Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Gringo20

Suposto Malware, tanto em PC/notebook/Celular.

Recommended Posts

E ae :D

Bom eu postei na área de invasões & infecções, mas por uma recomendação do moderador de lá estou postando aqui.

Ele pediu para eu verificar as configurações de DNS primário e secundário do meu roteador, mandei a imagem a baixo:

XGQBILm.jpg

Com isso ele concluiu que é uma infecção que altera o meu DNS, restando saber se é um malware ou falha de segurança, onde ele diz que o mais provavel é que o problema seja no modem/roteador.

Segue a descrição dos dois problemas, um já foi resolve em partes por mim.

Estou com um problema que não me deixa acessar nenhum vídeo do youtube.

Tento entrar no youtube e aparece essa mensagem (imagem 1) dizendo que meu flash está desatualizado, o que é incorreto de acordo com o site oficial do flash player.

Imagem 1

rhvi.jpg

Além desse problema, toda vez que eu abria algum página da internet, essa mensagem (imagem 2) aparecia, fechava umas três vezes até parar de abrir. Entrava em algum outro site e novamente abria três ou quatro vezes.

Pior que essa irritação é pelo fato de o uso do meu CPU disparar pra 100% quando eu clico em executar.

Nota: Esse problema parou depois de eu desinstalar o JAVA, que até o momento não está fazendo falta.

Imagem 2

enb0.jpg

O que eu sei:

Esse problema no youtube não é constante, ele aparece, passa algumas horas e ele me libera o acesso ao youtube novamente.

É na minha rede/modem, pois tento entrar no youtube no notebook ou celular e a mesma imagem da primeira foto aparece.

Já passei CCleaner, malwarebyte e nada.

Desde já eu agradeço!

Aqui vai os logs:

DDS:

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 8.0.7600.16385

Run by Cliente at 0:54:39 on 2013-09-05

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1046.18.4050.2382 [GMT -3:00]

.

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\PROGRA~2\GbPlugin\GbpSv.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskhost.exe

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\Origin\Origin.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit = userinit.exe,

BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: GbIehObj Class: {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll

BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

uRun: [JAVA] "C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -jar "C:\Users\Cliente\a.gif"

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: &Enviar para o OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: E&xportar para o Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TCP: NameServer = 192.168.0.1

TCP: Interfaces\{EE8F6E3C-EBBD-45D6-AE92-3C2555025E99} : DHCPNameServer = 192.168.0.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

SEH: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1612.2\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Cliente\AppData\Roaming\Mozilla\Firefox\Profiles\61cgnupz.default\

FF - prefs.js: network.proxy.type - 2

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll

FF - plugin: C:\Users\Cliente\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll

FF - plugin: C:\Users\Cliente\AppData\Roaming\raidcall\plugins\nprcplugin.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

FF - ExtSQL: 2013-08-24 01:57; wrc@avast.com; C:\Program Files\AVAST Software\Avast\WebRep\FF

FF - ExtSQL: 2013-09-02 12:45; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF - ExtSQL: 2013-09-04 11:54; {87F8774F-B485-47E2-A755-A40A8A5E886C}; C:\Users\Cliente\AppData\Local\GAS Tecnologia\GBBD\bb\xpi

FF - ExtSQL: !HIDDEN! 2013-09-02 12:45; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

.

============= SERVICES / DRIVERS ===============

.

R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-8-24 65336]

R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-8-24 189936]

R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-8-24 1030952]

R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-8-24 378944]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-3-28 241152]

R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-8-24 33400]

R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-8-24 80816]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-8-24 46808]

R2 GbpSv;Gbp Service;C:\PROGRA~2\GbPlugin\GbpSv.exe [2013-9-4 409640]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-2-14 96768]

R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2013-8-24 32344]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-8-24 805088]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 MBAMScheduler;MBAMScheduler;D:\Victor\Programas\Malware\mbamscheduler.exe [2013-8-23 418376]

S2 MBAMService;MBAMService;D:\Victor\Programas\Malware\mbamservice.exe [2013-8-23 701512]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-7-25 162672]

S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-8-23 25928]

.

=============== Created Last 30 ================

.

