Ir ao conteúdo
  • Cadastre-se
Will Desossa

Pc infectado, ajudem por favor.

Posts recomendados

bom, acho que meu pc está infectado, pois ele está travando e reiniciando constantemente, eu ja tentei a formataçao (por duas vezes), mas sempre algumas horas depois de uso após a formataçao, o problema volta a ocorrer, ele trava, e se por exemplo eu estiver escutando uma musica e nela estiver falando a palavra "você", quando o pc trava ele vai ficar repetindo como se fosse um cd arranhado "cê cê cê cê cê" e trava, gostaria da ajuda dos analistas ae do forum

a seguir vai os logs:

DDS (Ver_10-03-17.01) - NTFSx86

Run by Will at 2:03:29,25 on qui 30/09/2010

Internet Explorer: 6.0.2900.2180

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.1022.641 [GMT -3:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\PowerISO\PWRISOVM.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe

C:\Documents and Settings\Will\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://br.ask.com?o=14784&l=dis

uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\arquivos de programas\ask.com\GenericAskToolbar.dll

BHO: Facilitador de Leitor de Link Adobe PDF: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelper.dll

BHO: AC-Pro: {0fb6a909-6086-458f-bd92-1f8ee10042a0} - c:\arquivos de programas\autocompletepro\AutocompletePro.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\arquiv~1\micros~3\office12\GRA8E1~1.DLL

BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: VDownloader Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\arquivos de programas\ask.com\GenericAskToolbar.dll

TB: VDownloader Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\arquivos de programas\ask.com\GenericAskToolbar.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [skyTel] SkyTel.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [JMB36X Configure] c:\windows\system32\JMRaidTool.exe boot

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [PWRISOVM.EXE] c:\arquivos de programas\poweriso\PWRISOVM.EXE

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

mRun: [Adobe Reader Speed Launcher] "c:\arquivos de programas\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [GrooveMonitor] "c:\arquivos de programas\microsoft office\office12\GrooveMonitor.exe"

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~3\office12\EXCEL.EXE/3000

IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\arquivos de programas\pokerstars\PokerStarsUpdate.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\arquiv~1\micros~3\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~3\office12\REFIEBAR.DLL

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\arquiv~1\micros~3\office12\GR99D3~1.DLL

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\arquiv~1\micros~3\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\will\dadosd~1\mozilla\firefox\profiles\kw8zuft3.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.orkut.com

FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=VD&o=14782&locale=pt_BR&apn_uid=EB98CD59-FAAC-4C13-B256-49AD011E0709&apn_ptnrs=VY&apn_sauid=9F9DABF5-181F-43B9-A857-8C0C90D7023E&apn_dtid=YYYYYYYYBR&q=

---- FIREFOX POLICIES ----

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2010-9-19 11264]

S2 knjyjklu;gtssbnuei;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]

S3 GGSAFERDriver;GGSAFER Driver;\??\c:\arquivos de programas\garena\plugins\ui\safedrv.sys --> c:\arquivos de programas\garena\plugins\ui\safedrv.sys [?]

=============== Created Last 30 ================

2010-09-30 04:18:27 0 d-----w- c:\arquivos de programas\Avira

2010-09-30 00:11:54 0 d-----w- c:\arquivos de programas\ElfBot NG

2010-09-24 23:05:54 32592 ----a-w- c:\windows\system32\msonpmon.dll

2010-09-24 23:01:01 0 d-----w- c:\arquivos de programas\Ask.com

2010-09-24 23:00:51 0 d-----w- c:\arquivos de programas\AutocompletePro

2010-09-24 23:00:48 456664 ----a-w- c:\arquivos de programas\arquivos comuns\AutoCompleteInstaller-VD.exe

2010-09-24 23:00:48 2944904 ----a-w- c:\arquivos de programas\arquivos comuns\AskToolbarInstaller.exe

