Ir ao conteúdo
  • Cadastre-se
axecompact

[LOG-HijackThis]-Análise/LOADER.EXE/PC inicia sem visualização da Área de

Recommended Posts

Resolvi salvar um log do HT após perceber que minha net/pc estavam MUITO lentos, e depois de ler que um tal de 'loader.exe' que estava aberto é uma espécie de trojan, que mesmo não sendo de alto risco, continua perigoso. E agora, tres dias depois, o pc ta iniciando, algumas vezes, 'sem' a area de trabalho (eu nao consigo visualizar a área, os icones, a barra de iniciar, apenas vejo o plano de fundo), fora isso o mozilla ta volta e meia dando erro (isso q eu ja inicio ele em 'erro' ou seja, abre um box de mensagem com codigos q eu preciso clicar em OK para prosseguir, sempre).

Desde já agradeço à quem responder, pela disposição.

_______________________________________________________________

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 01:27:41, on 25/11/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe

C:\WINDOWS\domino.exe

C:\WINDOWS\VMSnap1.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe

C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe

c:\arquivos de programas\arquivos comuns\mcafee\mna\mcnasvc.exe

c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe

C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe

c:\ARQUIV~1\mcafee\msc\mcuimgr.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Spybot - Search & Destroy\SpybotSD.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Arquivos de programas\GetRight\xx2gr.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.1.9.24.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Arquivos de programas\McAfee\VirusScan\scriptsn.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [mcagent_exe] C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe /runkey

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [domino] C:\WINDOWS\domino.exe

O4 - HKLM\..\Run: [VMSnap1] C:\WINDOWS\VMSnap1.exe

O4 - HKLM\..\Run: [siteAdvisor] "C:\Arquivos de programas\SiteAdvisor\6261\SiteAdv.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [bitComet] "C:\Arquivos de programas\BitComet\BitComet.exe" /tray

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p

O8 - Extra context menu item: Baixar link usando &BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: Baixar todos os links usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Baixar todos os vídeos usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: Download with GetRight - C:\Arquivos de programas\GetRight\GRdownload.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Open with GetRight Browser - C:\Arquivos de programas\GetRight\GRbrowse.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.1.9.24.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\arquivos de programas\arquivos comuns\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--

End of file - 11434 bytes

Editado por axecompact
mais problemas decorrentes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro axecompact

Desculpe-nos pela demora mas, se ainda precisa de ajuda, por favor siga as instruções deste tópico:

Leia Antes de Postar - Criando um novo Tópico

ATENÇÃO: Não precisa abrir um novo tópico, coloque os novos logs neste mesmo, obrigado!

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Grande Diego, valeu pela resposta, e quanto à demora (?) não há o que dizer, realmente.

Aí vão os logs do DDS e do GMER.

DDS

DDS (Version 1.0) - NTFSx86

Run by Eduardo at 3:23:39,93 on 29/11/2008

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.1023.313 [GMT -2:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\domino.exe

C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe

C:\WINDOWS\VMSnap1.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe

c:\arquivos de programas\arquivos comuns\mcafee\mna\mcnasvc.exe

c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe

C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe

c:\ARQUIV~1\mcafee\msc\mcuimgr.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Eduardo\Desktop\dds.scr

============== Psuedo HJT Report ===============

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelper.dll

BHO: {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - c:\arquivos de programas\getright\xx2gr.dll

BHO: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - c:\arquivos de programas\bitcomet\tools\BitCometBHO_1.1.9.24.dll

BHO: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - c:\arquiv~1\megaup~1\MEGAUP~1.DLL

BHO: {53707962-6F74-2D53-2644-206D7942484F} - c:\arquiv~1\spybot~1\SDHelper.dll

BHO: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\arquiv~1\micros~2\office12\GRA8E1~1.DLL

BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\arquivos de programas\java\jre1.6.0_07\bin\ssv.dll

BHO: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\arquivos de programas\mcafee\virusscan\scriptsn.dll

BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\arquiv~1\mcafee\sitead~1\mcieplg.dll

BHO: {C41A1C0E-EA6C-11D4-B1B8-444553540003} - c:\arquivos de programas\gbplugin\gbiehcef.dll

TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - c:\arquiv~1\megaup~1\MEGAUP~1.DLL

TB: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\arquiv~1\mcafee\sitead~1\mcieplg.dll

TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - c:\arquiv~1\megaup~1\MEGAUP~1.DLL

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

uRun: [MsnMsgr] "c:\arquivos de programas\windows live\messenger\MsnMsgr.Exe" /background

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\arquivos de programas\arquivos comuns\ahead\lib\NMBgMonitor.exe"

uRun: [bitComet] "c:\arquivos de programas\bitcomet\BitComet.exe" /tray

uRun: [spybotSD TeaTimer] c:\arquivos de programas\spybot - search & destroy\TeaTimer.exe

uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\NPSWF32_FlashUtil.exe -p

mRun: [RemoteControl] "c:\arquivos de programas\cyberlink\powerdvd\PDVDServ.exe"

mRun: [LanguageShortcut] "c:\arquivos de programas\cyberlink\powerdvd\language\Language.exe"

mRun: [sunJavaUpdateSched] "c:\arquivos de programas\java\jre1.6.0_07\bin\jusched.exe"

mRun: [NeroFilterCheck] c:\arquivos de programas\arquivos comuns\ahead\lib\NeroCheck.exe

mRun: [iSUSPM Startup] "c:\arquivos de programas\arquivos comuns\installshield\updateservice\ISUSPM.exe" -startup

mRun: [iSUSScheduler] "c:\arquivos de programas\arquivos comuns\installshield\updateservice\issch.exe" -start

mRun: [GrooveMonitor] "c:\arquivos de programas\microsoft office\office12\GrooveMonitor.exe"

mRun: [mcagent_exe] c:\arquivos de programas\mcafee.com\agent\mcagent.exe /runkey

mRun: [QuickTime Task] "c:\arquivos de programas\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\arquivos de programas\itunes\iTunesHelper.exe"

mRun: [Adobe Reader Speed Launcher] "c:\arquivos de programas\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [domino] c:\windows\domino.exe

mRun: [VMSnap1] c:\windows\VMSnap1.exe

mRun: [siteAdvisor] "c:\arquivos de programas\siteadvisor\6261\SiteAdv.exe"

