Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Entre para seguir isso  
giozinhow

Analise de log [DDS]

Recommended Posts

aí gente to criando esse topico aqui pra pedir uma analise do meu log

pois eu peguei um virus q foi mt complicado pra remover e eu quero ter certeza q o meu log tá tudu ok!:lol:

Obrigado a todos, e ta ae o log!

DDS (Version 1.1.0) - NTFSx86

Run by Administrador at 10:26:32,29 on qua 17/12/2008

Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_11

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2045.1422 [GMT -2:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\IDT\WDM\sttray.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe

C:\Arquivos de programas\Windows Defender\MSASCui.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\VM305_STI.EXE

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

c:\arquivos de programas\idt\intelxpv_v83\wdm\STacSV.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Administrador\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.cesmac.com.br/

mDefault_Search_URL = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=

uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=%s

uURLSearchHooks: {C94E154B-1459-4A47-966B-4B843BEFC7DB} - c:\arquivos de programas\asksearch\bin\DefaultSearch.dll

BHO: {000123B4-9B42-4900-B3F7-F4B073EFC214} - c:\arquivos de programas\orbitdownloader\orbitcth.dll

BHO: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - c:\arquivos de programas\windows live\messenger\wlchtc.dll

BHO: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\arquivos de programas\microsoft office\office12\GrooveShellExtensions.dll

BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\arquivos de programas\java\jre6\bin\ssv.dll

BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\arquivos de programas\java\jre6\bin\jp2ssv.dll

BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - c:\arquivos de programas\orbitdownloader\GrabPro.dll

uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\arquivos de programas\arquivos comuns\ahead\lib\NMBgMonitor.exe"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [egui] "c:\arquivos de programas\eset\eset nod32 antivirus\egui.exe" /hide /waitservice

mRun: [Windows Defender] "c:\arquivos de programas\windows defender\MSASCui.exe" -hide

mRun: [GrooveMonitor] "c:\arquivos de programas\microsoft office\office12\GrooveMonitor.exe"

mRun: [Adobe Reader Speed Launcher] "c:\arquivos de programas\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe

mRun: [bigDog305] c:\windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)

mRun: [sunJavaUpdateSched] "c:\arquivos de programas\java\jre6\bin\jusched.exe"

dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

StartupFolder: c:\docume~1\admini~1\menuin~1\progra~1\inicia~1\rocket~1.lnk - c:\windows\bricopacks\vista inspirat 2\rocketdock\RocketDock.exe

StartupFolder: c:\docume~1\admini~1\menuin~1\progra~1\inicia~1\transbar.lnk - c:\windows\bricopacks\vista inspirat 2\transbar\TransBar.exe

StartupFolder: c:\docume~1\admini~1\menuin~1\progra~1\inicia~1\ubericon.lnk - c:\windows\bricopacks\vista inspirat 2\ubericon\UberIcon Manager.exe

StartupFolder: c:\docume~1\admini~1\menuin~1\progra~1\inicia~1\Velox.lnk -

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\Orbit.lnk -

uPolicies-explorer: NoSMHelp = 1 (0x1)

uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)

uPolicies-explorer: NoResolveTrack = 1 (0x1)

mPolicies-explorer: HideRunAsVerb = 1 (0x1)

dPolicies-explorer: NoSMHelp = 1 (0x1)

dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)

dPolicies-explorer: NoResolveTrack = 1 (0x1)

IE: &Download by Orbit - c:\arquivos de programas\orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\arquivos de programas\orbitdownloader\orbitmxt.dll/204

IE: Do&wnload selected by Orbit - c:\arquivos de programas\orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\arquivos de programas\orbitdownloader\orbitmxt.dll/202

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~2\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~2\office12\REFIEBAR.DLL

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

TCP: {3A12889F-A04B-49F2-8AC2-31BD37096B92} = 200.165.132.155 200.165.132.148

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\arquivos de programas\microsoft office\office12\GrooveSystemServices.dll

SEH: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - c:\arquiv~1\window~4\MpShHook.dll

SEH: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\arquivos de programas\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\dadosd~1\mozilla\firefox\profiles\hhq15wmi.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/

FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=

FF - plugin: c:\arquivos de programas\k-lite codec pack\real\browser\plugins\nppl3260.dll

FF - plugin: c:\arquivos de programas\k-lite codec pack\real\browser\plugins\nprpjplug.dll

ATTENTION: FIREFOX POLICES IS IN FORCE

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

============= SERVICES / DRIVERS ===============

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-2-20 33800]

R2 ekrn;Eset Service;"c:\arquivos de programas\eset\eset nod32 antivirus\ekrn.exe" [2008-2-20 472320]

R2 WinDefend;Windows Defender;"c:\arquivos de programas\windows defender\MsMpEng.exe" [2006-11-3 13592]

S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe /s c:\windows\nod32fixtemdono.reg [2008-4-14 3584]

S3 XDva205;XDva205;\??\c:\windows\system32\XDva205.sys []

S3 ZSMC0305;VIMICRO USB PC Camera V;c:\windows\system32\drivers\usbVM305.sys [2008-2-13 390379]

=============== Created Last 30 ================

2008-12-16 19:10 410,984 a------- c:\windows\system32\deploytk.dll

2008-12-16 19:10 73,728 a------- c:\windows\system32\javacpl.cpl

2008-12-15 09:45 <DIR> --d----- c:\docume~1\admini~1\dadosd~1\GrabPro

2008-12-10 23:02 236 a------- C:\sqmdata08.sqm

2008-12-10 23:02 200 a------- C:\sqmnoopt08.sqm

2008-12-10 17:52 <DIR> --d----- c:\arquivos de programas\VDOWNLOADER

2008-12-09 09:00 <DIR> --d----- C:\EbuDllTmpDir

2008-12-08 09:40 236 a------- C:\sqmdata07.sqm

2008-12-08 09:40 200 a------- C:\sqmnoopt07.sqm

2008-12-06 12:38 <DIR> --d----- C:\Downloads

2008-12-06 12:38 <DIR> --d----- c:\arquivos de programas\Orbitdownloader

2008-12-04 14:42 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Messenger Plus!

2008-12-04 14:24 236 a------- C:\sqmdata06.sqm

2008-12-04 14:24 200 a------- C:\sqmnoopt06.sqm

2008-12-04 12:15 268 a---h--- C:\sqmdata05.sqm

2008-12-04 12:15 244 a---h--- C:\sqmnoopt05.sqm

2008-12-04 12:08 <DIR> -cdsh--- c:\arquivos de programas\arquivos comuns\WindowsLiveInstaller

2008-12-04 11:26 <DIR> --d----- c:\docume~1\admini~1\dadosd~1\IObit

2008-12-03 19:07 38 a------- c:\windows\avisplitter.INI

2008-12-03 17:49 <DIR> --d----- c:\windows\system32\appmgmt

2008-12-03 17:40 12,288 ac------ c:\windows\system32\dllcache\mouhid.sys

2008-12-03 17:40 12,288 a------- c:\windows\system32\drivers\mouhid.sys

2008-11-28 19:57 <DIR> --d----- c:\docume~1\admini~1\dadosd~1\Ubisoft

2008-11-28 12:33 <DIR> --d----- c:\arquivos de programas\DAEMON Tools Lite

2008-11-28 12:32 715,248 a------- c:\windows\system32\drivers\sptd.sys

2008-11-28 11:58 <DIR> --d----- c:\arquivos de programas\AskSearch

2008-11-24 18:39 <DIR> --dsh--- c:\windows\ftpcache

2008-11-22 20:40 <DIR> --d----- c:\arquivos de programas\MP3 Player Utilities 3.5.02