2013-09-04 14:57:52 -------- d-----w- C:\ProgramData\boost_interprocess

2013-09-04 14:54:52 49536 ----a-w- C:\Windows\SysWow64\drivers\gbpkm.sys

2013-09-04 14:54:52 31088 ----a-w- C:\Windows\SysWow64\drivers\gbpndisrd.sys

2013-09-04 14:54:37 -------- d-----w- C:\ProgramData\GbPlugin

2013-09-04 14:54:37 -------- d-----w- C:\Program Files (x86)\GbPlugin

2013-09-04 14:54:24 720082 ----a-w- C:\Users\Cliente\AppData\Roaming\unins000.exe

2013-09-04 14:54:24 -------- d-----w- C:\Users\Cliente\AppData\Local\GAS Tecnologia

2013-09-04 14:54:24 -------- d-----w- C:\ProgramData\GAS Tecnologia

2013-09-03 14:03:01 -------- d-----w- C:\Users\Cliente\AppData\Local\Macromedia

2013-09-03 14:02:31 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-09-03 14:02:31 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-09-03 13:40:43 -------- d-----w- C:\Windows\System32\appmgmt

2013-09-02 22:12:34 -------- d-----w- C:\Program Files (x86)\Common Files\Steam

2013-09-02 15:48:04 -------- d-----w- C:\ProgramData\WEBREG

2013-09-02 15:47:46 -------- d-----w- C:\Users\Cliente\AppData\Local\HP

2013-09-02 15:43:58 -------- d-----w- C:\Program Files (x86)\Common Files\HP

2013-09-02 15:43:50 -------- d-----w- C:\Program Files (x86)\Common Files\Hewlett-Packard

2013-09-02 15:43:12 -------- d-----w- C:\Program Files (x86)\HP

2013-09-02 15:42:38 938496 ----a-w- C:\Windows\System32\hpowiax8.dll

2013-09-02 15:42:38 642360 ----a-w- C:\Windows\System32\hpzids40.dll

2013-09-02 15:42:38 551424 ----a-w- C:\Windows\System32\hppldcoi.dll

2013-09-02 15:42:38 505344 ----a-w- C:\Windows\System32\hpovst14.dll

2013-09-02 15:42:38 1406464 ----a-w- C:\Windows\System32\hpotiop6.dll

2013-09-02 08:05:48 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{26B6DD88-D8F3-4143-8347-4460AB14CDEA}\offreg.dll

2013-08-31 22:29:05 -------- d-----w- C:\Users\Cliente\AppData\Local\ElevatedDiagnostics

2013-08-30 19:42:30 -------- d-----w- C:\Users\Cliente\AppData\Roaming\raidcall

2013-08-27 10:26:59 -------- d-----w- C:\Users\Cliente\AppData\Roaming\uTorrent

2013-08-26 19:22:31 -------- d-----r- C:\Program Files (x86)\Skype

2013-08-26 15:12:29 -------- d-----w- C:\Users\Cliente\.javafx

2013-08-26 15:12:26 -------- d-----w- C:\Users\Cliente\Sun

2013-08-26 15:11:54 -------- d-----w- C:\Users\Cliente\.lector

2013-08-26 15:11:54 -------- d-----w- C:\Lector

2013-08-24 20:00:25 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2013-08-24 20:00:22 -------- d-----w- C:\Users\Cliente\AppData\Local\PunkBuster

2013-08-24 19:59:09 -------- d-----w- C:\Program Files (x86)\Origin Games

2013-08-24 19:57:09 -------- d-----w- C:\Program Files (x86)\Origin

2013-08-24 19:48:37 -------- d--h--w- C:\Program Files (x86)\Common Files\EAInstaller

2013-08-24 19:48:06 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2013-08-24 19:48:06 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2013-08-24 19:48:02 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe

2013-08-24 07:03:27 230400 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpzppw71.dll

2013-08-24 07:02:26 -------- d-----w- C:\Users\Cliente\AppData\Local\ATI

2013-08-24 06:17:46 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll

2013-08-24 06:17:46 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll

2013-08-24 06:17:46 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll

2013-08-24 06:17:46 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe

2013-08-24 06:17:46 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll

2013-08-24 06:17:45 48960 ----a-w- C:\Windows\System32\netfxperf.dll

2013-08-24 06:17:45 444752 ----a-w- C:\Windows\System32\mscoree.dll

2013-08-24 06:17:45 320352 ----a-w- C:\Windows\System32\PresentationHost.exe

2013-08-24 06:17:45 1942856 ----a-w- C:\Windows\System32\dfshim.dll

2013-08-24 06:17:45 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll

2013-08-24 05:50:04 0 ----a-w- C:\Windows\ativpsrm.bin

2013-08-24 05:44:18 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services