IE: Baixar link usando &BitComet - c:\arquivos de programas\bitcomet\BitComet.exe/AddLink.htm

IE: Baixar todos os links usando BitComet - c:\arquivos de programas\bitcomet\BitComet.exe/AddAllLink.htm

IE: Baixar todos os vídeos usando BitComet - c:\arquivos de programas\bitcomet\BitComet.exe/AddVideo.htm

IE: Download with GetRight - c:\arquivos de programas\getright\GRdownload.htm

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~2\office12\EXCEL.EXE/3000

IE: Open with GetRight Browser - c:\arquivos de programas\getright\GRbrowse.htm

IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\arquivos de programas\pokerstars\PokerStarsUpdate.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\arquivos de programas\java\jre1.6.0_07\bin\ssv.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\arquiv~1\micros~2\office12\ONBttnIE.dll

IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\arquivos de programas\pokerstars\PokerStarsUpdate.exe

IE: {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - {E7A829CC-671F-4C3D-B590-8C0AEA72E6B2} - c:\arquivos de programas\bitcomet\tools\BitCometBHO_1.1.9.24.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~2\office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\arquiv~1\spybot~1\SDHelper.dll

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\arquiv~1\micros~2\office12\GR99D3~1.DLL

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\arquiv~1\mcafee\sitead~1\McIEPlg.dll

Notify: GbPluginCef - c:\arquivos de programas\gbplugin\gbiehcef.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\arquiv~1\micros~2\office12\GRA8E1~1.DLL

SEH: {E37CB5F0-51F5-4395-A808-5FA49E399003} - c:\arquivos de programas\gbplugin\gbiehcef.dll

============= SERVICES / DRIVERS ===============

? GbpSv;GbpSv; []

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\arquivos de programas\mcafee\siteadvisor\McSACore.exe" [2008-9-29 203280]

=============== Created Last 30 ================

2008-11-05 17:41 <DIR> --d----- c:\docume~1\eduardo\dadosd~1\TibiaTestserver

==================== Find3M ====================

2008-11-29 03:06 <DIR> --d----- c:\arquivos de programas\TibiaBot NGNOVO

2008-11-19 06:22 <DIR> --d----- c:\docume~1\eduardo\dadosd~1\MegauploadToolbar

2008-11-02 13:33 <DIR> --d----- c:\arquivos de programas\McAfee

2008-10-28 04:50 <DIR> --d----- c:\arquivos de programas\PokerStars

2008-10-23 15:30 <DIR> --d----- c:\arquivos de programas\TibiaCam TV Lite

2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll

2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll

2008-10-12 01:03 347,294 a------- c:\windows\system32\perfh016.dat

2008-10-12 01:03 49,586 a------- c:\windows\system32\perfc016.dat

2008-09-09 04:53 <DIR> --d----- c:\docume~1\eduardo\dadosd~1\Tibia

2008-06-03 04:32 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Spybot - Search & Destroy

2008-05-26 03:33 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\GbPlugin

2008-02-05 03:15 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\HHD Software

2007-05-18 02:55 <DIR> --d----- c:\docume~1\eduardo\dadosd~1\InterTrust

2007-05-18 02:03 <DIR> --d----- c:\docume~1\eduardo\dadosd~1\Elaborate Bytes

2007-05-18 01:51 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Nero

2007-10-08 23:14 2,516 a--sh--- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 3:25:20,28 ===============

Compartilhar este post


Link para o post
Compartilhar em outros sites

GMER1

GMER 1.0.14.14536 - http://www.gmer.net

Rootkit scan 2008-11-29 03:44:31

Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.14 ----

SSDT sptd.sys ZwCreateKey [0xF77380B0]

SSDT sptd.sys ZwEnumerateKey [0xF773D84C]

SSDT sptd.sys ZwEnumerateValueKey [0xF773DBEC]

SSDT sptd.sys ZwOpenKey [0xF7738090]

SSDT sptd.sys ZwQueryKey [0xF773DCC4]

SSDT sptd.sys ZwQueryValueKey [0xF773DB44]

SSDT sptd.sys ZwSetValueKey [0xF773DD56]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xB6E0B9AA]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xB6E0B958]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xB6E0B96C]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xB6E0BA5B]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB6E0BA87]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB6E0B9EA]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xB6E0BB21]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xB6E0B930]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xB6E0B944]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xB6E0B9BE]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xB6E0BAC9]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xB6E0BA71]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xB6E0BB49]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xB6E0BB35]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xB6E0B996]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xB6E0B982]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB6E0BA19]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xB6E0BB0B]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB6E0BA00]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xB6E0B9D4]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.14 ----

.text ntoskrnl.exe!ZwYieldExecution 80509014 7 Bytes JMP B6E0B9D8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntoskrnl.exe!NtOpenProcess 8057908C 5 Bytes JMP B6E0B934 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntoskrnl.exe!ZwProtectVirtualMemory 805793A1 7 Bytes JMP B6E0B9C2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntoskrnl.exe!NtCreateFile 8057D3C4 5 Bytes JMP B6E0B9AE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntoskrnl.exe!ZwUnmapViewOfSection 8057E2A3 5 Bytes JMP B6E0BA04 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntoskrnl.exe!NtMapViewOfSection 8057E71B 7 Bytes JMP B6E0B9EE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntoskrnl.exe!NtSetInformationProcess 80581B2D 5 Bytes JMP B6E0B986 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntoskrnl.exe!ZwCreateProcessEx 8058AB10 7 Bytes JMP B6E0B970 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntoskrnl.exe!ZwTerminateProcess 8058C399 5 Bytes JMP B6E0BA1D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntoskrnl.exe!ZwDeleteValueKey 805969F3 7 Bytes JMP B6E0BA8B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntoskrnl.exe!ZwDeleteKey 80598177 7 Bytes JMP B6E0BA5F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntoskrnl.exe!NtOpenThread 805B132C 5 Bytes JMP B6E0B948 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntoskrnl.exe!ZwNotifyChangeKey 805B1B9B 5 Bytes JMP B6E0BB25 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntoskrnl.exe!ZwCreateProcess 805C0BF0 5 Bytes JMP B6E0B95C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntoskrnl.exe!ZwSetContextThread 80633D53 5 Bytes JMP B6E0B99A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntoskrnl.exe!ZwRestoreKey 8065311C 5 Bytes JMP B6E0BB39 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntoskrnl.exe!ZwUnloadKey 806533F5 7 Bytes JMP B6E0BB0F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntoskrnl.exe!ZwQueryMultipleValueKey 80653CC4 7 Bytes JMP B6E0BACD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntoskrnl.exe!ZwRenameKey 8065410B 7 Bytes JMP B6E0BA75 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntoskrnl.exe!ZwReplaceKey 806545FE 5 Bytes JMP B6E0BB4D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

