Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
rafacosme

Vírus Generic /downloader / cavalo de tróia

Recommended Posts

Bom dia pessoal, estou me deparando com um problema em um computador. Dois vírus criam arquivos executáveis no windows e os infecta.

O nome dos vírus são:

Cavalo de tróia Generic4_c.Piy

Cavalo de Tróia Downloader.Generic11.ABRF

Cavalo de Tróia Agent2.CNXY

Uso o antivírus AVG internet security 2011. Agradeço desde já!

Segue o log do DDS e do GMER:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.7600.16385

Run by FATURAMENTO at 14:01:49 on 2011-09-06

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1046.18.3006.899 [GMT -3:00]

.

AV: AVG Internet Security 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Internet Security 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}

.

============== Running Processes ===============

.

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\AVG\AVG10\avgfws.exe

C:\Program Files\AVG\AVG10\avgwdsvc.exe

C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe

C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe

C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\AVG\AVG10\avgam.exe

C:\Program Files\AVG\AVG10\avgnsx.exe

C:\Program Files\AVG\AVG10\avgemcx.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Gerempre\GerBackup\gerbackup.exe

C:\Program Files\AVG\AVG10\avgtray.exe

C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe

C:\Windows\System32\aetcrss1.exe

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\Program Files\AVG\AVG10\avgcsrvx.exe

C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\zshp1020.exe

C:\Windows\system32\zshp1020.exe

C:\Windows\system32\zshp1020.exe

C:\PROGRA~1\AVG\AVG10\avgrsx.exe

C:\Program Files\AVG\AVG10\avgcsrvx.exe

C:\Windows\system32\zshp1020.exe

C:\Windows\system32\zshp1020.exe

C:\Windows\system32\zshp1020.exe

C:\Windows\system32\zshp1020.exe

C:\Windows\system32\zshp1020.exe

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\Dwm.exe

C:\Windows\system32\zshp1020.exe

C:\Windows\system32\zshp1020.exe

C:\Windows\system32\zshp1020.exe

C:\Windows\system32\zshp1020.exe

C:\Windows\system32\zshp1020.exe

C:\Windows\system32\zshp1020.exe

C:\Windows\system32\zshp1020.exe

C:\Windows\system32\zshp1020.exe

C:\Windows\system32\zshp1020.exe

C:\Windows\system32\zshp1020.exe

C:\Windows\system32\zshp1020.exe

C:\Windows\system32\zshp1020.exe

C:\Program Files\LogMeIn\x86\LogMeIn.exe

C:\Program Files\LogMeIn\x86\RaMaint.exe

C:\Windows\explorer.exe

D:\CONTTROLLER\NotaEletronica\Conttroller_NFe.exe

M:\Conttrol\Scaf\Scaf.exe

C:\Windows\system32\zshp1020.exe

C:\Windows\system32\zshp1020.exe

C:\Windows\system32\zshp1020.exe

C:\Users\FATURAMENTO\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\FATURAMENTO\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\FATURAMENTO\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\FATURAMENTO\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\rundll32.exe

C:\Users\FATURAMENTO\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\FATURAMENTO\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\FATURAMENTO\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GR469A~1.DLL

mRun: [backup] c:\gerempre\gerbackup\gerbackup.exe

mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe

mRun: [OrderReminder] c:\program files\hewlett-packard\orderreminder\OrderReminder.exe

mRun: [CertificateRegistration] aetcrss1.exe

mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xportar para o Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: Interfaces\{07CF02EB-DEC9-4256-A74B-B3C201F754BA} : NameServer = 192.168.254.254,192.168.254.253,200.223.0.100,200.223.0.83

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GRA32A~1.DLL

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GR469A~1.DLL

mASetup: aetsprov - c:\windows\system32\regsvr32.exe /s c:\windows\system32\aetsprov.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]

R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2010-7-12 54112]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]

R2 avgfws;Firewall do AVG;c:\program files\avg\avg10\avgfws.exe [2011-3-9 2708024]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]

R2 avgwd;Watchdog do AVG;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]

R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\firebird\firebird_1_5\bin\fbguard.exe -s --> c:\program files\firebird\firebird_1_5\bin\fbguard.exe -s [?]

R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2011-7-6 374152]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2011-1-11 12856]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-8-29 47640]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134480]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 21968]

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\firebird\firebird_1_5\bin\fbserver.exe -s --> c:\program files\firebird\firebird_1_5\bin\fbserver.exe -s [?]

