Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Gudevil

Suspeita de keylogger

Recommended Posts

Boa Noite.

A uns 3 dias tive minha conta do Paypal utilizada por outra pessoa, fizeram algumas compras com minha conta, e hoje vi uma publicaçao no facebook com a minha conta, sendo que não fui eu obviamente. Por isso estou suspeitando que eu esteja com algum keylogger.

Segue os logs:

DDS

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31

Run by ADM at 21:56:45 on 2012-04-04

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.1046.18.3839.1720 [GMT -3:00]

.

AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\PROGRA~2\GbPlugin\GbpSv.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\AVG\AVG2012\avgfws.exe

C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

C:\Windows\system32\Dwm.exe

C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\SysWOW64\PnkBstrB.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Windows Sidebar\sidebar.exe

D:\Arquivos de Programas\DAEMON Tools Lite\DTLite.exe

D:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\AVG\AVG2012\avgtray.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

D:\ARQUIV~1\FREEDO~1\fdm.exe

C:\Windows\explorer.exe

C:\Program Files (x86)\AVG\AVG2012\avgui.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com.br/

mWinlogon: Userinit=userinit.exe,

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: AC-Pro: {0fb6a909-6086-458f-bd92-1f8ee10042a0} - C:\Users\ADM\AppData\Roaming\Complitly\AutocompletePro.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: GbIehObj Class: {c41a1c0e-ea6c-11d4-b1b8-444553540007} - C:\Program Files (x86)\GbPlugin\gbiehabn.dll

BHO: Free Download Manager: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - D:\Arquivos de Programas\Free Download Manager\iefdm2.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: Microsoft Web Test Recorder 10.0 Helper: {dda57003-0068-4ed2-9d32-4d1ec707d94d} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

EB: Web Test Recorder 10.0: {5802d092-1784-4908-8cdb-99b6842d353d} - mscoree.dll

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [DriverMax]

uRun: [DriverMax_RESTART]

uRun: [DAEMON Tools Lite] "D:\Arquivos de Programas\DAEMON Tools Lite\DTLite.exe" -autorun

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [PlusService] D:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe

mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [LogMeIn Hamachi Ui] "D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: Baixar com o Free Download Manager - file://D:\Arquivos de Programas\Free Download Manager\dllink.htm

IE: Baixar tudo com o Free Download Manager - file://D:\Arquivos de Programas\Free Download Manager\dlall.htm

IE: Baixar vídeo com o Free Download Manager - file://D:\Arquivos de Programas\Free Download Manager\dlfvideo.htm

IE: Download selecionado pelo Free Download Manager - file://D:\Arquivos de Programas\Free Download Manager\dlselected.htm

IE: E&xportar para o Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

Trusted Zone: bancoreal.com.br\www

Trusted Zone: realsecureweb.com.br\www

Trusted Zone: realsecureweb.com.br\www2

Trusted Zone: realsecureweb.com.br\wwws

Trusted Zone: santander.com.br\www

Trusted Zone: santandernet.com.br\www

Trusted Zone: santandernet.com.br\wwws

Trusted Zone: secureweb.com.br\www

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: Interfaces\{C320A4FD-F114-41F3-AAA4-6D4A6DACF417} : NameServer = 192.168.1.1

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Notify: GbPluginAbn - C:\Program Files (x86)\GbPlugin\gbiehAbn.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

SEH: GbPluginObj Class: {e37cb5f0-51f5-4395-a808-5fa49e399007} - C:\Program Files (x86)\GbPlugin\gbiehabn.dll

{0347C33E-8762-4905-BF09-768834316C61}

{0FB6A909-6086-458F-BD92-1F8EE10042A0}

{18DF081C-E8AD-4283-A596-FA578C2EBDC3}

{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

{72853161-30C5-4D22-B7F9-0BBC1D38A37E}

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

{9030D464-4C02-4ABF-8ECC-5164760863C6}

{C41A1C0E-EA6C-11D4-B1B8-444553540007}

{CC59E0F9-7E43-44FA-9FAA-8377850BF205}

{DBC80044-A445-435b-BC74-9C25C1C588A9}

{DDA57003-0068-4ed2-9D32-4D1EC707D94D}

{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}

EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File

EB-X64: {5802D092-1784-4908-8CDB-99B6842D353D} - No File

mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [PlusService] D:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe

mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [LogMeIn Hamachi Ui] "D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook

SEH-X64: {E37CB5F0-51F5-4395-A808-5FA49E399007}: GbPlugin ShlObj

Hosts: 200.220.186.3 www.santander.com.br # gbplugin

Hosts: 255.255.255.255 easyanticheat.se # misleading site

Hosts: 255.255.255.255 www.easyanticheat.se # misleading site

Hosts: 255.255.255.255 easyanticheat.com # misleading site

Hosts: 255.255.255.255 www.easyanticheat.com # misleading site

.