? C:\WINDOWS\system32\drivers\sptd.sys O arquivo já está sendo usado por outro processo.

.text USBPORT.SYS!DllUnload F6FA762C 5 Bytes JMP 86578960

? System32\Drivers\awz3u59b.SYS O sistema não pode encontrar o arquivo especificado. !

---- User code sections - GMER 1.0.14 ----

.text C:\WINDOWS\system32\winlogon.exe[580] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10064500 C:\Arquivos de programas\GbPlugin\gbiehcef.dll (Gbieh Module/Caixa Economica Federal)

.text C:\WINDOWS\system32\winlogon.exe[580] kernel32.dll!FreeLibrary 7C80ABDE 5 Bytes JMP 10064670 C:\Arquivos de programas\GbPlugin\gbiehcef.dll (Gbieh Module/Caixa Economica Federal)

.text C:\WINDOWS\system32\winlogon.exe[580] kernel32.dll!FreeLibraryAndExitThread 7C80C170 5 Bytes JMP 100643A0 C:\Arquivos de programas\GbPlugin\gbiehcef.dll (Gbieh Module/Caixa Economica Federal)

.text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[600] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0041C340 c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)

.text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[600] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 0041C3C0 c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)

.text C:\WINDOWS\system32\services.exe[624] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00070000

.text C:\WINDOWS\system32\services.exe[624] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00070090

.text C:\WINDOWS\system32\services.exe[624] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070F9B

.text C:\WINDOWS\system32\services.exe[624] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00070075

.text C:\WINDOWS\system32\services.exe[624] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00070FAC

.text C:\WINDOWS\system32\services.exe[624] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0007004E

.text C:\WINDOWS\system32\services.exe[624] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00070F6F

.text C:\WINDOWS\system32\services.exe[624] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 000700B7

.text C:\WINDOWS\system32\services.exe[624] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000700ED

.text C:\WINDOWS\system32\services.exe[624] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070F4A

.text C:\WINDOWS\system32\services.exe[624] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00070F39

.text C:\WINDOWS\system32\services.exe[624] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00070FC7

.text C:\WINDOWS\system32\services.exe[624] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00070011

.text C:\WINDOWS\system32\services.exe[624] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00070F80

.text C:\WINDOWS\system32\services.exe[624] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00070033

.text C:\WINDOWS\system32\services.exe[624] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00070022

.text C:\WINDOWS\system32\services.exe[624] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 000700D2

.text C:\WINDOWS\system32\services.exe[624] ADVAPI32.dll!RegOpenKeyExW 77F56A78 5 Bytes JMP 00060FB2

.text C:\WINDOWS\system32\services.exe[624] ADVAPI32.dll!RegCreateKeyExW 77F57535 5 Bytes JMP 00060F8D

.text C:\WINDOWS\system32\services.exe[624] ADVAPI32.dll!RegOpenKeyExA 77F5761B 5 Bytes JMP 00060FC3

.text C:\WINDOWS\system32\services.exe[624] ADVAPI32.dll!RegOpenKeyW 77F5770F 5 Bytes JMP 00060FD4

.text C:\WINDOWS\system32\services.exe[624] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 5 Bytes JMP 0006004A

.text C:\WINDOWS\system32\services.exe[624] ADVAPI32.dll!RegCreateKeyW 77F78F7D 5 Bytes JMP 0006002F

.text C:\WINDOWS\system32\services.exe[624] ADVAPI32.dll!RegOpenKeyA 77F7C41B 5 Bytes JMP 00060FEF

.text C:\WINDOWS\system32\services.exe[624] ADVAPI32.dll!RegCreateKeyA 77F7D5BB 5 Bytes JMP 00060014

.text C:\WINDOWS\system32\services.exe[624] WS2_32.dll!socket 71A73B91 5 Bytes JMP 0004000A

.text C:\WINDOWS\system32\services.exe[624] WS2_32.dll!bind 71A73E00 5 Bytes JMP 0004001B

.text C:\WINDOWS\system32\lsass.exe[636] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00F30FEF

.text C:\WINDOWS\system32\lsass.exe[636] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00F30059

.text C:\WINDOWS\system32\lsass.exe[636] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00F30F5A

.text C:\WINDOWS\system32\lsass.exe[636] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00F30F75

.text C:\WINDOWS\system32\lsass.exe[636] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00F30F86

.text C:\WINDOWS\system32\lsass.exe[636] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00F30FA8

.text C:\WINDOWS\system32\lsass.exe[636] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00F30F2C

.text C:\WINDOWS\system32\lsass.exe[636] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00F30F49

.text C:\WINDOWS\system32\lsass.exe[636] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00F30EEF

.text C:\WINDOWS\system32\lsass.exe[636] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00F30F00

.text C:\WINDOWS\system32\lsass.exe[636] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00F300A3

.text C:\WINDOWS\system32\lsass.exe[636] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00F30F97

.text C:\WINDOWS\system32\lsass.exe[636] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00F30FDE

