Ir ao conteúdo
  • Cadastre-se
Guh28

logs para análise (dds & gmer)

Recommended Posts

LOG DDS:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30

Run by Guhh at 10:40:25 on 2012-04-04

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1046.18.1979.981 [GMT -3:00]

.

AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe

C:\PROGRA~1\AVG\AVG10\avgrsx.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\PROGRA~1\GbPlugin\GbpSv.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe

C:\Program Files\AVG\AVG10\avgtray.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Users\Guhh\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&ptnrS=GRchr999&ptb=R5CqncBMPu2wjxqYhESmXw

uURLSearchHooks: H - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: GbIehObj Class: {c41a1c0e-ea6c-11d4-b1b8-444553540000} - c:\program files\gbplugin\gbieh.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s

mRun: [<NO NAME>]

StartupFolder: c:\users\guhh\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\guhh\appdata\roaming\dropbox\bin\Dropbox.exe

uPolicies-explorer: NoThumbnailCache = 1 (0x1)

uPolicies-explorer: DisableThumbnailsOnNetworkFolders = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

mPolicies-system: DisableStartupSound = 1 (0x1)

IE: E&xportar para o Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000

IE: Enviar imagem para Dispositivo &Bluetooth... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Enviar página para Dispositivo &Bluetooth ... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL

Trusted Zone: bancobrasil.com.br\www

Trusted Zone: bancobrasil.com.br\www14

Trusted Zone: bancobrasil.com.br\www2

Trusted Zone: bancoreal.com.br\www

Trusted Zone: bb.com.br\www

Trusted Zone: realsecureweb.com.br\www

Trusted Zone: realsecureweb.com.br\www2

Trusted Zone: realsecureweb.com.br\wwws

Trusted Zone: santander.com.br\www

Trusted Zone: santandernet.com.br\www

Trusted Zone: secureweb.com.br\www

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{47F5FE99-71CD-4E89-95B2-1B5585073F05} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{47F5FE99-71CD-4E89-95B2-1B5585073F05}\14C657E6F637D255E6963757C6 : DhcpNameServer = 10.4.2.13 10.1.24.38

TCP: Interfaces\{47F5FE99-71CD-4E89-95B2-1B5585073F05}\14E64627F696461405 : DhcpNameServer = 192.168.43.1

TCP: Interfaces\{47F5FE99-71CD-4E89-95B2-1B5585073F05}\746545D233231454 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{47F5FE99-71CD-4E89-95B2-1B5585073F05}\F485642303431433 : DhcpNameServer = 192.168.1.254 192.168.0.1

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: GbPluginBb - c:\program files\gbplugin\gbieh.dll

Notify: igfxcui - igfxdev.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

SEH: GbPluginObj Class: {e37cb5f0-51f5-4395-a808-5fa49e399f83} - c:\program files\gbplugin\gbieh.dll

Hosts: 255.255.255.255 easyanticheat.se # misleading site

Hosts: 255.255.255.255 www.easyanticheat.se # misleading site

Hosts: 255.255.255.255 easyanticheat.com # misleading site

Hosts: 255.255.255.255 www.easyanticheat.com # misleading site

Hosts: 255.255.255.255 easyanticheat.info # misleading site

.

Note: multiple HOSTS entries found. Please refer to Attach.txt

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\guhh\appdata\roaming\mozilla\firefox\profiles\83gz9ngf.default\

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\ganymede\plugins\domino\NPDOMINO.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPDOMINO.dll

FF - plugin: c:\users\guhh\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: c:\users\guhh\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll

FF - plugin: c:\users\guhh\appdata\roaming\mozilla\firefox\profiles\83gz9ngf.default\extensions\{87f8774f-b485-47e2-a755-a40a8a5e8874}\plugins\npgbfnc_abn.dll

FF - plugin: c:\users\guhh\appdata\roaming\mozilla\firefox\profiles\83gz9ngf.default\extensions\itst-firefox-plugin@itstructures.com\plugins\npffax.dll

.