R3 GemCCID;GemCCID;c:\windows\system32\drivers\GemCCID.sys [2009-8-10 89600]

.

=============== Created Last 30 ================

.

2011-09-06 16:04:08 -------- d-----w- C:\temp

2011-09-01 18:11:35 -------- d-----w- c:\users\faturamento\appdata\local\Microsoft Games

2011-08-31 12:11:28 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2011-08-31 12:11:28 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-08-30 14:25:23 -------- d-----w- c:\users\faturamento\appdata\local\Adobe

2011-08-30 14:01:31 -------- d-----w- c:\program files\Foxit Software

2011-08-30 13:57:43 -------- d-----w- c:\users\faturamento\appdata\local\CutePDF Writer

2011-08-30 13:51:34 -------- d-----w- c:\program files\GPLGS

2011-08-30 13:50:56 87552 ----a-w- c:\windows\system32\cpwmon2k.dll

2011-08-30 13:50:56 -------- d-----w- c:\program files\Acro Software

2011-08-30 13:41:35 -------- d-----w- c:\users\faturamento\appdata\roaming\GlarySoft

2011-08-30 13:40:19 -------- d-----w- c:\program files\Glary Utilities

2011-08-30 13:01:36 376320 ----a-w- c:\windows\system32\DllInscE32.Dll

2011-08-30 13:01:20 -------- d-----w- c:\program files\GNRE

2011-08-30 12:47:24 -------- d-----w- c:\program files\CCleaner

2011-08-30 12:29:59 -------- d-----w- c:\users\faturamento\appdata\local\Google

2011-08-30 12:15:37 -------- d-----w- c:\program files\CompraLegal

2011-08-30 01:05:49 -------- d-----w- c:\windows\Panther

2011-08-29 22:29:01 -------- d-----w- c:\users\faturamento\appdata\local\LogMeInIgnition

2011-08-29 22:13:32 87552 ----a-w- c:\windows\system32\wudriver.dll

2011-08-29 22:13:20 33792 ----a-w- c:\windows\system32\wuapp.exe

2011-08-29 22:13:20 171608 ----a-w- c:\windows\system32\wuwebv.dll

2011-08-29 22:13:12 2421760 ----a-w- c:\windows\system32\wucltux.dll

2011-08-29 22:12:03 -------- d-----w- c:\users\faturamento\appdata\local\LogMeIn

2011-08-29 22:11:59 53632 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll

2011-08-29 22:11:58 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll

2011-08-29 22:11:58 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys

2011-08-29 22:11:58 29568 ----a-w- c:\windows\system32\LMIport.dll

2011-08-29 22:11:56 10144 ----a-w- c:\windows\system32\drivers\lmimirr.sys

2011-08-29 22:11:55 87424 ----a-w- c:\windows\system32\LMIinit.dll

2011-08-29 22:11:51 -------- d-----w- c:\programdata\LogMeIn

2011-08-29 22:11:34 -------- d-----w- c:\program files\LogMeIn

2011-08-29 22:09:33 -------- d-----w- c:\users\faturamento\appdata\local\Deployment

2011-08-29 22:09:33 -------- d-----w- c:\users\faturamento\appdata\local\Apps

2011-08-29 22:04:42 -------- d--h--w- C:\$AVG

2011-08-29 21:27:50 -------- d-----w- c:\users\faturamento\appdata\local\A.E.T. Europe B.V

2011-08-29 21:17:18 -------- d-----w- c:\program files\Certisign

2011-08-29 21:16:52 -------- d-----w- c:\program files\A.E.T. Europe B.V

2011-08-29 21:16:23 -------- d-----w- c:\program files\Gemalto

2011-08-29 21:16:09 -------- d-----w- c:\program files\CDcertisign

2011-08-29 21:15:00 -------- d-----w- C:\Certisign

2011-08-29 21:14:33 -------- d-----w- C:\CDcertisign

2011-08-29 21:14:09 86016 ----a-r- c:\windows\system32\ZSPOOL.DLL

2011-08-29 21:14:09 49152 ----a-r- c:\windows\system32\spool\prtprocs\w32x86\IMFPRINT.DLL

