Ir ao conteúdo
  • Cadastre-se
Entre para seguir isso  
Trevomader

Problema com vírus

Recommended Posts

Eu fiz um scan tem alguns dias no meu pc rodando windows 7 e foi encontrado dois vírus, ambos foram jogados para quarentena, mas sabe quando você sente que não foi o suficiente? Passei duas vezes o combofix e ambas as vezes foram deletados arquivos e o pc reiniciado (uma vezes não foi gerado relatório).

Segundo o avast o vírus mais perigoso estava hospedado no c:\windows.old\programdata\windows\wer\reportqueue , porém eu acabei apagando está pasta. Existe algum programa melhor ou algo do tipo para me dar certeza que o vírus foi excluído?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá

Se ainda precisa de ajuda refaça os logs, pois preciso dos mesmos com datas atualizadas: Leia Antes de Postar - Criando um novo Tópico

ATENÇÃO 1: Não precisa abrir um novo tópico, coloque os novos logs neste mesmo tópico, obrigado!

ATENÇÃO 2: Não edite seu tópico, use o botão responder, obrigado!

ATENÇÃO 3: Não coloque os logs entre TAGS, obrigado!

ATENÇÃO 4: Não anexe os logs, obrigado!

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Diego, eu não consegui fazer o download do Gmer, mas aqui vai os log's do DDS.

dds:

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 10.0.9200.16576

Run by Bernardo at 19:18:45 on 2013-06-07

Microsoft Windows 7 Professional 6.1.7601.1.1252.55.1046.18.3565.2828 [GMT -3:00]

.

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Intel\iCLS Client\HeciServer.exe

C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

C:\Windows\system32\PnkBstrA.exe

C:\Windows\system32\viakaraokesrv.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\sppsvc.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files\Nero\Update\NASvc.exe

C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe

C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Users\Bernardo\AppData\Roaming\uTorrent\uTorrent.exe

C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe

C:\Program Files\Google\Drive\googledrivesync.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Google\Drive\googledrivesync.exe

C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k SDRSVC

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll

TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun

uRun: [uTorrent] "c:\users\bernardo\appdata\roaming\utorrent\uTorrent.exe" /MINIMIZED

uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exe

uRun: [Facebook Update] "c:\users\bernardo\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver

uRun: [steam] "c:\program files\steam\Steam.exe" -silent

uRun: [GoogleDriveSync] "c:\program files\google\drive\googledrivesync.exe" /autostart

mRun: [HDAudDeck] c:\program files\via\viaudioi\vdeck\VDeck.exe -r

mRun: [CloneCDTray] "c:\program files\slysoft\clonecd\CloneCDTray.exe" /s

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDriveTypeAutoRun = dword:60

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

TCP: NameServer = 192.168.1.254 192.168.59.1

TCP: Interfaces\{5B89C5B1-10E8-4D8D-B885-0F981C7AA7ED} : DHCPNameServer = 192.168.1.254 192.168.59.1

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\27.0.1453.110\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\bernardo\appdata\roaming\mozilla\firefox\profiles\owlccaal.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.americanas.com.br/

FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll

FF - plugin: c:\program files\intel\intel® management engine components\ipt\npIntelWebAPIIPT.dll

FF - plugin: c:\program files\intel\intel® management engine components\ipt\npIntelWebAPIUpdater.dll

FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll

FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll

FF - plugin: c:\users\bernardo\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_202.dll

FF - ExtSQL: 2013-04-30 00:39; wrc@avast.com; c:\program files\avast software\avast\webrep\FF

.

============= SERVICES / DRIVERS ===============

.

R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-4-30 49376]

R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-4-30 174664]

R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2013-4-30 21576]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-4-30 765736]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-4-30 368944]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-4-30 29816]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-4-30 66336]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-5-20 46808]

R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\intel\icls client\HeciServer.exe [2011-12-8 423136]

R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files\intel\intel® management engine components\dal\Jhi_service.exe [2013-2-23 161560]

R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2012-7-13 769432]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2013-1-18 383264]

R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2013-2-23 363800]

R2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\ViakaraokeSrv.exe [2012-2-17 27760]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2010-10-21 68208]

R3 MEI;Intel® Management Engine Interface ;c:\windows\system32\drivers\HECI.sys [2013-2-23 46080]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2012-2-17 1824880]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-2-28 161384]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]

S3 StorSvc;Serviço de Armazenamento;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]

S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]

S3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\wat\WatAdminSvc.exe [2013-2-24 1343400]

S3 WSDScan;Suporte de Digitalização WSD via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-7-13 20480]

.

=============== Created Last 30 ================

.

2013-06-07 21:19:16 -------- d-----w- C:\$RECYCLE.BIN

2013-06-07 21:15:58 -------- d-----w- c:\users\bernardo\appdata\local\temp

2013-06-07 21:10:02 -------- d-----w- C:\ComboFix

2013-06-06 00:31:01 580712 ------w- c:\windows\system32\HPDiscoPMB611.dll

2013-06-06 00:29:18 -------- d-----w- c:\program files\HP

2013-06-06 00:25:39 90624 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\HPZPPWN7.DLL

2013-05-24 03:11:51 -------- d-s---w- c:\users\bernardo\Google Drive

2013-05-15 15:09:32 1796096 ----a-w- c:\windows\system32\authui.dll

2013-05-15 15:09:32 101720 ----a-w- c:\windows\system32\consent.exe

2013-05-15 15:09:31 47104 ----a-w- c:\windows\system32\appinfo.dll

2013-05-15 15:05:59 2347520 ----a-w- c:\windows\system32\win32k.sys

2013-05-15 15:05:53 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2013-05-15 15:05:53 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys

.

==================== Find3M ====================

.