.text C:\WINDOWS\system32\lsass.exe[636] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00F3006A

.text C:\WINDOWS\system32\lsass.exe[636] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00F3000A

.text C:\WINDOWS\system32\lsass.exe[636] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00F30FC3

.text C:\WINDOWS\system32\lsass.exe[636] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00F30F1B

.text C:\WINDOWS\system32\lsass.exe[636] ADVAPI32.dll!RegOpenKeyExW 77F56A78 5 Bytes JMP 00F20FD4

.text C:\WINDOWS\system32\lsass.exe[636] ADVAPI32.dll!RegCreateKeyExW 77F57535 5 Bytes JMP 00F20F8D

.text C:\WINDOWS\system32\lsass.exe[636] ADVAPI32.dll!RegOpenKeyExA 77F5761B 5 Bytes JMP 00F20025

.text C:\WINDOWS\system32\lsass.exe[636] ADVAPI32.dll!RegOpenKeyW 77F5770F 5 Bytes JMP 00F20FEF

.text C:\WINDOWS\system32\lsass.exe[636] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 5 Bytes JMP 00F2004A

.text C:\WINDOWS\system32\lsass.exe[636] ADVAPI32.dll!RegCreateKeyW 77F78F7D 5 Bytes JMP 00F20FB2

.text C:\WINDOWS\system32\lsass.exe[636] ADVAPI32.dll!RegOpenKeyA 77F7C41B 5 Bytes JMP 00F2000A

.text C:\WINDOWS\system32\lsass.exe[636] ADVAPI32.dll!RegCreateKeyA 77F7D5BB 5 Bytes JMP 00F20FC3

.text C:\WINDOWS\system32\lsass.exe[636] WS2_32.dll!socket 71A73B91 5 Bytes JMP 00E30FEF

.text C:\WINDOWS\system32\lsass.exe[636] WS2_32.dll!bind 71A73E00 5 Bytes JMP 00E30FDE

.text C:\WINDOWS\system32\svchost.exe[800] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00DB0FE5

.text C:\WINDOWS\system32\svchost.exe[800] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00DB0F72

.text C:\WINDOWS\system32\svchost.exe[800] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00DB0F83

.text C:\WINDOWS\system32\svchost.exe[800] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00DB0F94

.text C:\WINDOWS\system32\svchost.exe[800] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00DB0FA5

.text C:\WINDOWS\system32\svchost.exe[800] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00DB0022

.text C:\WINDOWS\system32\svchost.exe[800] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00DB0F3A

.text C:\WINDOWS\system32\svchost.exe[800] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00DB0F4B

.text C:\WINDOWS\system32\svchost.exe[800] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00DB0EFD

.text C:\WINDOWS\system32\svchost.exe[800] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00DB0F0E

.text C:\WINDOWS\system32\svchost.exe[800] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00DB0EE2

.text C:\WINDOWS\system32\svchost.exe[800] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00DB003D

.text C:\WINDOWS\system32\svchost.exe[800] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00DB0000

.text C:\WINDOWS\system32\svchost.exe[800] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00DB0078

.text C:\WINDOWS\system32\svchost.exe[800] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00DB0FB6

.text C:\WINDOWS\system32\svchost.exe[800] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00DB0011

.text C:\WINDOWS\system32\svchost.exe[800] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00DB0F1F

.text C:\WINDOWS\system32\svchost.exe[800] ADVAPI32.dll!RegOpenKeyExW 77F56A78 5 Bytes JMP 00DA0FCA

.text C:\WINDOWS\system32\svchost.exe[800] ADVAPI32.dll!RegCreateKeyExW 77F57535 5 Bytes JMP 00DA0F7C

.text C:\WINDOWS\system32\svchost.exe[800] ADVAPI32.dll!RegOpenKeyExA 77F5761B 5 Bytes JMP 00DA0FDB

.text C:\WINDOWS\system32\svchost.exe[800] ADVAPI32.dll!RegOpenKeyW 77F5770F 5 Bytes JMP 00DA001B

.text C:\WINDOWS\system32\svchost.exe[800] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 5 Bytes JMP 00DA0F97

.text C:\WINDOWS\system32\svchost.exe[800] ADVAPI32.dll!RegCreateKeyW 77F78F7D 5 Bytes JMP 00DA0FA8

.text C:\WINDOWS\system32\svchost.exe[800] ADVAPI32.dll!RegOpenKeyA 77F7C41B 5 Bytes JMP 00DA0000

.text C:\WINDOWS\system32\svchost.exe[800] ADVAPI32.dll!RegCreateKeyA 77F7D5BB 5 Bytes JMP 00DA0FB9

.text C:\WINDOWS\system32\svchost.exe[800] WS2_32.dll!socket 71A73B91 5 Bytes JMP 00D80FEF

.text C:\WINDOWS\system32\svchost.exe[800] WS2_32.dll!bind 71A73E00 5 Bytes JMP 00D8000A

.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 008C0000

.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 008C0F3E

.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 008C0F59

.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 008C003D

.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 008C0F80

.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 008C0FA5

.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 008C0F17

.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 008C0069

.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 008C0EEB

.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 008C0084

.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 008C009F

.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 008C002C

.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 008C0FE5

.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 008C004E

.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 008C0FB6

.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 008C0011

.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 008C0F06

.text C:\WINDOWS\system32\svchost.exe[852] ADVAPI32.dll!RegOpenKeyExW 77F56A78 5 Bytes JMP 008B0FC3

.text C:\WINDOWS\system32\svchost.exe[852] ADVAPI32.dll!RegCreateKeyExW 77F57535 5 Bytes JMP 008B006F

.text C:\WINDOWS\system32\svchost.exe[852] ADVAPI32.dll!RegOpenKeyExA 77F5761B 5 Bytes JMP 008B0014

.text C:\WINDOWS\system32\svchost.exe[852] ADVAPI32.dll!RegOpenKeyW 77F5770F 5 Bytes JMP 008B0FDE

.text C:\WINDOWS\system32\svchost.exe[852] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 5 Bytes JMP 008B0FB2

