Ir ao conteúdo
  • Cadastre-se
piegdorro

Vírus deixa meu notebook muito lento (logs)

Recommended Posts

Para o meu trabalho eu tenho que usar o programa Ansys, então eu comprei um notebook rápido para me ajudar, mas um dia eu deixei ele ligado baixando alguns vídeos e quando eu fui usar o ansys ele tava pelo menos umas 5 vezes mais lento!! além da velocidade notei que quando ligo não abre vários ícones de programa lá no canto inferior direito... (Eu uso windows Xp)

Segui os passos do tutorial sobre Remoção de Malware e peguei os seguintes logs:

log do DDS:

DDS (Version 1.1.0) - NTFSx86

Run by Pedro Igor at 21:53:25.85 on ter 16/12/2008

Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_07

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1982.1346 [GMT -2:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\ARQUIV~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe

C:\Arquivos de programas\ANSYS Inc\v110\RSM\bin\JobManagerService.exe

C:\Arquivos de programas\McAfee\VirusScan Enterprise\EngineServer.exe

C:\Arquivos de programas\McAfee\Common Framework\FrameworkService.exe

C:\ARQUIV~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\ansyslmd.exe

C:\Arquivos de programas\McAfee\VirusScan Enterprise\SHSTAT.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Pedro Igor\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\McAfee\VirusScan Enterprise\VsTskMgr.exe

C:\WINDOWS\system32\mfevtps.exe

C:\Arquivos de programas\ANSYS Inc\v110\RSM\bin\ScriptHostService.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Arquivos de programas\McAfee\VirusScan Enterprise\Mcshield.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Pedro Igor\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://www.google.com.br/

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelper.dll

BHO: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - c:\arquivos de programas\skype\toolbars\internet explorer\SkypeIEPlugin.dll

BHO: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - c:\arquivos de programas\flashget\jccatch.dll

BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\arquivos de programas\java\jre1.6.0_07\bin\ssv.dll

BHO: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\arquivos de programas\mcafee\virusscan enterprise\scriptsn.dll

BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: {F156768E-81EF-470C-9057-481BA8380DBA} - c:\arquivos de programas\flashget\getflash.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Google Update] "c:\documents and settings\pedro igor\configurações locais\dados de aplicativos\google\update\GoogleUpdate.exe" /c

uRun: [taskmg] c:\documents and settings\pedro igor\meus documentos\programas\roubar dados___clic gratis downloads\taskmg.exe

uRun: [MsnMsgr] "c:\arquivos de programas\windows live\messenger\msnmsgr.exe" /background

mRun: [shStatEXE] "c:\arquivos de programas\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE

StartupFolder: c:\docume~1\pedroi~1\menuin~1\progra~1\inicia~1\adobeg~1.lnk - c:\arquivos de programas\arquivos comuns\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\autoca~1.lnk - c:\arquivos de programas\arquivos comuns\autodesk shared\acstart16.exe

IE: &Download All with FlashGet - c:\arquivos de programas\flashget\jc_all.htm

IE: &Download with FlashGet - c:\arquivos de programas\flashget\jc_link.htm

IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\arquivos de programas\flashget\FlashGet.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\arquivos de programas\java\jre1.6.0_07\bin\ssv.dll

IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\arquivos de programas\skype\toolbars\internet explorer\SkypeIEPlugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~2\office11\REFIEBAR.DLL

IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\arquivos de programas\flashget\FlashGet.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

TCP: {1AFA1450-747D-465B-B9F9-5EDAE69AE8B7} = 192.168.0.1

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\arquiv~1\arquiv~1\skype\SKYPE4~1.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\pedroi~1\dadosd~1\mozilla\firefox\profiles\g00d3263.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/

FF - component: c:\arquivos de programas\mozilla firefox\components\Scriptff.dll

FF - component: c:\documents and settings\pedro igor\dados de aplicativos\mozilla\firefox\profiles\g00d3263.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll

FF - plugin: c:\arquivos de programas\arquivos comuns\parallelgraphics\cortona\npCortona.dll

FF - plugin: c:\arquivos de programas\k-lite codec pack\real\browser\plugins\nppl3260.dll

FF - plugin: c:\arquivos de programas\k-lite codec pack\real\browser\plugins\nprpjplug.dll

FF - plugin: c:\arquivos de programas\mozilla firefox\plugins\npCortona.dll

ATTENTION: FIREFOX POLICES IS IN FORCE

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-12-8 340592]