2013-08-24 05:44:05 -------- d-----w- C:\Windows\PCHEALTH

2013-08-24 05:44:05 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition

2013-08-24 05:43:08 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8

2013-08-24 05:42:36 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services

2013-08-24 05:42:15 -------- d-----w- C:\Users\Cliente\AppData\Local\Microsoft Help

2013-08-24 04:58:26 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service

2013-08-24 04:58:22 72016 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys

2013-08-24 04:58:21 1030952 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2013-08-24 04:58:20 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys

2013-08-24 04:58:20 189936 ----a-w- C:\Windows\System32\drivers\aswVmm.sys

2013-08-24 04:58:14 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2013-08-24 04:57:30 41664 ----a-w- C:\Windows\avastSS.scr

2013-08-24 04:57:21 -------- d-----w- C:\Program Files\AVAST Software

2013-08-24 04:57:04 -------- d-----w- C:\ProgramData\AVAST Software

2013-08-24 04:49:33 -------- d-----w- C:\ProgramData\AMD

2013-08-24 04:49:32 -------- d-----w- C:\Program Files (x86)\AMD AVT

2013-08-24 04:49:29 -------- d-----w- C:\Program Files\Common Files\ATI Technologies

2013-08-24 04:49:29 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies

2013-08-24 04:48:37 -------- d-----w- C:\Program Files (x86)\ATI Technologies

2013-08-24 04:48:34 -------- d-sh--w- C:\Windows\Installer

2013-08-24 04:48:26 -------- d-----w- C:\Program Files\ATI Technologies

2013-08-24 04:48:25 -------- d-----w- C:\Program Files\ATI

2013-08-24 04:47:51 -------- d-----w- C:\AMD

2013-08-24 04:45:05 -------- d-----w- C:\Windows\SysWow64\RTCOM

2013-08-24 04:45:05 -------- d-----w- C:\Program Files\Realtek

2013-08-24 04:43:50 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll

2013-08-24 04:43:48 -------- d-----w- C:\Intel

2013-08-24 04:43:13 -------- d-----w- C:\MSI

2013-08-24 04:16:33 -------- d-----w- C:\Windows\Panther

2013-08-24 03:58:16 -------- d-----w- C:\Users\Cliente\AppData\Local\Adobe

2013-08-23 22:13:17 -------- d-----w- C:\Program Files\CCleaner

2013-08-23 22:12:45 -------- d-----w- C:\Users\Cliente\AppData\Roaming\Malwarebytes

2013-08-23 22:12:40 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-08-23 22:12:40 -------- d-----w- C:\ProgramData\Malwarebytes

2013-08-23 21:55:47 -------- d-----w- C:\Users\Cliente\AppData\Local\Origin

2013-08-23 21:33:20 -------- d-----w- C:\Users\Cliente\AppData\Local\Programs

2013-08-23 20:41:05 -------- d-----w- C:\ProgramData\Steam

2013-08-23 20:40:08 706560 ----a-w- C:\Windows\SysWow64\termsrv.dll

2013-08-23 20:40:08 706560 ----a-w- C:\Windows\System32\termsrv.dll.bak

2013-08-23 20:37:35 -------- d-----w- C:\Users\Cliente\AppData\Local\ESN

2013-08-23 20:37:31 -------- d-----w- C:\Program Files (x86)\Battlelog Web Plugins

2013-08-23 20:35:20 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-08-23 20:35:19 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2013-08-23 20:29:06 9515512 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{26B6DD88-D8F3-4143-8347-4460AB14CDEA}\mpengine.dll

2013-08-23 20:29:05 278800 ------w- C:\Windows\System32\MpSigStub.exe

2013-08-23 20:22:25 -------- d-----w- C:\ProgramData\Origin

2013-08-23 20:21:37 -------- d-----w- C:\Users\Cliente\AppData\Local\Google

2013-08-23 20:20:16 -------- d-----w- C:\Users\Cliente\AppData\Roaming\Origin

2013-08-23 20:19:35 -------- d-----w- C:\ProgramData\Electronic Arts

2013-08-23 20:19:35 -------- d-----w- C:\ProgramData\EA Core

2013-08-23 20:19:34 -------- d-----w- C:\ProgramData\EA Logs

2013-08-23 20:17:20 -------- d-----w- C:\Users\Cliente\AppData\Local\Mozilla

.