2013-05-15 00:20:21 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-05-15 00:20:21 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-05-09 08:59:10 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2013-05-09 08:59:10 61680 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2013-05-09 08:59:10 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

2013-05-09 08:59:10 174664 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2013-05-09 08:59:09 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2013-05-09 08:58:37 41664 ----a-w- c:\windows\avastSS.scr

2013-04-12 13:45:29 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys

2013-04-06 02:56:36 139424 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2013-04-06 02:56:27 282104 ----a-w- c:\windows\system32\PnkBstrB.xtr

2013-04-06 02:56:27 282104 ----a-w- c:\windows\system32\PnkBstrB.exe

2013-04-06 02:56:00 234768 ----a-w- c:\windows\system32\PnkBstrB.ex0

2013-04-01 00:29:32 76888 ----a-w- c:\windows\system32\PnkBstrA.exe

2013-04-01 00:21:35 138056 ----a-w- c:\users\bernardo\appdata\roaming\PnkBstrK.sys

2013-03-19 05:04:13 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-03-19 05:04:10 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-03-19 04:48:45 38912 ----a-w- c:\windows\system32\csrsrv.dll

2013-03-19 02:49:16 69632 ----a-w- c:\windows\system32\smss.exe

2013-03-18 07:28:41 124504 ----a-w- c:\windows\system32\drivers\AnyDVD.sys

.

============= FINISH: 19:19:00,32 ===============

Attach:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 23/02/2013 20:40:02

System Uptime: 07/06/2013 18:16:35 (1 hours ago)

.

Motherboard: BIOSTAR Group | | H61MLV2

Processor: Intel® Pentium® CPU G630 @ 2.70GHz | SOCKET 0 | 2700/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 466 GiB total, 361,65 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP60: 30/05/2013 03:23:36 - ComboFix created restore point

RP61: 02/06/2013 19:00:06 - Backup do Windows

RP62: 04/06/2013 20:48:21 - ComboFix created restore point

RP63: 05/06/2013 21:29:04 - Installed HP Deskjet 5520 series Basic Device Software

.

==== Installed Programs ======================

.

Adobe Flash Player 11 Plugin

Adobe Reader XI (11.0.03) - Português

AnyDVD

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

µTorrent

Atualizações da NVIDIA 1.11.3

aTube Catcher

avast! Free Antivirus

BS.Player FREE

CANYON USB PC CAMERA

CloneCD

Combat Arms

Counter-Strike 1.6

Dota 2

DVD Shrink 3.2

DVDFab 9.0.2.2 (17/01/2013) Qt

Facebook Video Calling 1.2.0.287

Google Chrome

Google Drive

Google Update Helper

HP Deskjet 5520 series Basic Device Software

ImgBurn

Intel® Management Engine Components

Intel® Trusted Connect Service Client

League of Legends

MechWarrior Online

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Client Profile PTB Language Pack

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Mozilla Firefox 21.0 (x86 pt-BR)

Mozilla Maintenance Service

Nero Burning ROM

Nero Burning ROM Help (CHM)

Nero BurningROM 12

Nero ControlCenter

Nero ControlCenter Help (CHM)

Nero Core Components

Nero SharedVideoCodecs

Nero Update

NVIDIA Driver de gráficos 311.06

NVIDIA Driver do 3D Vision 311.06

NVIDIA Install Application

NVIDIA Stereoscopic 3D Driver

NVIDIA Update Components

Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)

Painel de controle da NVIDIA 311.06

Pando Media Booster

PhotoScape

Platform

Prerequisite installer

PunkBuster Services

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Skype™ 6.3

Star Wars: The Old Republic

Steam

TweetDeck

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

VIA Gerenciador de dispositivo de plataforma

WinRAR 4.20 (32-bit)

.

==== End Of File ===========================

Assim que eu ter acesso ao Gmer posto aqui os log's. Espero estar fazendo tudo certo agora.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Aqui está o log do gmer.

GMER 2.1.19163 - http://www.gmer.net

Rootkit scan 2013-06-07 20:21:24

Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 WDC_WD5000AAKX-003CA0 rev.15.01H15 465,76GB

Running: ih25098y.exe; Driver: C:\Users\Bernardo\AppData\Local\Temp\ufldikog.sys

---- System - GMER 2.1 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x91835644]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x9263A668]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x918360D6]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x9184189A]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x918418E6]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x91841A80]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x91841808]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x9263AA00]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x91841850]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0x918365D4]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThreadEx [0x918367F0]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x91841A3A]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0x91836E8C]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x918356AA]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0x9183A6AC]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x9263A730]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x92638C80]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x91835710]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x9183AA76]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x9183791C]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x918418C4]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x91841908]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x91841AA4]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x9184182E]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0x91839F92]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x918419B8]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x91841878]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0x9183A384]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x91841A5E]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x9263A890]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x918377E8]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThreadEx [0x918374F6]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x91835776]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x918357DC]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0x91836D06]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x9183532C]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x91835502]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x91835490]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0x91837056]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0x918371B8]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x9183558A]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x9263A958]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0x91836CE6]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0x92638CB0]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x91835842]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x9263A7DC]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x92653E80]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 2.1 ----

.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82E4BA09 1 Byte [06]

.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82E851F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

.text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 82E8C220 4 Bytes [44, 56, 83, 91]

.text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 82E8C248 4 Bytes [68, A6, 63, 92]

.text ntkrnlpa.exe!KeRemoveQueueEx + 1153 82E8C2A8 4 Bytes [D6, 60, 83, 91]

.text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 82E8C2FC 8 Bytes [9A, 18, 84, 91, E6, 18, 84, ...] {CALL FAR 0x8418:0xe6918418; XCHG ECX, EAX}

.text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 82E8C308 4 Bytes [80, 1A, 84, 91] {SBB BYTE [EDX], 0x84; XCHG ECX, EAX}

.text ...