Note: multiple HOSTS entries found. Please refer to Attach.txt

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\ADM\AppData\Roaming\Mozilla\Firefox\Profiles\mhbfg1of.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/

FF - component: C:\Users\ADM\AppData\Roaming\Mozilla\Firefox\Profiles\mhbfg1of.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8874}\components\gbmzh_abn.dll

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Users\ADM\AppData\Roaming\Mozilla\Firefox\Profiles\mhbfg1of.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8874}\plugins\npgbfnc_abn.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]

R1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6a.sys --> C:\Windows\system32\DRIVERS\avgfwd6a.sys [?]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]

R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]

R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 avgfws;Firewall do AVG;C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2011-10-24 2391832]

R2 avgwd;Watchdog do AVG;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]

R2 GbpSv;Gbp Service;C:\PROGRA~2\GbPlugin\GbpSv.exe [2012-3-31 206280]

R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-2-28 2343816]

R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]

R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]

S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-18 136176]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-15 158856]

S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\system32\Drivers\ssadadb.sys --> C:\Windows\system32\Drivers\ssadadb.sys [?]

S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]

S3 gupdatem;Serviço do Google Update (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-18 136176]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]

S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\system32\DRIVERS\ssadserd.sys --> C:\Windows\system32\DRIVERS\ssadserd.sys [?]

S3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys --> C:\Windows\system32\drivers\synth3dvsc.sys [?]

S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]

S3 VSPerfDrv100;Performance Tools Driver 10.0;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-3-17 68440]

S3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]

S4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys --> C:\Windows\system32\DRIVERS\RsFx0103.sys [?]

S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]

.

=============== Created Last 30 ================

.

2012-03-18 15:28:43 -------- d-----w- C:\ProgramData\Battle.net

2012-03-18 12:02:37 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-03-18 12:02:36 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-03-18 12:02:36 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-03-17 17:04:51 3145728 ----a-w- C:\Windows\System32\win32k.sys

2012-03-17 17:04:50 1544192 ----a-w- C:\Windows\System32\DWrite.dll

2012-03-17 17:04:50 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-03-17 17:04:19 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-03-17 17:04:19 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-03-17 17:04:19 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-03-17 17:04:18 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll

2012-03-17 17:04:17 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll

2012-03-17 17:04:17 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

2012-03-17 17:04:17 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-03-17 17:04:17 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

2012-03-14 22:17:17 -------- d-----w- C:\Users\ADM\AppData\Local\IsolatedStorage

2012-03-14 22:17:16 -------- d-----w- C:\Users\ADM\AppData\Roaming\IsolatedStorage

2012-03-14 22:17:16 -------- d-----w- C:\Users\ADM\AppData\Roaming\BizAgi Ltd

2012-03-14 22:17:16 -------- d-----w- C:\Users\ADM\AppData\Local\BizAgi Ltd

.

==================== Find3M ====================

.

2012-03-02 11:42:49 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-02-19 19:59:07 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-02-15 11:38:40 47304 ----a-w- C:\Windows\SysWow64\drivers\GbpKm.sys

2011-06-09 15:03:40 3486088 ----a-w- C:\Program Files (x86)\Common Files\ApnToolbarInstaller.exe

2011-06-09 15:03:40 143240 ----a-w- C:\Program Files (x86)\Common Files\ApnStub.exe

2011-02-27 15:42:00 571328 ----a-w- C:\Program Files (x86)\Common Files\AutoCompleteInstaller-VD.exe

2010-01-26 14:11:08 444283 ----a-w- C:\Program Files (x86)\Common Files\WinPcapNmap.exe

.

============= FINISH: 21:57:23,04 ===============

Attach

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 03/02/2010 00:44:20

System Uptime: 04/04/2012 21:10:58 (0 hours ago)

.

Motherboard: ECS | | A785GM-AD3

Processor: AMD Phenom II X4 965 Processor | CPU 1 | 2176/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 146 GiB total, 86,429 GiB free.

D: is FIXED (NTFS) - 319 GiB total, 183,795 GiB free.

