Ir ao conteúdo
  • Cadastre-se

ArkthuriuS

Membros Juniores
  • Total de itens

    10
  • Registro em

  • Última visita

  • Qualificações

    0%

Reputação

0

Sobre ArkthuriuS

  • Data de Nascimento 26-04-1989 (29 anos)

Informações gerais

  • Cidade e Estado
    Rio de Janeiro
  1. É, me informaram que a da galax tem uma fase a mais de alimentação, o que preservaria mais a placa. Não sei se é fato.
  2. Bom dia, caros colegas! Estou precisando adquirir uma nova vga pois minha fiel Evga gtx 780 tostou. Estou num impasse sobre qual modelo adquirir. Ambas aparentam ter as mesmas espcificações porém formato e fabricante diferentes. Dual fan branquinha da galax sai uns 1430 sem promoção (se entrasse na promo...) https://www.pichau.com.br/placa-de-...1060-6gb-exoc-white-gddr5-192bit-60nrh7dvm3vw Single fan (acho desvantajoso, mas sou leigo) da Evga no meu caso boletei para 1350(frete incluso) https://www.kabum.com.br/produto/85...e-gtx-1060-6gb-sc-acx-2-0-ddr5-06g-p4-6163-kr Eu nem pretendia investir tanto, pois o jogo de maior perfomance q jogo seria Path of Exile, pretendia pegar uma seminova, ou até inferior, mas bem... se durar 4 anos (ou mais) como durou a ultima, ótimo.. Postei no adrena tb, espero não intrigar ninguém. Por favor uma luz! Agradeço de antemão!
  3. Preço bem abaixo do de mercado, aparentemente. https://www.pichau.com.br/ssd-plus-sandisk-240g-sdssda-240g-g26
  4. Pelo tanto de reclamação, ou eles não aguentam a demanda, ou são golpistas. Vi gente falando que vendem refurbished como novo e os caramba nas reclamações.
  5. Poxa vida, aquelas GTX 1050/1050ti me fizeram babar, peguei boleto e tudo, kkkkkkk, Mania Virtual, provavelmente uma cilada certa, cuidado com onde compra tb filho! Barato äs vezes sai caro!
  6. Meu Deus, eu já peguei até meu boleto da 1050TI, mas o barato pode sair caro, a reputação dessa loja, com o colega aí de cima mostrou, é horrorosa, porém deve-se levar em conta que vendem uma renca de muamba, parece mais uma importadora, daí, quem sabe... a parte de hardware é confiável. adicionado 7 minutos depois *****... que cilada!
  7. Máquina 2 GMER GMER 2.0.18444 - http://www.gmer.net Rootkit scan 2013-01-19 16:17:28 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-3 Maxtor_6Y120L0 rev.YAR41BW0 114,50GB Running: GMER.exe; Driver: C:\Users\Arthur\AppData\Local\Temp\ufldypog.sys ---- System - GMER 2.0 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x893064BA] SSDT \SystemRoot\system32\DRIVERS\5910646drv.sys ZwAdjustPrivilegesToken [0xACE74E36] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x918BBC22] SSDT \SystemRoot\system32\DRIVERS\5910646drv.sys ZwAlpcConnectPort [0xACE77074] SSDT \SystemRoot\system32\DRIVERS\5910646drv.sys ZwAlpcCreatePort [0xACE772EE] SSDT \SystemRoot\system32\DRIVERS\5910646drv.sys ZwAlpcSendWaitReceivePort [0xACE77564] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x89306ED6] SSDT \SystemRoot\system32\DRIVERS\5910646drv.sys ZwClose [0xACE7574A] SSDT \SystemRoot\system32\DRIVERS\5910646drv.sys ZwConnectPort [0xACE7657E] SSDT \SystemRoot\system32\DRIVERS\5910646drv.sys ZwCreateEvent [0xACE76AC8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x89311FF4] SSDT \SystemRoot\system32\DRIVERS\5910646drv.sys ZwCreateFile [0xACE75A26] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x89312176] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x89311F16] SSDT \SystemRoot\system32\DRIVERS\5910646drv.sys ZwCreateNamedPipeFile [0xACE74A24] SSDT \SystemRoot\system32\DRIVERS\5910646drv.sys ZwCreatePort [0xACE76882] SSDT \SystemRoot\system32\DRIVERS\5910646drv.sys ZwCreateSection [0xACE74BCC] SSDT \SystemRoot\system32\DRIVERS\5910646drv.sys ZwCreateSemaphore [0xACE76BE8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0x8930711C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThreadEx [0x893072F4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x89312130] SSDT \SystemRoot\system32\DRIVERS\5910646drv.sys ZwCreateWaitablePort [0xACE76918] SSDT \SystemRoot\system32\DRIVERS\5910646drv.sys ZwDebugActiveProcess [0xACE782D6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x89306508] SSDT \SystemRoot\system32\DRIVERS\5910646drv.sys ZwDeviceIoControlFile [0xACE75EA8] SSDT \SystemRoot\system32\DRIVERS\5910646drv.sys ZwDuplicateObject [0xACE794E4] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x918BBCEA] SSDT \SystemRoot\system32\DRIVERS\5910646drv.sys ZwFsControlFile [0xACE75CB6] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x918BA3EC] SSDT \SystemRoot\system32\DRIVERS\5910646drv.sys ZwMapViewOfSection [0xACE78B30] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x89306556] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8930B534] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x893083A6] SSDT \SystemRoot\system32\DRIVERS\5910646drv.sys ZwOpenEvent [0xACE76B5E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x89312016] SSDT \SystemRoot\system32\DRIVERS\5910646drv.sys ZwOpenFile [0xACE757CC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8931219A] SSDT \SystemRoot\system32\DRIVERS\5910646drv.sys ZwOpenMutant [0xACE76A3E] SSDT \SystemRoot\system32\DRIVERS\5910646drv.sys ZwOpenSection [0xACE788CA] SSDT \SystemRoot\system32\DRIVERS\5910646drv.sys ZwOpenSemaphore [0xACE76C7E] SSDT \SystemRoot\system32\DRIVERS\5910646drv.sys ZwOpenThread [0xACE74F64] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x89312154] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x918BBE4A] SSDT \SystemRoot\system32\DRIVERS\5910646drv.sys ZwQueryDirectoryObject [0xACE77868] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x89308272] SSDT \SystemRoot\system32\DRIVERS\5910646drv.sys ZwQuerySection [0xACE78E6A] SSDT \SystemRoot\system32\DRIVERS\5910646drv.sys ZwQueueApcThread [0xACE7875C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThreadEx [0x89307F86] SSDT \SystemRoot\system32\DRIVERS\5910646drv.sys ZwReplaceKey [0xACE736DE] SSDT \SystemRoot\system32\DRIVERS\5910646drv.sys ZwReplyPort [0xACE76FE2] SSDT \SystemRoot\system32\DRIVERS\5910646drv.sys ZwReplyWaitReceivePort [0xACE76EA8] SSDT \SystemRoot\system32\DRIVERS\5910646drv.sys ZwRequestWaitReplyPort [0xACE78070] SSDT \SystemRoot\system32\DRIVERS\5910646drv.sys ZwRestoreKey [0xACE73A56] SSDT \SystemRoot\system32\DRIVERS\5910646drv.sys ZwResumeThread [0xACE79386] SSDT \SystemRoot\system32\DRIVERS\5910646drv.sys ZwSaveKey [0xACE73676] SSDT \SystemRoot\system32\DRIVERS\5910646drv.sys ZwSecureConnectPort [0xACE762C4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x893065A4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x893065F2] SSDT \SystemRoot\system32\DRIVERS\5910646drv.sys ZwSetContextThread [0xACE755EC] SSDT \SystemRoot\system32\DRIVERS\5910646drv.sys ZwSetInformationToken [0xACE7790A] SSDT \SystemRoot\system32\DRIVERS\5910646drv.sys ZwSetSecurityObject [0xACE78566] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x893061FA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x893063AA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x89306350] SSDT \SystemRoot\system32\DRIVERS\5910646drv.sys ZwSuspendProcess [0xACE790AC] SSDT \SystemRoot\system32\DRIVERS\5910646drv.sys ZwSuspendThread [0xACE791E6] SSDT \SystemRoot\system32\DRIVERS\5910646drv.sys ZwSystemDebugControl [0xACE781FA] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x918BBEFE] SSDT \SystemRoot\system32\DRIVERS\5910646drv.sys ZwTerminateThread [0xACE75170] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0x918BA41C] SSDT \SystemRoot\system32\DRIVERS\5910646drv.sys ZwUnmapViewOfSection [0xACE78D0E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x89306640] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x918BBD96] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x918D4E56] ---- Kernel code sections - GMER 2.0 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 1278 82C848B4 4 Bytes JMP 84CB50D0 .text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82C84A49 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CBE4D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 82CC5500 4 Bytes [bA, 64, 30, 89] .text ntkrnlpa.exe!KeRemoveQueueEx + 10D7 82CC550C 4 Bytes [36, 4E, E7, AC] {DEC ESI; OUT 0xac, EAX} .text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 82CC5528 4 Bytes [22, BC, 8B, 91] .text ntkrnlpa.exe!KeRemoveQueueEx + 10FF 82CC5534 8 Bytes [74, 70, E7, AC, EE, 72, E7, ...] {JZ 0x72; OUT 0xac, EAX; OUT DX, AL; JB 0xffffffee; LODSB } .text ntkrnlpa.exe!KeRemoveQueueEx + 1143 82CC5578 4 Bytes [64, 75, E7, AC] {JNZ 0xffffffea; LODSB } .text ... .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x9221C000, 0x267978, 0xE8000020] .text win32k.sys!EngFntCacheLookUp + 8B0E 986509F5 5 Bytes JMP 8930BEB8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateRectRgn + 3819 98664AC1 5 Bytes JMP 8930BFFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateRectRgn + 47FC 98665AA4 5 Bytes JMP 8930BCDE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCTGetGammaTable + 310 9868139D 5 Bytes JMP 8930CA86 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCTGetGammaTable + 4C8E 98685D1B 5 Bytes JMP 8930B7C4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCTGetGammaTable + 60DB 98687168 5 Bytes JMP 8930CCB6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCTGetGammaTable + BE51 9868CEDE 5 Bytes JMP 8930C090 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCTGetGammaTable + C0A0 9868D12D 5 Bytes JMP 8930C182 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngMapFontFileFD + 650 986A6BDE 5 Bytes JMP 8930B56A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngMapFontFileFD + 70E 986A6C9C 5 Bytes JMP 8930C0A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngMapFontFileFD + 38FE 986A9E8C 5 Bytes JMP 8930B670 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngMapFontFileFD + 39BC 986A9F4A 5 Bytes JMP 8930B688 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngIsSemaphoreOwnedByCurrentThread + 1EE1 986AE5C5 5 Bytes JMP 8930BEE4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnmapFontFileFD + 2B22 986B8015 5 Bytes JMP 8930BC1E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnmapFontFileFD + ACD8 986C01CB 5 Bytes JMP 8930B834 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnmapFontFileFD + 14F89 986CA47C 5 Bytes JMP 8930C94C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngAlphaBlend + 5067 986E1C0E 5 Bytes JMP 8930C9F6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngBitBlt + 42AA 986EF5C1 5 Bytes JMP 8930CEBE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnlockSurface + B23C 98704E57 5 Bytes JMP 8930CA3C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnlockSurface + CBFB 98706816 5 Bytes JMP 8930E8D4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteClip + 480C 987176BB 5 Bytes JMP 8930B760 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngEqualRgn + 41B2 9872564C 5 Bytes JMP 8930BB48 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngEqualRgn + B424 9872C8BE 5 Bytes JMP 8930CD74 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteRgn + 2198 98743697 5 Bytes JMP 8930BA1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFillPath + 8676 987647CE 5 Bytes JMP 8930CE1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_vGetBounds + 2EC6 9877C7B3 5 Bytes JMP 8930CBFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_vGetBounds + 3457 9877CD44 5 Bytes JMP 8930B8F0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_vGetBounds + 6546 9877FE33 5 Bytes JMP 8930C0C0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_vGetBounds + 9679 98782F66 5 Bytes JMP 8930B944 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_vGetBounds + BF4A 98785837 5 Bytes JMP 8930C16A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCTGetCurrentGamma + 6401 987919EE 5 Bytes JMP 8930BAB2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ? system32\DRIVERS\5910646drv.sys O sistema não pode encontrar o caminho especificado. ! ---- User code sections - GMER 2.0 ---- .text C:\Windows\system32\csrss.exe[420] kernel32.dll!GetBinaryTypeW + 70 75C669F4 1 Byte [62] .text C:\Windows\system32\svchost.exe[428] ntdll.dll!LdrUnloadDll 7728C86E 5 Bytes JMP 000E03FC .text C:\Windows\system32\svchost.exe[428] ntdll.dll!LdrLoadDll 7729223E 5 Bytes JMP 000E01F8 .text C:\Windows\system32\svchost.exe[428] KERNEL32.dll!GetBinaryTypeW + 70 75C669F4 1 Byte [62] .text C:\Windows\system32\svchost.exe[428] USER32.dll!UnhookWindowsHookEx 75D4ADF9 5 Bytes JMP 00100A08 .text C:\Windows\system32\svchost.exe[428] USER32.dll!UnhookWinEvent 75D4B750 5 Bytes JMP 001003FC .text C:\Windows\system32\svchost.exe[428] USER32.dll!SetWindowsHookExW 75D4E30C 5 Bytes JMP 00100804 .text C:\Windows\system32\svchost.exe[428] USER32.dll!SetWinEventHook 75D524DC 5 Bytes JMP 001001F8 .text C:\Windows\system32\svchost.exe[428] USER32.dll!SetWindowsHookExA 75D76D0C 5 Bytes JMP 00100600 .text C:\Windows\system32\wininit.exe[492] kernel32.dll!GetBinaryTypeW + 70 75C669F4 1 Byte [62] .text C:\Windows\system32\csrss.exe[504] kernel32.dll!GetBinaryTypeW + 70 75C669F4 1 Byte [62] .text C:\Windows\system32\services.exe[540] kernel32.dll!GetBinaryTypeW + 70 75C669F4 1 Byte [62] .text C:\Windows\system32\winlogon.exe[580] kernel32.dll!GetBinaryTypeW + 70 75C669F4 1 Byte [62] .text C:\Windows\system32\lsass.exe[592] kernel32.dll!GetBinaryTypeW + 70 75C669F4 1 Byte [62] .text ... .text C:\Windows\Explorer.EXE[1080] ntdll.dll!LdrUnloadDll 7728C86E 5 Bytes JMP 000703FC .text C:\Windows\Explorer.EXE[1080] ntdll.dll!LdrLoadDll 7729223E 5 Bytes JMP 000701F8 .text C:\Windows\Explorer.EXE[1080] KERNEL32.dll!GetBinaryTypeW + 70 75C669F4 1 Byte [62] .text C:\Windows\Explorer.EXE[1080] USER32.dll!UnhookWindowsHookEx 75D4ADF9 5 Bytes JMP 00140A08 .text C:\Windows\Explorer.EXE[1080] USER32.dll!UnhookWinEvent 75D4B750 5 Bytes JMP 001403FC .text C:\Windows\Explorer.EXE[1080] USER32.dll!SetWindowsHookExW 75D4E30C 5 Bytes JMP 00140804 .text C:\Windows\Explorer.EXE[1080] USER32.dll!SetWinEventHook 75D524DC 5 Bytes JMP 001401F8 .text C:\Windows\Explorer.EXE[1080] USER32.dll!SetWindowsHookExA 75D76D0C 5 Bytes JMP 00140600 .text C:\Windows\System32\svchost.exe[1108] ntdll.dll!LdrUnloadDll 7728C86E 5 Bytes JMP 000E03FC .text C:\Windows\System32\svchost.exe[1108] ntdll.dll!LdrLoadDll 7729223E 5 Bytes JMP 000E01F8 .text C:\Windows\System32\svchost.exe[1108] KERNEL32.dll!GetBinaryTypeW + 70 75C669F4 1 Byte [62] .text C:\Windows\System32\svchost.exe[1108] user32.dll!UnhookWindowsHookEx 75D4ADF9 5 Bytes JMP 00100A08 .text C:\Windows\System32\svchost.exe[1108] user32.dll!UnhookWinEvent 75D4B750 5 Bytes JMP 001003FC .text C:\Windows\System32\svchost.exe[1108] user32.dll!SetWindowsHookExW 75D4E30C 5 Bytes JMP 00100804 .text C:\Windows\System32\svchost.exe[1108] user32.dll!SetWinEventHook 75D524DC 5 Bytes JMP 001001F8 .text C:\Windows\System32\svchost.exe[1108] user32.dll!SetWindowsHookExA 75D76D0C 5 Bytes JMP 00100600 .text C:\Windows\system32\svchost.exe[1208] kernel32.dll!GetBinaryTypeW + 70 75C669F4 1 Byte [62] .text C:\Windows\system32\svchost.exe[1304] kernel32.dll!GetBinaryTypeW + 70 75C669F4 1 Byte [62] .text D:\AVAST Software\Avast\AvastSvc.exe[1380] kernel32.dll!SetUnhandledExceptionFilter 75C4F4FB 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text D:\AVAST Software\Avast\AvastSvc.exe[1380] kernel32.dll!GetBinaryTypeW + 70 75C669F4 1 Byte [62] .text C:\Windows\System32\spoolsv.exe[1500] kernel32.dll!GetBinaryTypeW + 70 75C669F4 1 Byte [62] .text C:\Windows\system32\svchost.exe[1632] kernel32.dll!GetBinaryTypeW + 70 75C669F4 1 Byte [62] .text C:\Windows\system32\svchost.exe[2060] ntdll.dll!LdrUnloadDll 7728C86E 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[2060] ntdll.dll!LdrLoadDll 7729223E 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[2060] KERNEL32.dll!GetBinaryTypeW + 70 75C669F4 1 Byte [62] .text C:\Windows\system32\svchost.exe[2060] USER32.dll!UnhookWindowsHookEx 75D4ADF9 5 Bytes JMP 00190A08 .text C:\Windows\system32\svchost.exe[2060] USER32.dll!UnhookWinEvent 75D4B750 5 Bytes JMP 001903FC .text C:\Windows\system32\svchost.exe[2060] USER32.dll!SetWindowsHookExW 75D4E30C 5 Bytes JMP 00190804 .text C:\Windows\system32\svchost.exe[2060] USER32.dll!SetWinEventHook 75D524DC 5 Bytes JMP 001901F8 .text C:\Windows\system32\svchost.exe[2060] USER32.dll!SetWindowsHookExA 75D76D0C 5 Bytes JMP 00190600 .text C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe[2116] ntdll.dll!LdrUnloadDll 