==================== Find3M ====================

.

2013-08-23 20:39:29 706560 ----a-w- C:\Windows\System32\termsrv.dll

.

============= FINISH: 0:54:59,90 ===============

GMER:

GMER 2.1.19163 -

http://www.gmer.net

Rootkit scan 2013-09-05 01:01:28

Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HD502HI rev.1AG01118 465,76GB

Running: gmer.exe; Driver: C:\Users\Cliente\AppData\Local\Temp\agdiafow.sys

---- Kernel code sections - GMER 2.1 ----

INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification

---- User code sections - GMER 2.1 ----

.text C:\Windows\system32\wininit.exe[548] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770df1bd 1 byte [62]

.text C:\Windows\system32\services.exe[616] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770df1bd 1 byte [62]

.text C:\Windows\system32\winlogon.exe[640] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770df1bd 1 byte [62]

.text C:\Windows\system32\lsass.exe[668] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770df1bd 1 byte [62]

.text C:\Windows\system32\svchost.exe[776] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770df1bd 1 byte [62]

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[856] C:\Windows\syswow64\kernel32.dll!FreeLibrary 0000000076ee1de2 5 bytes JMP 000000013b0ae02d

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[856] C:\Windows\syswow64\kernel32.dll!FreeLibraryAndExitThread 0000000076efc82d 5 bytes JMP 000000013b0adfa5

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[856] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076f0b0c5 1 byte [62]

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[856] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 00000000750e1401 2 bytes JMP 76efeb26 C:\Windows\syswow64\kernel32.dll

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[856] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 00000000750e1419 2 bytes JMP 76f0b513 C:\Windows\syswow64\kernel32.dll

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[856] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 00000000750e1431 2 bytes JMP 76f88609 C:\Windows\syswow64\kernel32.dll

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[856] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 00000000750e144a 2 bytes CALL 76ee1dfa C:\Windows\syswow64\kernel32.dll

.text ... * 9

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[856] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000750e14dd 2 bytes JMP 76f87efe C:\Windows\syswow64\kernel32.dll

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[856] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000750e14f5 2 bytes JMP 76f880d8 C:\Windows\syswow64\kernel32.dll

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[856] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 00000000750e150d 2 bytes JMP 76f87df4 C:\Windows\syswow64\kernel32.dll

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[856] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 00000000750e1525 2 bytes JMP 76f881c2 C:\Windows\syswow64\kernel32.dll

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[856] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 00000000750e153d 2 bytes JMP 76eff088 C:\Windows\syswow64\kernel32.dll

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[856] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 00000000750e1555 2 bytes JMP 76f0b885 C:\Windows\syswow64\kernel32.dll

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[856] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 00000000750e156d 2 bytes JMP 76f886c1 C:\Windows\syswow64\kernel32.dll

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[856] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 00000000750e1585 2 bytes JMP 76f88222 C:\Windows\syswow64\kernel32.dll

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[856] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 00000000750e159d 2 bytes JMP 76f87db8 C:\Windows\syswow64\kernel32.dll

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[856] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000750e15b5 2 bytes JMP 76eff121 C:\Windows\syswow64\kernel32.dll

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[856] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000750e15cd 2 bytes JMP 76f0b29f C:\Windows\syswow64\kernel32.dll

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[856] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000750e16b2 2 bytes JMP 76f88584 C:\Windows\syswow64\kernel32.dll

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[856] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000750e16bd 2 bytes JMP 76f87d4d C:\Windows\syswow64\kernel32.dll

.text C:\Windows\system32\svchost.exe[904] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770df1bd 1 byte [62]

.text C:\Windows\system32\atiesrxx.exe[968] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770df1bd 1 byte [62]

.text C:\Windows\System32\svchost.exe[124] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770df1bd 1 byte [62]

.text C:\Windows\System32\svchost.exe[268] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770df1bd 1 byte [62]