---- FIREFOX POLICIES ----

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: content.notify.interval - 600000

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.switch.threshold - 600000

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [2012-4-3 46152]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

R2 GbpSv;Gbp Service;c:\progra~1\gbplugin\GbpSv.exe [2012-4-3 202824]

R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2011\TuneUpUtilitiesService32.exe [2011-7-20 1526592]

R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-7-10 218688]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2011-7-1 122368]

R3 NdisrdMP;NdisrdMP;c:\windows\system32\drivers\GbpNdisrd.sys [2012-4-3 28880]

R3 netr28;Driver Ralink 802.11n Wireless para Windows Vista;c:\windows\system32\drivers\netr28.sys [2009-6-10 530944]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-6-23 275048]

R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2011\TuneUpUtilitiesDriver32.sys [2011-5-31 10064]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-5-27 134480]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]

S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 21968]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 Ndisrd;GAS Tecnologia Service;c:\windows\system32\drivers\GbpNdisrd.sys [2012-4-3 28880]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2011-7-30 166912]

S3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\wat\WatAdminSvc.exe [2011-7-2 1343400]

S4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]

S4 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2012-1-31 7391072]

S4 avgwd;Watchdog do AVG;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]

.

=============== Created Last 30 ================

.

2012-04-03 15:44:06 28880 ----a-w- c:\windows\system32\drivers\GbpNdisrd.sys

2012-04-03 15:08:16 46152 ----a-w- c:\windows\system32\drivers\gbpkm.sys

2012-04-03 15:07:59 -------- d-----w- c:\program files\GbPlugin

2012-04-03 01:04:39 4 ----a-w- c:\windows\system32\proc1794749374.bin

2012-04-03 01:04:39 -------- d-----w- c:\users\guhh\appdata\roaming\GanymedeNet

2012-04-03 01:04:37 546976 ----a-w- c:\program files\mozilla firefox\plugins\NPDOMINO.dll

2012-04-03 01:04:34 -------- d-----w- c:\program files\Ganymede

2012-03-26 21:02:07 -------- d-----w- c:\program files\Tibiacast

2012-03-26 21:02:06 -------- d-----w- c:\users\guhh\appdata\roaming\Tibia

2012-03-23 15:47:29 -------- d-----w- c:\program files\Monopoly_at

2012-03-21 18:30:31 -------- d-----w- c:\program files\Valve

2012-03-18 01:08:25 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll

2012-03-18 01:08:25 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll

2012-03-18 00:30:31 -------- d-----w- c:\program files\Steam

2012-03-15 02:44:48 3957616 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-03-15 02:44:46 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-03-14 16:41:02 2341376 ----a-w- c:\windows\system32\win32k.sys

2012-03-14 16:41:00 218624 ----a-w- c:\windows\system32\d3d10_1core.dll

2012-03-14 16:41:00 1074176 ----a-w- c:\windows\system32\DWrite.dll

2012-03-14 16:40:59 739840 ----a-w- c:\windows\system32\d2d1.dll

2012-03-14 16:40:59 161792 ----a-w- c:\windows\system32\d3d10_1.dll

2012-03-14 16:40:59 1170944 ----a-w- c:\windows\system32\d3d10warp.dll

2012-03-13 19:35:59 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-03-13 19:35:58 57856 ----a-w- c:\windows\system32\rdpwsx.dll

2012-03-13 19:35:58 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-03-13 19:35:56 826368 ----a-w- c:\windows\system32\rdpcore.dll

2012-03-13 19:35:56 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-03-13 19:35:56 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-03-12 21:08:08 -------- d-----w- c:\program files\bmoworld

2012-03-08 14:33:29 12920 ----a-w- c:\windows\system32\apl001.sys

2012-03-08 14:33:29 10872 ----a-w- c:\windows\system32\apf001.sys

2012-03-08 14:25:25 -------- d-----w- C:\GBound

2012-03-07 17:56:18 -------- d-----w- c:\users\guhh\appdata\roaming\Unity

2012-03-07 17:50:31 -------- d-----w- c:\users\guhh\appdata\local\Unity

.

==================== Find3M ====================

.

.

============= FINISH: 10:41:21,59 ===============

ATTACH:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume2

Install Date: 01/07/2011 16:16:56

System Uptime: 04/04/2012 10:31:02 (0 hours ago)

.