7728C86E 5 Bytes JMP 000E03FC .text C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe[2116] ntdll.dll!LdrLoadDll 7729223E 5 Bytes JMP 000E01F8 .text C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe[2116] KERNEL32.dll!GetBinaryTypeW + 70 75C669F4 1 Byte [62] .text C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe[2116] USER32.dll!UnhookWindowsHookEx 75D4ADF9 5 Bytes JMP 000F0A08 .text C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe[2116] USER32.dll!UnhookWinEvent 75D4B750 5 Bytes JMP 000F03FC .text C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe[2116] USER32.dll!SetWindowsHookExW 75D4E30C 5 Bytes JMP 000F0804 .text C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe[2116] USER32.dll!SetWinEventHook 75D524DC 5 Bytes JMP 000F01F8 .text C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe[2116] USER32.dll!SetWindowsHookExA 75D76D0C 5 Bytes JMP 000F0600 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2184] ntdll.dll!LdrUnloadDll 7728C86E 5 Bytes JMP 001203FC .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2184] ntdll.dll!LdrLoadDll 7729223E 5 Bytes JMP 001201F8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2184] KERNEL32.dll!GetBinaryTypeW + 70 75C669F4 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2184] USER32.dll!UnhookWindowsHookEx 75D4ADF9 5 Bytes JMP 00150A08 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2184] USER32.dll!UnhookWinEvent 75D4B750 5 Bytes JMP 001503FC .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2184] USER32.dll!SetWindowsHookExW 75D4E30C 5 Bytes JMP 00150804 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2184] USER32.dll!SetWinEventHook 75D524DC 5 Bytes JMP 001501F8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2184] USER32.dll!SetWindowsHookExA 75D76D0C 5 Bytes JMP 00150600 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2604] ntdll.dll!LdrUnloadDll 7728C86E 5 Bytes JMP 001203FC .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2604] ntdll.dll!LdrLoadDll 7729223E 5 Bytes JMP 001201F8 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2604] KERNEL32.dll!GetBinaryTypeW + 70 75C669F4 1 Byte [62] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2604] USER32.dll!UnhookWindowsHookEx 75D4ADF9 5 Bytes JMP 00140A08 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2604] USER32.dll!UnhookWinEvent 75D4B750 5 Bytes JMP 001403FC .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2604] USER32.dll!SetWindowsHookExW 75D4E30C 5 Bytes JMP 00140804 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2604] USER32.dll!SetWinEventHook 75D524DC 5 Bytes JMP 001401F8 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2604] USER32.dll!SetWindowsHookExA 75D76D0C 5 Bytes JMP 00140600 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2628] ntdll.dll!LdrUnloadDll 7728C86E 5 Bytes JMP 000703FC .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2628] ntdll.dll!LdrLoadDll 7729223E 5 Bytes JMP 000701F8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2628] KERNEL32.dll!GetBinaryTypeW + 70 75C669F4 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2628] USER32.dll!UnhookWindowsHookEx 75D4ADF9 5 Bytes JMP 00090A08 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2628] USER32.dll!UnhookWinEvent 75D4B750 5 Bytes JMP 000903FC .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2628] USER32.dll!SetWindowsHookExW 75D4E30C 5 Bytes JMP 00090804 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2628] USER32.dll!SetWinEventHook 75D524DC 5 Bytes JMP 000901F8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2628] USER32.dll!SetWindowsHookExA 75D76D0C 5 Bytes JMP 00090600 .text C:\Windows\system32\AUDIODG.EXE[2992] kernel32.dll!GetBinaryTypeW + 70 75C669F4 1 Byte [62] .text C:\Windows\system32\svchost.exe[3040] ntdll.dll!LdrUnloadDll 7728C86E 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[3040] ntdll.dll!LdrLoadDll 7729223E 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[3040] KERNEL32.dll!GetBinaryTypeW + 70 75C669F4 1 Byte [62] .text C:\Windows\system32\svchost.exe[3040] USER32.dll!UnhookWindowsHookEx 75D4ADF9 5 Bytes JMP 00090A08 .text C:\Windows\system32\svchost.exe[3040] USER32.dll!UnhookWinEvent 75D4B750 5 Bytes JMP 000903FC .text C:\Windows\system32\svchost.exe[3040] USER32.dll!SetWindowsHookExW 75D4E30C 5 Bytes JMP 00090804 .text C:\Windows\system32\svchost.exe[3040] USER32.dll!SetWinEventHook 75D524DC 5 Bytes JMP 000901F8 .text C:\Windows\system32\svchost.exe[3040] USER32.dll!SetWindowsHookExA 75D76D0C 5 Bytes JMP 00090600 .text D:\Downloads\GMER.exe[3432] kernel32.dll!GetBinaryTypeW + 70 75C669F4 1 Byte [62] .text D:\AVAST Software\Avast\AvastUI.exe[3480] kernel32.dll!GetBinaryTypeW + 70 75C669F4 1 Byte [62] .text C:\Windows\system32\SearchIndexer.exe[3876] ntdll.dll!LdrUnloadDll 7728C86E 5 Bytes JMP 000E03FC .text C:\Windows\system32\SearchIndexer.exe[3876] ntdll.dll!LdrLoadDll 7729223E 5 Bytes JMP 000E01F8 .text C:\Windows\system32\SearchIndexer.exe[3876] KERNEL32.dll!GetBinaryTypeW + 70 75C669F4 1 Byte [62] .text C:\Windows\system32\SearchIndexer.exe[3876] USER32.dll!UnhookWindowsHookEx 75D4ADF9 5 Bytes JMP 00100A08 .text C:\Windows\system32\SearchIndexer.exe[3876] USER32.dll!UnhookWinEvent 75D4B750 5 Bytes JMP 001003FC .text C:\Windows\system32\SearchIndexer.exe[3876] USER32.dll!SetWindowsHookExW 75D4E30C 5 Bytes JMP 00100804 .text C:\Windows\system32\SearchIndexer.exe[3876] USER32.dll!SetWinEventHook 75D524DC 