R2 ANSYS FLEXlm license manager;ANSYS FLEXlm license manager;c:\arquiv~1\ansysi~1\shared~1\licens~1\intel\lmgrd.exe [2008-9-1 1294336]

R2 JobManagerService110;Ansys JobManager Service V11;"c:\arquivos de programas\ansys inc\v110\rsm\bin\JobManagerService.exe" [2007-1-16 20480]

R2 McAfeeEngineService;McAfee Engine Service;"c:\arquivos de programas\mcafee\virusscan enterprise\EngineServer.exe" [2008-9-29 19456]

R2 McAfeeFramework;Serviço McAfee Framework;"c:\arquivos de programas\mcafee\common framework\FrameworkService.exe" /ServiceStart [2008-3-14 103744]

R2 McShield;McAfee McShield;"c:\arquivos de programas\mcafee\virusscan enterprise\Mcshield.exe" [2008-9-29 143088]

R2 McTaskManager;McAfee Task Manager;"c:\arquivos de programas\mcafee\virusscan enterprise\VsTskMgr.exe" [2008-9-29 62800]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2008-12-8 67904]

R2 ScriptHostService110;Ansys ScriptHost Service V11;"c:\arquivos de programas\ansys inc\v110\rsm\bin\ScriptHostService.exe" [2007-1-16 20480]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-12-8 90360]

R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-12-8 42424]

R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2008-8-26 335104]

R3 S3GIGP;S3GIGP;c:\windows\system32\drivers\S3gIGPm.sys [2008-8-26 607232]

S3 HPx9G+;HPx9G+ Device USB Driver;c:\windows\system32\drivers\HPx9G2k.sys [2008-9-19 12658]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2008-12-8 64432]

=============== Created Last 30 ================

2008-12-11 20:49 0 a------- c:\windows\system32\Ÿ9Ÿ9

2008-12-11 20:29 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\WEBREG

2008-12-11 20:27 16,496 a----r-- c:\windows\system32\drivers\HPZipr12.sys

2008-12-11 20:27 49,920 a----r-- c:\windows\system32\drivers\HPZid412.sys

2008-12-11 20:26 271,704 a----r-- c:\windows\system32\hpzids01.dll

2008-12-11 20:26 118,272 a------- c:\windows\system32\hpz3l5mu.dll

2008-12-11 20:26 21,568 a----r-- c:\windows\system32\drivers\HPZius12.sys

2008-12-11 20:26 15,104 ac------ c:\windows\system32\dllcache\usbscan.sys

2008-12-11 20:26 15,104 a------- c:\windows\system32\drivers\usbscan.sys

2008-12-11 20:21 0 a------- c:\windows\system32\ŸÕŸÕ

2008-12-11 20:20 <DIR> --d----- c:\arquivos de programas\arquivos comuns\Hewlett-Packard