PAGE ntkrnlpa.exe!ObMakeTemporaryObject 83019D3D 5 Bytes JMP 92650D1A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

PAGE ntkrnlpa.exe!ObInsertObject + 27 83032380 5 Bytes JMP 9265284C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 830474DF 4 Bytes CALL 91837FDF \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 83061333 4 Bytes CALL 91837FF5 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

PAGE ntkrnlpa.exe!ZwCreateProcessEx 830EB224 7 Bytes JMP 92653E84 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

.text win32k.sys!EngFntCacheLookUp + 8B22 99330A2B 5 Bytes JMP 9183B5C6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngCreateRectRgn + 3819 99344B04 5 Bytes JMP 9183B712 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngCreateRectRgn + 47FC 99345AE7 5 Bytes JMP 9183B3DC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngCTGetGammaTable + 310 9936146D 5 Bytes JMP 9183C29C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngCTGetGammaTable + 4CE9 99365E46 5 Bytes JMP 9183AE3E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngCTGetGammaTable + 6136 99367293 5 Bytes JMP 9183C4E4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngCTGetGammaTable + BE91 9936CFEE 5 Bytes JMP 9183B7B8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngCTGetGammaTable + C0E0 9936D23D 5 Bytes JMP 9183B8CC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngMapFontFileFD + 650 99386D27 5 Bytes JMP 9183AAAC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngMapFontFileFD + 70E 99386DE5 5 Bytes JMP 9183B7D6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngMapFontFileFD + 38FE 99389FD5 5 Bytes JMP 9183ABC2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngMapFontFileFD + 39BC 9938A093 5 Bytes JMP 9183ACDE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngIsSemaphoreOwnedByCurrentThread + 1EE8 9938E715 5 Bytes JMP 9183B5F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngUnmapFontFileFD + 2B22 99398165 5 Bytes JMP 9183B316 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngUnmapFontFileFD + ACE0 993A0323 5 Bytes JMP 9183AEDE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngUnmapFontFileFD + 14FA1 993AA5E4 5 Bytes JMP 9183C14A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngAlphaBlend + 5088 993C1DDE 5 Bytes JMP 9183C200 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngBitBlt + 42AE 993CF7B5 5 Bytes JMP 9183C6FE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngUnlockSurface + B25C 993E507B 5 Bytes JMP 9183C24C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngUnlockSurface + CC1B 993E6A3A 5 Bytes JMP 9183E050 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngDeleteClip + 480C 993F78FA 5 Bytes JMP 9183ADC6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngEqualRgn + 41E2 994058F2 5 Bytes JMP 9183B23A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngEqualRgn + B479 9940CB89 5 Bytes JMP 9183C5A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngDeleteRgn + 2198 99423977 5 Bytes JMP 9183B0F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngFillPath + 861D 99444A78 5 Bytes JMP 9183C656 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!PATHOBJ_vGetBounds + 2EC7 9945C9F8 5 Bytes JMP 9183C426 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!PATHOBJ_vGetBounds + 3458 9945CF89 5 Bytes JMP 9183AFA6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!PATHOBJ_vGetBounds + 6547 99460078 5 Bytes JMP 9183B7F4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!PATHOBJ_vGetBounds + 9687 994631B8 5 Bytes JMP 9183B00E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!PATHOBJ_vGetBounds + BF6E 99465A9F 5 Bytes JMP 9183B8AE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text ...

.text win32k.sys!EngCTGetCurrentGamma + 6414 99471C74 5 Bytes JMP 9183B196 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

? C:\Users\Bernardo\AppData\Local\Temp\mbr.sys O sistema não pode encontrar o arquivo especificado. !

---- User code sections - GMER 2.1 ----

.text C:\Program Files\Google\Drive\googledrivesync.exe[324] ntdll.dll!LdrUnloadDll 7707C86E 5 Bytes JMP 001703FC

.text C:\Program Files\Google\Drive\googledrivesync.exe[324] ntdll.dll!LdrLoadDll 7708223E 5 Bytes JMP 001701F8

.text C:\Program Files\Google\Drive\googledrivesync.exe[324] KERNEL32.dll!GetBinaryTypeW + 70 76EA69F4 1 Byte [62]

.text C:\Program Files\Google\Drive\googledrivesync.exe[324] USER32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 00180A08

.text C:\Program Files\Google\Drive\googledrivesync.exe[324] USER32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 001803FC

.text C:\Program Files\Google\Drive\googledrivesync.exe[324] USER32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 00180804

.text C:\Program Files\Google\Drive\googledrivesync.exe[324] USER32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 001801F8

.text C:\Program Files\Google\Drive\googledrivesync.exe[324] USER32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 00180600

.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[344] ntdll.dll!LdrUnloadDll 7707C86E 5 Bytes JMP 000E03FC

.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[344] ntdll.dll!LdrLoadDll 7708223E 5 Bytes JMP 000E01F8

.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[344] KERNEL32.dll!GetBinaryTypeW + 70 76EA69F4 1 Byte [62]

.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[344] USER32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 00100A08

.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[344] USER32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 001003FC

.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[344] USER32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 00100804

.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[344] USER32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 001001F8

.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[344] USER32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 00100600

.text C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe[352] ntdll.dll!LdrUnloadDll 7707C86E 5 Bytes JMP 000E03FC

.text C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe[352] ntdll.dll!LdrLoadDll 7708223E 5 Bytes JMP 000E01F8

.text C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe[352] KERNEL32.dll!GetBinaryTypeW + 70 76EA69F4 1 Byte [62]

.text C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe[352] USER32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 000F0A08

.text C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe[352] USER32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 000F03FC

.text C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe[352] USER32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 000F0804

.text C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe[352] USER32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 000F01F8

.text C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe[352] USER32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 000F0600