5 Bytes JMP 001001F8 .text C:\Windows\system32\SearchIndexer.exe[3876] USER32.dll!SetWindowsHookExA 75D76D0C 5 Bytes JMP 00100600 .text C:\Windows\system32\Dwm.exe[4384] kernel32.dll!GetBinaryTypeW + 70 75C669F4 1 Byte [62] .text C:\Windows\system32\DllHost.exe[4512] ntdll.dll!LdrUnloadDll 7728C86E 5 Bytes JMP 000D03FC .text C:\Windows\system32\DllHost.exe[4512] ntdll.dll!LdrLoadDll 7729223E 5 Bytes JMP 000D01F8 .text C:\Windows\system32\DllHost.exe[4512] KERNEL32.dll!GetBinaryTypeW + 70 75C669F4 1 Byte [62] .text C:\Windows\system32\DllHost.exe[4512] USER32.dll!UnhookWindowsHookEx 75D4ADF9 5 Bytes JMP 000E0A08 .text C:\Windows\system32\DllHost.exe[4512] USER32.dll!UnhookWinEvent 75D4B750 5 Bytes JMP 000E03FC .text C:\Windows\system32\DllHost.exe[4512] USER32.dll!SetWindowsHookExW 75D4E30C 5 Bytes JMP 000E0804 .text C:\Windows\system32\DllHost.exe[4512] USER32.dll!SetWinEventHook 75D524DC 5 Bytes JMP 000E01F8 .text C:\Windows\system32\DllHost.exe[4512] USER32.dll!SetWindowsHookExA 75D76D0C 5 Bytes JMP 000E0600 .text C:\Windows\system32\wuauclt.exe[5332] ntdll.dll!LdrUnloadDll 7728C86E 5 Bytes JMP 000C03FC .text C:\Windows\system32\wuauclt.exe[5332] ntdll.dll!LdrLoadDll 7729223E 5 Bytes JMP 000C01F8 .text C:\Windows\system32\wuauclt.exe[5332] KERNEL32.dll!GetBinaryTypeW + 70 75C669F4 1 Byte [62] .text C:\Windows\system32\wuauclt.exe[5332] USER32.dll!UnhookWindowsHookEx 75D4ADF9 5 Bytes JMP 00240A08 .text C:\Windows\system32\wuauclt.exe[5332] USER32.dll!UnhookWinEvent 75D4B750 5 Bytes JMP 002403FC .text C:\Windows\system32\wuauclt.exe[5332] USER32.dll!SetWindowsHookExW 75D4E30C 5 Bytes JMP 00240804 .text C:\Windows\system32\wuauclt.exe[5332] USER32.dll!SetWinEventHook 75D524DC 5 Bytes JMP 002401F8 .text C:\Windows\system32\wuauclt.exe[5332] USER32.dll!SetWindowsHookExA 75D76D0C 5 Bytes JMP 00240600 ---- User IAT/EAT - GMER 2.0 ---- IAT C:\Windows\Explorer.EXE[1080] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73EE24CB] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1080] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73EC562E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1080] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73EC56EC] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1080] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73EE2546] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1080] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73ED85AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1080] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73ED4D5E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1080] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73ED5105] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1080] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73ED51DA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1080] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73ED6707] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1080] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73ED8301] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1080] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73ED8850] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1080] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73ED90B1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1080] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73EDE254] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1080] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73ED4C90] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT D:\AVAST Software\Avast\AvastSvc.exe[1380] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [735AF6D0] D:\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) IAT D:\AVAST Software\Avast\AvastUI.exe[3480] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [735AF6D0] D:\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) ---- EOF - GMER 2.0 ----
  8. Máquina 1 DDS DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 8.0.7601.17514 Run by Arthur at 22:52:11 on 2013-01-17 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.1033.18.16382.13551 [GMT -2:00] . AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Windows\system32\sppsvc.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\DLLSuite\2013\DLLSuite.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Tibia\Tibia.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun uRun: [FreeRAM XP] "C:\Program Files (x86)\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui StartupFolder: C:\Users\Arthur\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\_UNINS~1.LNK - C:\Users\Arthur\AppData\Local\Temp\_uninst_06442890.bat uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe" TCP: NameServer = 192.168.0.1 TCP: Interfaces\{8EB1FD0E-FB0F-4DD3-A772-48DB5E20B8D1} : DHCPNameServer = 192.168.0.1 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll SSODL: WebCheck - <orphaned> mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe" x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R0 06442890;06442890;C:\Windows\System32\drivers\06442890.sys [2013-1-17 460888] R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-1-10 984144] R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-1-10 370288] R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-1-10 25232] R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-1-10 71600] R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-1-10 44808] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824] R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-1-8 3467768] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392] RUnknown 5910646drv;5910646drv; [x] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944] S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-21 20992] S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2011-4-12 88960] S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2011-4-12 34816] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232] S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2011-4-12 117248] . =============== Created Last 30 ================ . 