2008-12-11 20:18 <DIR> --d----- c:\arquivos de programas\HP

2008-12-11 20:18 25,856 ac------ c:\windows\system32\dllcache\usbprint.sys

2008-12-11 20:18 25,856 a------- c:\windows\system32\drivers\usbprint.sys

2008-12-08 00:32 64,432 a------- c:\windows\system32\drivers\mferkdet.sys

2008-12-08 00:32 42,424 a------- c:\windows\system32\drivers\mfebopk.sys

2008-12-08 00:32 90,360 a------- c:\windows\system32\drivers\mfeavfk.sys

2008-12-08 00:32 74,648 a------- c:\windows\system32\drivers\mfeapfk.sys

2008-12-08 00:32 62,704 a------- c:\windows\system32\drivers\mfetdik.sys

2008-12-08 00:32 340,592 a------- c:\windows\system32\drivers\mfehidk.sys

2008-12-08 00:32 67,904 a------- c:\windows\system32\mfevtps.exe

2008-12-08 00:32 <DIR> --d----- c:\arquivos de programas\arquivos comuns\McAfee

2008-11-30 21:42 21,504 ac------ c:\windows\system32\dllcache\hidserv.dll

2008-11-30 21:42 21,504 a------- c:\windows\system32\hidserv.dll

2008-11-30 21:42 60,032 ac------ c:\windows\system32\dllcache\usbaudio.sys

2008-11-30 21:42 60,032 a------- c:\windows\system32\drivers\USBAUDIO.sys

2008-11-30 21:42 32,128 ac------ c:\windows\system32\dllcache\usbccgp.sys

2008-11-30 21:42 32,128 a------- c:\windows\system32\drivers\usbccgp.sys

2008-11-30 21:29 56 a---h--- c:\windows\system32\ezsidmv.dat

2008-11-30 21:28 <DIR> --d----- c:\arquivos de programas\Skype

2008-11-24 16:08 268 a---h--- C:\sqmdata02.sqm

2008-11-24 16:08 244 a---h--- C:\sqmnoopt02.sqm

2008-11-24 15:52 268 a---h--- C:\sqmdata01.sqm

2008-11-24 15:52 244 a---h--- C:\sqmnoopt01.sqm

2008-11-24 07:42 268 a---h--- C:\sqmdata00.sqm

2008-11-24 07:42 244 a---h--- C:\sqmnoopt00.sqm

2008-11-21 12:18 <DIR> --d----- c:\arquivos de programas\arquivos comuns\ESRI

2008-11-21 12:18 <DIR> --d----- c:\arquivos de programas\HEC

2008-11-17 14:26 <DIR> --d----- C:\QUARANTINE

2008-11-17 13:58 <DIR> --d----- c:\arquivos de programas\arquivos comuns\Cisco Systems

2008-11-17 13:58 <DIR> --d----- c:\arquivos de programas\McAfee

==================== Find3M ====================

2008-11-09 11:52 319,544 a------- c:\windows\system32\FNTCACHE.DAT

2008-10-31 22:44 428,578 a------- c:\windows\system32\perfh016.dat

2008-10-31 22:44 68,606 a------- c:\windows\system32\perfc016.dat

2008-10-26 17:28 685,816 a------- c:\windows\system32\drivers\sptd.sys

2008-10-24 09:21 455,296 a------- c:\windows\system32\drivers\mrxsmb.sys

2008-10-23 10:37 286,720 a------- c:\windows\system32\gdi32.dll

2008-10-16 18:23 826,368 a------- c:\windows\system32\wininet.dll

2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll

2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll

2008-10-03 08:04 247,326 a------- c:\windows\system32\strmdll.dll

2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll

2008-09-29 08:07 19,480 a------- c:\windows\system32\MFEOtlk.dll

2008-09-19 23:50 796,672 a------- c:\windows\GPInstall.exe

============= FINISH: 21:54:16.81 ===============

log do gmer:

GMER 1.0.14.14536 - http://www.gmer.net

Rootkit scan 2008-12-16 22:19:40

Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.14 ----

SSDT sptd.sys ZwCreateKey [0xB9EBE0D0]

SSDT sptd.sys ZwEnumerateKey [0xB9EC3FB2]

SSDT sptd.sys ZwEnumerateValueKey [0xB9EC4340]

SSDT sptd.sys ZwOpenKey [0xB9EBE0B0]

SSDT sptd.sys ZwQueryKey [0xB9EC4418]

SSDT sptd.sys ZwQueryValueKey [0xB9EC4298]

SSDT sptd.sys ZwSetValueKey [0xB9EC44AA]

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcess [0xB9CBB020]

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xB9CBB034]

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xB9CBB0A0]

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB9CBB0CC]

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwLoadKey2 [0xB9CBB150]

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xB9CBB17C]

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xB9CBAFE4]

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xB9CBAFF8]

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xB9CBB10E]

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xB9CBB0B6]

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwReplaceKey [0xB9CBB1A4]

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRestoreKey [0xB9CBB190]

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetContextThread [0xB9CBB05E]

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xB9CBB04A]

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB9CBB00C]

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnloadKey [0xB9CBB166]

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.14 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2CE2 8050457E 2 Bytes [ EC, B9 ]

PAGE ntkrnlpa.exe!NtOpenProcess 805CB408 5 Bytes JMP B9CBAFE8 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!NtOpenThread 805CB694 5 Bytes JMP B9CBAFFC mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!NtSetInformationProcess 805CDE52 5 Bytes JMP B9CBB04E mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1142 7 Bytes JMP B9CBB038 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwCreateProcess 805D11F8 5 Bytes JMP B9CBB024 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwSetContextThread 805D1702 5 Bytes JMP B9CBB062 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwTerminateProcess 805D29AA 5 Bytes JMP B9CBB010 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwUnloadKey 80622042 7 Bytes JMP B9CBB16A mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwQueryMultipleValueKey 806228E0 7 Bytes JMP B9CBB112 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwRenameKey 806231B4 7 Bytes JMP B9CBB0BA mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwDeleteKey 80623C22 7 Bytes JMP B9CBB0A4 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwDeleteValueKey 80623DF2 7 Bytes JMP B9CBB0D0 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwRestoreKey 8062514A 5 Bytes JMP B9CBB194 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwLoadKey2 8062559A 7 Bytes JMP B9CBB154 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwReplaceKey 8062583E 5 Bytes JMP B9CBB1A8 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwNotifyChangeKey 80625958 5 Bytes JMP B9CBB180 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

? C:\WINDOWS\system32\drivers\sptd.sys O arquivo já está sendo usado por outro processo.