2008-11-22 20:40 9,277 a----r-- c:\windows\AmvTransform.ini

2008-11-22 20:40 8,913 a----r-- c:\windows\fwupgrade.ini

2008-11-22 20:40 8,157 a----r-- c:\windows\AmvPlayer.ini

2008-11-22 20:40 7,454 a----r-- c:\windows\Disktool.INI

2008-11-22 20:40 3,677 a----r-- c:\windows\SoundCon.INI

2008-11-22 20:40 170 a----r-- c:\windows\settings.ini

2008-11-22 20:09 3,677 a------- c:\windows\PlaySnd.INI

2008-11-22 19:55 <DIR> --d----- c:\windows\system32\NtmsData

2008-11-22 19:51 <DIR> --d----- c:\arquivos de programas\USBToolbox

2008-11-22 13:15 25,280 a------- c:\windows\system32\drivers\hamachi.sys

2008-11-22 13:15 <DIR> --d----- c:\arquivos de programas\Hamachi

2008-11-21 07:50 <DIR> --d----- c:\arquivos de programas\MSXML 4.0

==================== Find3M ====================

2008-11-01 10:25 219,648 a------- c:\windows\system32\uxtheme.dll

2008-11-01 10:25 61,303 a------- c:\windows\BricoPackUninst.cmd

2008-11-01 10:25 6,120 a------- c:\windows\BricoPackFoldersDelete.cmd

2008-11-01 10:06 326,246 a------- c:\windows\system32\perfh016.dat

2008-11-01 10:06 42,020 a------- c:\windows\system32\perfc016.dat

2008-11-01 09:50 21,844 a------- c:\windows\system32\emptyregdb.dat

2008-10-24 09:21 455,296 a------- c:\windows\system32\drivers\mrxsmb.sys

2008-10-23 10:37 286,720 a------- c:\windows\system32\gdi32.dll

2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll

2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll

2008-10-15 23:02 668,160 a------- c:\windows\system32\wininet.dll

2008-10-03 08:04 247,326 a------- c:\windows\system32\strmdll.dll

2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll

============= FINISH: 10:26:45,26 ===============

Agora vem o log q eu nunca consegui entender =x

auiahuiahaui

(iniciante)

lol

GMER 1.0.14.14536 - http://www.gmer.net

Rootkit scan 2008-12-17 10:39:51

Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.14 ----

SSDT spib.sys ZwCreateKey [0xBA6AA0E0]

SSDT spib.sys ZwEnumerateKey [0xBA6C7CA2]

SSDT spib.sys ZwEnumerateValueKey [0xBA6C8030]

SSDT spib.sys ZwOpenKey [0xBA6AA0C0]

SSDT spib.sys ZwQueryKey [0xBA6C8108]

SSDT spib.sys ZwQueryValueKey [0xBA6C7F88]

SSDT spib.sys ZwSetValueKey [0xBA6C819A]

INT 0x62 ? 89C55BF8

INT 0x63 ? 899C6BF8

INT 0x94 ? 899C6BF8

INT 0xB4 ? 89C55BF8

INT 0xB4 ? 89C55BF8

INT 0xB4 ? 899C6BF8

INT 0xB4 ? 89C55BF8

---- Kernel code sections - GMER 1.0.14 ----

? spib.sys O sistema não pode encontrar o arquivo especificado. !

.text USBPORT.SYS!DllUnload B9E358AC 5 Bytes JMP 899C61D8

.text agwayerq.SYS B9D2C384 1 Byte [ 20 ]

.text agwayerq.SYS B9D2C386 35 Bytes [ 00, 68, 00, 00, 00, 00, 00, ... ]

.text agwayerq.SYS B9D2C3AA 24 Bytes [ 00, 00, 20, 00, 00, E0, 00, ... ]

.text agwayerq.SYS B9D2C3C4 3 Bytes [ 00, 00, 00 ]

.text agwayerq.SYS B9D2C3C9 1 Byte [ 00 ]

.text ...

---- User code sections - GMER 1.0.14 ----

.text C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe[932] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 4 Bytes [ C2, 04, 00, 00 ]