.text C:\Windows\system32\svchost.exe[488] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770df1bd 1 byte [62]

.text C:\Windows\system32\svchost.exe[1072] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770df1bd 1 byte [62]

.text C:\Windows\system32\svchost.exe[1216] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770df1bd 1 byte [62]

.text C:\Windows\Explorer.EXE[1528] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770df1bd 1 byte [62]

.text C:\Windows\System32\spoolsv.exe[1696] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770df1bd 1 byte [62]

.text C:\Windows\system32\svchost.exe[1744] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770df1bd 1 byte [62]

.text C:\Windows\SysWOW64\svchost.exe[1936] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076f0b0c5 1 byte [62]

.text C:\Windows\System32\svchost.exe[1668] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770df1bd 1 byte [62]

.text C:\Windows\SysWOW64\PnkBstrA.exe[1592] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076f0b0c5 1 byte [62]

.text C:\Windows\SysWOW64\PnkBstrA.exe[1592] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 0000000074ed17fa 2 bytes CALL 76ee1199 C:\Windows\syswow64\kernel32.dll

.text C:\Windows\SysWOW64\PnkBstrA.exe[1592] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 0000000074ed1860 2 bytes CALL 76ee1199 C:\Windows\syswow64\kernel32.dll

.text C:\Windows\SysWOW64\PnkBstrA.exe[1592] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 0000000074ed1942 2 bytes JMP 7666c29f C:\Windows\syswow64\WS2_32.dll

.text C:\Windows\SysWOW64\PnkBstrA.exe[1592] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 0000000074ed194d 2 bytes JMP 7666418d C:\Windows\syswow64\WS2_32.dll

.text C:\Windows\SysWOW64\PnkBstrA.exe[1592] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000750e1401 2 bytes JMP 76efeb26 C:\Windows\syswow64\kernel32.dll

.text C:\Windows\SysWOW64\PnkBstrA.exe[1592] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000750e1419 2 bytes JMP 76f0b513 C:\Windows\syswow64\kernel32.dll

.text C:\Windows\SysWOW64\PnkBstrA.exe[1592] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000750e1431 2 bytes JMP 76f88609 C:\Windows\syswow64\kernel32.dll

.text C:\Windows\SysWOW64\PnkBstrA.exe[1592] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000750e144a 2 bytes CALL 76ee1dfa C:\Windows\syswow64\kernel32.dll

.text ... * 9

.text C:\Windows\SysWOW64\PnkBstrA.exe[1592] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000750e14dd 2 bytes JMP 76f87efe C:\Windows\syswow64\kernel32.dll

.text C:\Windows\SysWOW64\PnkBstrA.exe[1592] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000750e14f5 2 bytes JMP 76f880d8 C:\Windows\syswow64\kernel32.dll

.text C:\Windows\SysWOW64\PnkBstrA.exe[1592] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000750e150d 2 bytes JMP 76f87df4 C:\Windows\syswow64\kernel32.dll

.text C:\Windows\SysWOW64\PnkBstrA.exe[1592] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000750e1525 2 bytes JMP 76f881c2 C:\Windows\syswow64\kernel32.dll

.text C:\Windows\SysWOW64\PnkBstrA.exe[1592] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000750e153d 2 bytes JMP 76eff088 C:\Windows\syswow64\kernel32.dll

.text C:\Windows\SysWOW64\PnkBstrA.exe[1592] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000750e1555 2 bytes JMP 76f0b885 C:\Windows\syswow64\kernel32.dll

.text C:\Windows\SysWOW64\PnkBstrA.exe[1592] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000750e156d 2 bytes JMP 76f886c1 C:\Windows\syswow64\kernel32.dll

.text C:\Windows\SysWOW64\PnkBstrA.exe[1592] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000750e1585 2 bytes JMP 76f88222 C:\Windows\syswow64\kernel32.dll

.text C:\Windows\SysWOW64\PnkBstrA.exe[1592] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000750e159d 2 bytes JMP 76f87db8 C:\Windows\syswow64\kernel32.dll

.text C:\Windows\SysWOW64\PnkBstrA.exe[1592] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000750e15b5 2 bytes JMP 76eff121 C:\Windows\syswow64\kernel32.dll