.text C:\Windows\system32\csrss.exe[400] kernel32.dll!GetBinaryTypeW + 70 76EA69F4 1 Byte [62]

.text C:\Windows\system32\PnkBstrA.exe[408] ntdll.dll!LdrUnloadDll 7707C86E 5 Bytes JMP 001D03FC

.text C:\Windows\system32\PnkBstrA.exe[408] ntdll.dll!LdrLoadDll 7708223E 5 Bytes JMP 001D01F8

.text C:\Windows\system32\PnkBstrA.exe[408] KERNEL32.dll!GetBinaryTypeW + 70 76EA69F4 1 Byte [62]

.text C:\Windows\system32\PnkBstrA.exe[408] USER32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 001E0A08

.text C:\Windows\system32\PnkBstrA.exe[408] USER32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 001E03FC

.text C:\Windows\system32\PnkBstrA.exe[408] USER32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 001E0804

.text C:\Windows\system32\PnkBstrA.exe[408] USER32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 001E01F8

.text C:\Windows\system32\PnkBstrA.exe[408] USER32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 001E0600

.text C:\Windows\system32\wininit.exe[452] kernel32.dll!GetBinaryTypeW + 70 76EA69F4 1 Byte [62]

.text C:\Windows\system32\csrss.exe[476] kernel32.dll!GetBinaryTypeW + 70 76EA69F4 1 Byte [62]

.text C:\Windows\system32\services.exe[520] kernel32.dll!GetBinaryTypeW + 70 76EA69F4 1 Byte [62]

.text C:\Windows\system32\lsass.exe[552] kernel32.dll!GetBinaryTypeW + 70 76EA69F4 1 Byte [62]

.text C:\Windows\system32\lsm.exe[564] kernel32.dll!GetBinaryTypeW + 70 76EA69F4 1 Byte [62]

.text ...

.text C:\Windows\system32\SearchIndexer.exe[856] ntdll.dll!LdrUnloadDll 7707C86E 5 Bytes JMP 001203FC

.text C:\Windows\system32\SearchIndexer.exe[856] ntdll.dll!LdrLoadDll 7708223E 5 Bytes JMP 001201F8

.text C:\Windows\system32\SearchIndexer.exe[856] KERNEL32.dll!GetBinaryTypeW + 70 76EA69F4 1 Byte [62]

.text C:\Windows\system32\SearchIndexer.exe[856] USER32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 00140A08

.text C:\Windows\system32\SearchIndexer.exe[856] USER32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 001403FC

.text C:\Windows\system32\SearchIndexer.exe[856] USER32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 00140804

.text C:\Windows\system32\SearchIndexer.exe[856] USER32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 001401F8

.text C:\Windows\system32\SearchIndexer.exe[856] USER32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 00140600

.text C:\Windows\System32\svchost.exe[896] kernel32.dll!GetBinaryTypeW + 70 76EA69F4 1 Byte [62]

.text C:\Windows\System32\svchost.exe[968] kernel32.dll!GetBinaryTypeW + 70 76EA69F4 1 Byte [62]

.text C:\Windows\system32\svchost.exe[996] kernel32.dll!GetBinaryTypeW + 70 76EA69F4 1 Byte [62]

.text C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe[1016] ntdll.dll!LdrUnloadDll 7707C86E 5 Bytes JMP 000E03FC

.text C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe[1016] ntdll.dll!LdrLoadDll 7708223E 5 Bytes JMP 000E01F8

.text C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe[1016] KERNEL32.dll!GetBinaryTypeW + 70 76EA69F4 1 Byte [62]

.text C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe[1016] USER32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 00200A08

.text C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe[1016] USER32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 002003FC

.text C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe[1016] USER32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 00200804

.text C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe[1016] USER32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 002001F8

.text C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe[1016] USER32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 00200600

.text C:\Windows\system32\svchost.exe[1020] kernel32.dll!GetBinaryTypeW + 70 76EA69F4 1 Byte [62]

.text C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe[1164] ntdll.dll!LdrUnloadDll 7707C86E 5 Bytes JMP 000E03FC

.text C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe[1164] ntdll.dll!LdrLoadDll 7708223E 5 Bytes JMP 000E01F8

.text C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe[1164] KERNEL32.dll!GetBinaryTypeW + 70 76EA69F4 1 Byte [62]

.text C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe[1164] USER32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 00200A08

.text C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe[1164] USER32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 002003FC

.text C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe[1164] USER32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 00200804

.text C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe[1164] USER32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 002001F8

.text C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe[1164] USER32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 00200600

.text C:\Windows\system32\svchost.exe[1300] kernel32.dll!GetBinaryTypeW + 70 76EA69F4 1 Byte [62]

.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1372] kernel32.dll!GetBinaryTypeW + 70 76EA69F4 1 Byte [62]

.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1464] kernel32.dll!GetBinaryTypeW + 70 76EA69F4 1 Byte [62]

.text C:\Windows\system32\nvvsvc.exe[1476] kernel32.dll!GetBinaryTypeW + 70 76EA69F4 1 Byte [62]

.text C:\Windows\System32\spoolsv.exe[1552] kernel32.dll!GetBinaryTypeW + 70 76EA69F4 1 Byte [62]

.text ...

