1\dadosd~1\regid.1986-12.com.adobe

    2010-10-25 23:47:14 -------- d-----w- c:\arquivos de programas\arquivos comuns\Adobe AIR

    2010-10-23 22:49:09 -------- d-----w- c:\docume~1\winxp\config~1\dadosd~1\SKIDROW

    2010-10-23 22:36:42 -------- d-----w- c:\docume~1\winxp\config~1\dadosd~1\LogMeIn Hamachi

    2010-10-23 22:35:56 -------- d-----w- c:\arquivos de programas\LogMeIn Hamachi

    2010-10-18 08:08:38 -------- d-----w- c:\docume~1\winxp\dadosd~1\.minecraft

    2010-10-13 04:16:34 -------- d-----w- c:\arquivos de programas\zbattle.net

    2010-10-11 03:45:09 -------- d-----r- c:\arquivos de programas\Skype

    2010-10-10 02:29:51 -------- d-----w- c:\arquivos de programas\Free WMA to MP3 Converter

    2010-10-08 19:54:59 73416 ----a-w- c:\windows\system32\XDva360.sys

    2010-10-06 20:50:52 -------- d-----w- c:\arquivos de programas\AP Tuner

    2010-10-05 20:53:25 -------- d-----w- c:\arquivos de programas\arquivos comuns\DirectX

    2010-10-03 16:39:09 -------- d-----w- c:\documents and settings\winxp\SystemRequirementsLab

    2010-10-03 15:53:46 -------- d-----w- c:\windows\system32\appmgmt

    ==================== Find3M ====================

    2010-09-18 15:23:20 974848 ----a-w- c:\windows\system32\mfc42u.dll

    2010-09-18 06:53:19 974848 ----a-w- c:\windows\system32\mfc42.dll

    2010-09-18 06:53:19 954368 ----a-w- c:\windows\system32\mfc40.dll

    2010-09-18 06:53:19 953856 ----a-w- c:\windows\system32\mfc40u.dll

    2010-09-15 06:50:37 472808 ----a-w- c:\windows\system32\deployJava1.dll

    2010-09-15 04:29:49 73728 ----a-w- c:\windows\system32\javacpl.cpl

    2010-09-10 05:51:13 916480 ----a-w- c:\windows\system32\wininet.dll

    2010-09-10 05:51:09 43520 ----a-w- c:\windows\system32\licmgr10.dll

    2010-09-10 05:51:09 1469440 ------w- c:\windows\system32\inetcpl.cpl

    2010-09-06 15:34:24 98304 ----a-w- c:\windows\system32\CmdLineExt.dll

    2010-09-01 23:25:49 2829 ----a-w- c:\windows\DiabUnin.pif

    2010-09-01 23:25:49 118784 ----a-w- c:\windows\DiabUnin.exe

    2010-09-01 11:52:23 285824 ----a-w- c:\windows\system32\atmfd.dll

    2010-09-01 07:57:19 1852928 ----a-w- c:\windows\system32\win32k.sys

    2010-08-29 20:18:27 12920 ----a-w- c:\windows\system32\apl001.sys

    2010-08-29 20:18:27 10872 ----a-w- c:\windows\system32\apf001.sys

    2010-08-27 08:03:07 119808 ----a-w- c:\windows\system32\t2embed.dll

    2010-08-27 05:53:36 99840 ----a-w- c:\windows\system32\srvsvc.dll

    2010-08-27 01:43:50 5120 ----a-w- c:\windows\system32\xpsp4res.dll

    2010-08-23 16:12:00 617472 ----a-w- c:\windows\system32\comctl32.dll

    2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe

    2010-08-16 08:44:59 590848 ----a-w- c:\windows\system32\rpcrt4.dll

    ============= FINISH: 6:16:01,95 ===============

    Log GMER

    GMER 1.0.15.15477 - http://www.gmer.net

    Rootkit scan 2010-10-28 12:46:24

    Windows 5.1.2600 Service Pack 3

    Running: gmer.exe; Driver: C:\DOCUME~1\WinXP\CONFIG~1\Temp\pxtdipow.sys

    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwAssignProcessToJobObject [0xB48DC610]