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[1324] kernel32.dll!LoadResource 7C80A045 7 Bytes JMP 28001CC0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[1324] kernel32.dll!FindResourceExW 7C80AD18 7 Bytes JMP 28001B00 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[1324] kernel32.dll!FindResourceW 7C80BC5E 7 Bytes JMP 28001A80 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[1324] kernel32.dll!SizeofResource 7C80BCF9 7 Bytes JMP 28001D80 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[1324] kernel32.dll!FindResourceA 7C80BF19 7 Bytes JMP 28001B90 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[1324] kernel32.dll!LockResource 7C80CD27 5 Bytes JMP 28001DF0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[1324] kernel32.dll!CreateEventA 7C83089D 5 Bytes JMP 28001840 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[1324] kernel32.dll!FindResourceExA 7C835F90 7 Bytes JMP 28001C20 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[1324] kernel32.dll!OutputDebugStringW 7C85B335 5 Bytes JMP 28001E50 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[1324] ADVAPI32.dll!CryptDeriveKey 77F69FDD 7 Bytes JMP 28001000 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[1324] ADVAPI32.dll!CryptDecrypt 77F6A109 7 Bytes JMP 28001060 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[1324] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 28004440 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[1324] USER32.dll!SetWindowPlacement 7E36DE46 5 Bytes JMP 28005C10 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[1324] USER32.dll!CreateDialogParamW 7E36EA3B 5 Bytes JMP 28005E90 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[1324] USER32.dll!LoadImageW 7E377B97 5 Bytes JMP 280064E0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[1324] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 28003B00 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[1324] USER32.dll!SetWindowRgn 7E37E528 7 Bytes JMP 28005D50 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[1324] USER32.dll!LoadIconW 7E37E8BC 5 Bytes JMP 280066D0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[1324] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 28006080 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[1324] USER32.dll!TrackPopupMenuEx 7E3BCF62 5 Bytes JMP 28004D20 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[1324] WS2_32.dll!closesocket 71A73E2B 5 Bytes JMP 2800AF90 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[1324] WS2_32.dll!send 71A74C27 5 Bytes JMP 2800AB70 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[1324] WS2_32.dll!WSARecv 71A74CB5 5 Bytes JMP 2800A950 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[1324] WS2_32.dll!recv 71A7676F 5 Bytes JMP 2800A7B0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[1324] WS2_32.dll!WSASend 71A768FA 5 Bytes JMP 2800AD50 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[1324] SHELL32.dll!Shell_NotifyIconW 7CA2A52F 5 Bytes JMP 280032C0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[1324] ole32.dll!CoInitializeEx 774DEF7B 5 Bytes JMP 28002100 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[1324] ole32.dll!CoCreateInstance 774E057E 5 Bytes JMP 280024A0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[1324] ole32.dll!CoRegisterClassObject 774F7E90 5 Bytes JMP 28002200 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[1324] WININET.dll!HttpOpenRequestA 771A2AF1 5 Bytes JMP 28009670 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[1324] WININET.dll!InternetCloseHandle 771A4D84 5 Bytes JMP 280099B0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[1324] WININET.dll!HttpSendRequestA 771A6099 5 Bytes JMP 280098E0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[1324] WININET.dll!InternetReadFile 771A82E2 5 Bytes JMP 28009800 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [bA6AB046] spib.sys

IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [bA6AB142] spib.sys

IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [bA6AB0C4] spib.sys

IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [bA6AB7CE] spib.sys

IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [bA6AB6A4] spib.sys

IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [bA6B6D7A] spib.sys

IAT \SystemRoot\System32\Drivers\agwayerq.SYS[HAL.dll!KfAcquireSpinLock] 000000AD

IAT \SystemRoot\System32\Drivers\agwayerq.SYS[HAL.dll!READ_PORT_UCHAR] 000000D4

IAT \SystemRoot\System32\Drivers\agwayerq.SYS[HAL.dll!KeGetCurrentIrql] 000000A2

IAT \SystemRoot\System32\Drivers\agwayerq.SYS[HAL.dll!KfRaiseIrql] 000000AF

IAT \SystemRoot\System32\Drivers\agwayerq.SYS[HAL.dll!KfLowerIrql] 0000009C

IAT \SystemRoot\System32\Drivers\agwayerq.SYS[HAL.dll!HalGetInterruptVector] 000000A4

IAT \SystemRoot\System32\Drivers\agwayerq.SYS[HAL.dll!HalTranslateBusAddress] 00000072

IAT \SystemRoot\System32\Drivers\agwayerq.SYS[HAL.dll!KeStallExecutionProcessor] 000000C0