2010-09-24 23:00:48 0 d-----w- C:\ProgramData

2010-09-24 23:00:47 0 d-----w- c:\arquivos de programas\VDownloader

2010-09-24 23:00:24 0 d-----w- c:\windows\SHELLNEW

2010-09-24 20:29:43 0 d-----w- c:\arquivos de programas\Encoder 2002

2010-09-24 16:53:21 34064 ----a-w- c:\windows\system32\lhacm.acm

2010-09-24 16:51:49 0 d-----w- c:\arquivos de programas\Teamspeak2_RC2

2010-09-23 15:36:39 12 ----a-w- C:\pipe11.dat

2010-09-23 15:36:32 0 d-----w- c:\docume~1\will\dadosd~1\Tibia

2010-09-23 15:35:44 0 d-----w- c:\arquivos de programas\Tibia

2010-09-23 15:35:08 0 d-----w- c:\arquivos de programas\Magebot

2010-09-23 03:46:27 0 d-----w- c:\arquivos de programas\PokerStars

2010-09-22 10:57:33 88114 ----a-w- C:\BOLO_EXERCITO_CAMUFLADO.jpg

2010-09-22 03:26:45 0 d-----w- c:\docume~1\will\dadosd~1\ImTOO

2010-09-22 03:26:18 0 d-----w- c:\arquivos de programas\ImTOO

2010-09-22 01:42:31 0 d-----w- c:\docume~1\will\dadosd~1\FreeCDRipper

2010-09-22 01:42:10 0 d-----w- c:\docume~1\will\dadosd~1\FreeAudioPack

2010-09-22 01:42:10 0 d-----w- c:\arquivos de programas\Free Audio Pack

2010-09-21 01:24:02 100992 -c--a-w- c:\windows\system32\dllcache\bthpan.sys

2010-09-21 01:24:02 100992 ----a-w- c:\windows\system32\drivers\bthpan.sys

2010-09-20 18:52:58 26496 -c--a-w- c:\windows\system32\dllcache\usbstor.sys

2010-09-19 22:20:07 0 d-----w- c:\docume~1\alluse~1\dadosd~1\Messenger Plus!

2010-09-19 21:36:14 0 d-----w- c:\arquivos de programas\Messenger Plus! Live

2010-09-19 21:33:41 0 d-----w- c:\documents and settings\will\Tracing

2010-09-19 21:27:52 0 d-----w- c:\arquivos de programas\Microsoft

2010-09-19 21:27:38 0 d-----w- c:\arquivos de programas\Windows Live SkyDrive

2010-09-19 21:18:50 0 d-----w- c:\arquivos de programas\arquivos comuns\Windows Live

2010-09-19 20:10:52 0 d-----w- c:\arquivos de programas\Garena

2010-09-19 20:05:11 86045 ----a-w- c:\windows\War3Unin.dat

2010-09-19 20:05:11 2829 ----a-w- c:\windows\War3Unin.pif

2010-09-19 20:05:11 139264 ----a-w- c:\windows\War3Unin.exe

2010-09-19 19:49:17 0 d-----w- c:\arquivos de programas\PowerISO

2010-09-19 19:22:21 0 d-----w- c:\arquivos de programas\Realtek

2010-09-19 19:20:09 0 d-----w- c:\arquivos de programas\VIA

2010-09-19 19:20:01 0 d-----w- c:\arquivos de programas\arquivos comuns\InstallShield

2010-09-19 19:13:03 0 d-sh--w- c:\documents and settings\all users\DRM

2010-09-19 19:12:45 0 d--h--w- c:\arquivos de programas\WindowsUpdate

2010-09-19 19:12:42 0 d-----w- c:\arquivos de programas\Serviços on-line

2010-09-19 19:12:04 0 d-----w- c:\arquivos de programas\arquivos comuns\Serviços

2010-09-19 19:12:01 0 d-----w- c:\arquivos de programas\arquivos comuns\MSSoap

2010-09-19 19:10:49 0 d-----w- c:\arquivos de programas\Messenger

2010-09-19 19:10:46 0 d-----w- c:\arquivos de programas\MSN Gaming Zone

2010-09-19 19:10:23 0 d-----w- c:\arquivos de programas\Windows NT

2010-09-19 16:05:50 0 d-----w- c:\arquivos de programas\arquivos comuns\ODBC

2010-09-19 16:05:48 0 d-----w- c:\arquivos de programas\arquivos comuns\SpeechEngines