    SSDT spjb.sys ZwCreateKey [0xB7EB50E0]

    SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDebugActiveProcess [0xB48DCC10]

    SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDuplicateObject [0xB48DC730]

    SSDT spjb.sys ZwEnumerateKey [0xB7ECDDA4]

    SSDT spjb.sys ZwEnumerateValueKey [0xB7ECE132]

    SSDT spjb.sys ZwOpenKey [0xB7EB50C0]

    SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwOpenProcess [0xB48DC4B0]

    SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwOpenThread [0xB48DC570]

    SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwProtectVirtualMemory [0xB48DC6D0]

    SSDT spjb.sys ZwQueryKey [0xB7ECE20A]

    SSDT spjb.sys ZwQueryValueKey [0xB7ECE08A]

    SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetContextThread [0xB48DC690]

    SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetInformationThread [0xB48DC650]

    SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetSecurityObject [0xB48DC7D0]

    SSDT spjb.sys ZwSetValueKey [0xB7ECE29C]

    SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendProcess [0xB48DC510]

    SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendThread [0xB48DC590]

    SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwTerminateProcess [0xB48DC4D0]

    SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwTerminateThread [0xB48DC5D0]

    SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwWriteVirtualMemory [0xB48DC750]

    INT 0x62 ? 8A3A0BF8

    INT 0x63 ? 8A115BF8

    INT 0x73 ? 8A3A0BF8

    INT 0x73 ? 8A3A0BF8

    INT 0x73 ? 8A3A0BF8

    INT 0x83 ? 8A115BF8

    INT 0xA4 ? 8A115BF8

    INT 0xB4 ? 8A115BF8

    ---- Kernel code sections - GMER 1.0.15 ----

    ? spjb.sys O sistema não pode encontrar o arquivo especificado. !

    .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB72B0380, 0x566445, 0xE8000020]

    .text USBPORT.SYS!DllUnload B72388AC 5 Bytes JMP 8A1151D8

    .text ao9vpcyb.SYS B7183386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]

    .text ao9vpcyb.SYS B71833AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]

    .text ao9vpcyb.SYS B71833C4 3 Bytes [00, 80, 02]

    .text ao9vpcyb.SYS B71833C9 1 Byte [30]

    .text ao9vpcyb.SYS B71833C9 11 Bytes [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}

    .text ...

    init C:\WINDOWS\system32\DRIVERS\aiptektp.sys entry point in "init" section [0xB8384300]

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe[1516] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00]

    .text C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe[1672] USER32.dll!TrackPopupMenu 7E3B531E 5 Bytes JMP 10403687 C:\Arquivos de programas\Mozilla Firefox\xul.dll (Mozilla Foundation)

    .text C:\Arquivos de programas\Mozilla Firefox\firefox.exe[2972] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Arquivos de programas\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

    ---- Kernel IAT/EAT - GMER 1.0.15 ----

    IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [b7EB6042] spjb.sys

    IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [b7EB613E] spjb.sys

    IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [b7EB60C0] spjb.sys

    IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [b7EB6800] spjb.sys

    IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [b7EB66D6] spjb.sys

    IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [b7EC5B90] spjb.sys

    IAT \SystemRoot\System32\Drivers\ao9vpcyb.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E

    IAT \SystemRoot\System32\Drivers\ao9vpcyb.SYS[HAL.dll!READ_PORT_UCHAR] 1C959E88

    IAT \SystemRoot\System32\Drivers\ao9vpcyb.SYS[HAL.dll!KeGetCurrentIrql] 9E880000

    IAT \SystemRoot\System32\Drivers\ao9vpcyb.SYS[HAL.dll!KfRaiseIrql] 00001CB1

    IAT \SystemRoot\System32\Drivers\ao9vpcyb.SYS[HAL.dll!KfLowerIrql] 0E798366

    IAT \SystemRoot\System32\Drivers\ao9vpcyb.SYS[HAL.dll!HalGetInterruptVector] 74AAB000

