Ir ao conteúdo
  • Cadastre-se
alcaroli

Antivírus falso

Recommended Posts

Boa noite,

Alguns dias atrás fiz atualização do flash através de um site (radio).

ao reiniciar observei que o antivírus (AVAST) havia desinstalado sozinho e o atalho que aparece ao lado do relógio não era ele, Instalei novamente e ao escanear o AVAST acusou algumas ameaças.

No gerenciador de tarefas o "antivírus falso" estava processando. Conseguia finalizar o processo mas assim que reiniciava ele voltava.

Fiz algumas tentativas que vi aqui no fórum e não está mais aparecendo o Falso antivírus. Mas não tenho certeza se meu computador está seguro.

abaixo logs do dds; attach; gmer... caso precisem dos logs das tentativas me avisem. não sei se o que fiz pode afetar a analise de vocês nesse momento. Obrigada

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 10.0.9200.16660 BrowserJavaVersion: 10.25.2

Run by Carol at 21:37:48 on 2013-08-25

Microsoft Windows 7 Starter 6.1.7601.1.1252.55.1046.18.2038.657 [GMT -3:00]

.

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\system32\Dwm.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe

C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\Program Files\Scpad\scpVista.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

C:\Program Files\Tor\tor.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\WindowsMobile\wmdc.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Ask.com\Updater\Updater.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Windows\System32\WUDFHost.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\schtasks.exe

C:\Windows\system32\conhost.exe

C:\Windows\Explorer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Real\RealPlayer\realplay.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\ntvdm.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\svchost.exe -k WindowsMobile

C:\Windows\System32\svchost.exe -k swprv

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.bing.com

mStart Page = hxxp://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal

uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\ask.com\GenericAskToolbar.dll

uURLSearchHooks: Softonic_Brasil Toolbar: {12fc3d37-2a42-4fe3-8489-81296878cba5} - c:\program files\softonic_brasil\tbSof1.dll

mURLSearchHooks: Softonic_Brasil Toolbar: {12fc3d37-2a42-4fe3-8489-81296878cba5} - c:\program files\softonic_brasil\tbSof1.dll

BHO: Softonic_Brasil Toolbar: {12fc3d37-2a42-4fe3-8489-81296878cba5} - c:\program files\softonic_brasil\tbSof1.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: ssh2 Class: {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - c:\program files\scpad\scpsssh2.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: {C41A1C0E-EA6C-11D4-B1B8-444553540007} - <orphaned>

BHO: {C41A1C0E-EA6C-11D4-B1B8-444553540008} - <orphaned>

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

TB: Softonic_Brasil Toolbar: {12FC3D37-2A42-4FE3-8489-81296878CBA5} - c:\program files\softonic_brasil\tbSof1.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: Softonic_Brasil Toolbar: {12fc3d37-2a42-4fe3-8489-81296878cba5} - c:\program files\softonic_brasil\tbSof1.dll

TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe"

mRun: [updateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"

mRun: [RemoteControl9] "c:\program files\cyberlink\powerdvd9\PDVD9Serv.exe"

mRun: [PDVD9LanguageShortcut] "c:\program files\cyberlink\powerdvd9\language\Language.exe"

mRun: [updatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"

StartupFolder: c:\users\carol\appdata\roaming\micros~1\windows\startm~1\programs\startup\recort~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xportar para o Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com.br/s/v/61.07/uploader2.cab

DPF: {444785F1-DE89-4295-863A-D46C3A781394} - hxxp://webplayer.unity3d.com/download_webplayer-2.x/UnityWebPlayer.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

TCP: NameServer = 201.82.0.62 201.82.0.64 201.6.4.116

TCP: Interfaces\{A0025E7E-3CA5-4DBD-B795-1DCBEEBEC7D2} : NameServer = 96.31.89.141,65.111.171.135

TCP: Interfaces\{A0025E7E-3CA5-4DBD-B795-1DCBEEBEC7D2} : DHCPNameServer = 201.82.0.62 201.82.0.64 201.6.4.116

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

Notify: igfxcui - igfxdev.dll

SSODL: WebCheck - <orphaned>

SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - c:\program files\scpad\scpLIB.dll

STS: compIB Class - {A3717295-941D-416F-9384-ED1736729F1C} - c:\program files\scpad\scpLIB.dll

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

SEH: {E37CB5F0-51F5-4395-A808-5FA49E399007} - <orphaned>

mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "c:\progra~1\windows mail\WinMail.exe" OCInstallUserConfigOE

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\29.0.1547.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

.

============= SERVICES / DRIVERS ===============

.

R0 360HookOem;360HookOem;c:\windows\system32\drivers\360HookOem.sys [2012-10-23 54912]

R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-5-1 49376]

R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-5-1 175176]

R1 360FileOem;360FileOem;c:\windows\system32\drivers\360FileOem.sys [2012-10-23 146304]

R1 360RegOem;360RegOem;c:\windows\system32\drivers\360RegOem.sys [2012-10-23 23168]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-8-12 770344]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-8-12 369584]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-8-12 29816]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-8-12 66336]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-8-12 46808]

R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-8-25 418376]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-8-25 701512]

R2 scpVista;scpVista;c:\program files\scpad\scpVista.exe [2010-7-11 368544]

R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2013-3-22 93072]

R2 tor;Tor Win32 Service;c:\program files\tor\tor.exe [2013-8-22 3233806]

R3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\system32\drivers\l260x86.sys [2009-6-10 29184]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-8-25 22856]

R3 NdisrdMP;NdisrdMP;c:\windows\system32\drivers\GbpNdisrd.sys [2013-6-8 31088]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-6-3 162408]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 Ndisrd;GAS Tecnologia Service;c:\windows\system32\drivers\GbpNdisrd.sys [2013-6-8 31088]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-1 52224]

.

=============== Created Last 30 ================

.

2013-08-26 00:33:16 -------- d--h--w- c:\windows\PIF

2013-08-25 21:36:31 -------- d-sh--w- C:\$RECYCLE.BIN

2013-08-25 21:28:34 60872 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{67a6c4b4-8732-437f-8608-e0e602725db0}\offreg.dll

2013-08-25 21:25:31 98816 ----a-w- c:\windows\sed.exe

2013-08-25 21:25:31 256000 ----a-w- c:\windows\PEV.exe

2013-08-25 21:25:31 208896 ----a-w- c:\windows\MBR.exe

2013-08-25 16:51:34 -------- d-----w- c:\users\carol\appdata\roaming\Malwarebytes

2013-08-25 16:50:39 -------- d-----w- c:\programdata\Malwarebytes

2013-08-25 16:50:36 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-08-25 16:50:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-08-25 16:43:53 7166848 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{67a6c4b4-8732-437f-8608-e0e602725db0}\mpengine.dll

2013-08-22 22:52:25 -------- d-----w- c:\program files\Tor

2013-08-16 02:57:12 -------- d-----w- c:\program files\CCleaner

2013-08-16 02:10:47 -------- d-----w- c:\users\carol\appdata\local\{ACA37146-370A-4D4C-A411-FA418806688A}

2013-08-16 01:52:55 -------- d-----w- c:\windows\system32\MRT

2013-08-16 01:46:59 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2013-08-16 01:46:59 109056 ----a-w- c:\windows\system32\iesysprep.dll

2013-08-16 01:46:57 817664 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll

2013-08-16 01:46:56 770648 ----a-w- c:\program files\internet explorer\iexplore.exe

2013-08-16 01:46:56 1767936 ----a-w- c:\windows\system32\wininet.dll

2013-08-16 01:44:51 -------- d-----w- c:\users\carol\appdata\local\{549247ED-063B-45E7-945D-CA26B5B96DC2}