Motherboard: Quanta | | QL6

Processor: Intel® Pentium® Dual CPU T3400 @ 2.16GHz | CPU | 2166/667mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 73 GiB total, 11,416 GiB free.

D: is FIXED (NTFS) - 65 GiB total, 19,739 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Hosts File Hijack ======================

.

Hosts: 255.255.255.255 easyanticheat.se # misleading site

Hosts: 255.255.255.255 www.easyanticheat.se # misleading site

Hosts: 255.255.255.255 easyanticheat.com # misleading site

Hosts: 255.255.255.255 www.easyanticheat.com # misleading site

Hosts: 255.255.255.255 easyanticheat.info # misleading site

Hosts: 255.255.255.255 www.easyanticheat.info # misleading site

Hosts: 255.255.255.255 easyanticheat.org # misleading site

Hosts: 255.255.255.255 www.easyanticheat.org # misleading site

.

==== Installed Programs ======================

.

.

Update for Microsoft Office 2007 (KB2508958)

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.0) - Português

Assistente de Conexão do Windows Live

µTorrent

Atualização do produto Microsoft Office Excel 2007 Help (KB963678)

Atualização do produto Microsoft Office Outlook 2007 Help (KB963677)

Atualização do produto Microsoft Office Powerpoint 2007 Help (KB963669)

Atualização do produto Microsoft Office Word 2007 Help (KB963665)

AVG 2011

BMO WORLD 4.4.0

BS.Player FREE

CCleaner

Counter-Strike

Counter-Strike CP

DAEMON Tools Lite

Dropbox

EssentialPIM

Estudo de melhoria do produto HP Deskjet 3050 J610 series

GameDesire-GameDesire Dominoe

Google Chrome

HP Deskjet 3050 J610 series Ajuda

HP Photo Creations

HP Update

Intel® Graphics Media Accelerator Driver

Intel® TV Wizard

Java Auto Updater

Java 6 Update 30

LG Intelligent Update

Matrix 7 by Smitty

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (Portuguese (Brazil)) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (Portuguese (Brazil)) 2007

Microsoft Office Groove MUI (Portuguese (Brazil)) 2007

Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (Portuguese (Brazil)) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (Portuguese (Brazil)) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007

Microsoft Office Shared MUI (Portuguese (Brazil)) 2007

Microsoft Office Word MUI (Portuguese (Brazil)) 2007

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft WSE 3.0 Runtime

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Microsoft_VC90_MFCLOC_x86

Mozilla Firefox 11.0 (x86 pt-BR)

MSI to redistribute MS VS2005 CRT libraries

MSVCRT

PokerStars

Real Alternative 2.0.2

Realtek High Definition Audio Driver

Realtek USB 2.0 Card Reader

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Skype™ 5.8

Software básico do dispositivo HP Deskjet 3050 J610 series

Software WIDCOMM Bluetooth 6.0.1.5600

Steam

TeamSpeak 2 RC2

TeamSpeak 3 Client

Tibiacast

TuneUp Utilities 2011

TuneUp Utilities Language Pack (pt-BR)

Unity Web Player

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2597970) 32-Bit Edition

Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Messenger

WinRAR 4.01 (32-bit)

XAimer

Yahoo! Messenger

.

==== End Of File ===========================

LOG DO GMER:

GMER 1.0.15.15641 - http://www.gmer.net

Rootkit scan 2012-04-04 11:46:37

Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HM160HI rev.HH100-12

Running: gmer.exe; Driver: C:\Users\Guhh\AppData\Local\Temp\kxldqpow.sys

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82E815D9 1 Byte [06]

.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EA6092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

? System32\Drivers\splq.sys O sistema não pode encontrar o caminho especificado. !

.text USBPORT.SYS!DllUnload 8FB7CD18 5 Bytes JMP 864471D8

? C:\Users\Guhh\AppData\Local\Temp\mbr.sys O sistema não pode encontrar o arquivo especificado. !