2010-09-19 16:05:26 0 d--h--w- c:\documents and settings\all users\Modelos

2010-09-19 16:05:26 0 d-----w- c:\documents and settings\all users\Favoritos

2010-09-19 16:05:26 0 d-----r- c:\documents and settings\all users\Menu Iniciar

2010-09-19 16:05:26 0 d-----r- c:\documents and settings\all users\Documentos

2010-09-19 16:03:32 0 d--h--r- c:\documents and settings\all users\Dados de aplicativos

==================== Find3M ====================

2010-09-26 15:13:30 48846 ----a-w- c:\windows\system32\perfc016.dat

2010-09-26 15:13:30 344734 ----a-w- c:\windows\system32\perfh016.dat

2010-09-19 19:11:14 21844 ----a-w- c:\windows\system32\emptyregdb.dat

2004-08-04 03:45:24 158272 --sha-r- c:\windows\system32\fdmdfw.dll

============= FINISH: 2:03:34,89 ===============

ATTACH:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 19/9/2010 16:15:51

System Uptime: 30/9/2010 00:44:01 (2 hours ago)

Motherboard: ASUSTeK Computer INC. | | P5VD2-X

Processor: Intel® Core2 CPU 4300 @ 1.80GHz | Socket 775 | 1799/200mhz

Processor: Intel® Core2 CPU 4300 @ 1.80GHz | Socket 775 | 1799/200mhz

==== Disk Partitions =========================

A: is Removable

C: is FIXED (NTFS) - 39 GiB total, 30,768 GiB free.

D: is FIXED (NTFS) - 35 GiB total, 35,396 GiB free.

E: is CDROM ()

F: is CDROM ()

G: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 25/9/2010 13:00:30 - Ponto de verificação do sistema

==== Installed Programs ======================

Adobe Flash Player 10 Plugin

Adobe Reader 8.1.2 - Português

Arquivo do WinRAR

Ask Toolbar

Assistente de Conexão do Windows Live

AutocompletePro

ElfBot NG 4.5.9

Encoder 2002 2.0

Ferramenta de Carregamento do Windows Live

Free Mp3 Wma Converter V 1.91

Garena 2010

High Definition Audio Driver Package - KB888111

ImTOO Audio Encoder 6

Ink

JMB36X Raid Configurer

Magebot

Messenger Plus! Live

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Office Access MUI (Portuguese (Brazil)) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (Portuguese (Brazil)) 2007

Microsoft Office Groove MUI (Portuguese (Brazil)) 2007

Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (Portuguese (Brazil)) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (Portuguese (Brazil)) 2007

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007

Microsoft Office Shared MUI (Portuguese (Brazil)) 2007

Microsoft Office Word MUI (Portuguese (Brazil)) 2007

Microsoft Software Update for Web Folders (Portuguese (Brazil)) 12

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Mozilla Firefox (3.6.10)

MSVCRT

NVIDIA Drivers

Platform

PokerStars

PowerISO

REALTEK GbE & FE Ethernet PCI NIC Driver

Realtek High Definition Audio Driver

Segoe UI

TeamSpeak 2 RC2

Tibia

VDownloader 2.10.509.2

VIA Platform Device Manager

Warcraft III: All Products

WebFldrs XP

Windows Installer 3.1 (KB893803)

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Messenger

==== End Of File ===========================

GMER:

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-09-30 02:01:15

Windows 5.1.2600 Service Pack 2

Running: gmer.exe; Driver: C:\DOCUME~1\Will\CONFIG~1\Temp\pwddqpod.sys

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF6F2F360, 0x24526E, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[1180] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes JMP 00FC9DD2

.text C:\WINDOWS\System32\svchost.exe[1180] NETAPI32.dll!NetpwPathCanonicalize 5BCBA259 5 Bytes JMP 00FC9D72

.text C:\WINDOWS\system32\svchost.exe[1304] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes JMP 007B9DD2