2013-08-16 01:38:14 -------- d-----w- c:\program files\Ask.com

2013-08-16 01:04:23 652800 ----a-w- c:\windows\system32\rpcrt4.dll

2013-08-16 01:04:20 175104 ----a-w- c:\windows\system32\wintrust.dll

2013-08-16 01:04:20 140288 ----a-w- c:\windows\system32\cryptsvc.dll

2013-08-16 01:04:20 1166848 ----a-w- c:\windows\system32\crypt32.dll

2013-08-16 01:04:19 103936 ----a-w- c:\windows\system32\cryptnet.dll

2013-08-16 01:04:13 3913664 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-08-16 01:04:12 3968960 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-08-16 01:04:12 1289096 ----a-w- c:\windows\system32\ntdll.dll

2013-08-16 01:04:10 1293760 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-08-16 01:04:09 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL

2013-08-16 01:04:00 2048 ----a-w- c:\windows\system32\tzres.dll

2013-08-16 01:03:52 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys

2013-08-16 00:43:18 -------- d-----w- c:\users\carol\appdata\local\{F523BF66-6006-41F2-A58C-C1A401BE4CB7}

2013-08-13 00:40:42 61680 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2013-08-13 00:40:40 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2013-08-13 00:40:37 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2013-08-13 00:40:04 41664 ----a-w- c:\windows\avastSS.scr

2013-08-13 00:39:46 -------- d-----w- c:\program files\AVAST Software

2013-08-12 23:43:16 -------- d-----w- c:\users\carol\appdata\local\Mozilla

2013-08-12 23:40:08 -------- d-----w- c:\users\carol\appdata\local\DealPlyLive

2013-08-12 23:16:42 -------- d-----w- c:\users\carol\appdata\local\{1BEE9B77-8620-45C8-92CA-12D0FB2D56B3}

2013-08-12 03:46:15 -------- d-----w- C:\Boot

2013-08-12 03:22:28 -------- d-----w- c:\users\carol\appdata\local\{316469A0-E93D-4D7E-AD26-A4A54C66CABC}

2013-08-12 02:57:14 -------- d-----w- c:\programdata\GAS Tecnologia

2013-08-11 15:21:51 -------- d-----w- c:\users\carol\appdata\local\{1B099097-74FA-4752-A9C5-17868E7F2058}

2013-08-11 03:21:14 -------- d-----w- c:\users\carol\appdata\local\{DD2584DB-D50F-412D-ACA3-DDDE190E452D}

2013-08-10 15:20:42 -------- d-----w- c:\users\carol\appdata\local\{2D4AB550-EC53-4A43-BA2D-0D4D597E2129}

2013-08-10 01:45:08 -------- d-----w- c:\users\carol\appdata\local\{3EF03C5F-0FDB-42E9-BAEE-FA53FE4B9618}

2013-08-09 00:28:53 -------- d-----w- c:\users\carol\appdata\local\{A9A9A80E-622B-4043-A6B9-D97A5891A6B1}

2013-08-07 01:01:25 -------- d-----w- c:\users\carol\appdata\local\{F07DEC89-F6D1-4A5C-BAB1-E82E3A21B9B9}

2013-08-06 01:58:16 -------- d-----w- c:\users\carol\appdata\local\{E6241705-8D66-4607-B172-A9BCB0018DB7}

2013-08-04 16:44:57 -------- d-----w- c:\users\carol\appdata\local\{7033680E-099D-46FE-B9AF-EDB9BA1EFFCF}

2013-08-03 13:01:00 -------- d-----w- c:\users\carol\appdata\local\{93A76A6D-B6A2-4527-94C3-46264DF64EF0}

2013-08-02 00:31:57 -------- d-----w- c:\users\carol\appdata\local\{00F5F4DC-F68D-4DE6-AE3C-06ABB070095C}

2013-07-31 22:52:58 -------- d-----w- c:\users\carol\appdata\local\{313FD20A-8373-427B-B794-902BC3CD310C}

2013-07-29 23:18:32 -------- d-----w- c:\users\carol\appdata\local\{A4DF41C4-4D56-4C71-8E7C-933250B33945}

2013-07-29 00:50:20 -------- d-----w- c:\users\carol\appdata\local\{C118F206-2F7A-49CA-B5FA-FD343411505B}

2013-07-28 12:49:41 -------- d-----w- c:\users\carol\appdata\local\{EE8B0270-792F-469C-96F9-30AD9F6FCA8E}

2013-07-27 13:42:04 -------- d-----w- c:\users\carol\appdata\local\{2223E1EB-8DC6-46F9-900F-C754669331D7}

2013-07-27 12:08:38 -------- d-----w- c:\users\carol\appdata\local\{D8B0F9E0-0926-4B63-8B7A-5B658549D04B}

.

==================== Find3M ====================

.

2013-08-13 01:04:30 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2013-08-12 03:53:13 31088 ----a-w- c:\windows\system32\drivers\GbpNdisrd.sys

2013-07-26 03:12:04 2877440 ----a-w- c:\windows\system32\jscript9.dll

2013-07-26 03:12:00 61440 ----a-w- c:\windows\system32\iesetup.dll

2013-07-26 02:49:14 2706432 ----a-w- c:\windows\system32\mshtml.tlb

2013-06-29 01:26:13 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-06-29 01:26:13 867240 ----a-w- c:\windows\system32\npDeployJava1.dll

2013-06-29 01:26:13 789416 ----a-w- c:\windows\system32\deployJava1.dll

2013-06-05 03:05:09 2347520 ----a-w- c:\windows\system32\win32k.sys

2013-06-04 04:53:07 509440 ----a-w- c:\windows\system32\qedit.dll

2013-05-28 13:05:16 163328 ----a-w- c:\windows\system32\FlashPlayerUpdateService.exe

.

============= FINISH: 21:38:01,48 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Starter

Boot Device: \Device\HarddiskVolume1

Install Date: 24/04/2010 14:34:12

System Uptime: 25/08/2013 18:35:19 (3 hours ago)

.

Motherboard: INTELBRAS | | IE-G31TM7

Processor: Pentium® Dual-Core CPU E5400 @ 2.70GHz | CPU 1 | 2693/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 298 GiB total, 237,102 GiB free.

D: is CDROM ()

F: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP611: 04/08/2013 22:11:39 - Windows Update

RP612: 05/08/2013 23:52:07 - Windows Update

RP613: 08/08/2013 21:31:10 - Windows Update

RP614: 08/08/2013 23:06:41 - Windows Update

RP615: 10/08/2013 01:58:45 - Windows Update

RP616: 10/08/2013 18:23:20 - Windows Update

RP617: 11/08/2013 01:12:26 - Windows Update

RP618: 11/08/2013 21:54:59 - Windows Update

RP619: 12/08/2013 20:19:34 - Windows Update

RP620: 12/08/2013 21:39:19 - Configuração do(a) avast! Free Antivirus

RP621: 12/08/2013 23:36:09 - Windows Update

RP622: 15/08/2013 22:43:58 - Removed Facebook Video Calling 1.2.0.287

RP623: 15/08/2013 22:46:09 - Windows Update

RP625: 15/08/2013 23:10:54 - Windows Live Essentials

RP626: 15/08/2013 23:11:33 - WLSetup

RP627: 22/08/2013 19:47:19 - Windows Update

RP628: 23/08/2013 00:15:00 - Windows Update

RP629: 25/08/2013 18:22:26 - 25/08

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

Adobe Reader 9.4.5 - Português

Adobe Shockwave Player 12.0

Arquivo do WinRAR

Ask Toolbar

Ask Toolbar Updater

Atualização do produto Microsoft Office Excel 2007 Help (KB963678)

Atualização do produto Microsoft Office Outlook 2007 Help (KB963677)

Atualização do produto Microsoft Office Powerpoint 2007 Help (KB963669)

Atualização do produto Microsoft Office Word 2007 Help (KB963665)

avast! Free Antivirus

Babylon toolbar

BabylonObjectInstaller

BrOffice.org 3.1

CCleaner

CutePDF Writer 3.0

CyberLink DVD Suite

CyberLink Power2Go

CyberLink PowerDVD 9

DICMAXI Michaelis - Português

FileLab Plugin 1.1.33

FM JPG To PDF Converter Free 2.02

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

Integração Office 2007

Intel® Graphics Media Accelerator Driver

Intel® TV Wizard

Java 7 Update 25

Java Auto Updater

Java 6 Update 30

Malwarebytes Anti-Malware versão 1.75.0.1300

Media Player Packages

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Client Profile PTB Language Pack