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\services.exe[728] kernel32.dll!FreeLibraryAndExitThread 75AD3490 5 Bytes JMP 3B096E44 C:\Program Files\GbPlugin\gbieh.dll (Gbieh Module/Banco do Brasil)

.text C:\Windows\system32\services.exe[728] kernel32.dll!FreeLibrary 75AE1989 2 Bytes JMP 3B096ECC C:\Program Files\GbPlugin\gbieh.dll (Gbieh Module/Banco do Brasil)

.text C:\Windows\system32\services.exe[728] kernel32.dll!FreeLibrary + 3 75AE198C 2 Bytes [5B, C5]

.text C:\Users\Guhh\Desktop\gmer.exe[2788] USER32.dll!FindWindowExA 759C7184 5 Bytes JMP 3B0919DA C:\Program Files\GbPlugin\gbieh.dll (Gbieh Module/Banco do Brasil)

.text C:\Users\Guhh\Desktop\gmer.exe[2788] USER32.dll!FindWindowA 759CA818 5 Bytes JMP 3B0919A1 C:\Program Files\GbPlugin\gbieh.dll (Gbieh Module/Banco do Brasil)

.text C:\Users\Guhh\Desktop\gmer.exe[2788] USER32.dll!GetAsyncKeyState 759CC09A 5 Bytes JMP 3B07ECC2 C:\Program Files\GbPlugin\gbieh.dll (Gbieh Module/Banco do Brasil)

.text C:\Users\Guhh\Desktop\gmer.exe[2788] USER32.dll!SetWindowsHookExW 759D210A 5 Bytes JMP 3B07EAB7 C:\Program Files\GbPlugin\gbieh.dll (Gbieh Module/Banco do Brasil)

.text C:\Users\Guhh\Desktop\gmer.exe[2788] USER32.dll!GetKeyState 759D4FDA 5 Bytes JMP 3B07EDC5 C:\Program Files\GbPlugin\gbieh.dll (Gbieh Module/Banco do Brasil)

.text C:\Users\Guhh\Desktop\gmer.exe[2788] USER32.dll!GetKeyboardState 759F6B3E 5 Bytes JMP 3B07EED4 C:\Program Files\GbPlugin\gbieh.dll (Gbieh Module/Banco do Brasil)

.text C:\Users\Guhh\Desktop\gmer.exe[2788] USER32.dll!SetWindowsHookExA 759F6DFA 5 Bytes JMP 3B07EA63 C:\Program Files\GbPlugin\gbieh.dll (Gbieh Module/Banco do Brasil)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [83E86042] \SystemRoot\System32\Drivers\splq.sys

IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [83E866D6] \SystemRoot\System32\Drivers\splq.sys

IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [83E86800] \SystemRoot\System32\Drivers\splq.sys

IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [83E8613E] \SystemRoot\System32\Drivers\splq.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\System32\rundll32.exe[2224] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [754A5E25] C:\Windows\system32\apphelp.dll (Biblioteca de cliente de compatibilidade de aplicativos/Microsoft Corporation)

IAT C:\Windows\System32\rundll32.exe[2224] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [754A5E25] C:\Windows\system32\apphelp.dll (Biblioteca de cliente de compatibilidade de aplicativos/Microsoft Corporation)

IAT C:\Windows\System32\rundll32.exe[2224] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [754A5E25] C:\Windows\system32\apphelp.dll (Biblioteca de cliente de compatibilidade de aplicativos/Microsoft Corporation)

IAT C:\Windows\System32\rundll32.exe[2224] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [754A5E25] C:\Windows\system32\apphelp.dll (Biblioteca de cliente de compatibilidade de aplicativos/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 852031F8

Device \Driver\NetBT \Device\NetBT_Tcpip_{1EACEE81-C737-4358-8418-E7F00A493EDF} 862F11F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000df06687de

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000df06687de@110103b163e3 0x94 0xB1 0x5A 0xB5 ...

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000df06687de@74a7225339f8 0x2B 0xFB 0xAB 0x40 ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xDE 0x97 0x52 0xD9 ...

Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000df06687de (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000df06687de@110103b163e3 0x94 0xB1 0x5A 0xB5 ...

Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000df06687de@74a7225339f8 0x2B 0xFB 0xAB 0x40 ...

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xDE 0x97 0x52 0xD9 ...

---- EOF - GMER 1.0.15 ----

Compartilhar este post


Link para o post
Compartilhar em outros sites

Leia o tópico "Leia Antes de Postar" e veja que pedimos uma explicação do problema.

Compartilhar este post


Link para o post
Compartilhar em outros sites





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×