2013-01-18 00:39:45 -------- d-----w- C:\Program Files (x86)\DLLSuite 2013-01-17 23:16:51 -------- d-----w- C:\ProgramData\Kaspersky Lab 2013-01-17 23:16:27 460888 ----a-w- C:\Windows\System32\drivers\06442890.sys 2013-01-16 13:27:04 98816 ----a-w- C:\Windows\sed.exe 2013-01-16 13:27:04 256000 ----a-w- C:\Windows\PEV.exe 2013-01-16 13:27:04 208896 ----a-w- C:\Windows\MBR.exe 2013-01-16 13:03:53 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy 2013-01-16 13:03:39 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2 2013-01-16 13:03:23 -------- d-----w- C:\Users\Arthur\AppData\Local\Programs 2013-01-16 12:57:02 -------- d-----w- C:\Users\Arthur\AppData\Roaming\SpeedyPC Software 2013-01-16 12:57:02 -------- d-----w- C:\Users\Arthur\AppData\Roaming\DriverCure 2013-01-16 12:56:54 -------- d-----w- C:\ProgramData\SpeedyPC Software 2013-01-16 05:57:00 -------- d-----w- C:\Users\Arthur\AppData\Roaming\TeamViewer 2013-01-13 13:57:34 256904 ----a-w- C:\Windows\SysWow64\drivers\tmcomm.sys 2013-01-11 12:39:37 -------- d-----w- C:\Program Files (x86)\Fiddler2 2013-01-11 02:59:18 -------- d-----w- C:\Users\Arthur\AppData\Roaming\NVIDIA 2013-01-11 02:58:36 3536817 ----a-w- C:\Windows\System32\nvcoproc.bin 2013-01-11 02:54:02 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll 2013-01-11 02:54:02 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys 2013-01-11 02:54:02 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2013-01-11 02:54:02 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll 2013-01-11 02:54:02 1031680 ----a-w- C:\Windows\System32\rdpcore.dll 2013-01-11 02:50:56 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2013-01-11 02:50:50 99840 ----a-w- C:\Windows\System32\wudriver.dll 2013-01-11 02:50:38 36864 ----a-w- C:\Windows\System32\wuapp.exe 2013-01-11 02:50:38 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2013-01-10 21:34:09 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys 2013-01-10 21:34:08 984144 ----a-w- C:\Windows\System32\drivers\aswSnx.sys 2013-01-10 21:34:06 71600 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys 2013-01-10 21:33:48 41224 ----a-w- C:\Windows\avastSS.scr 2013-01-10 21:33:37 -------- d-----w- C:\ProgramData\AVAST Software 2013-01-10 21:33:37 -------- d-----w- C:\Program Files\AVAST Software 2013-01-10 19:13:43 -------- d-----w- C:\Users\Arthur\Tracing 2013-01-10 19:10:21 -------- d-----w- C:\Windows\PCHEALTH 2013-01-10 19:09:05 -------- d-----w- C:\Users\Arthur\AppData\Local\Windows Live 2013-01-10 18:59:47 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live 2013-01-09 22:30:59 -------- d-----w- C:\Program Files (x86)\YourWare Solutions 2013-01-09 22:29:53 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-01-09 22:29:53 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-01-08 20:12:44 -------- d-----w- C:\Program Files (x86)\TeamViewer 2013-01-07 20:29:10 -------- d-----w- C:\Users\Arthur\AppData\Roaming\Tibia 2013-01-07 20:00:51 -------- d-----r- C:\Program Files (x86)\Skype 2013-01-07 18:22:37 -------- d-----w- C:\Windows\Panther 2013-01-07 18:17:39 -------- d-----w- C:\Windows.old 2013-01-07 13:16:47 -------- d-----w- C:\Users\Arthur\AppData\Roaming\Tibia Knight LL 2013-01-07 13:15:55 -------- d-----w- C:\Users\Arthur\AppData\Roaming\Tibia Knight 2013-01-07 13:15:41 -------- d-----w- C:\Users\Arthur\AppData\Roaming\Tibia Mage 2013-01-07 13:08:02 -------- d-----w- C:\Users\Arthur\AppData\Roaming\Tibia Paladin 2013-01-07 13:05:18 -------- d-----w- C:\Program Files (x86)\Tibia 2013-01-07 13:04:34 -------- d-----w- C:\Users\Arthur\AppData\Roaming\LolClient 2013-01-07 12:58:41 29288 ----a-w- C:\Windows\System32\nvhdap64.dll 2013-01-07 12:58:41 155752 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys 2013-01-07 12:58:41 1359976 ----a-w- C:\Windows\System32\nvgenco64hda.dll 2013-01-07 12:58:19 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation 2013-01-07 12:57:57 4096000 ----a-w- C:\Program Files (x86)\GUT4856.tmp 2013-01-07 12:57:57 -------- d-----w- C:\Program Files (x86)\GUM4855.tmp 2013-01-07 12:57:55 -------- d-----w- C:\Users\Arthur\AppData\Local\Google 2013-01-07 12:57:44 -------- d-sh--w- C:\Windows\Installer 2013-01-07 12:57:29 -------- d-----w- C:\Users\Arthur\AppData\Local\Apps 2013-01-07 12:57:27 -------- d-----w- C:\Users\Arthur\AppData\Local\Deployment 2013-01-07 12:57:22 -------- d-----w- C:\ProgramData\NVIDIA Corporation 2013-01-07 12:57:01 1614440 ----a-w- C:\Windows\System32\nvdispco642090.dll 2013-01-07 12:57:01 1359976 ----a-w- C:\Windows\System32\nvgenco642040.dll 2013-01-07 12:56:46 67176 ----a-w- C:\Windows\System32\OpenCL.dll 2013-01-07 12:56:46 57960 ----a-w- C:\Windows\SysWow64\OpenCL.dll 2013-01-07 12:56:45 14922600 ----a-w- C:\Windows\System32\nvwgf2umx.dll 2013-01-07 12:56:37 19906920 ----a-w- C:\Windows\SysWow64\nvoglv32.dll 