.text USBPORT.SYS!DllUnload B96DE8AC 5 Bytes JMP 8A38B1C8

? System32\Drivers\avk1rflc.SYS O sistema não pode encontrar o arquivo especificado. !

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [b9EBEAD4] sptd.sys

IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [b9EBEC1A] sptd.sys

IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [b9EBEB9C] sptd.sys

IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [b9EBF748] sptd.sys

IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [b9EBF61E] sptd.sys

IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [b9ED429A] sptd.sys

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 8A61C1E8

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

AttachedDevice \Driver\Tcpip \Device\Ip mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device \Driver\NetBT \Device\NetBT_Tcpip_{1AFA1450-747D-465B-B9F9-5EDAE69AE8B7} 89D011E8

Device \Driver\usbuhci \Device\USBPDO-0 8A4771E8

Device \Driver\usbuhci \Device\USBPDO-1 8A4771E8

Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A5AE1E8

Device \Driver\dmio \Device\DmControl\DmConfig 8A5AE1E8

Device \Driver\dmio \Device\DmControl\DmPnP 8A5AE1E8

Device \Driver\dmio \Device\DmControl\DmInfo 8A5AE1E8

Device \Driver\usbuhci \Device\USBPDO-2 8A4771E8

Device \Driver\usbuhci \Device\USBPDO-3 8A4771E8

Device \Driver\usbehci \Device\USBPDO-4 8A4601E8

Device \Driver\PCI_NTPNP5552 \Device\00000048 sptd.sys

AttachedDevice \Driver\Tcpip \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device \Driver\Ftdisk \Device\HarddiskVolume1 8A61E1E8

Device \Driver\Ftdisk \Device\HarddiskVolume2 8A61E1E8

Device \Driver\Cdrom \Device\CdRom0 8A3961E8

Device \Driver\Cdrom \Device\CdRom1 8A3961E8

Device \Driver\NetBT \Device\NetBt_Wins_Export 89D011E8

Device \Driver\NetBT \Device\NetbiosSmb 89D011E8

AttachedDevice \Driver\Tcpip \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

AttachedDevice \Driver\Tcpip \Device\RawIp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device \Driver\usbuhci \Device\USBFDO-0 8A4771E8

Device \Driver\usbuhci \Device\USBFDO-1 8A4771E8

Device \Driver\NetBT \Device\NetBT_Tcpip_{EADD71C5-233B-41D1-8752-D47F85FA3A4A} 89D011E8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89CC05F8

Device \Driver\usbuhci \Device\USBFDO-2 8A4771E8

Device \FileSystem\MRxSmb \Device\LanmanRedirector 89CC05F8

Device \Driver\usbuhci \Device\USBFDO-3 8A4771E8

Device \Driver\usbehci \Device\USBFDO-4 8A4601E8

Device \Driver\Ftdisk \Device\FtControl 8A61E1E8

Device \Driver\avk1rflc \Device\Scsi\avk1rflc1 8A36C1E8

Device \Driver\avk1rflc \Device\Scsi\avk1rflc1Port4Path0Target0Lun0 8A36C1E8

Device \FileSystem\Cdfs \Cdfs 89EC4790

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Arquivos de programas\Alcohol Soft\Alcohol 120\

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x92 0x88 0x2B 0x4B ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x51 0x2D 0xF4 0xCE ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x76 0xE0 0xE9 0x6E ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Arquivos de programas\Alcohol Soft\Alcohol 120\

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x04 0xE6 0xB9 0x07 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x51 0x2D 0xF4 0xCE ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x76 0xE0 0xE9 0x6E ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Arquivos de programas\Alcohol Soft\Alcohol 120\

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x92 0x88 0x2B 0x4B ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x51 0x2D 0xF4 0xCE ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x76 0xE0 0xE9 0x6E ...

---- EOF - GMER 1.0.14 ----

Compartilhar este post


Link para o post
Compartilhar em outros sites

Devo postar o log do hijackthis também??

No tutorial não fala para postar, mas no outros tópicos que eu vi havia o log dele postado

Compartilhar este post


Link para o post
Compartilhar em outros sites

Poste um log atualizado do DDS.

Compartilhar este post


Link para o post
Compartilhar em outros sites





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×