2011-08-29 21:14:09 442368 ----a-r- c:\windows\system32\zshp1020.exe

2011-08-29 21:14:09 28672 ----a-r- c:\windows\system32\zlm.dll

2011-08-29 21:14:09 28672 ----a-r- c:\windows\system32\IMF32.DLL

2011-08-29 21:14:09 24576 ----a-r- c:\windows\system32\ZTAG32.DLL

2011-08-29 21:14:09 143360 ----a-r- c:\windows\apptune1020.exe

2011-08-29 21:14:09 106496 ----a-r- c:\windows\system32\vshp1020.dll

2011-08-29 21:14:09 102400 ----a-r- c:\windows\system32\ZLhp1020.dll

2011-08-29 21:14:08 -------- d--h--w- c:\program files\Zenographics

2011-08-29 21:12:48 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2 SDK

2011-08-29 21:11:05 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-29 21:08:24 33104 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll

2011-08-29 21:08:24 32592 ----a-w- c:\windows\system32\msonpmon.dll

2011-08-29 21:05:52 -------- d-----w- c:\windows\PCHEALTH

2011-08-29 21:04:19 -------- d-----w- c:\program files\Microsoft Visual Studio 8

2011-08-29 21:03:48 -------- d-----w- c:\users\faturamento\appdata\local\Microsoft Help

2011-08-29 21:00:45 -------- d-----w- c:\users\faturamento\appdata\roaming\AVG10

2011-08-29 20:59:54 -------- d-----w- c:\program files\HK-Software

2011-08-29 20:58:20 -------- d--h--w- c:\programdata\Common Files

2011-08-29 20:57:30 -------- d-----w- c:\windows\system32\drivers\AVG

2011-08-29 20:57:30 -------- d-----w- c:\programdata\AVG10

2011-08-29 20:57:07 -------- d-----w- c:\program files\AVG

2011-08-29 20:51:06 7152464 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{b45474cb-0cdc-4bc3-8028-2c217ba9d162}\mpengine.dll

2011-08-29 20:51:06 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-08-29 20:49:45 -------- d-----w- C:\Gerempre

2011-08-29 20:48:30 356437 ----a-w- c:\windows\system32\GDS32.DLL

2011-08-29 20:48:29 -------- d-----w- c:\program files\Firebird

2011-08-29 20:45:28 -------- d-sh--w- c:\windows\Installer

2011-08-29 20:44:46 -------- d-----w- c:\programdata\MFAData

2011-08-29 20:21:34 -------- d-----w- c:\windows\system32\wbem\Performance

.

==================== Find3M ====================

.

.

============= FINISH: 14:03:11,56 ===============

__________________________________________________________

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 29/08/2011 17:26:09

System Uptime: 06/09/2011 08:39:37 (6 hours ago)

.

Motherboard: Dell Inc. | | 0KR843

Processor: AMD Athlon Dual Core Processor 4450B | Socket M2 | 2300/1000mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 51 GiB total, 34,574 GiB free.

D: is FIXED (NTFS) - 98 GiB total, 95,869 GiB free.

E: is CDROM ()

M: is NetworkDisk (NTFS) - 220 GiB total, 146,702 GiB free.

P: is NetworkDisk (NTFS) - 220 GiB total, 146,702 GiB free.

X: is NetworkDisk (NTFS) - 98 GiB total, 95,869 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP5: 29/08/2011 18:03:20 - Installed Microsoft Office Enterprise 2007

RP6: 29/08/2011 18:12:35 - Installed Microsoft CAPICOM 2.1.0.2 SDK

RP8: 29/08/2011 18:17:31 - Instalado Assistente de Instalação Certisign

RP9: 29/08/2011 19:11:08 - Installed LogMeIn

RP11: 29/08/2011 19:12:36 - Windows Update

RP12: 30/08/2011 11:22:21 - Installed Adobe Reader X (10.1.0) - Português.

.

==== Installed Programs ======================

.

Adobe Flash Player 10 ActiveX

Adobe Reader X (10.1.0) - Português

Assistente de Instalação Certisign

AVG 2011

CCleaner

Compra Legal

CutePDF Writer 2.8

Firebird 1.5.5

Gerbackup 2.4

Gerenciador de Certificados Digitais - Certisign

Glary Utilities 2.36.0.1232

Google Chrome

IBExpert 2007 Trial Edition

LaserJet 1020 series

LogMeIn

Microsoft CAPICOM 2.1.0.2 SDK

Microsoft Office Access MUI (Portuguese (Brazil)) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (Portuguese (Brazil)) 2007

Microsoft Office Groove MUI (Portuguese (Brazil)) 2007

Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (Portuguese (Brazil)) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (Portuguese (Brazil)) 2007

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007

Microsoft Office Shared MUI (Portuguese (Brazil)) 2007

Microsoft Office Word MUI (Portuguese (Brazil)) 2007

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

OrderReminder HP LaserJet 1020

PC-CCID

SafeSign

Spybot - Search & Destroy

WinRAR 4.01 (32-bit)

.