.text C:\Users\Bernardo\AppData\Roaming\uTorrent\uTorrent.exe[2096] ntdll.dll!LdrUnloadDll 7707C86E 5 Bytes JMP 003C03FC

.text C:\Users\Bernardo\AppData\Roaming\uTorrent\uTorrent.exe[2096] ntdll.dll!LdrLoadDll 7708223E 5 Bytes JMP 003C01F8

.text C:\Users\Bernardo\AppData\Roaming\uTorrent\uTorrent.exe[2096] KERNEL32.dll!GetBinaryTypeW + 70 76EA69F4 1 Byte [62]

.text C:\Users\Bernardo\AppData\Roaming\uTorrent\uTorrent.exe[2096] USER32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 003E0A08

.text C:\Users\Bernardo\AppData\Roaming\uTorrent\uTorrent.exe[2096] USER32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 003E03FC

.text C:\Users\Bernardo\AppData\Roaming\uTorrent\uTorrent.exe[2096] USER32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 003E0804

.text C:\Users\Bernardo\AppData\Roaming\uTorrent\uTorrent.exe[2096] USER32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 003E01F8

.text C:\Users\Bernardo\AppData\Roaming\uTorrent\uTorrent.exe[2096] USER32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 003E0600

.text C:\Windows\system32\viakaraokesrv.exe[2136] ntdll.dll!LdrUnloadDll 7707C86E 5 Bytes JMP 000603FC

.text C:\Windows\system32\viakaraokesrv.exe[2136] ntdll.dll!LdrLoadDll 7708223E 5 Bytes JMP 000601F8

.text C:\Windows\system32\viakaraokesrv.exe[2136] KERNEL32.dll!GetBinaryTypeW + 70 76EA69F4 1 Byte [62]

.text C:\Windows\system32\viakaraokesrv.exe[2136] USER32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 00130A08

.text C:\Windows\system32\viakaraokesrv.exe[2136] USER32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 001303FC

.text C:\Windows\system32\viakaraokesrv.exe[2136] USER32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 00130804

.text C:\Windows\system32\viakaraokesrv.exe[2136] USER32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 001301F8

.text C:\Windows\system32\viakaraokesrv.exe[2136] USER32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 00130600

.text C:\Windows\System32\svchost.exe[2160] ntdll.dll!LdrUnloadDll 7707C86E 5 Bytes JMP 000703FC

.text C:\Windows\System32\svchost.exe[2160] ntdll.dll!LdrLoadDll 7708223E 5 Bytes JMP 000701F8

.text C:\Windows\System32\svchost.exe[2160] KERNEL32.dll!GetBinaryTypeW + 70 76EA69F4 1 Byte [62]

.text C:\Windows\System32\svchost.exe[2160] USER32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 00090A08

.text C:\Windows\System32\svchost.exe[2160] USER32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 000903FC

.text C:\Windows\System32\svchost.exe[2160] USER32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 00090804

.text C:\Windows\System32\svchost.exe[2160] USER32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 000901F8

.text C:\Windows\System32\svchost.exe[2160] USER32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 00090600

.text C:\Program Files\Nero\Update\NASvc.exe[2260] ntdll.dll!LdrUnloadDll 7707C86E 5 Bytes JMP 001F03FC

.text C:\Program Files\Nero\Update\NASvc.exe[2260] ntdll.dll!LdrLoadDll 7708223E 5 Bytes JMP 001F01F8

.text C:\Program Files\Nero\Update\NASvc.exe[2260] KERNEL32.dll!GetBinaryTypeW + 70 76EA69F4 1 Byte [62]

.text C:\Program Files\Nero\Update\NASvc.exe[2260] USER32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 00200A08

.text C:\Program Files\Nero\Update\NASvc.exe[2260] USER32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 002003FC

.text C:\Program Files\Nero\Update\NASvc.exe[2260] USER32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 00200804

.text C:\Program Files\Nero\Update\NASvc.exe[2260] USER32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 002001F8

.text C:\Program Files\Nero\Update\NASvc.exe[2260] USER32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 00200600

.text C:\Windows\system32\taskhost.exe[2264] ntdll.dll!LdrUnloadDll 7707C86E 5 Bytes JMP 000D03FC

.text C:\Windows\system32\taskhost.exe[2264] ntdll.dll!LdrLoadDll 7708223E 5 Bytes JMP 000D01F8

.text C:\Windows\system32\taskhost.exe[2264] KERNEL32.dll!GetBinaryTypeW + 70 76EA69F4 1 Byte [62]

.text C:\Windows\system32\taskhost.exe[2264] USER32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 000E0A08

.text C:\Windows\system32\taskhost.exe[2264] USER32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 000E03FC

.text C:\Windows\system32\taskhost.exe[2264] USER32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 000E0804

.text C:\Windows\system32\taskhost.exe[2264] USER32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 000E01F8

.text C:\Windows\system32\taskhost.exe[2264] USER32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 000E0600

.text C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe[2296] ntdll.dll!LdrUnloadDll 7707C86E 5 Bytes JMP 001E03FC

.text C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe[2296] ntdll.dll!LdrLoadDll 7708223E 5 Bytes JMP 001E01F8

.text C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe[2296] KERNEL32.dll!GetBinaryTypeW + 70 76EA69F4 1 Byte [62]

.text C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe[2296] user32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 001F0A08

.text C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe[2296] user32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 001F03FC

.text C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe[2296] user32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 001F0804

.text C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe[2296] user32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 001F01F8

.text C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe[2296] user32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 001F0600

.text C:\Windows\system32\svchost.exe[2680] ntdll.dll!LdrUnloadDll 7707C86E 5 Bytes JMP 000703FC

.text C:\Windows\system32\svchost.exe[2680] ntdll.dll!LdrLoadDll 7708223E 5 Bytes JMP 000701F8

.text C:\Windows\system32\svchost.exe[2680] KERNEL32.dll!GetBinaryTypeW + 70 76EA69F4 1 Byte [62]

.text C:\Windows\system32\svchost.exe[2680] USER32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 00090A08

.text C:\Windows\system32\svchost.exe[2680] USER32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 000903FC

.text C:\Windows\system32\svchost.exe[2680] USER32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 00090804

.text C:\Windows\system32\svchost.exe[2680] USER32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 000901F8

.text C:\Windows\system32\svchost.exe[2680] USER32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 00090600