2013-01-07 12:56:27 15309160 ----a-w- C:\Windows\SysWow64\nvd3dum.dll 2013-01-07 12:55:56 11240 ----a-w- C:\Windows\System32\drivers\nvBridge.kmd 2013-01-07 12:55:55 2731880 ----a-w- C:\Windows\System32\nvapi64.dll 2013-01-07 12:55:41 -------- d-----w- C:\Program Files\NVIDIA Corporation 2013-01-07 12:52:45 68616 ----a-w- C:\Windows\SysWow64\XAPOFX1_1.dll 2013-01-07 12:52:45 509448 ----a-w- C:\Windows\SysWow64\XAudio2_2.dll 2013-01-07 12:52:45 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll 2013-01-07 12:52:45 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll 2013-01-07 12:52:45 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll 2013-01-07 07:17:47 -------- d-----w- C:\TIBIA ZERADO 2013-01-07 07:15:50 -------- d-----w- C:\3.4 2013-01-07 05:14:42 -------- d-----w- C:\3.2B2 2013-01-07 04:34:23 -------- d-----w- C:\found.000 . ==================== Find3M ==================== . 2013-01-07 05:10:43 268435456 --sha-w- C:\swapfile.sys . ============= FINISH: 22:52:19,36 ===============
  9. Máquina 1 combofix, segue o log: ComboFix 13-01-17.03 - Arthur 17/01/2013 22:30:11.4.4 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.1033.18.16382.14137 [GMT -2:00] Executando de: c:\users\Arthur\Downloads\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((( Arquivos/Ficheiros criados de 2012-12-18 to 2013-01-18 )))))))))))))))))))))))))))) . . 2013-01-18 00:33 . 2013-01-18 00:33 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-01-17 23:16 . 2013-01-17 23:16 -------- d-----w- c:\programdata\Kaspersky Lab 2013-01-17 23:16 . 2013-01-18 03:43 460888 ----a-w- c:\windows\system32\drivers\06442890.sys 2013-01-16 13:03 . 2013-01-16 13:33 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2013-01-16 13:03 . 2013-01-17 16:46 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2 2013-01-16 12:56 . 2013-01-17 16:49 -------- d-----w- c:\programdata\SpeedyPC Software 2013-01-13 13:57 . 2012-06-05 07:37 256904 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys 2013-01-11 12:39 . 2013-01-11 12:39 -------- d-----w- c:\program files (x86)\Fiddler2 2013-01-11 02:59 . 2013-01-11 02:59 -------- d-----w- c:\users\UpdatusUser 2013-01-11 02:58 . 2012-10-02 19:51 3536817 ----a-w- c:\windows\system32\nvcoproc.bin 2013-01-11 02:54 . 2012-02-17 06:38 1112064 ----a-w- c:\windows\system32\rdpcorets.dll 2013-01-11 02:54 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll 2013-01-11 02:54 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll 2013-01-11 02:54 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2013-01-11 02:54 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2013-01-11 02:50 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2013-01-11 02:50 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2013-01-11 02:50 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2013-01-11 02:50 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2013-01-11 02:50 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2013-01-11 02:50 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2013-01-11 02:50 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2013-01-11 02:50 . 2012-06-02 17:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2013-01-11 02:50 . 2012-06-02 17:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2013-01-10 21:34 . 2012-10-30 22:51 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys 2013-01-10 21:34 . 2012-10-30 22:51 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2013-01-10 21:34 . 2012-10-15 14:59 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2013-01-10 21:34 . 2012-10-30 22:51 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2013-01-10 21:34 . 2012-10-30 22:51 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2013-01-10 21:34 . 2012-10-30 22:51 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2013-01-10 21:34 . 2012-10-30 22:50 285328 ----a-w- c:\windows\system32\aswBoot.exe 2013-01-10 21:33 . 2012-10-30 22:51 41224 ----a-w- c:\windows\avastSS.scr 2013-01-10 21:33 . 2012-10-30 22:50 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe 2013-01-10 21:33 . 2013-01-10 21:33 -------- d-----w- c:\programdata\AVAST Software 2013-01-10 21:33 . 2013-01-10 21:33 -------- d-----w- c:\program files\AVAST Software 2013-01-10 19:10 . 2013-01-10 19:10 -------- d-----w- c:\windows\PCHEALTH 2013-01-10 19:10 . 2013-01-12 17:04 -------- d-----w- c:\program files (x86)\Windows Live 2013-01-10 18:59 . 2013-01-10 18:59 -------- d-----w- c:\program files (x86)\Common Files\Windows Live 2013-01-09 22:30 . 2013-01-09 22:30 -------- d-----w- c:\program files (x86)\YourWare Solutions 2013-01-09 22:29 . 2013-01-09 22:29 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-01-09 22:29 . 2013-01-09 22:29 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-01-09 22:29 . 2013-01-09 22:29 -------- d-----w- c:\windows\SysWow64\Macromed 2013-01-09 22:29 . 2013-01-09 22:29 -------- d-----w- c:\windows\system32\Macromed 2013-01-08 20:12 . 2013-01-08 20:12 -------- d-----w- c:\program files (x86)\TeamViewer 2013-01-07 20:00 . 2013-01-07 20:01 -------- d-----r- c:\program files (x86)\Skype 2013-01-07 20:00 . 2013-01-07 20:00 -------- d-----w- c:\program files (x86)\Common Files\Skype 2013-01-07 20:00 . 2013-01-07 20:01 -------- d-----w- c:\programdata\Skype 2013-01-07 19:29 . 2013-01-07 19:29 -------- d-----w- c:\program files (x86)\Microsoft.NET 2013-01-07 18:22 . 2013-01-07 12:48 -------- d-----w- c:\windows\Panther 2013-01-07 18:17 . 