IAT \SystemRoot\System32\Drivers\agwayerq.SYS[HAL.dll!KfReleaseSpinLock] 000000B7

IAT \SystemRoot\System32\Drivers\agwayerq.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 000000FD

IAT \SystemRoot\System32\Drivers\agwayerq.SYS[HAL.dll!READ_PORT_USHORT] 00000093

IAT \SystemRoot\System32\Drivers\agwayerq.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 00000026

IAT \SystemRoot\System32\Drivers\agwayerq.SYS[HAL.dll!WRITE_PORT_UCHAR] 00000036

IAT \SystemRoot\System32\Drivers\agwayerq.SYS[WMILIB.SYS!WmiSystemControl] 000000F7

IAT \SystemRoot\System32\Drivers\agwayerq.SYS[WMILIB.SYS!WmiCompleteRequest] 000000CC

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 89C541F8

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)

Device \Driver\usbuhci \Device\USBPDO-0 899C51F8

Device \Driver\dmio \Device\DmControl\DmIoDaemon 89BE51F8

Device \Driver\dmio \Device\DmControl\DmConfig 89BE51F8

Device \Driver\dmio \Device\DmControl\DmPnP 89BE51F8

Device \Driver\dmio \Device\DmControl\DmInfo 89BE51F8

Device \Driver\usbuhci \Device\USBPDO-1 899C51F8

Device \Driver\NetBT \Device\NetBT_Tcpip_{3A12889F-A04B-49F2-8AC2-31BD37096B92} 8950B1F8

Device \Driver\usbuhci \Device\USBPDO-2 899C51F8

Device \Driver\usbuhci \Device\USBPDO-3 899C51F8

Device \Driver\usbehci \Device\USBPDO-4 899851F8

AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys

Device \Driver\Ftdisk \Device\HarddiskVolume1 89C561F8

Device \Driver\NetBT \Device\NetBT_Tcpip_{928761C0-5E68-4023-9A51-703A6037822C} 8950B1F8

Device \Driver\Ftdisk \Device\HarddiskVolume2 89C561F8

Device \Driver\Cdrom \Device\CdRom0 898F91F8

Device \Driver\Ftdisk \Device\HarddiskVolume3 89C561F8

Device \Driver\PCI_PNP8148 \Device\0000003c spib.sys

Device \Driver\NetBT \Device\NetBt_Wins_Export 8950B1F8

Device \Driver\NetBT \Device\NetbiosSmb 8950B1F8

Device \Driver\sptd \Device\2649481898 spib.sys

Device \Driver\usbuhci \Device\USBFDO-0 899C51F8

Device \Driver\usbuhci \Device\USBFDO-1 899C51F8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 895031F8

Device \Driver\usbuhci \Device\USBFDO-2 899C51F8

Device \FileSystem\MRxSmb \Device\LanmanRedirector 895031F8

Device \Driver\usbuhci \Device\USBFDO-3 899C51F8

Device \Driver\usbehci \Device\USBFDO-4 899851F8

Device \Driver\Ftdisk \Device\FtControl 89C561F8

Device \Driver\NetBT \Device\NetBT_Tcpip_{9646D8CC-49E6-49B7-8143-B481AC9DE589} 8950B1F8

Device \Driver\agwayerq \Device\Scsi\agwayerq1 898F41F8

Device \FileSystem\Cdfs \Cdfs 898AC500

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Arquivos de programas\DAEMON Tools Lite\

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x24 0xB0 0x45 0x5E ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xC0 0x4F 0x8E 0xD3 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xC8 0x53 0x41 0x22 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Arquivos de programas\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x24 0xB0 0x45 0x5E ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xC0 0x4F 0x8E 0xD3 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xC8 0x53 0x41 0x22 ...

---- EOF - GMER 1.0.14 ----

Editado por giozinhow

Compartilhar este post


Link para o post
Compartilhar em outros sites

De acordo com as regras deste fórum, tópicos inativos são arquivados, isto é, fechados e movidos para um fórum de "tópicos arquivados". Caso o autor do tópico necessite poderá entrar em contato com a moderação solicitando a reabertura deste tópico.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.
Entre para seguir isso  





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×