.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2820] ntdll.dll!LdrUnloadDll 7707C86E 5 Bytes JMP 001203FC

.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2820] ntdll.dll!LdrLoadDll 7708223E 5 Bytes JMP 001201F8

.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2820] KERNEL32.dll!GetBinaryTypeW + 70 76EA69F4 1 Byte [62]

.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2820] USER32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 00140A08

.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2820] USER32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 001403FC

.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2820] USER32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 00140804

.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2820] USER32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 001401F8

.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2820] USER32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 00140600

.text C:\Windows\system32\sppsvc.exe[3088] ntdll.dll!LdrUnloadDll 7707C86E 5 Bytes JMP 000F03FC

.text C:\Windows\system32\sppsvc.exe[3088] ntdll.dll!LdrLoadDll 7708223E 5 Bytes JMP 000F01F8

.text C:\Windows\system32\sppsvc.exe[3088] KERNEL32.dll!GetBinaryTypeW + 70 76EA69F4 1 Byte [62]

.text C:\Windows\system32\sppsvc.exe[3088] USER32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 00110A08

.text C:\Windows\system32\sppsvc.exe[3088] USER32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 001103FC

.text C:\Windows\system32\sppsvc.exe[3088] USER32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 00110804

.text C:\Windows\system32\sppsvc.exe[3088] USER32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 001101F8

.text C:\Windows\system32\sppsvc.exe[3088] USER32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 00110600

.text C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe[3164] ntdll.dll!LdrUnloadDll 7707C86E 5 Bytes JMP 001E03FC

.text C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe[3164] ntdll.dll!LdrLoadDll 7708223E 5 Bytes JMP 001E01F8

.text C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe[3164] KERNEL32.dll!GetBinaryTypeW + 70 76EA69F4 1 Byte [62]

.text C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe[3164] USER32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 001F0A08

.text C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe[3164] USER32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 001F03FC

.text C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe[3164] USER32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 001F0804

.text C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe[3164] USER32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 001F01F8

.text C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe[3164] USER32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 001F0600

.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3168] kernel32.dll!GetBinaryTypeW + 70 76EA69F4 1 Byte [62]

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3248] ntdll.dll!LdrUnloadDll 7707C86E 5 Bytes JMP 000E03FC

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3248] ntdll.dll!LdrLoadDll 7708223E 5 Bytes JMP 000E01F8

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3248] KERNEL32.dll!GetBinaryTypeW + 70 76EA69F4 1 Byte [62]

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3248] USER32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 00100A08

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3248] USER32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 001003FC

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3248] USER32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 00100804

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3248] USER32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 001001F8

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3248] USER32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 00100600

.text C:\Program Files\Google\Drive\googledrivesync.exe[3388] ntdll.dll!LdrUnloadDll 7707C86E 5 Bytes JMP 001E03FC

.text C:\Program Files\Google\Drive\googledrivesync.exe[3388] ntdll.dll!LdrLoadDll 7708223E 5 Bytes JMP 001E01F8

.text C:\Program Files\Google\Drive\googledrivesync.exe[3388] KERNEL32.dll!GetBinaryTypeW + 70 76EA69F4 1 Byte [62]

.text C:\Program Files\Google\Drive\googledrivesync.exe[3388] USER32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 001F0A08

.text C:\Program Files\Google\Drive\googledrivesync.exe[3388] USER32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 001F03FC

.text C:\Program Files\Google\Drive\googledrivesync.exe[3388] USER32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 001F0804

.text C:\Program Files\Google\Drive\googledrivesync.exe[3388] USER32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 001F01F8

.text C:\Program Files\Google\Drive\googledrivesync.exe[3388] USER32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 001F0600

.text C:\Windows\system32\Dwm.exe[3688] ntdll.dll!LdrUnloadDll 7707C86E 5 Bytes JMP 000E03FC

.text C:\Windows\system32\Dwm.exe[3688] ntdll.dll!LdrLoadDll 7708223E 5 Bytes JMP 000E01F8

.text C:\Windows\system32\Dwm.exe[3688] KERNEL32.dll!GetBinaryTypeW + 70 76EA69F4 1 Byte [62]

.text C:\Windows\system32\Dwm.exe[3688] USER32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 000F0A08

.text C:\Windows\system32\Dwm.exe[3688] USER32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 000F03FC

.text C:\Windows\system32\Dwm.exe[3688] USER32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 000F0804

.text C:\Windows\system32\Dwm.exe[3688] USER32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 000F01F8

.text C:\Windows\system32\Dwm.exe[3688] USER32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 000F0600

.text C:\Windows\Explorer.EXE[3696] ntdll.dll!LdrUnloadDll 7707C86E 5 Bytes JMP 000703FC

.text C:\Windows\Explorer.EXE[3696] ntdll.dll!LdrLoadDll 7708223E 5 Bytes JMP 000701F8

.text C:\Windows\Explorer.EXE[3696] KERNEL32.dll!GetBinaryTypeW + 70 76EA69F4 1 Byte [62]

.text C:\Windows\Explorer.EXE[3696] USER32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 00140A08

.text C:\Windows\Explorer.EXE[3696] USER32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 001403FC

.text C:\Windows\Explorer.EXE[3696] USER32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 00140804

.text C:\Windows\Explorer.EXE[3696] USER32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 001401F8

.text C:\Windows\Explorer.EXE[3696] USER32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 00140600

.text C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe[4324] ntdll.dll!LdrUnloadDll 7707C86E 5 Bytes JMP 000703FC

.text C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe[4324] ntdll.dll!LdrLoadDll 7708223E 5 Bytes JMP 000701F8

.text C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe[4324] KERNEL32.dll!GetBinaryTypeW + 70 76EA69F4 1 Byte [62]

.text C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe[4324] USER32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 00090A08