.text C:\WINDOWS\system32\svchost.exe[852] ADVAPI32.dll!RegCreateKeyW 77F78F7D 5 Bytes JMP 008B0054

.text C:\WINDOWS\system32\svchost.exe[852] ADVAPI32.dll!RegOpenKeyA 77F7C41B 5 Bytes JMP 008B0FEF

.text C:\WINDOWS\system32\svchost.exe[852] ADVAPI32.dll!RegCreateKeyA 77F7D5BB 5 Bytes JMP 008B002F

.text C:\WINDOWS\system32\svchost.exe[852] WS2_32.dll!socket 71A73B91 5 Bytes JMP 00890FEF

.text C:\WINDOWS\system32\svchost.exe[852] WS2_32.dll!bind 71A73E00 5 Bytes JMP 00890000

.text C:\WINDOWS\System32\svchost.exe[920] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 02330FEF

.text C:\WINDOWS\System32\svchost.exe[920] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 02330F7A

.text C:\WINDOWS\System32\svchost.exe[920] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 02330065

.text C:\WINDOWS\System32\svchost.exe[920] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 02330F8B

.text C:\WINDOWS\System32\svchost.exe[920] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 02330FA8

.text C:\WINDOWS\System32\svchost.exe[920] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0233002F

.text C:\WINDOWS\System32\svchost.exe[920] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 02330F42

.text C:\WINDOWS\System32\svchost.exe[920] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 02330F69

.text C:\WINDOWS\System32\svchost.exe[920] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 023300C0

.text C:\WINDOWS\System32\svchost.exe[920] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 02330F27

.text C:\WINDOWS\System32\svchost.exe[920] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 02330F0C

.text C:\WINDOWS\System32\svchost.exe[920] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 02330040

.text C:\WINDOWS\System32\svchost.exe[920] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 02330FDE

.text C:\WINDOWS\System32\svchost.exe[920] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 02330094

.text C:\WINDOWS\System32\svchost.exe[920] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 02330FC3

.text C:\WINDOWS\System32\svchost.exe[920] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 02330014

.text C:\WINDOWS\System32\svchost.exe[920] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 023300A5

.text C:\WINDOWS\System32\svchost.exe[920] ADVAPI32.dll!RegOpenKeyExW 77F56A78 5 Bytes JMP 02320FC3

.text C:\WINDOWS\System32\svchost.exe[920] ADVAPI32.dll!RegCreateKeyExW 77F57535 5 Bytes JMP 02320F8D

.text C:\WINDOWS\System32\svchost.exe[920] ADVAPI32.dll!RegOpenKeyExA 77F5761B 5 Bytes JMP 02320014

.text C:\WINDOWS\System32\svchost.exe[920] ADVAPI32.dll!RegOpenKeyW 77F5770F 5 Bytes JMP 02320FDE

.text C:\WINDOWS\System32\svchost.exe[920] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 5 Bytes JMP 02320FA8

.text C:\WINDOWS\System32\svchost.exe[920] ADVAPI32.dll!RegCreateKeyW 77F78F7D 5 Bytes JMP 0232004A

.text C:\WINDOWS\System32\svchost.exe[920] ADVAPI32.dll!RegOpenKeyA 77F7C41B 5 Bytes JMP 02320FEF

.text C:\WINDOWS\System32\svchost.exe[920] ADVAPI32.dll!RegCreateKeyA 77F7D5BB 5 Bytes JMP 02320039

.text C:\WINDOWS\System32\svchost.exe[920] WS2_32.dll!socket 71A73B91 5 Bytes JMP 006C0FEF

.text C:\WINDOWS\System32\svchost.exe[920] WS2_32.dll!bind 71A73E00 5 Bytes JMP 006C0FD4

.text C:\WINDOWS\System32\svchost.exe[920] WININET.dll!InternetOpenA 4339C865 5 Bytes JMP 006B0000

.text C:\WINDOWS\System32\svchost.exe[920] WININET.dll!InternetOpenW 4339CE99 5 Bytes JMP 006B0FEF

.text C:\WINDOWS\System32\svchost.exe[920] WININET.dll!InternetOpenUrlA 433A0BCA 5 Bytes JMP 006B001B

.text C:\WINDOWS\System32\svchost.exe[920] WININET.dll!InternetOpenUrlW 433EAEA1 5 Bytes JMP 006B002C

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00B70000

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00B70F87

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00B70FAC

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00B70086

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00B70069

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00B70FD1

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00B70F60

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00B700A8

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00B70F3E

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00B70F4F

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00B700F2

.text C:\WINDOWS\system32\svchost.exe[1008]

Compartilhar este post


Link para o post
Compartilhar em outros sites

kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00B7004E

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00B7001B

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00B70097

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00B7003D

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00B7002C

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00B700C3

.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!RegOpenKeyExW 77F56A78 5 Bytes JMP 00B60040

.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!RegCreateKeyExW 77F57535 5 Bytes JMP 00B60FB9

.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!RegOpenKeyExA 77F5761B 5 Bytes JMP 00B6002F

.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!RegOpenKeyW 77F5770F 5 Bytes JMP 00B60FEF

.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 5 Bytes JMP 00B60076

.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!RegCreateKeyW 77F78F7D 5 Bytes JMP 00B60FCA

.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!RegOpenKeyA 77F7C41B 5 Bytes JMP 00B60000

.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!RegCreateKeyA 77F7D5BB 5 Bytes JMP 00B60051

.text C:\WINDOWS\system32\svchost.exe[1008] WS2_32.dll!socket 71A73B91 5 Bytes JMP 00B4000A

.text C:\WINDOWS\system32\svchost.exe[1008] WS2_32.dll!bind 71A73E00 5 Bytes JMP 00B40FE5

.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 009C0FE5

.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 009C0F6D

.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 009C0F88

.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 009C0062

.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 009C0051

.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 009C0025

.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 009C00B3

.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 009C0098

.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 009C0F3C

.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 009C00DF

.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 009C00FA

.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 009C0036

.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 009C0FD4

.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 009C007D

.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 009C0FB9

.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 009C0014

.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 009C00CE

.text C:\WINDOWS\system32\svchost.exe[1064] ADVAPI32.dll!RegOpenKeyExW 77F56A78 5 Bytes JMP 009B0FC3