Microsoft Application Error Reporting

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (Portuguese (Brazil)) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (Portuguese (Brazil)) 2007

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (Portuguese (Brazil)) 2007

Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (Portuguese (Brazil)) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (Portuguese (Brazil)) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007

Microsoft Office Shared MUI (Portuguese (Brazil)) 2007

Microsoft Office Word MUI (Portuguese (Brazil)) 2007

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Octoshape add-in for Adobe Flash Player

Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)

RealPlayer

RealUpgrade 1.0

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition

Security Update for Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil) (KB2478663)

Security Update for Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil) (KB2518870)

Skype™ 6.5

Softonic_Brasil Toolbar

StarterBackgroundChanger

Suplemento Microsoft Salvar como PDF ou XPS para programas do Microsoft Office 2007

swMSM

TomTom HOME

TomTom HOME Visual Studio Merge Modules

Unity Web Player

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

Update for Microsoft Office Outlook 2007 (KB2768023) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817642) 32-Bit Edition

USB 2.0 Camera

VobSub v2.23 (Remove Only)

Windows Live Sync

Windows Mobile Device Center

.

==== End Of File ===========================

GMER 2.1.19163 - http://www.gmer.net

Rootkit scan 2013-08-25 22:18:10

Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 WDC_WD3200AAJS-00L7A0 rev.01.03E01 298,09GB

Running: gmer.exe; Driver: C:\Users\Carol\AppData\Local\Temp\pgloqpog.sys

---- System - GMER 2.1 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x89B10610]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x900FB5FA]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x89B110E6]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x89B1CF18]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x89B1CF64]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x89B1D0FE]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x89B1CE86]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x900FB992]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x89B1CECE]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0x89B115E4]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThreadEx [0x89B11800]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x89B1D0B8]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0x89B11E9C]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x89B10676]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0x89B15596]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x900FB6C2]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x900F9C12]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x89B106DC]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x89B1598C]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x89B1292C]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x89B1CF42]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x89B1CF86]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x89B1D122]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x89B1CEAC]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0x89B14E78]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x89B1D036]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x89B1CEF6]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0x89B1526E]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x89B1D0DC]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x900FB822]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x89B127F8]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThreadEx [0x89B12506]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x89B10742]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x89B107A8]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0x89B11D16]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x89B102F8]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x89B104CE]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x89B1045C]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0x89B12066]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0x89B121C8]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x89B10556]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x900FB8EA]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0x89B11CF6]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0x900F9C42]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x89B1080E]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x900FB76E]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x90114E00]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 2.1 ----

.text ntoskrnl.exe!ZwRollbackEnlistment + 1268 82C4C804 4 Bytes JMP 85934188

.text ntoskrnl.exe!ZwRollbackEnlistment + 1409 82C4C9A5 1 Byte [06]

.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 82C6C512 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

.text ntoskrnl.exe!KeRemoveQueueEx + 1393 82C73988 4 Bytes [10, 06, B1, 89] {ADC [ESI], AL; MOV CL, 0x89}

.text ntoskrnl.exe!KeRemoveQueueEx + 13BB 82C739B0 4 Bytes [FA, B5, 0F, 90] {CLI ; MOV CH, 0xf; NOP }

.text ntoskrnl.exe!KeRemoveQueueEx + 141B 82C73A10 4 Bytes [E6, 10, B1, 89] {OUT 0x10, AL; MOV CL, 0x89}

.text ntoskrnl.exe!KeRemoveQueueEx + 146F 82C73A64 8 Bytes [18, CF, B1, 89, 64, CF, B1, ...] {SBB BH, CL; MOV CL, 0x89; IRET ; MOV CL, 0x89}

.text ntoskrnl.exe!KeRemoveQueueEx + 147B 82C73A70 4 Bytes [FE, D0, B1, 89]

.text ...

PAGE ntoskrnl.exe!ObMakeTemporaryObject 82DF94CE 5 Bytes JMP 90111C9A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

PAGE ntoskrnl.exe!RtlCompareUnicodeStrings + 50C 82E20A46 5 Bytes JMP 901137CC \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 108 82E271A1 4 Bytes CALL 89B12FEF \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

PAGE ntoskrnl.exe!ZwAlpcSendWaitReceivePort + 122 82E63EDD 4 Bytes CALL 89B13005 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

PAGE ntoskrnl.exe!ZwCreateProcessEx 82EE9AD8 7 Bytes JMP 90114E04 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

? C:\Windows\system32\Drivers\PROCEXP113.SYS O sistema não pode encontrar o arquivo especificado. !

? C:\Users\Carol\AppData\Local\Temp\mbr.sys O sistema não pode encontrar o arquivo especificado. !

.text kernel32.dll!GetBinaryTypeW + 70 771769F4 1 Byte [62]

---- User code sections - GMER 2.1 ----

.text C:\Windows\system32\csrss.exe[424] kernel32.dll!GetBinaryTypeW + 70 771769F4 1 Byte [62]

.text C:\Windows\system32\wininit.exe[464] kernel32.dll!GetBinaryTypeW + 70 771769F4 1 Byte [62]

.text C:\Windows\system32\csrss.exe[476] kernel32.dll!GetBinaryTypeW + 70 771769F4 1 Byte [62]

.text C:\Windows\system32\services.exe[520] kernel32.dll!GetBinaryTypeW + 70 771769F4 1 Byte [62]

.text ...

.text C:\Program Files\Internet Explorer\iexplore.exe[4348] ntdll.dll!LdrUnloadDll 7724C8DE 5 Bytes JMP 000E03FC

.text C:\Program Files\Internet Explorer\iexplore.exe[4348] ntdll.dll!LdrLoadDll 772522AE 5 Bytes JMP 000E01F8

.text C:\Program Files\Internet Explorer\iexplore.exe[4348] KERNEL32.dll!GetBinaryTypeW + 70 771769F4 1 Byte [62]

.text C:\Program Files\Internet Explorer\iexplore.exe[4348] user32.DLL!UnhookWindowsHookEx 7698ADF9 5 Bytes JMP 00100A08

.text C:\Program Files\Internet Explorer\iexplore.exe[4348] user32.DLL!UnhookWinEvent 7698B750 5 Bytes JMP 001003FC

.text C:\Program Files\Internet Explorer\iexplore.exe[4348] user32.DLL!SetWindowsHookExW 7698E30C 5 Bytes JMP 00100804

.text C:\Program Files\Internet Explorer\iexplore.exe[4348] user32.DLL!SetWinEventHook 769924DC 5 Bytes JMP 001001F8

.text C:\Program Files\Internet Explorer\iexplore.exe[4348] user32.DLL!SetWindowsHookExA 769B6D0C 5 Bytes JMP 00100600

.text C:\Windows\system32\schtasks.exe[4424] kernel32.dll!GetBinaryTypeW + 70 771769F4 1 Byte [62]

.text C:\Windows\System32\WUDFHost.exe[4568] kernel32.dll!GetBinaryTypeW + 70 771769F4 1 Byte [62]

.text C:\Windows\system32\conhost.exe[4584] kernel32.dll!GetBinaryTypeW + 70 771769F4 1 Byte [62]

.text C:\Users\Carol\Desktop\gmer\gmer.exe[4688] kernel32.dll!GetBinaryTypeW + 70 771769F4 1 Byte [62]

.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5108] kernel32.dll!GetBinaryTypeW + 70 771769F4 1 Byte [62]

.text C:\Program Files\Internet Explorer\iexplore.exe[5492] ntdll.dll!LdrUnloadDll 7724C8DE 5 Bytes JMP 000E03FC

.text C:\Program Files\Internet Explorer\iexplore.exe[5492] ntdll.dll!LdrLoadDll 772522AE 5 Bytes JMP 000E01F8

.text C:\Program Files\Internet Explorer\iexplore.exe[5492] KERNEL32.dll!GetBinaryTypeW + 70 771769F4 1 Byte [62]

.text C:\Program Files\Internet Explorer\iexplore.exe[5492] user32.DLL!UnhookWindowsHookEx 7698ADF9 5 Bytes JMP 00100A08

.text C:\Program Files\Internet Explorer\iexplore.exe[5492] user32.DLL!UnhookWinEvent 7698B750 5 Bytes JMP 001003FC

.text C:\Program Files\Internet Explorer\iexplore.exe[5492] user32.DLL!SetWindowsHookExW 7698E30C 5 Bytes JMP 00100804

.text C:\Program Files\Internet Explorer\iexplore.exe[5492] user32.DLL!SetWinEventHook 769924DC 5 Bytes JMP 001001F8

.text C:\Program Files\Internet Explorer\iexplore.exe[5492] user32.DLL!SetWindowsHookExA 769B6D0C 5 Bytes JMP 00100600

---- Kernel IAT/EAT - GMER 2.1 ----

IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!KeAddSystemServiceTable] [83AD38DC] \SystemRoot\system32\drivers\360HookOem.sys (360HookOem/360????)

IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!KeUserModeCallback] [83AD3DD8] \SystemRoot\system32\drivers\360HookOem.sys (360HookOem/360????)

---- User IAT/EAT - GMER 2.1 ----

IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1220] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [732C0790] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)

IAT C:\Program Files\AVAST Software\Avast\AvastUI.exe[3648] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [732C0790] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4348] @ C:\Windows\system32\advapi32.DLL [KERNEL32.dll!GetProcAddress] [71961E4B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4348] @ C:\Windows\system32\user32.DLL [KERNEL32.dll!CreateThread] [719631F2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4348] @ C:\Windows\system32\user32.DLL [KERNEL32.dll!GetProcAddress] [71961E4B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4348] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [71961E4B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4348] @ C:\Windows\system32\shlwapi.DLL [KERNEL32.dll!CreateThread] [719631F2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4348] @ C:\Windows\system32\shlwapi.DLL [KERNEL32.dll!GetProcAddress] [71961E4B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4348] @ C:\Windows\system32\shlwapi.DLL [uSER32.dll!DialogBoxParamW] [719787FF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4348] @ C:\Windows\system32\shlwapi.DLL [uSER32.dll!DialogBoxParamA] [7198F23A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4348] @ C:\Windows\system32\shlwapi.DLL [uSER32.dll!CreateWindowExA] [71964181] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4348] @ C:\Windows\system32\shlwapi.DLL [uSER32.dll!SetWindowLongW] [7196277F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4348] @ C:\Windows\system32\shlwapi.DLL [uSER32.dll!CreateWindowExW] [71963EA3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4348] @ C:\Windows\system32\shlwapi.DLL [uSER32.dll!DefWindowProcW] [719610AC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4348] @ C:\Windows\system32\shlwapi.DLL [uSER32.dll!DefWindowProcA] [71962821] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4348] @ C:\Windows\system32\shlwapi.DLL [uSER32.dll!SetWindowLongA] [71962A84] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4348] @ C:\Windows\system32\shlwapi.DLL [uSER32.dll!MessageBoxW] [7198EF6F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4348] @ C:\Windows\system32\shell32.DLL [uSER32.dll!MessageBoxW] [7198EF6F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4348] @ C:\Windows\system32\shell32.DLL [uSER32.dll!DialogBoxParamW] [719787FF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4348] @ C:\Windows\system32\shell32.DLL [uSER32.dll!CallNextHookEx] [71961018] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4348] @ C:\Windows\system32\shell32.DLL [uSER32.dll!UnhookWindowsHookEx] [71963750] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4348] @ C:\Windows\system32\shell32.DLL [uSER32.dll!SetWindowsHookExW] [71964205] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4348] @ C:\Windows\system32\shell32.DLL [uSER32.dll!CreateWindowExW] [71963EA3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4348] @ C:\Windows\system32\shell32.DLL [uSER32.dll!MessageBoxIndirectW] [71978867] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4348] @ C:\Windows\system32\shell32.DLL [uSER32.dll!EnableWindow] [71964093] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4348] @ C:\Windows\system32\shell32.DLL [uSER32.dll!DefWindowProcW] [719610AC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4348] @ C:\Windows\system32\shell32.DLL [uSER32.dll!SetWindowLongW] [7196277F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4348] @ C:\Windows\system32\shell32.DLL [KERNEL32.dll!TerminateThread] [71963A05] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4348] @ C:\Windows\system32\ole32.DLL [uSER32.dll!UnhookWindowsHookEx] [71963750] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4348] @ C:\Windows\system32\ole32.DLL [uSER32.dll!CallNextHookEx] [71961018] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4348] @ C:\Windows\system32\ole32.DLL [uSER32.dll!SetWindowsHookExW] [71964205] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4348] @ C:\Windows\system32\ole32.DLL [uSER32.dll!DefWindowProcW] [719610AC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4348] @ C:\Windows\system32\ole32.DLL [uSER32.dll!CreateWindowExW] [71963EA3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4348] @ C:\Windows\system32\ole32.DLL [uSER32.dll!DialogBoxParamW] [719787FF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4348] @ C:\Windows\system32\ole32.DLL [uSER32.dll!SetWindowLongW] [7196277F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4348] @ C:\Windows\system32\ole32.DLL [uSER32.dll!EnableWindow] [71964093] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4348] @ C:\Windows\system32\ole32.DLL [uSER32.dll!MessageBoxW] [7198EF6F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4348] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [71961E4B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4348] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [71961E4B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5492] @ C:\Windows\system32\advapi32.DLL [KERNEL32.dll!GetProcAddress] [71961E4B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5492] @ C:\Windows\system32\user32.DLL [KERNEL32.dll!GetProcAddress] [71961E4B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5492] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [71961E4B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5492] @ C:\Windows\system32\shlwapi.DLL [KERNEL32.dll!GetProcAddress] [71961E4B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5492] @ C:\Windows\system32\shlwapi.DLL [uSER32.dll!DialogBoxParamW] [719787FF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5492] @ C:\Windows\system32\shlwapi.DLL [uSER32.dll!DialogBoxParamA] [7198F23A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5492] @ C:\Windows\system32\shlwapi.DLL [uSER32.dll!SetWindowLongW] [7196277F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5492] @ C:\Windows\system32\shlwapi.DLL [uSER32.dll!SetWindowLongA] [71962A84] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5492] @ C:\Windows\system32\shlwapi.DLL [uSER32.dll!MessageBoxW] [7198EF6F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5492] @ C:\Windows\system32\shell32.DLL [uSER32.dll!MessageBoxW] [7198EF6F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5492] @ C:\Windows\system32\shell32.DLL [uSER32.dll!DialogBoxParamW] [719787FF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5492] @ C:\Windows\system32\shell32.DLL [uSER32.dll!MessageBoxIndirectW] [71978867] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5492] @ C:\Windows\system32\shell32.DLL [uSER32.dll!EnableWindow] [71964093] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5492] @ C:\Windows\system32\shell32.DLL [uSER32.dll!SetWindowLongW] [7196277F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5492] @ C:\Windows\system32\ole32.DLL [uSER32.dll!DialogBoxParamW] [719787FF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5492] @ C:\Windows\system32\ole32.DLL [uSER32.dll!SetWindowLongW] [7196277F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5492] @ C:\Windows\system32\ole32.DLL [uSER32.dll!EnableWindow] [71964093] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5492] @ C:\Windows\system32\ole32.DLL [uSER32.dll!MessageBoxW] [7198EF6F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5492] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [71961E4B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5492] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [71961E4B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5492] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [71961E4B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

---- Devices - GMER 2.1 ----

Device aswSP.SYS (avast! self protection module/AVAST Software)

Device Ntfs.sys (Driver do Sistema de Arquivos NT/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- Files - GMER 2.1 ----