    IAT \SystemRoot\System32\Drivers\ao9vpcyb.SYS[HAL.dll!HalTranslateBusAddress] 8986C636

    IAT \SystemRoot\System32\Drivers\ao9vpcyb.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C

    IAT \SystemRoot\System32\Drivers\ao9vpcyb.SYS[HAL.dll!KfReleaseSpinLock] 1C8B86C6

    IAT \SystemRoot\System32\Drivers\ao9vpcyb.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000

    IAT \SystemRoot\System32\Drivers\ao9vpcyb.SYS[HAL.dll!READ_PORT_USHORT] 001C9686

    IAT \SystemRoot\System32\Drivers\ao9vpcyb.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200

    IAT \SystemRoot\System32\Drivers\ao9vpcyb.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CB2

    IAT \SystemRoot\System32\Drivers\ao9vpcyb.SYS[WMILIB.SYS!WmiSystemControl] 8800001C

    IAT \SystemRoot\System32\Drivers\ao9vpcyb.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB99E

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs 8A39F1F8

    AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)

    Device \Driver\usbuhci \Device\USBPDO-0 8A0531F8

    Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A4141F8

    Device \Driver\dmio \Device\DmControl\DmConfig 8A4141F8

    Device \Driver\dmio \Device\DmControl\DmPnP 8A4141F8

    Device \Driver\dmio \Device\DmControl\DmInfo 8A4141F8

    Device \Driver\usbuhci \Device\USBPDO-1 8A0531F8

    Device \Driver\usbuhci \Device\USBPDO-2 8A0531F8

    Device \Driver\usbuhci \Device\USBPDO-3 8A0531F8

    Device \Driver\usbehci \Device\USBPDO-4 8A0FC2C8

    AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET)

    Device \Driver\Ftdisk \Device\HarddiskVolume1 8A3A11F8

    Device \Driver\Ftdisk \Device\HarddiskVolume2 8A3A11F8

    Device \Driver\Cdrom \Device\CdRom0 8A0DA1F8

    Device \Driver\atapi \Device\Ide\IdePort0 [b7E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

    Device \Driver\atapi \Device\Ide\IdePort1 [b7E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

    Device \Driver\atapi \Device\Ide\IdePort2 [b7E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 [b7E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [b7E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

    Device \Driver\Cdrom \Device\CdRom1 8A0DA1F8

    Device \Driver\NetBT \Device\NetBT_Tcpip_{26DA7397-BEE8-4328-8771-687506FB3183} 896051F8

    Device \Driver\NetBT \Device\NetBt_Wins_Export 896051F8

    Device \Driver\sptd \Device\3900442070 spjb.sys

    Device \Driver\NetBT \Device\NetbiosSmb 896051F8

    Device \Driver\PCI_PNP4570 \Device\0000004e spjb.sys

    Device \Driver\usbuhci \Device\USBFDO-0 8A0531F8

    Device \Driver\usbuhci \Device\USBFDO-1 8A0531F8

    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 895DD1F8

    Device \Driver\usbuhci \Device\USBFDO-2 8A0531F8

    Device \FileSystem\MRxSmb \Device\LanmanRedirector 895DD1F8

    Device \Driver\usbuhci \Device\USBFDO-3 8A0531F8

    Device \Driver\usbehci \Device\USBFDO-4 8A0FC2C8

    Device \Driver\Ftdisk \Device\FtControl 8A3A11F8

    Device \Driver\NetBT \Device\NetBT_Tcpip_{FA6E30D1-08A6-4C40-A099-9929F5D5647C} 896051F8

    Device \Driver\ao9vpcyb \Device\Scsi\ao9vpcyb1Port3Path0Target0Lun0 8A0D81F8

    Device \Driver\ao9vpcyb \Device\Scsi\ao9vpcyb1 8A0D81F8

    Device \FileSystem\Cdfs \Cdfs 8A17A500

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Arquivos de programas\DAEMON Tools Lite\

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD2 0xF3 0xDE 0x71 ...