.text C:\WINDOWS\system32\svchost.exe[1064] ADVAPI32.dll!RegCreateKeyExW 77F57535 5 Bytes JMP 009B0051

.text C:\WINDOWS\system32\svchost.exe[1064] ADVAPI32.dll!RegOpenKeyExA 77F5761B 5 Bytes JMP 009B0FD4

.text C:\WINDOWS\system32\svchost.exe[1064] ADVAPI32.dll!RegOpenKeyW 77F5770F 5 Bytes JMP 009B0FEF

.text C:\WINDOWS\system32\svchost.exe[1064] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 5 Bytes JMP 009B0F94

.text C:\WINDOWS\system32\svchost.exe[1064] ADVAPI32.dll!RegCreateKeyW 77F78F7D 5 Bytes JMP 009B0040

.text C:\WINDOWS\system32\svchost.exe[1064] ADVAPI32.dll!RegOpenKeyA 77F7C41B 5 Bytes JMP 009B0000

.text C:\WINDOWS\system32\svchost.exe[1064] ADVAPI32.dll!RegCreateKeyA 77F7D5BB 5 Bytes JMP 009B002F

.text C:\WINDOWS\system32\svchost.exe[1064] WS2_32.dll!socket 71A73B91 5 Bytes JMP 00990FE5

.text C:\WINDOWS\system32\svchost.exe[1064] WS2_32.dll!bind 71A73E00 5 Bytes JMP 00990FD4

.text C:\WINDOWS\system32\svchost.exe[1064] WININET.dll!InternetOpenA 4339C865 5 Bytes JMP 0098000A

.text C:\WINDOWS\system32\svchost.exe[1064] WININET.dll!InternetOpenW 4339CE99 5 Bytes JMP 00980FE5

.text C:\WINDOWS\system32\svchost.exe[1064] WININET.dll!InternetOpenUrlA 433A0BCA 5 Bytes JMP 0098001B

.text C:\WINDOWS\system32\svchost.exe[1064] WININET.dll!InternetOpenUrlW 433EAEA1 5 Bytes JMP 00980FD4

.text C:\WINDOWS\system32\wuauclt.exe[1208] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001B000A

.text C:\WINDOWS\system32\wuauclt.exe[1208] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001B0F7A

.text C:\WINDOWS\system32\wuauclt.exe[1208] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 001B006F

.text C:\WINDOWS\system32\wuauclt.exe[1208] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 001B0F8B

.text C:\WINDOWS\system32\wuauclt.exe[1208] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 001B0FB2

.text C:\WINDOWS\system32\wuauclt.exe[1208] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 001B0040

.text C:\WINDOWS\system32\wuauclt.exe[1208] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 001B008A

.text C:\WINDOWS\system32\wuauclt.exe[1208] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 001B0F4E

.text C:\WINDOWS\system32\wuauclt.exe[1208] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001B0F0C

.text C:\WINDOWS\system32\wuauclt.exe[1208] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 001B0F27

.text C:\WINDOWS\system32\wuauclt.exe[1208] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 001B0EF1

.text C:\WINDOWS\system32\wuauclt.exe[1208] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 001B0FC3

.text C:\WINDOWS\system32\wuauclt.exe[1208] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 001B0FEF

.text C:\WINDOWS\system32\wuauclt.exe[1208] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 001B0F5F

.text C:\WINDOWS\system32\wuauclt.exe[1208] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 001B0FD4

.text C:\WINDOWS\system32\wuauclt.exe[1208] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 001B002F

.text C:\WINDOWS\system32\wuauclt.exe[1208] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 001B009B

.text C:\WINDOWS\system32\wuauclt.exe[1208] ADVAPI32.dll!RegOpenKeyExW 77F56A78 5 Bytes JMP 002A0FB9

.text C:\WINDOWS\system32\wuauclt.exe[1208] ADVAPI32.dll!RegCreateKeyExW 77F57535 5 Bytes JMP 002A0F68

.text C:\WINDOWS\system32\wuauclt.exe[1208] ADVAPI32.dll!RegOpenKeyExA 77F5761B 5 Bytes JMP 002A0FD4

.text C:\WINDOWS\system32\wuauclt.exe[1208] ADVAPI32.dll!RegOpenKeyW 77F5770F 5 Bytes JMP 002A000A

.text C:\WINDOWS\system32\wuauclt.exe[1208] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 5 Bytes JMP 002A0F83

.text C:\WINDOWS\system32\wuauclt.exe[1208] ADVAPI32.dll!RegCreateKeyW 77F78F7D 5 Bytes JMP 002A0025

.text C:\WINDOWS\system32\wuauclt.exe[1208] ADVAPI32.dll!RegOpenKeyA 77F7C41B 5 Bytes JMP 002A0FE5

.text C:\WINDOWS\system32\wuauclt.exe[1208] ADVAPI32.dll!RegCreateKeyA 77F7D5BB 5 Bytes JMP 002A0FA8

.text C:\WINDOWS\Explorer.EXE[1528] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 0258000A

.text C:\WINDOWS\Explorer.EXE[1528] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 02580F72

.text C:\WINDOWS\Explorer.EXE[1528] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 02580067

.text C:\WINDOWS\Explorer.EXE[1528] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 02580F8D

.text C:\WINDOWS\Explorer.EXE[1528] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 02580FA8

.text C:\WINDOWS\Explorer.EXE[1528] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 02580040

.text C:\WINDOWS\Explorer.EXE[1528] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 025800AE

.text C:\WINDOWS\Explorer.EXE[1528] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 0258009D

.text C:\WINDOWS\Explorer.EXE[1528] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 02580F44

.text C:\WINDOWS\Explorer.EXE[1528] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 02580F55

.text C:\WINDOWS\Explorer.EXE[1528] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 025800F8