File C:\avast! sandbox 0 bytes

File C:\avast! sandbox\S-1-5-21-3810769202-2178925162-2040268339-1000 0 bytes

File C:\avast! sandbox\S-1-5-21-3810769202-2178925162-2040268339-1000\webStorage 0 bytes

File C:\avast! sandbox\S-1-5-21-3810769202-2178925162-2040268339-1000\webStorage\C 0 bytes

File C:\avast! sandbox\S-1-5-21-3810769202-2178925162-2040268339-1000\webStorage\C\Users 0 bytes

File C:\avast! sandbox\S-1-5-21-3810769202-2178925162-2040268339-1000\webStorage\C\Users\Carol 0 bytes

File C:\avast! sandbox\S-1-5-21-3810769202-2178925162-2040268339-1000\webStorage\C\Users\Carol\AppData 0 bytes

File C:\avast! sandbox\S-1-5-21-3810769202-2178925162-2040268339-1000\webStorage\C\Users\Carol\AppData\Local 0 bytes

File C:\avast! sandbox\S-1-5-21-3810769202-2178925162-2040268339-1000\webStorage\C\Users\Carol\AppData\Local\Microsoft 0 bytes

File C:\avast! sandbox\S-1-5-21-3810769202-2178925162-2040268339-1000\webStorage\C\Users\Carol\AppData\Local\Microsoft\Windows 0 bytes

File C:\avast! sandbox\S-1-5-21-3810769202-2178925162-2040268339-1000\webStorage\C\Users\Carol\AppData\Local\Microsoft\Windows\Temporary Internet Files 0 bytes

File C:\avast! sandbox\S-1-5-21-3810769202-2178925162-2040268339-1000\webStorage\C\Users\Carol\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat 128 bytes

File C:\avast! sandbox\S-1-5-21-3810769202-2178925162-2040268339-1000\webStorage\C\Users\Carol\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low 0 bytes

File C:\avast! sandbox\S-1-5-21-3810769202-2178925162-2040268339-1000\webStorage\C\Users\Carol\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing 0 bytes

File C:\avast! sandbox\S-1-5-21-3810769202-2178925162-2040268339-1000\webStorage\C\Users\Carol\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat 294804 bytes

File C:\avast! sandbox\S-1-5-21-3810769202-2178925162-2040268339-1000\webStorage\C\Users\Carol\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 0 bytes

File C:\avast! sandbox\S-1-5-21-3810769202-2178925162-2040268339-1000\webStorage\C\Users\Carol\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\05WT37LX 0 bytes

File C:\avast! sandbox\S-1-5-21-3810769202-2178925162-2040268339-1000\webStorage\C\Users\Carol\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\05WT37LX\01b69088ad5e0a28565d0e0d94d07a61[1].png 1693 bytes

File C:\avast! sandbox\S-1-5-21-3810769202-2178925162-2040268339-1000\webStorage\C\Users\Carol\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\05WT37LX\107412a958c905c8393f4420c13be009-tb[1].jpg 2417 bytes

File C:\avast! sandbox\S-1-5-21-3810769202-2178925162-2040268339-1000\webStorage\C\Users\Carol\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\05WT37LX\1190638659-jumptogames-1-2[1].gif 20762 bytes

File C:\avast! sandbox\S-1-5-21-3810769202-2178925162-2040268339-1000\webStorage\C\Users\Carol\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\05WT37LX\13922947[1].jpg 827 bytes

File C:\avast! sandbox\S-1-5-21-3810769202-2178925162-2040268339-1000\webStorage\C\Users\Carol\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\05WT37LX\1538727[1].jpg 2278 bytes

File C:\avast! sandbox\S-1-5-21-3810769202-2178925162-2040268339-1000\webStorage\C\Users\Carol\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\05WT37LX\1801292428[1].jpg 2452 bytes

File C:\avast! sandbox\S-1-5-21-3810769202-2178925162-2040268339-1000\webStorage\C\Users\Carol\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\05WT37LX\1b9040a863cccfbdaa111ca7bb304490-tb2[1].jpg 2181 bytes

File C:\avast! sandbox\S-1-5-21-3810769202-2178925162-2040268339-1000\webStorage\C\Users\Carol\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\05WT37LX\1[1].flv 3583762 bytes

File C:\avast! sandbox\S-1-5-21-3810769202-2178925162-2040268339-1000\webStorage\C\Users\Carol\AppData\Roaming 0 bytes

File C:\avast! sandbox\S-1-5-21-3810769202-2178925162-2040268339-1000\webStorage\C\Users\Carol\AppData\Roaming\Microsoft 0 bytes

File C:\avast! sandbox\S-1-5-21-3810769202-2178925162-2040268339-1000\webStorage\C\Users\Carol\AppData\Roaming\Microsoft\Windows 0 bytes

File C:\avast! sandbox\S-1-5-21-3810769202-2178925162-2040268339-1000\webStorage\C\Users\Carol\AppData\Roaming\Microsoft\Windows\Cookies 0 bytes

File C:\avast! sandbox\S-1-5-21-3810769202-2178925162-2040268339-1000\webStorage\C\Users\Carol\AppData\Roaming\Microsoft\Windows\Cookies\Low 0 bytes

File C:\avast! sandbox\S-1-5-21-3810769202-2178925162-2040268339-1000\webStorage\C\Users\Carol\AppData\Roaming\Microsoft\Windows\Cookies\Low\00DKXGUB.txt 114 bytes

File C:\avast! sandbox\S-1-5-21-3810769202-2178925162-2040268339-1000\webStorage\C\Users\Carol\AppData\Roaming\Microsoft\Windows\Cookies\Low\00QLL265.txt 83 bytes

File C:\avast! sandbox\S-1-5-21-3810769202-2178925162-2040268339-1000\webStorage\C\Users\Carol\AppData\Roaming\Microsoft\Windows\Cookies\Low\01QWZ77W.txt 508 bytes

File C:\avast! sandbox\S-1-5-21-3810769202-2178925162-2040268339-1000\webStorage\C\Users\Carol\AppData\Roaming\Microsoft\Windows\Cookies\Low\01U9AILD.txt 949 bytes

File C:\avast! sandbox\S-1-5-21-3810769202-2178925162-2040268339-1000\webStorage\C\Users\Carol\AppData\Roaming\Microsoft\Windows\Cookies\Low\01XS693A.txt 141 bytes

File C:\avast! sandbox\S-1-5-21-3810769202-2178925162-2040268339-1000\webStorage\C\Users\Carol\AppData\Roaming\Microsoft\Windows\Cookies\Low\02A4SUI5.txt 275 bytes

File C:\avast! sandbox\S-1-5-21-3810769202-2178925162-2040268339-1000\webStorage\C\Users\Carol\AppData\Roaming\Microsoft\Windows\Cookies\Low\02VM2021.txt 662 bytes

File C:\avast! sandbox\S-1-5-21-3810769202-2178925162-2040268339-1000\webStorage\C\Users\Carol\AppData\Roaming\Microsoft\Windows\Cookies\Low\05I82L0S.txt 93 bytes

File C:\avast! sandbox\S-1-5-21-3810769202-2178925162-2040268339-1000\webStorage\C\Users\Carol\AppData\Roaming\Microsoft\Windows\Cookies\Low\06MRSYLR.txt 232 bytes

File C:\avast! sandbox\S-1-5-21-3810769202-2178925162-2040268339-1000\webStorage\C\Users\Carol\AppData\Roaming\Microsoft\Windows\Cookies\Low\07IFIVY0.txt 192 bytes

File C:\avast! sandbox\S-1-5-21-3810769202-2178925162-2040268339-1000\webStorage\C\Users\Carol\AppData\Roaming\Microsoft\Windows\Cookies\Low\084T2K6F.txt 407 bytes

File C:\avast! sandbox\S-1-5-21-3810769202-2178925162-2040268339-1000\webStorage\C\Users\Carol\AppData\Roaming\Microsoft\Windows\Cookies\Low\0B50URVT.txt 87 bytes

File C:\avast! sandbox\S-1-5-21-3810769202-2178925162-2040268339-1000\webStorage\C\Users\Carol\AppData\Roaming\Microsoft\Windows\Cookies\Low\0BGMJIBX.txt 479 bytes