E: is CDROM ()

F: is CDROM ()

G: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: VirtualBox Host-Only Ethernet Adapter

Device ID: ROOT\NET\0002

Manufacturer: Oracle Corporation

Name: VirtualBox Host-Only Ethernet Adapter

PNP Device ID: ROOT\NET\0002

Service: VBoxNetAdp

.

==== System Restore Points ===================

.

RP238: 24/03/2012 08:15:29 - Windows Update

RP239: 25/03/2012 08:48:47 - Windows Update

RP240: 26/03/2012 18:56:40 - Windows Update

RP241: 30/03/2012 23:23:54 - Windows Update

RP242: 31/03/2012 09:38:07 - Windows Update

RP243: 01/04/2012 10:09:56 - Windows Update

RP244: 02/04/2012 19:01:26 - Windows Update

RP245: 04/04/2012 21:15:04 - Windows Update

.

==== Hosts File Hijack ======================

.

Hosts: 200.220.186.3 www.santander.com.br # gbplugin

Hosts: 255.255.255.255 easyanticheat.se # misleading site

Hosts: 255.255.255.255 www.easyanticheat.se # misleading site

Hosts: 255.255.255.255 easyanticheat.com # misleading site

Hosts: 255.255.255.255 www.easyanticheat.com # misleading site

Hosts: 255.255.255.255 easyanticheat.info # misleading site

Hosts: 255.255.255.255 www.easyanticheat.info # misleading site

Hosts: 255.255.255.255 easyanticheat.org # misleading site

Hosts: 255.255.255.255 www.easyanticheat.org # misleading site

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

4500_G510af_Help

4500G510af

4500G510af_Software_Min

Adobe Reader X (10.1.2) - Português

AIDA64 Extreme Edition v1.60

AMD USB Filter Driver

Any Video Converter 3.2.2

Atualização do produto Microsoft Office Excel 2007 Help (KB963678)

Atualização do produto Microsoft Office Outlook 2007 Help (KB963677)

Atualização do produto Microsoft Office Powerpoint 2007 Help (KB963669)

Atualização do produto Microsoft Office Word 2007 Help (KB963665)

aTube Catcher

Battlefield 1942

BitTorrent

Bizagi Process Modeler

BufferChm

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Common

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

CodeBlocks

Combined Community Codec Pack 2010-10-10

Complitly

Counter-Strike

Counter-Strike 1.6

Crystal Reports for Visual Studio

D'Accord Afinador 3.0

DAEMON Tools Lite

Dedicated Server

Destinations

Dev-C++ 5 beta 9 release (4.9.9.2)

DeviceDiscovery

DocMgr

DocProc

Dotfuscator Software Services - Community Edition

DriverMax 5

Eurobattle.net

Fax

Ferramenta de Carregamento do Windows Live

FIFA 12 © EA version 1

Free Download Manager 3.5 RC

Garena 2010

Garena Plus

GarenaMaster

Google Chrome

Google Update Helper

GPBaseService2

Guitar Pro 5.0

Guitar Pro update

Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)

Hotfix for Microsoft Visual Studio 2010 Ultimate - ENU (KB2542054)

HP Update

HPProductAssistant

HPSSupply

Java Auto Updater

Java 6 Update 31

K-Lite Mega Codec Pack 6.9.0

KVIrc

League of Legends

Left 4 Dead 2

LispWorks 6.0 Personal

LogMeIn Hamachi

Malwarebytes' Anti-Malware versão 1.51.2.1300

MarketResearch

Messenger Plus! 5

Microsoft .NET Framework 4 Multi-Targeting Pack

Microsoft Application Error Reporting

Microsoft ASP.NET MVC 2

Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools

Microsoft Choice Guard

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (Portuguese (Brazil)) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (Portuguese (Brazil)) 2007

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (Portuguese (Brazil)) 2007

Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (Portuguese (Brazil)) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (Portuguese (Brazil)) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007

Microsoft Office Shared MUI (Portuguese (Brazil)) 2007

Microsoft Office Word MUI (Portuguese (Brazil)) 2007

Microsoft Silverlight

Microsoft Silverlight 3 SDK

Microsoft SQL Server 2008 Browser

Microsoft SQL Server 2008 R2 Data-Tier Application Framework

Microsoft SQL Server 2008 R2 Data-Tier Application Project

Microsoft SQL Server 2008 R2 Management Objects

Microsoft SQL Server 2008 R2 Transact-SQL Language Service

Microsoft SQL Server Compact 3.5 SP2 ENU

Microsoft SQL Server Database Publishing Wizard 1.4

Microsoft SQL Server System CLR Types

Microsoft Sync Framework SDK v1.0 SP1

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319

Microsoft Visual F# 2.0 Runtime

Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools

Microsoft Visual Studio 2010 SharePoint Developer Tools

Microsoft Visual Studio 2010 Ultimate - ENU

Microsoft Visual Studio Macro Tools

Mozilla Firefox 10.0.2 (x86 pt-BR)