==== End Of File ===========================

___________________________________________________________________________________________________________________________________________________________________________________________________

GMER 1.0.15.15641 - http://www.gmer.net

Rootkit scan 2011-09-06 14:24:59

Windows 6.1.7600 Harddisk0\DR0 -> \Device\0000005b WDC_WD16 rev.01.0

Running: gmer.exe; Driver: c:\Temp\uwryrpog.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0x8E5647A0]

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0x8E564848]

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0x8E5648E4]

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0x8E564980]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 8288C579 1 Byte [06]

.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 828B0F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

.text ntkrnlpa.exe!RtlSidHashLookup + 4E8 828B89E8 4 Bytes [A0, 47, 56, 8E]

.text ntkrnlpa.exe!RtlSidHashLookup + 7B8 828B8CB8 4 Bytes [48, 48, 56, 8E]

.text ntkrnlpa.exe!RtlSidHashLookup + 7BD 828B8CBD 3 Bytes [48, 56, 8E]

.text ntkrnlpa.exe!RtlSidHashLookup + 82C 828B8D2C 4 Bytes [80, 49, 56, 8E] {OR BYTE [ECX+0x56], 0x8e}

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[1212] kernel32.dll!CreateSemaphoreExW + 9280 74DDB7DD 1 Byte [63]

.text C:\Windows\system32\svchost.exe[1320] CRYPT32.dll!CertEnumPhysicalStore + 8CB 74A18413 1 Byte [7B]

.text C:\Windows\system32\svchost.exe[1320] CRYPT32.dll!CertEnumPhysicalStore + 933 74A1847B 1 Byte [08]

.text C:\Windows\system32\svchost.exe[1320] CRYPT32.dll!CertEnumPhysicalStore + 93B 74A18483 1 Byte [70]

.text C:\Windows\system32\svchost.exe[1320] CRYPT32.dll!CertEnumPhysicalStore + A0B 74A18553 1 Byte [7B]

.text C:\Windows\system32\svchost.exe[1320] CRYPT32.dll!CertEnumPhysicalStore + A23 74A1856B 1 Byte [43]

.text ...

.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[3564] SHELL32.dll!SHGetPathFromIDListEx + CD7 752FD1FD 1 Byte [C2]

.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[3844] SHELL32.dll!StrChrW + BF0B 753FBBE3 1 Byte [04]

.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[3844] SHELL32.dll!StrChrW + BF5B 753FBC33 1 Byte [bC]

.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[3844] SHELL32.dll!StrChrW + BF7B 753FBC53 1 Byte [57]

.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[3844] SHELL32.dll!StrChrW + BF83 753FBC5B 1 Byte [4D]

.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[3844] SHELL32.dll!StrChrW + BF8B 753FBC63 1 Byte [2D]

.text ...

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\ACPI_HAL \Device\00000049 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing@SessionIdLow -2137899327

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update@BalloonTime 2011-09-06 11:41:24

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update@OfflineDetectionPending 1

Reg HKLM\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Debug@StoreLocation C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_svchost.exe_SysM_9033c0ad2381b8ad27dcda6928efc739a7ab639_cab_2659a45a

Reg HKLM\SOFTWARE\Microsoft\Windows Search\CatalogNames\Windows\SystemIndex@pkm:catalog:LastCatalogCrawlId 14

Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\15

Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\15@CrawlType 2

Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\15@InProgress 1

Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\15@DoneAddingCrawlSeeds 1

Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\15@IsCatalogLevel 0

Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\15@LogStartAddId 2

Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\StartPages\2@CrawlNumberInProgress 15

---- EOF - GMER 1.0.15 ----

Compartilhar este post


Link para o post
Compartilhar em outros sites

Esse computador é pessoal ou pertence a uma empresa?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Sim, é o meu computador que trouxe, por favor me ajudem :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Duas perguntas:

-se é um computador pessoal, por que o nome de seu computador é FATURAMENTO?

-se é um computador pessoa, por que está usando um aplicativo de nota fiscal eletrônica?

D:\CONTTROLLER\NotaEletronica\Conttroller_NFe.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×