File C:\avast! sandbox\S-1-5-21-3810769202-2178925162-2040268339-1000\webStorage\C\Users\Carol\AppData\Roaming\Microsoft\Windows\Cookies\Low\0BYS5KQH.txt 89 bytes

File C:\avast! sandbox\S-1-5-21-3810769202-2178925162-2040268339-1000\webStorage\C\Users\Carol\AppData\Roaming\Microsoft\Windows\Cookies\Low\0D9SDAV3.txt 376 bytes

File C:\avast! sandbox\S-1-5-21-3810769202-2178925162-2040268339-1000\webStorage\C\Users\Carol\AppData\Roaming\Microsoft\Windows\Cookies\Low\0F8UU3R8.txt 794 bytes

File C:\avast! sandbox\S-1-5-21-3810769202-2178925162-2040268339-1000\webStorage\C\Users\Carol\AppData\Roaming\Microsoft\Windows\Cookies\Low\0FT2HHAI.txt 352 bytes

File C:\avast! sandbox\S-1-5-21-3810769202-2178925162-2040268339-1000\webStorage\C\Users\Carol\AppData\Roaming\Microsoft\Windows\Cookies\Low\0GMMKO1Y.txt 264 bytes

File C:\avast! sandbox\S-1-5-21-3810769202-2178925162-2040268339-1000\webStorage\C\Users\Carol\AppData\Roaming\Microsoft\Windows\Cookies\Low\0GXHL6B9.txt 320 bytes

File C:\avast! sandbox\S-1-5-21-3810769202-2178925162-2040268339-1000\webStorage\C\Users\Carol\AppData\Roaming\Microsoft\Windows\Cookies\Low\0GYLGAEV.txt 306 bytes

File C:\avast! sandbox\S-1-5-21-3810769202-2178925162-2040268339-1000\webStorage\C\Users\Carol\AppData\Roaming\Microsoft\Windows\Cookies\Low\0H1F5FGH.txt 307 bytes

File C:\avast! sandbox\S-1-5-21-3810769202-2178925162-2040268339-1000\webStorage\C\Users\Carol\AppData\Roaming\Microsoft\Windows\Cookies\Low\0HO9CGLY.txt 407 bytes

File C:\avast! sandbox\S-1-5-21-3810769202-2178925162-2040268339-1000\webStorage\C\Users\Carol\AppData\Roaming\Microsoft\Windows\Cookies\Low\0JNN6L4A.txt 89 bytes

File C:\avast! sandbox\S-1-5-21-3810769202-2178925162-2040268339-1000\webStorage\C\Users\Carol\AppData\Roaming\Microsoft\Windows\Cookies\Low\0JQRW2VO.txt 1349 bytes

File C:\avast! sandbox\S-1-5-21-3810769202-2178925162-2040268339-1000\webStorage\C\Users\Carol\AppData\Roaming\Microsoft\Windows\Cookies\Low\0JXOWJCU.txt 283 bytes

File C:\avast! sandbox\S-1-5-21-3810769202-2178925162-2040268339-1000\webStorage\C\Users\Carol\AppData\Roaming\Microsoft\Windows\Cookies\Low\0K12EJ3B.txt 320 bytes

File C:\avast! sandbox\S-1-5-21-3810769202-2178925162-2040268339-1000\webStorage\C\Users\Carol\AppData\Roaming\Microsoft\Windows\Cookies\Low\0KNXII32.txt 647 bytes

File C:\avast! sandbox\S-1-5-21-3810769202-2178925162-2040268339-1000\webStorage\C\Users\Carol\AppData\Roaming\Microsoft\Windows\Cookies\Low\0KO43TC2.txt 122 bytes

File C:\avast! sandbox\S-1-5-21-3810769202-2178925162-2040268339-1000\webStorage\C\Users\Carol\AppData\Roaming\Microsoft\Windows\Cookies\Low\0L2XXT3H.txt 649 bytes

File C:\avast! sandbox\S-1-5-21-3810769202-2178925162-2040268339-1000\webStorage\C\Windows 0 bytes

File C:\avast! sandbox\S-1-5-21-3810769202-2178925162-2040268339-1000\webStorage\C\Windows\Prefetch 0 bytes

File C:\avast! sandbox\S-1-5-21-3810769202-2178925162-2040268339-1000\webStorage\C\Windows\Prefetch\CHROME.EXE-5A1054AF.pf 134256 bytes

File C:\avast! sandbox\S-1-5-21-3810769202-2178925162-2040268339-1000\webStorage\C\Windows\Prefetch\IEXPLORE.EXE-908C99F8.pf 97180 bytes

File C:\avast! sandbox\S-1-5-21-3810769202-2178925162-2040268339-1000\webStorage\snx_fs.dat 11608 bytes

File C:\avast! sandbox\snx_rhive 262144 bytes

File C:\avast! sandbox\snx_rhive.LOG1 13312 bytes

File C:\avast! sandbox\snx_rhive.LOG2 0 bytes

File C:\avast! sandbox\snx_rhive{777548f3-060c-11e3-a1f2-002511df51c7}.TM.blf 65536 bytes

File C:\avast! sandbox\snx_rhive{777548f3-060c-11e3-a1f2-002511df51c7}.TMContainer00000000000000000001.regtrans-ms 524288 bytes

File C:\avast! sandbox\snx_rhive{777548f3-060c-11e3-a1f2-002511df51c7}.TMContainer00000000000000000002.regtrans-ms 524288 bytes

---- EOF - GMER 2.1 ----

Compartilhar este post


Link para o post
Compartilhar em outros sites

Faça o download do Malwarebytes Anti-Malware:

  • Link1
  • Link alternativo
    • Clique duas vezes em mbam-setup.exe, escolha a linguagem e siga as instruções para o software ser instalado.
    • Certifique-se que esteja marcada a caixa Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware, e clique em concluir.
    • Se existirem atualizações, elas serão baixadas e instaladas.
    • Quando as atualizações terminarem, abrirá uma janela do programa. Marque "Verificação Rápida", e depois clique no botão Verificar.
    • O scan iniciará e poderá ser demorado. Por favor seja paciente.
    • Quando o scan estiver completo, clique em Ok, depois em Mostrar Resultados para ver o log.
    • Se algo for encontrado, certifique-se que tudo está marcado e clique em Remover.
    • Quando a desinfecção terminar, automaticamente um log surgirá aberto num documento do Bloco de Notas e pode ser questionado para reiniciar o PC. (Leia a nota)
    • O log é automaticamente guardado e pode ser consultado clicando na tab Logs do menu principal.
    • Copie e cole o conteúdo desse log na sua próxima resposta.

Nota: Em infecções mais complicadas, poderá haver a necessidade de reiniciar o PC. Caso lhe seja pedido para reiniciar, por favor, faça-o imediatamente.

Depois,

Leia as instruções contidas neste link:

Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

  1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

[*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).[*]Duplo clique no icone desktopicon.png que está no desktop.[*]Leia e aceite as condições, digitando 1 e enter.[*]Computadores com Windows XP deverão instalar o Console de Recuperação:

  • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
  • Clique em "OK" ao EULA.
  • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

[*]O ComboFix será executado, por favor seja paciente e aguarde. [*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.[*]Poderá surgir o aviso que é necessário reiniciar o computador.

NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

  • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
  • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
  • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite,

segue log do Malwarebytes e na sequencia log do combofix

Versão da Base de Dados: v2013.08.29.09

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 10.0.9200.16660

Carol :: CAROL-PC [administrador]

Proteção: Não permitir

29/08/2013 23:41:57

mbam-log-2013-08-29 (23-41-57).txt

Tipo de Verificação: Verificação Rápida

Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM

Opções de verificação desativadas: P2P

Objetos escaneados: 214764

Tempo decorrido: 5 minuto(s), 22 segundo(s)

Processos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 21

HKCR\AppID\{80FABB17-63AF-4655-9F07-B6509EE37AF2} (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

HKCR\CLSID\{80FABB17-63AF-4655-9F07-B6509EE37AF2} (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

HKCR\AppID\{F48FC5B2-094A-44C7-B48C-289738C9582D} (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

HKCR\CLSID\{F48FC5B2-094A-44C7-B48C-289738C9582D} (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

HKCR\CLSID\{9BDB5E09-4BBA-4422-8C2B-529B281C32B8} (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

HKCR\CLSID\{CA5D945F-E738-4D0B-A0B5-25AC51C64659} (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

HKCR\CLSID\{F7698761-4ABA-45C2-A5BB-D2163922C725} (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1} (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1} (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C536F080-57B7-46D6-8894-C647553F2889} (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

HKCR\AppID\DealPlyLive.exe (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

HKCU\SOFTWARE\DealPlyLive (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

HKCU\SOFTWARE\DEALPLY (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

HKCU\Software\1ClickDownload (PUP.Optional.1ClickDownload.A) -> Enviado para a Quarentena e deletado com sucesso.

HKCU\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Enviado para a Quarentena e deletado com sucesso.

HKLM\SOFTWARE\BabylonToolbar (PUP.Optional.Babylon.A) -> Enviado para a Quarentena e deletado com sucesso.

HKLM\SOFTWARE\DealPlyLive (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

HKLM\SOFTWARE\DEALPLY (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

HKLM\SOFTWARE\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=3 (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

HKLM\SOFTWARE\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=9 (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Enviado para a Quarentena e deletado com sucesso.

Valores de Registro Detectadas: 4

HKCU\SOFTWARE\DealPly|Partner (PUP.Optional.DealPly.A) -> Data: iron -> Enviado para a Quarentena e deletado com sucesso.

HKCU\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: {20A6D819-BEEC-471E-96D2-0C4675362435} -> Enviado para a Quarentena e deletado com sucesso.

HKLM\SOFTWARE\DealPly|ChromeCrxPath (PUP.Optional.DealPly.A) -> Data: C:\Program Files\DealPly\DealPly.crx -> Enviado para a Quarentena e deletado com sucesso.

HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: {20A6D819-BEEC-471E-96D2-0C4675362435} -> Enviado para a Quarentena e deletado com sucesso.

Itens de Dados no Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Pastas Detectadas: 3

C:\Users\Carol\AppData\Roaming\File Scout (PUP.Optional.FileScout.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Carol\AppData\Local\DealPlyLive (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Carol\AppData\Local\DealPlyLive\CrashReports (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

Arquivos Detectados: 2

C:\Users\Carol\AppData\Roaming\File Scout\Sumário do OneNote.onetoc2 (PUP.Optional.FileScout.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Carol\AppData\Roaming\File Scout\uninst.exe (PUP.Optional.FileScout.A) -> Enviado para a Quarentena e deletado com sucesso.

(fim)

ComboFix 13-08-29.02 - Carol 30/08/2013 0:23.2.2 - x86

Microsoft Windows 7 Starter 6.1.7601.1.1252.55.1046.18.2038.1028 [GMT -3:00]

Executando de: c:\users\Carol\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

A cópia de c:\windows\system32\userinit.exe foi encontrada e desinfectada

Cópia restaurada de - c:\windows\erdnt\cache\userinit.exe

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2013-07-28 to 2013-08-30 ))))))))))))))))))))))))))))

.

.

2013-08-30 03:32 . 2013-08-30 03:32 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-08-30 02:59 . 2013-08-30 02:59 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2013-08-30 02:57 . 2013-08-30 02:57 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4B959583-DCA9-423D-AF00-CEDD1297CDAA}\offreg.dll

2013-08-30 02:35 . 2013-08-30 02:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-08-30 02:35 . 2013-04-04 17:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-08-27 22:50 . 2013-08-06 07:28 7166848 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4B959583-DCA9-423D-AF00-CEDD1297CDAA}\mpengine.dll

2013-08-26 00:33 . 2013-08-26 00:33 -------- d--h--w- c:\windows\PIF

2013-08-25 16:51 . 2013-08-25 16:51 -------- d-----w- c:\users\Carol\AppData\Roaming\Malwarebytes

2013-08-25 16:50 . 2013-08-25 16:50 -------- d-----w- c:\programdata\Malwarebytes

2013-08-22 22:52 . 2013-08-22 22:52 -------- d-----w- c:\program files\Tor

2013-08-16 02:57 . 2013-08-16 02:57 -------- d-----w- c:\program files\CCleaner

2013-08-16 01:52 . 2013-08-16 01:54 -------- d-----w- c:\windows\system32\MRT

2013-08-16 01:46 . 2013-07-26 03:12 109056 ----a-w- c:\windows\system32\iesysprep.dll

2013-08-16 01:46 . 2013-07-26 01:59 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2013-08-16 01:46 . 2013-07-26 03:13 817664 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll

2013-08-16 01:46 . 2013-07-26 03:49 770648 ----a-w- c:\program files\Internet Explorer\iexplore.exe

2013-08-16 01:46 . 2013-07-26 03:13 1767936 ----a-w- c:\windows\system32\wininet.dll

2013-08-16 01:38 . 2013-08-16 01:38 -------- d-----w- c:\program files\Ask.com

2013-08-16 01:04 . 2013-07-09 04:50 652800 ----a-w- c:\windows\system32\rpcrt4.dll

2013-08-16 01:04 . 2013-07-09 04:52 175104 ----a-w- c:\windows\system32\wintrust.dll

2013-08-16 01:04 . 2013-07-09 04:46 140288 ----a-w- c:\windows\system32\cryptsvc.dll

2013-08-16 01:04 . 2013-07-09 04:46 1166848 ----a-w- c:\windows\system32\crypt32.dll

2013-08-16 01:04 . 2013-07-09 04:46 103936 ----a-w- c:\windows\system32\cryptnet.dll

2013-08-16 01:04 . 2013-07-09 05:03 3913664 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-08-16 01:04 . 2013-07-09 05:03 3968960 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-08-16 01:04 . 2013-07-09 04:53 1289096 ----a-w- c:\windows\system32\ntdll.dll

2013-08-16 01:04 . 2013-07-06 05:05 1293760 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-08-16 01:04 . 2013-07-25 08:57 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL

2013-08-16 01:04 . 2013-07-19 01:41 2048 ----a-w- c:\windows\system32\tzres.dll

2013-08-16 01:03 . 2013-06-15 03:38 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys

2013-08-13 00:40 . 2013-08-13 01:04 369584 ----a-w- c:\windows\system32\drivers\aswSP.sys

2013-08-13 00:40 . 2013-05-09 08:59 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2013-08-13 00:40 . 2013-05-09 08:59 61680 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2013-08-13 00:40 . 2013-08-13 01:04 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2013-08-13 00:40 . 2013-05-09 08:59 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2013-08-13 00:40 . 2013-05-09 08:59 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2013-08-13 00:40 . 2013-05-09 08:58 229648 ----a-w- c:\windows\system32\aswBoot.exe

2013-08-13 00:40 . 2013-05-09 08:58 41664 ----a-w- c:\windows\avastSS.scr

2013-08-13 00:39 . 2013-08-13 00:39 -------- d-----w- c:\program files\AVAST Software

2013-08-12 23:43 . 2013-08-12 23:43 -------- d-----w- c:\users\Carol\AppData\Local\Mozilla

2013-08-12 03:46 . 2013-08-12 03:46 -------- d-----w- C:\Boot

2013-08-12 02:57 . 2013-08-12 19:42 -------- d-----w- c:\programdata\GAS Tecnologia

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-08-13 01:04 . 2013-05-02 01:38 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2013-08-12 03:53 . 2013-06-08 19:03 31088 ----a-w- c:\windows\system32\drivers\GbpNdisrd.sys

2013-06-29 01:26 . 2013-06-29 01:26 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-06-29 01:26 . 2012-12-12 15:33 867240 ----a-w- c:\windows\system32\npDeployJava1.dll

2013-06-29 01:26 . 2012-01-27 12:53 789416 ----a-w- c:\windows\system32\deployJava1.dll

2013-06-05 03:05 . 2013-07-10 22:14 2347520 ----a-w- c:\windows\system32\win32k.sys

2013-06-04 04:53 . 2013-07-10 22:14 509440 ----a-w- c:\windows\system32\qedit.dll

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2013-04-25 1520776]

"{12fc3d37-2a42-4fe3-8489-81296878cba5}"= "c:\program files\Softonic_Brasil\tbSof1.dll" [2010-05-23 2515552]

.