.text C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe[4324] USER32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 000903FC

.text C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe[4324] USER32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 00090804

.text C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe[4324] USER32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 000901F8

.text C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe[4324] USER32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 00090600

.text C:\Users\Bernardo\Downloads\ih25098y.exe[4488] kernel32.dll!GetBinaryTypeW + 70 76EA69F4 1 Byte [62]

.text C:\Windows\system32\wuauclt.exe[4776] ntdll.dll!LdrUnloadDll 7707C86E 5 Bytes JMP 000F03FC

.text C:\Windows\system32\wuauclt.exe[4776] ntdll.dll!LdrLoadDll 7708223E 5 Bytes JMP 000F01F8

.text C:\Windows\system32\wuauclt.exe[4776] KERNEL32.dll!GetBinaryTypeW + 70 76EA69F4 1 Byte [62]

.text C:\Windows\system32\wuauclt.exe[4776] USER32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 00100A08

.text C:\Windows\system32\wuauclt.exe[4776] USER32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 001003FC

.text C:\Windows\system32\wuauclt.exe[4776] USER32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 00100804

.text C:\Windows\system32\wuauclt.exe[4776] USER32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 001001F8

.text C:\Windows\system32\wuauclt.exe[4776] USER32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 00100600

.text C:\Windows\system32\svchost.exe[4908] ntdll.dll!LdrUnloadDll 7707C86E 5 Bytes JMP 000703FC

.text C:\Windows\system32\svchost.exe[4908] ntdll.dll!LdrLoadDll 7708223E 5 Bytes JMP 000701F8

.text C:\Windows\system32\svchost.exe[4908] KERNEL32.dll!GetBinaryTypeW + 70 76EA69F4 1 Byte [62]

.text C:\Windows\system32\svchost.exe[4908] USER32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 00160A08

.text C:\Windows\system32\svchost.exe[4908] USER32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 001603FC

.text C:\Windows\system32\svchost.exe[4908] USER32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 00160804

.text C:\Windows\system32\svchost.exe[4908] USER32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 001601F8

.text C:\Windows\system32\svchost.exe[4908] USER32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 00160600

.text C:\Windows\system32\AUDIODG.EXE[5668] kernel32.dll!GetBinaryTypeW + 70 76EA69F4 1 Byte [62]

---- User IAT/EAT - GMER 2.1 ----

IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1372] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [73040790] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)

IAT C:\Program Files\AVAST Software\Avast\AvastUI.exe[3168] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [73040790] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)

---- Devices - GMER 2.1 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- Files - GMER 2.1 ----

File C:\avast! sandbox 0 bytes

File C:\avast! sandbox\S-1-5-21-2798079315-3462768855-1190625631-1000 0 bytes

File C:\avast! sandbox\S-1-5-21-2798079315-3462768855-1190625631-1000\webStorage 0 bytes

File C:\avast! sandbox\S-1-5-21-2798079315-3462768855-1190625631-1000\webStorage\C 0 bytes

File C:\avast! sandbox\S-1-5-21-2798079315-3462768855-1190625631-1000\webStorage\C\Users 0 bytes

File C:\avast! sandbox\S-1-5-21-2798079315-3462768855-1190625631-1000\webStorage\C\Users\Bernardo 0 bytes

File C:\avast! sandbox\S-1-5-21-2798079315-3462768855-1190625631-1000\webStorage\C\Users\Bernardo\AppData 0 bytes

File C:\avast! sandbox\S-1-5-21-2798079315-3462768855-1190625631-1000\webStorage\C\Users\Bernardo\AppData\Local 0 bytes

File C:\avast! sandbox\S-1-5-21-2798079315-3462768855-1190625631-1000\webStorage\C\Users\Bernardo\AppData\Local\Microsoft 0 bytes

File C:\avast! sandbox\S-1-5-21-2798079315-3462768855-1190625631-1000\webStorage\C\Users\Bernardo\AppData\Local\Microsoft\Windows 0 bytes

File C:\avast! sandbox\S-1-5-21-2798079315-3462768855-1190625631-1000\webStorage\C\Users\Bernardo\AppData\Local\Microsoft\Windows\Explorer 0 bytes

File C:\avast! sandbox\S-1-5-21-2798079315-3462768855-1190625631-1000\webStorage\C\Users\Bernardo\AppData\Local\Microsoft\Windows\Explorer\ExplorerStartupLog_RunOnce.etl 16384 bytes

File C:\avast! sandbox\S-1-5-21-2798079315-3462768855-1190625631-1000\webStorage\C\Windows 0 bytes

File C:\avast! sandbox\S-1-5-21-2798079315-3462768855-1190625631-1000\webStorage\C\Windows\INF 0 bytes

File C:\avast! sandbox\S-1-5-21-2798079315-3462768855-1190625631-1000\webStorage\C\Windows\INF\setupapi.app.log 463033 bytes

File C:\avast! sandbox\S-1-5-21-2798079315-3462768855-1190625631-1000\webStorage\C\Windows\System32 0 bytes

File C:\avast! sandbox\S-1-5-21-2798079315-3462768855-1190625631-1000\webStorage\C\Windows\System32\DriverStore 0 bytes

File C:\avast! sandbox\S-1-5-21-2798079315-3462768855-1190625631-1000\webStorage\snx_fs.dat 1676 bytes

File C:\avast! sandbox\snx_rhive 262144 bytes

File C:\avast! sandbox\snx_rhive.LOG1 13312 bytes

File C:\avast! sandbox\snx_rhive.LOG2 0 bytes

File C:\avast! sandbox\snx_rhive{830136a1-c858-11e2-8686-b8975a19d6fe}.TM.blf 65536 bytes

File C:\avast! sandbox\snx_rhive{830136a1-c858-11e2-8686-b8975a19d6fe}.TMContainer00000000000000000001.regtrans-ms 524288 bytes

File C:\avast! sandbox\snx_rhive{830136a1-c858-11e2-8686-b8975a19d6fe}.TMContainer00000000000000000002.regtrans-ms 524288 bytes

---- EOF - GMER 2.1 ----

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro Trevomader

Recomendo que salve este tópico em seus Favoritos para facilitar na hora de encontrá-lo.