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] knjyjklu <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001167783908

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001167783908@0025e7f2eec5 0x41 0xEF 0x33 0x73 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001167783908@49a6f8e72500 0x9C 0x64 0x60 0x6A ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001167783908@00bd3af9eab1 0x63 0x25 0xC5 0xBC ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\knjyjklu@DisplayName gtssbnuei

Reg HKLM\SYSTEM\CurrentControlSet\Services\knjyjklu@Type 32

Reg HKLM\SYSTEM\CurrentControlSet\Services\knjyjklu@Start 2

Reg HKLM\SYSTEM\CurrentControlSet\Services\knjyjklu@ErrorControl 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\knjyjklu@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs

Reg HKLM\SYSTEM\CurrentControlSet\Services\knjyjklu@ObjectName LocalSystem

Reg HKLM\SYSTEM\CurrentControlSet\Services\knjyjklu@Description Permite que um usu?rio configure e agende tarefas automatizadas no computador. Se este servi?o for interrompido, essas tarefas n?o ser?o executadas nos hor?rios agendados. Se este servi?o for desativado, quaisquer servi?os que dele dependam diretamente n?o ser?o iniciados.

Reg HKLM\SYSTEM\CurrentControlSet\Services\knjyjklu\Parameters

Reg HKLM\SYSTEM\CurrentControlSet\Services\knjyjklu\Parameters@ServiceDll C:\WINDOWS\system32\fdmdfw.dll

Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001167783908 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001167783908@0025e7f2eec5 0x41 0xEF 0x33 0x73 ...

Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001167783908@49a6f8e72500 0x9C 0x64 0x60 0x6A ...

Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001167783908@00bd3af9eab1 0x63 0x25 0xC5 0xBC ...

Reg HKLM\SYSTEM\ControlSet002\Services\knjyjklu@DisplayName gtssbnuei

Reg HKLM\SYSTEM\ControlSet002\Services\knjyjklu@Type 32

Reg HKLM\SYSTEM\ControlSet002\Services\knjyjklu@Start 2

Reg HKLM\SYSTEM\ControlSet002\Services\knjyjklu@ErrorControl 0

Reg HKLM\SYSTEM\ControlSet002\Services\knjyjklu@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs

Reg HKLM\SYSTEM\ControlSet002\Services\knjyjklu@ObjectName LocalSystem

Reg HKLM\SYSTEM\ControlSet002\Services\knjyjklu@Description Permite que um usu?rio configure e agende tarefas automatizadas no computador. Se este servi?o for interrompido, essas tarefas n?o ser?o executadas nos hor?rios agendados. Se este servi?o for desativado, quaisquer servi?os que dele dependam diretamente n?o ser?o iniciados.

Reg HKLM\SYSTEM\ControlSet002\Services\knjyjklu\Parameters (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\knjyjklu\Parameters@ServiceDll C:\WINDOWS\system32\fdmdfw.dll

---- EOF - GMER 1.0.15 ----

agradeço, desde já!:lol:

Compartilhar este post


Link para o post
Compartilhar em outros sites

Instale um antivírus de sua preferência antes de darmos início às análises.

Compartilhar este post


Link para o post
Compartilhar em outros sites

ok, estou nesse momento baixando o avira, é que desde quando formatei o pc, nao consigo mais acessar o site do kaspersky e do nod32.

vou instalar o avira e fazer um scam com o antivirus.

após disso você quer que eu faça outro scam com o gmer e com o dds na minha proxima resposta?

obrigado.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Sim, por gentileza.

Compartilhar este post


Link para o post
Compartilhar em outros sites





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×
×
  • Criar novo...

GRÁTIS: minicurso “Como ganhar dinheiro montando computadores”

Gabriel TorresGabriel Torres, fundador e editor executivo do Clube do Hardware, acaba de lançar um minicurso totalmente gratuito: "Como ganhar dinheiro montando computadores".

Você aprenderá sobre o quanto pode ganhar, como cobrar, como lidar com a concorrência, como se tornar um profissional altamente qualificado e muito mais!

Inscreva-se agora!