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x62 0xCB 0x5C 0x66 ...

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xDA 0x49 0xC3 0xBD ...

    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)

    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Arquivos de programas\DAEMON Tools Lite\

    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...

    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x6A 0x79 0x98 0x5E ...

    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)

    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x62 0xCB 0x5C 0x66 ...

    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)

    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xDA 0x49 0xC3 0xBD ...

    Reg HKCU\Software\Microsoft\Windows Live\Communications Clients\Shared\2031759214@StoreMemberReplicationStatus 1

    Reg HKCU\Software\Microsoft\Windows Live\Communications Clients\Shared\2031759214@StoreAbReplicationStatus 0

    ---- EOF - GMER 1.0.15 ----

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Leia atentamente toda a instrução abaixo antes de executar o programa.

    Faça download do Kaspersky Removal Tool e salve em seu desktop.

    • Instale o programa normalmente, seguindo todas as instruções.
    • Uma pasta chamada Virus Removal Tool será criada no desktop.
    • Na tela do programa clique nas opções:
      • Meu computador
      • Hidden Startup objects
      • Disk boot sectors
      • System Memory

      [*]Clique no botão Start Scan.[*]Seja paciente, o scan é demorado![*]Conforme for scaneando provavelmente abrirá algumas janelas pequenas ao lado do relógio, não clique em nada.[*]Também há uma possibilidade de abrir uma janela maior contendo as seguintes opções:

      • Desinfection (quando possível)
      • Delete
      • Skip
    • Quando aparecer, marque primero a opção abaixo Apply to all objects e depois clique numa das opções acima.
    • Após completar tudo, clique no botão Reports, na janela que abrir nas opções acima deixe:
      • Autoscan
      • Group by result
      • All Events

      [*]Expanda Autoscan clicando no sinal ao lado de +[*]Expanda Result: Detected.[*]Clique com o botão direito do mouse e escolha Select all, e depois escolha Copy.[*]Atenção, ao fazer isso parece que o PC travou, mas não, aguarde uns minutos para liberar a memória.[*]Abra o Bloco de Notas e cole (ctrl + v)[*]Dê um nome para o arquivo e salve numa pasta de sua preferência.[*]Feche o resultado clicando no botão Exit.[*]Ao fazer isso será questionado se quer desinstalar a ferramenta, clique em Sim.[*]Reinicie o computador quando for pedido.[*]Poste o conteúdo desse arquivo em sua próxima resposta.

    OBSERVAÇÃO1:
    Atente para as janelas durante o scan elas possuem cores diferentes dependendo do risco. Portanto,

    • verde
      :
      baixo risco
    • amarelo
      :
      médio risco
    • vermelho
      :
      alto risco

    Antes de tomar qualquer medida verifique com cuidado o caminho/nome do arquivo para ver é de seu conhecimento, caso seja clique em
    Skip
    .

    OBSERVAÇÃO2:
    Se no resultado final do scan apenas tiver
    Result:
    OK
    , não precisa gerar um relatório, apenas informe deste.

    OBSERVAÇÃO3:
    Durante o scan pode ser que o Kaspersky acuse a seguinte pasta com vírus:
    c:\
    QooBox
    . Caso isto aconteça escolha a opção
    Skip
    , pois a mesma pertence ao
    ComboFix
    e será removida quando o mesmo for desinstalado.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Você poderia dar uma explicação mais detalhada do seu problema?

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Claro! Bem... Quando eu estou usando o PC, eventualmente recebo uma mensagem do sistema me alertando que o processo explorer está em conflito ou algo do tipo e pede para que ele seja fechado, e basicamente é isso.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    O processo explorer.exe pertence ao Windows, então se você tem algum problema com ele, seu problema é relacionado ao sistema operacionado e não com malware.

    Poste sua dúvida em Sistemas Operacionais.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×