.text C:\WINDOWS\Explorer.EXE[1528] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 02580FC3

.text C:\WINDOWS\Explorer.EXE[1528] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 0258001B

.text C:\WINDOWS\Explorer.EXE[1528] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 0258008C

.text C:\WINDOWS\Explorer.EXE[1528] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 02580FD4

.text C:\WINDOWS\Explorer.EXE[1528] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 02580FE5

.text C:\WINDOWS\Explorer.EXE[1528] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 025800D3

.text C:\WINDOWS\Explorer.EXE[1528] ADVAPI32.dll!RegOpenKeyExW 77F56A78 5 Bytes JMP 02500FC3

.text C:\WINDOWS\Explorer.EXE[1528] ADVAPI32.dll!RegCreateKeyExW 77F57535 5 Bytes JMP 0250004D

.text C:\WINDOWS\Explorer.EXE[1528] ADVAPI32.dll!RegOpenKeyExA 77F5761B 5 Bytes JMP 02500014

.text C:\WINDOWS\Explorer.EXE[1528] ADVAPI32.dll!RegOpenKeyW 77F5770F 5 Bytes JMP 02500FD4

.text C:\WINDOWS\Explorer.EXE[1528] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 5 Bytes JMP 02500F86

.text C:\WINDOWS\Explorer.EXE[1528] ADVAPI32.dll!RegCreateKeyW 77F78F7D 5 Bytes JMP 02500F97

.text C:\WINDOWS\Explorer.EXE[1528] ADVAPI32.dll!RegOpenKeyA 77F7C41B 5 Bytes JMP 02500FEF

.text C:\WINDOWS\Explorer.EXE[1528] ADVAPI32.dll!RegCreateKeyA 77F7D5BB 5 Bytes JMP 02500FA8

.text C:\WINDOWS\Explorer.EXE[1528] WININET.dll!InternetOpenA 4339C865 5 Bytes JMP 020F0FEF

.text C:\WINDOWS\Explorer.EXE[1528] WININET.dll!InternetOpenW 4339CE99 5 Bytes JMP 020F0000

.text C:\WINDOWS\Explorer.EXE[1528] WININET.dll!InternetOpenUrlA 433A0BCA 5 Bytes JMP 020F0FCA

.text C:\WINDOWS\Explorer.EXE[1528] WININET.dll!InternetOpenUrlW 433EAEA1 5 Bytes JMP 020F0FB9

.text C:\WINDOWS\Explorer.EXE[1528] WS2_32.dll!socket 71A73B91 5 Bytes JMP 02180FE5

.text C:\WINDOWS\Explorer.EXE[1528] WS2_32.dll!bind 71A73E00 5 Bytes JMP 02180000

.text C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 008E0FEF

.text C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 008E006E

.text C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 008E005D

.text C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 008E0F83

.text C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 008E0F94

.text C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 008E0FCA

.text C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 008E0089

.text C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 008E0F41

.text C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 008E0F0B

.text C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 008E0F1C

.text C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 008E00C9

.text C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 008E0FAF

.text C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 008E000A

.text C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 008E0F5E

.text C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 008E0036

.text C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 008E0025

.text C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 008E009A

.text C:\WINDOWS\system32\svchost.exe[1628] ADVAPI32.dll!RegOpenKeyExW 77F56A78 5 Bytes JMP 008D0FC3

.text C:\WINDOWS\system32\svchost.exe[1628] ADVAPI32.dll!RegCreateKeyExW 77F57535 5 Bytes JMP 008D0054

.text C:\WINDOWS\system32\svchost.exe[1628] ADVAPI32.dll!RegOpenKeyExA 77F5761B 5 Bytes JMP 008D0014

.text C:\WINDOWS\system32\svchost.exe[1628] ADVAPI32.dll!RegOpenKeyW 77F5770F 5 Bytes JMP 008D0FDE

.text C:\WINDOWS\system32\svchost.exe[1628] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 5 Bytes JMP 008D0039

.text C:\WINDOWS\system32\svchost.exe[1628] ADVAPI32.dll!RegCreateKeyW 77F78F7D 5 Bytes JMP 008D0F97

.text C:\WINDOWS\system32\svchost.exe[1628] ADVAPI32.dll!RegOpenKeyA 77F7C41B 5 Bytes JMP 008D0FEF

.text C:\WINDOWS\system32\svchost.exe[1628] ADVAPI32.dll!RegCreateKeyA 77F7D5BB 5 Bytes JMP 008D0FB2

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!IoConnectInterrupt] [F774C580] sptd.sys

IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F774C52C] sptd.sys

IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7766AB8] sptd.sys

IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F774C580] sptd.sys

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7738ABA] sptd.sys

IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F7738C00] sptd.sys

IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F7738B82] sptd.sys

IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F773972E] sptd.sys

IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F7739604] sptd.sys

IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F774BB9A] sptd.sys

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 867D11D8

AttachedDevice \FileSystem\Ntfs \Ntfs sisidex.sys (FileSpy Filter Driver/Windows ® 2000 DDK provider)

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

Device \FileSystem\Fastfat \FatCdrom 864F73D0

AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \Driver\00000191 \Device\00000042 sptd.sys

Device \Driver\usbohci \Device\USBPDO-0 864C51D8

Device \Driver\dmio \Device\DmControl\DmIoDaemon 867D31D8

Device \Driver\dmio \Device\DmControl\DmConfig 867D31D8

Device \Driver\dmio \Device\DmControl\DmPnP 867D31D8

Device \Driver\dmio \Device\DmControl\DmInfo 867D31D8

Device \Driver\usbohci \Device\USBPDO-1 864C51D8

Device \Driver\usbehci \Device\USBPDO-2 864C7980

Device \Driver\usbohci \Device\USBPDO-3 864C51D8

AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \Driver\Ftdisk \Device\HarddiskVolume1 867611D8

Device \Driver\Cdrom \Device\CdRom0 8658D6C8

Device \Driver\NetBT \Device\NetBT_Tcpip_{A9176CE3-B9BC-4105-8FBC-4AF3CE3CEA7A} 86279980