2013-01-07 18:17 -------- d-----w- C:\Windows.old 2013-01-07 13:05 . 2013-01-07 13:05 -------- d-----w- c:\program files (x86)\Tibia 2013-01-07 12:58 . 2010-12-02 09:12 1359976 ----a-w- c:\windows\system32\nvgenco64hda.dll 2013-01-07 12:58 . 2010-11-11 23:10 29288 ----a-w- c:\windows\system32\nvhdap64.dll 2013-01-07 12:58 . 2010-11-11 23:10 155752 ----a-w- c:\windows\system32\drivers\nvhda64v.sys 2013-01-07 12:58 . 2013-01-18 00:03 -------- d-----w- c:\programdata\NVIDIA 2013-01-07 12:58 . 2013-01-11 02:59 -------- d-----w- c:\program files (x86)\NVIDIA Corporation 2013-01-07 12:57 . 2013-01-07 19:05 -------- d-----w- c:\program files (x86)\Google 2013-01-07 12:57 . 2013-01-07 12:58 4096000 ----a-w- c:\program files (x86)\GUT4856.tmp 2013-01-07 12:57 . 2013-01-07 12:57 -------- d-----w- c:\program files (x86)\GUM4855.tmp 2013-01-07 12:57 . 2013-01-12 17:05 -------- d-sh--w- c:\windows\Installer 2013-01-07 12:57 . 2013-01-07 12:57 -------- d-----w- c:\programdata\NVIDIA Corporation 2013-01-07 12:57 . 2011-01-08 03:27 1614440 ----a-w- c:\windows\system32\nvdispco642090.dll 2013-01-07 12:57 . 2011-01-08 03:27 1359976 ----a-w- c:\windows\system32\nvgenco642040.dll 2013-01-07 12:56 . 2011-01-08 03:27 67176 ----a-w- c:\windows\system32\OpenCL.dll 2013-01-07 12:56 . 2011-01-08 03:27 57960 ----a-w- c:\windows\SysWow64\OpenCL.dll 2013-01-07 12:56 . 2012-10-10 23:23 14922600 ----a-w- c:\windows\system32\nvwgf2umx.dll 2013-01-07 12:56 . 2012-10-10 23:22 19906920 ----a-w- c:\windows\SysWow64\nvoglv32.dll 2013-01-07 12:56 . 2012-10-10 23:22 15309160 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2013-01-07 12:55 . 2011-01-08 03:27 11240 ----a-w- c:\windows\system32\drivers\nvBridge.kmd 2013-01-07 12:55 . 2012-10-10 23:23 2731880 ----a-w- c:\windows\system32\nvapi64.dll 2013-01-07 12:55 . 2013-01-11 02:59 -------- d-----w- c:\program files\NVIDIA Corporation 2013-01-07 12:52 . 2008-07-31 12:41 68616 ----a-w- c:\windows\SysWow64\XAPOFX1_1.dll 2013-01-07 12:52 . 2008-07-31 12:40 509448 ----a-w- c:\windows\SysWow64\XAudio2_2.dll 2013-01-07 12:52 . 2008-07-12 10:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll 2013-01-07 12:52 . 2008-07-12 10:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll 2013-01-07 12:52 . 2008-07-12 10:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll 2013-01-07 12:51 . 2013-01-07 12:51 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information 2013-01-07 12:48 . 2013-01-10 19:13 -------- d-----w- c:\users\Arthur 2013-01-07 12:48 . 2013-01-07 12:48 -------- d-----w- C:\Recovery 2013-01-07 07:17 . 2013-01-07 07:17 -------- d-----w- C:\TIBIA ZERADO 2013-01-07 07:15 . 2013-01-07 19:49 -------- d-----w- C:\3.4 2013-01-07 05:14 . 2013-01-14 12:39 -------- d-----w- C:\3.2B2 2013-01-07 04:34 . 2013-01-07 04:34 -------- d-----w- C:\found.000 . . . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . . . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por padrão não são apresentadas. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-11-09 17877168] "FreeRAM XP"="c:\program files (x86)\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2005-09-19 1585664] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136] . c:\users\Arthur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ _uninst_06442890.lnk - c:\users\Arthur\AppData\Local\Temp\_uninst_06442890.bat [N/A] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer4"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] S0 06442890;06442890;c:\windows\system32\DRIVERS\06442890.sys [2013-01-18 460888] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824] S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-14 3467768] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-01-11 18:11 1606760 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe . Conteúdo da pasta 'Tarefas Agendadas' . 2013-01-18 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-09 22:29] . 2013-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-07 19:03] . 2013-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-07 19:03] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . ------- Scan Suplementar ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 192.168.0.1 . . --------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Tempo para conclusão: 2013-01-17 22:34:59 ComboFix-quarantined-files.txt 2013-01-18 00:34 ComboFix2.txt 2013-01-16 13:40 . Pré-execução: 398.122.168.320 bytes free Pós execução: 398.061.420.544 bytes free . - - End Of File - - 7D54D35C733492A72DBFA0F7C8229694
  10. Caro Renato e Cia, vim aqui para tentar evitar a banal formatação, baixei uns arquivos crackeados referentes à jogos, onde é bastante comum a tentativa de hack, e percebi que o taskhost e o conhost(exes) estavam abertos, e por mais que eles façam parte do sistema, desconfio que estejam comprometidos. Portanto postarei aqui os logs, desta máquina (casa da namorada) e da minha casa futuramente (ambas tiveram manipulação desses arquivos com alto potencial de infecção e são de meu próprio uso). Hoje encontrei um processo na máquina da minha casa e removi, um _uninst_... bat qualquer no msconfig Seguem os logs das minhas duas máquinas pelo Combofix, GMR e DSS. Caso alguem queira conferir, os arquivos citados diretamente e verificar a confiabilidade deles, mando por mensagem, pra não fazer propaganda do site. Agradeço desde já toda a atenção prestada.

Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×