Por favor, atente para o seguinte:

  • Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP);
  • O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
  • Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
  • Sempre coloque suas respostas neste tópico... Não abra outro!
  • Procure sempre me manter informado, durante a remoção, sobre o que acontece com seu computador.
  • Respeite a ordem das instruções passadas.
  • Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

# Etapa nº 1 #

Não é aconselhável usar o ComboFix sem auxilio de uma pessoa especializada... A referiada pasta não aparece nos logs.

Faça o download do Malwarebytes Anti-Malware:

  • Link1
  • Link alternativo
    • Clique duas vezes em mbam-setup.exe, escolha a linguagem e siga as instruções para o software ser instalado.
    • Certifique-se que esteja marcada a caixa Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware, e clique em concluir.
    • Se existirem atualizações, elas serão baixadas e instaladas.
    • Quando as atualizações terminarem, abrirá uma janela do programa. Marque "Verificação Rápida", e depois clique no botão Verificar.
    • O scan iniciará e poderá ser demorado. Por favor seja paciente.
    • Quando o scan estiver completo, clique em Ok, depois em Mostrar Resultados para ver o log.
    • Se algo for encontrado, certifique-se que tudo está marcado e clique em Remover.
    • Quando a desinfecção terminar, automaticamente um log surgirá aberto num documento do Bloco de Notas e pode ser questionado para reiniciar o PC. (Leia a nota)
    • O log é automaticamente guardado e pode ser consultado clicando na tab Logs do menu principal.
    • Copie e cole o conteúdo desse log na sua próxima resposta.

Nota: Em infecções mais complicadas, poderá haver a necessidade de reiniciar o PC. Caso lhe seja pedido para reiniciar, por favor, faça-o imediatamente.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

Versão da Base de Dados: v2013.06.09.07

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 10.0.9200.16576

Bernardo :: BERNARDO-PC [administrador]

Proteção: Permitir

09/06/2013 21:30:10

mbam-log-2013-06-09 (21-30-10).txt

Tipo de Verificação: Verificação Rápida

Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM

Opções de verificação desativadas: P2P

Objetos escaneados: 228638

Tempo decorrido: 3 minuto(s), 50 segundo(s)

Processos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Valores de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Pastas Detectadas: 0

(Não foram detectados ítens maliciosos)

Arquivos Detectados: 0

(Não foram detectados ítens maliciosos)

(fim)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro Trevomader

Faça o download do Kaspersky AVP Tool de um desses links:

Alternativa 1

Alternativa 2

  • Você será direcionado a uma página da Kaspersky, solicitando um email para cadastro, nome e sobrenome.
  • Somente o campo "email" é obrigatório.
  • Informe seu email depois clique no botão Submit Form.
  • A página será recarregada. Clique no botão Download
  • Salve-o em sua área de trabalho (Desktop).
  • Execute o arquivo e aguarde a instalação.
    • ** Usuários do Windows Vista e Windows 7: Clique com o direito sobre o arquivo, depois clique em Executar como administrador

  • Na tela do contrato de licença, marque a opção I accept the license agreement e depois clique no botão Start.
  • Aparentemente o programa congela e nada acontece. É normal, apenas aguarde até aparecer a tela inicial do programa, e então clique no ícone Settings:

KRT_settings.png

Nesta tela, marque a caixa ao lado de:

  • Meu Computador;
  • Disco local (C:);
  • Marque também todas as unidades que aparecem abaixo de Disco Local, caso houverem;
  • Depois clique na aba Automatic Scan.

KRT_install2_.png

  • De volta à tela inicial do programa, clique no botão Start scanning;
  • Tenha paciência, é um pouco demorado;
  • Quando terminar, caso tenha detectado algo, o programa irá lhe perguntar o que fazer;
  • Marque o quadradinho ao lado de Apply to all objects e depois clique em Skip (queremos apenas o log).

KRT_detection_.png

Uma vez finalizado o scan, proceda da seguinte forma:

  1. Na tela principal, caso tenha sido detectado algo, então salve o log.
  2. Se você fechar o programa e esquecer de salvar o log, terá que repetir todo o scan novamente.
  3. Para salvar o log, clique no ícone Reports (ao lado do ícone "Settings").
  4. Na próxima janela, clique em Detected Threats, depois clique no ícone de disquete para salvar o log.
  5. Escolha um local de fácil acesso e salve como log.txt
  6. Copie todo o conteúdo desse bloco de notas e cole em sua próxima resposta.
  7. Se nada for detectado, então não precisa salvar o log, apenas avise.
  8. Para sair do programa, basta clicar no X no canto superior direito.

Observações:
Enquanto durar o scan, a tela inicial exibirá uma barra de progresso. Quando terminar, o programa exibirá o status concluído e um botão que ficará na cor
laranja
, caso nada tenha sido detectado; e na cor
vermelha
, caso tenha encontrado algo. Caso tenha detectado algo, o programa também exibirá uma tela de alerta, avisando que o seu sistema está desprotegido e sugerindo um produto da Kaspersky. Clique no botão
No, thanks
.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Diego, na hora em que fui instalar o programa o mesmo bugou meu computador e fez com que eu tivesse que fazer uma restauração do sistema. Será que existe outro programa para fazer o scan?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro Trevomader

Não use o botão CITAR a não ser se for realmente necessário. ;)

Atualize seu antivírus e faça um scan com ele, poste o resultado.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites
Entre para seguir isso  





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×