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

.

[HKEY_CLASSES_ROOT\clsid\{12fc3d37-2a42-4fe3-8489-81296878cba5}]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{12fc3d37-2a42-4fe3-8489-81296878cba5}]

2010-05-23 16:05 2515552 ----a-w- c:\program files\Softonic_Brasil\tbSof1.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{12fc3d37-2a42-4fe3-8489-81296878cba5}"= "c:\program files\Softonic_Brasil\tbSof1.dll" [2010-05-23 2515552]

.

[HKEY_CLASSES_ROOT\clsid\{12fc3d37-2a42-4fe3-8489-81296878cba5}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{12FC3D37-2A42-4FE3-8489-81296878CBA5}"= "c:\program files\Softonic_Brasil\tbSof1.dll" [2010-05-23 2515552]

.

[HKEY_CLASSES_ROOT\clsid\{12fc3d37-2a42-4fe3-8489-81296878cba5}]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2013-05-09 08:58 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-09-07 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]

"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-04-27 87336]

"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2009-04-27 50472]

"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-08-12 210216]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-05-01 202256]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]

"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]

"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2013-04-25 1648264]

.

c:\users\Carol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Recorte de tela e Iniciador do OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [x]

R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-06-03 162408]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-08-30 40776]

R3 Ndisrd;GAS Tecnologia Service;c:\windows\system32\DRIVERS\gbpndisrd.sys [2013-08-12 31088]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

S0 360HookOem;360HookOem;c:\windows\system32\drivers\360HookOem.sys [2012-05-31 54912]

S0 aswRvrt;aswRvrt; [x]

S0 aswVmm;aswVmm; [x]

S1 360FileOem;360FileOem;c:\windows\system32\drivers\360FileOem.sys [2012-05-31 146304]

S1 360RegOem;360RegOem;c:\windows\system32\drivers\360RegOem.sys [2012-05-31 23168]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-05-09 66336]

S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]

S2 scpVista;scpVista;c:\program files\Scpad\scpVista.exe [2011-12-18 368544]

S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2013-03-22 93072]

S2 tor;Tor Win32 Service;c:\program files\Tor\tor.exe [2013-08-22 3233806]

S3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\system32\DRIVERS\l260x86.sys [2009-07-13 29184]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]

S3 NdisrdMP;NdisrdMP;c:\windows\system32\DRIVERS\gbpndisrd.sys [2013-08-12 31088]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-08-22 23:40 1177552 ----a-w- c:\program files\Google\Chrome\Application\29.0.1547.57\Installer\chrmstp.exe

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2013-08-30 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-16 13:05]

.

2013-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-02 01:55]

.

2013-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-02 01:55]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.bing.com

mStart Page = hxxp://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal

IE: E&xportar para o Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000

Trusted Zone: bancoreal.com.br\www

Trusted Zone: bancosantander.com.br\www

Trusted Zone: realsecureweb.com.br\www

Trusted Zone: realsecureweb.com.br\www2

Trusted Zone: realsecureweb.com.br\wwws

Trusted Zone: santander.com.br\www

Trusted Zone: santanderempresarial.com.br\www

Trusted Zone: santandernet.com.br\www

Trusted Zone: santandernet.com.br\wwws

Trusted Zone: santandernet.com.br\wwws2

Trusted Zone: santandernetibe.com.br\www

Trusted Zone: secureweb.com.br\www

TCP: DhcpNameServer = 201.82.0.69 201.82.0.67 201.6.4.116

TCP: Interfaces\{A0025E7E-3CA5-4DBD-B795-1DCBEEBEC7D2}: NameServer = 96.31.89.141,65.111.171.135

DPF: {444785F1-DE89-4295-863A-D46C3A781394} - hxxp://webplayer.unity3d.com/download_webplayer-2.x/UnityWebPlayer.cab

.

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Outros Processos em Execução ------------------------

.

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\windows\system32\taskhost.exe

c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

c:\program files\CyberLink\Shared files\RichVideo.exe

c:\windows\system32\conhost.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\windows\system32\igfxsrvc.exe

c:\program files\Microsoft Office\Office12\ONENOTEM.EXE

c:\windows\System32\WUDFHost.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\system32\sppsvc.exe

.

**************************************************************************

.

Tempo para conclusão: 2013-08-30 00:38:22 - Máquina reiniciou

ComboFix-quarantined-files.txt 2013-08-30 03:38

ComboFix2.txt 2013-08-25 21:41

.

Pré-execução: 254.373.445.632 bytes disponíveis

Pós execução: 254.330.621.952 bytes disponíveis

.

- - End Of File - - 9C3E22790D6C3A0ED8AFBEAB641E1DCC

A36C5E4F47E84449FF07ED3517B43A31

Compartilhar este post


Link para o post
Compartilhar em outros sites

O problema inicial persiste?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Aparentemente não há mais nenhum problema.

O ícone do Falso antivírus não aparece mais.

É possível que tenha mais alguma coisa??

Compartilhar este post


Link para o post
Compartilhar em outros sites

Baixe o Kaspersky AVP Tool de um desses 2 links:

http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/

http://dnl-us6.kaspersky-labs.com/devbuilds/AVPTool/

Você será conduzido a uma página da Kaspersky, solicitando um email para cadastro, nome e sobrenome. Somente o campo "email" é obrigatório.

Informe seu email depois clique no botão Submit Form.

A página será recarregada. Clique no botão Download

Salve-o em sua área de trabalho.

Execute o arquivo e aguarde a instalação.

** Usuários do Windows Vista e Windows 7:

Clique com o direito sobre o arquivo, depois clique em Executar como administrador

Na tela do contrato de licença, marque a opção I accept the license agreement e depois clique no botão Start. Aparentemente o programa congela e nada acontece. É normal, apenas aguarde até aparecer a tela inicial do programa, e então clique no ícone Settings:

KRT_settings.png

Nesta tela, marque a caixa ao lado de:

  • Meu Computador
  • Disco local (C:)

Marque também todas as unidades que aparecem abaixo de Disco Local, caso houverem. Depois clique na aba Automatic Scan

KRT_install2_.png

De volta à tela inicial do programa, clique no botão Start scanning

Tenha paciência, é um pouco demorado.

Quando terminar, caso tenha detectado algo, o programa irá lhe perguntar o que fazer.

Marque o quadradinho ao lado de Apply to all objects e depois clique em Skip (queremos apenas o log).

KRT_detection_.png

Enquanto durar o exame, a tela inicial exibirá uma barra de progresso. Quando terminar, o programa exibirá o status concluído e um botão que ficará na cor laranja, caso nada tenha sido detectado, e na cor vermelha, caso tenha encontrado algo.

Caso tenha detectado algo, o programa também exibirá uma tela de alerta, avisando que o seu sistema está desprotegido e sugerindo um produto da Kaspersky. Clique no botão No, thanks.

De volta à tela principal, caso tenha sido detectado algo, então salve o log. Se você fechar o programa e esquecer de salvar o log, terá que repetir todo o scan novamente.

Para salvar o log, clique no ícone Reports (ao lado do ícone "Settings"). Na próxima janela, clique em Detected Threats, depois clique no ícone de disquete para salvar o log.

Escolha um local de fácil acesso e salve como log.txt

Copie todo o conteúdo desse bloco de notas e cole na sua próxima resposta.

Se nada for detectado, então não precisa salvar o log. Apenas poste aqui avisando.

Para sair do programa, basta clicar no X no canto superior direito.

Compartilhar este post


Link para o post
Compartilhar em outros sites





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×