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Nero 7 Ultra Edition

neroxml

Notepad++

OpenAL

PokerStars

PunkBuster for Battlefield 1942

RaidCall

Rapture3D 2.4.9 Game

Realtek High Definition Audio Driver

Samsung Kies

Scan

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Visual Studio 2010 Ultimate - ENU (KB2251489)

Security Update for Microsoft Visual Studio 2010 Ultimate - ENU (KB2644980)

Security Update for Microsoft Visual Studio Macro Tools (KB2669970)

Skype™ 5.8

SmartWebPrinting

SolutionCenter

Status

Steam

SWI-Prolog (remove only)

System Requirements Lab CYRI

TeamSpeak 2 RC2

Toolbox

TrayApp

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2597970) 32-Bit Edition

Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition

USB Vibration Joystick

VDownloader 3.6.943

Vegas Pro 9.0

Visual Studio 2008 x64 Redistributables

Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU

WebReg

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Messenger

Windows Live OneCare safety scanner

WinPcap 4.1.1

World of Warcraft

.

==== End Of File ===========================

Compartilhar este post


Link para o post
Compartilhar em outros sites

Nao consegui gerar o log do gmer, pois quando finalizou o scan apareceu a msg dizendo que n tinha encontrado nada, cliquei em Copy e quando joguei pro bloco de notas n apareceu nada....

Compartilhar este post


Link para o post
Compartilhar em outros sites

Baixe o Kaspersky AVP Tool de um desses 2 links:

http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/

http://dnl-us6.kaspersky-labs.com/devbuilds/AVPTool/

Você será conduzido a uma página da Kaspersky, solicitando um email para cadastro, nome e sobrenome. Somente o campo "email" é obrigatório.

Informe seu email depois clique no botão Submit Form.

A página será recarregada. Clique no botão Download

Salve-o em sua área de trabalho.

Execute o arquivo e aguarde a instalação.

** Usuários do Windows Vista e Windows 7:

Clique com o direito sobre o arquivo, depois clique em Executar como administrador

Na tela do contrato de licença, marque a opção I accept the license agreement e depois clique no botão Start. Aparentemente o programa congela e nada acontece. É normal, apenas aguarde até aparecer a tela inicial do programa, e então clique no ícone Settings:

KRT_settings.png

Nesta tela, marque a caixa ao lado de:

  • Meu Computador
  • Disco local (C:)

Marque também todas as unidades que aparecem abaixo de Disco Local, caso houverem. Depois clique na aba Automatic Scan

KRT_install2_.png

De volta à tela inicial do programa, clique no botão Start scanning

Tenha paciência, é um pouco demorado.

Quando terminar, caso tenha detectado algo, o programa irá lhe perguntar o que fazer.

Marque o quadradinho ao lado de Apply to all objects e depois clique em Skip (queremos apenas o log).

KRT_detection_.png

Enquanto durar o exame, a tela inicial exibirá uma barra de progresso. Quando terminar, o programa exibirá o status concluído e um botão que ficará na cor laranja, caso nada tenha sido detectado, e na cor vermelha, caso tenha encontrado algo.

Caso tenha detectado algo, o programa também exibirá uma tela de alerta, avisando que o seu sistema está desprotegido e sugerindo um produto da Kaspersky. Clique no botão No, thanks.

De volta à tela principal, caso tenha sido detectado algo, então salve o log. Se você fechar o programa e esquecer de salvar o log, terá que repetir todo o scan novamente.

Para salvar o log, clique no ícone Reports (ao lado do ícone "Settings"). Na próxima janela, clique em Detected Threats, depois clique no ícone de disquete para salvar o log.

Escolha um local de fácil acesso e salve como log.txt

Copie todo o conteúdo desse bloco de notas e cole na sua próxima resposta.

Se nada for detectado, então não precisa salvar o log. Apenas poste aqui avisando.

Para sair do programa, basta clicar no X no canto superior direito.

Compartilhar este post


Link para o post
Compartilhar em outros sites





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×