Device \Driver\Cdrom \Device\CdRom1 8658D6C8

Device \Driver\atapi \Device\Ide\IdePort0 867601D8

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 867601D8

Device \Driver\atapi \Device\Ide\IdePort1 867601D8

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e 867601D8

Device \Driver\NetBT \Device\NetBt_Wins_Export 86279980

Device \Driver\NetBT \Device\NetbiosSmb 86279980

AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \Driver\usbohci \Device\USBFDO-0 864C51D8

Device \Driver\usbohci \Device\USBFDO-1 864C51D8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 861D5378

Device \Driver\usbohci \Device\USBFDO-2 864C51D8

Device \FileSystem\MRxSmb \Device\LanmanRedirector 861D5378

Device \Driver\usbehci \Device\USBFDO-3 864C7980

Device \Driver\Ftdisk \Device\FtControl 867611D8

Device \Driver\SiSRaid \Device\Scsi\SiSRaid1 867D21D8

Device \Driver\awz3u59b \Device\Scsi\awz3u59b1Port3Path0Target0Lun0 86584980

Device \Driver\awz3u59b \Device\Scsi\awz3u59b1 86584980

Device \FileSystem\Fastfat \Fat 864F73D0

AttachedDevice \FileSystem\Fastfat \Fat sisidex.sys (FileSpy Filter Driver/Windows ® 2000 DDK provider)

AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

Device \FileSystem\Cdfs \Cdfs 8625B980

---- Services - GMER 1.0.14 ----

Service C:\ARQUIV~1\GbPlugin\GbpSv.exe (*** hidden *** ) [AUTO] GbpSv <-- ROOTKIT !!!

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv@Type 16

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv@Start 2

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv@ErrorControl 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv@ImagePath C:\ARQUIV~1\GbPlugin\GbpSv.exe

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv@DisplayName Gbp Service

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv@Group GbPlugin Group

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv@ObjectName LocalSystem

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv@Description Service for G-Buster Browser Defense

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv\Security

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv\Security@Security 0x01 0x00 0x14 0x80 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 351124593

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -1395760865

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Arquivos de programas\Alcohol Soft\Alcohol 120\

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xEC 0xA1 0x7B 0xEF ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xBC 0xEF 0x1F 0x86 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x55 0x90 0xAF 0x61 ...

Reg HKLM\SYSTEM\ControlSet002\Services\GbpSv@Type 16

Reg HKLM\SYSTEM\ControlSet002\Services\GbpSv@Start 2

Reg HKLM\SYSTEM\ControlSet002\Services\GbpSv@ErrorControl 1

Reg HKLM\SYSTEM\ControlSet002\Services\GbpSv@ImagePath C:\ARQUIV~1\GbPlugin\GbpSv.exe

Reg HKLM\SYSTEM\ControlSet002\Services\GbpSv@DisplayName Gbp Service

Reg HKLM\SYSTEM\ControlSet002\Services\GbpSv@Group GbPlugin Group

Reg HKLM\SYSTEM\ControlSet002\Services\GbpSv@ObjectName LocalSystem

Reg HKLM\SYSTEM\ControlSet002\Services\GbpSv@Description Service for G-Buster Browser Defense

Reg HKLM\SYSTEM\ControlSet002\Services\GbpSv\Security

Reg HKLM\SYSTEM\ControlSet002\Services\GbpSv\Security@Security 0x01 0x00 0x14 0x80 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Arquivos de programas\Alcohol Soft\Alcohol 120\

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xEC 0xA1 0x7B 0xEF ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xBC 0xEF 0x1F 0x86 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x55 0x90 0xAF 0x61 ...

---- EOF - GMER 1.0.14 ----

P.S.: TIve de dividir o log do GMER em 2 pois estava expirando o tempo de postagem devido ao tamonho do mesmo, espero não ser contra nenhuma regra; se o for, desculpas.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro axecompact

Bem vindo à Remoção de Malware

Recomendo que salve este tópico em seus Favoritos para facilitar na hora de encontrá-la novamente.

Atente para o seguinte, por favor:

1) Estarei acompanhado os procedimentos de análise de seu log, retornarei tão logo que seja possível!;

2) Não tome nenhum procedimento até começarmos;

3) O que será passado aqui somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;

4) Caso tenha outro computador abra um novo tópico com seu respectivo log;

5) Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;

6) Sempre coloque suas respostas neste tópico... Não abra outro!

Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro axecompact

Grande Diego, valeu pela resposta, e quanto à demora (?) não há o que dizer, realmente.
Agradeço a compreensão :)
P.S.: TIve de dividir o log do GMER em 2 pois estava expirando o tempo de postagem devido ao tamonho do mesmo, espero não ser contra nenhuma regra; se o for, desculpas.
Fez certíssimo :joia:

Leia as instruções contidas neste link:

Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

  1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

[*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).[*]Duplo clique no icone desktopicon.png que está no desktop.[*]Leia e aceite as condições, digitando 1 e enter.[*]Computadores com Windows XP deverão instalar o Console de Recuperação:

  • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
  • Clique em "OK" ao EULA.
  • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

[*]O ComboFix será executado, por favor seja paciente e aguarde. [*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.[*]Poderá surgir o aviso que é necessário reiniciar o computador.

NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

  • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
  • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
  • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

A coisa ta feia agora :S

primeiro tive de desinstalar o McAfee porque de forma alguma conseguia desativá-lo para rodar o ComboFix. Aí então, sendo que até mesmo quando rodei o ComboFix com o McAfee ativo, o pc reinicia nos primeiros 2 minutos que o ComboFix está fazendo o scan, de forma que não é gerado o Log.

Não tenho a menor ideia de como proceder.

Novamente fico grato antecipadamente pela atenção.

Compartilhar este post


Link para o post
Compartilhar em outros sites

De acordo com as regras deste fórum, tópicos inativos são arquivados, isto é, fechados e movidos para um fórum de "tópicos arquivados". Caso o autor do tópico necessite poderá entrar em contato com a moderação solicitando a reabertura deste tópico.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×