.text C:\Windows\SysWOW64\PnkBstrA.exe[1592] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000750e15cd 2 bytes JMP 76f0b29f C:\Windows\syswow64\kernel32.dll

.text C:\Windows\SysWOW64\PnkBstrA.exe[1592] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000750e16b2 2 bytes JMP 76f88584 C:\Windows\syswow64\kernel32.dll

.text C:\Windows\SysWOW64\PnkBstrA.exe[1592] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000750e16bd 2 bytes JMP 76f87d4d C:\Windows\syswow64\kernel32.dll

.text C:\Windows\system32\svchost.exe[2084] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770df1bd 1 byte [62]

.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2724] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770df1bd 1 byte [62]

.text C:\Windows\system32\SearchIndexer.exe[2852] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770df1bd 1 byte [62]

.text C:\Program Files\Windows Sidebar\sidebar.exe[2976] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770df1bd 1 byte [62]

.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[1176] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076f0b0c5 1 byte [62]

.text C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe[2752] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076f0b0c5 1 byte [62]

.text C:\Windows\system32\svchost.exe[3508] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770df1bd 1 byte [62]

.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3748] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770df1bd 1 byte [62]

.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[3540] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076f0b0c5 1 byte [62]

.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[3592] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076f0b0c5 1 byte [62]

.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[4660] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076f0b0c5 1 byte [62]

.text C:\Windows\system32\sppsvc.exe[3956] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770df1bd 1 byte [62]

.text C:\Windows\system32\AUDIODG.EXE[1984] C:\Windows\System32\kernel32.dll!GetBinaryTypeW + 189 00000000770df1bd 1 byte [62]

.text C:\Windows\system32\NOTEPAD.EXE[4996] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770df1bd 1 byte [62]

.text C:\Users\Cliente\Desktop\Nova pasta\gmer.exe[2196] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076f0b0c5 1 byte [62]

---- Kernel code sections - GMER 2.1 ----

INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification

---- Threads - GMER 2.1 ----

Thread C:\Windows\system32\Dwm.exe [1496:1712] 000007fefa6cb0e4

Thread C:\Windows\system32\Dwm.exe [1496:1716] 000007fefa21abf0

Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3748:3664] 000007fefb7a2a74

Thread C:\Windows\system32\WUDFHost.exe [3488:3744] 000007fef18324a0

Thread C:\Windows\System32\svchost.exe [1572:3604] 000007fee9f19688

---- Services - GMER 2.1 ----

Service C:\Windows\system32\drivers\aswFsBlk.sys (*** hidden *** ) [AUTO] aswFsBlk <-- ROOTKIT !!!

Service C:\Windows\system32\drivers\aswMonFlt.sys (*** hidden *** ) [AUTO] aswMonFlt <-- ROOTKIT !!!

Service C:\Windows\System32\Drivers\aswrdr2.sys (*** hidden *** ) [sYSTEM] aswRdr <-- ROOTKIT !!!

Service C:\Windows\system32\drivers\aswRvrt.sys (*** hidden *** ) [bOOT] aswRvrt <-- ROOTKIT !!!

Service C:\Windows\system32\drivers\aswSnx.sys (*** hidden *** ) [sYSTEM] aswSnx <-- ROOTKIT !!!

Service C:\Windows\system32\drivers\aswSP.sys (*** hidden *** ) [sYSTEM] aswSP <-- ROOTKIT !!!

Service C:\Windows\system32\drivers\aswTdi.sys (*** hidden *** ) [sYSTEM] aswTdi <-- ROOTKIT !!!

Service C:\Windows\system32\drivers\aswVmm.sys (*** hidden *** ) [bOOT] aswVmm <-- ROOTKIT !!!

Service C:\Program Files\AVAST Software\Avast\AvastSvc.exe (*** hidden *** ) [AUTO] avast! Antivirus <-- ROOTKIT !!!

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Type 2

Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Start 2

Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ErrorControl 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DisplayName aswFsBlk

Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Group FSFilter Activity Monitor

Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DependOnService FltMgr?

Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk)

Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Tag 2

Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances

Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance

Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance

Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400

Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0

Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk

Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Type 2

Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Start 2

Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ErrorControl 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys

Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DisplayName aswMonFlt

Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Group FSFilter Anti-Virus

Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DependOnService FltMgr?

Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt)

Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances

Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance

Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance

Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700

Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0

Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Type 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Start 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ErrorControl 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DisplayName aswRdr

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Group PNP_TDI

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DependOnService tcpip?

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Description avast! WFP Redirect driver

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@MSIgnoreLSPDefault

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Type 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Start 0

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@ErrorControl 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@DisplayName aswRvrt

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Description avast! Revert

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@BootCounter 29

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@TickCounter 701717

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition2\Windows

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@ImproperShutdown 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Type 2

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Start 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ErrorControl 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DisplayName aswSnx

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Group FSFilter Virtualization

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DependOnService FltMgr?

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Description avast! virtualization driver (aswSnx)

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Tag 2

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances@DefaultInstance aswSnx Instance

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Altitude 137600

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Flags 0

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Type 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Start 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@ErrorControl 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@DisplayName aswSP

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Description avast! Self Protection

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@BehavShield 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP

Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Type 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Start 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ErrorControl 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DisplayName avast! Network Shield Support

Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Group PNP_TDI

Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DependOnService tcpip?

Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Description avast! Network Shield TDI driver

Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Tag 9

Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi

Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Type 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Start 0

Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@ErrorControl 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@DisplayName aswVmm

Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Description avast! VM Monitor

Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm\Parameters

Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm

Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Type 32

Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Start 2

Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ErrorControl 1

Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"

Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DisplayName avast! Antivirus

Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Group ShellSvcGroup

Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS?

Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@WOW64 1

Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ObjectName LocalSystem

Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ServiceSidType 1

Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Description Gerencia e executa os servi?os do antiv?rus avast! neste computador. Isto inclui os M?dulos residentes, a Quarentena e o Agendador.

Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus

Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Type 2

Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Start 2

Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ErrorControl 1

Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DisplayName aswFsBlk

Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Group FSFilter Activity Monitor

Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DependOnService FltMgr?

Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk)

Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Tag 2

Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance

Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400

Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0

Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Type 2

Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Start 2

Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ErrorControl 1

Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys

Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DisplayName aswMonFlt

Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Group FSFilter Anti-Virus

Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DependOnService FltMgr?

Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt)

Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance

Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700

Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0

Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys

Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Type 1

Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Start 1

Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ErrorControl 1

Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DisplayName aswRdr

Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Group PNP_TDI

Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DependOnService tcpip?

Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Description avast! WFP Redirect driver

Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@MSIgnoreLSPDefault

Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll

Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Type 1

Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Start 0

Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@ErrorControl 1

Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@DisplayName aswRvrt

Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Description avast! Revert

Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@BootCounter 29

Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@TickCounter 701717

Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition2\Windows

Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@ImproperShutdown 1

Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Type 2

Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Start 1

Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@ErrorControl 1

Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DisplayName aswSnx

Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Group FSFilter Virtualization

Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DependOnService FltMgr?

Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Description avast! virtualization driver (aswSnx)

Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Tag 2

Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances@DefaultInstance aswSnx Instance

Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Altitude 137600

Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Flags 0

Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast

Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast

Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Type 1

Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Start 1

Reg HKLM\SYSTEM\ControlSet002\services\aswSP@ErrorControl 1

Reg HKLM\SYSTEM\ControlSet002\services\aswSP@DisplayName aswSP

Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Description avast! Self Protection

Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@BehavShield 1

Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast

Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast

Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files

Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget

Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Type 1

Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Start 1

Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@ErrorControl 1

Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DisplayName avast! Network Shield Support

Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Group PNP_TDI

Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DependOnService tcpip?

Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Description avast! Network Shield TDI driver

Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Tag 9

Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Type 1

Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Start 0

Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@ErrorControl 1

Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@DisplayName aswVmm

Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Description avast! VM Monitor

Reg HKLM\SYSTEM\ControlSet002\services\aswVmm\Parameters (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Type 32

Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Start 2

Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ErrorControl 1

Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"

Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DisplayName avast! Antivirus

Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Group ShellSvcGroup

Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS?

Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@WOW64 1

Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ObjectName LocalSystem

Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ServiceSidType 1

Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Description Gerencia e executa os servi?os do antiv?rus avast! neste computador. Isto inclui os M?dulos residentes, a Quarentena e o Agendador.

---- EOF - GMER 2.1 ----

ATTACH:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 24/08/2013 01:31:21

System Uptime: 04/09/2013 19:37:33 (5 hours ago)

.

Motherboard: MSI | | Z77A-G43 (MS-7758)

Processor: Intel® Core i5-3470 CPU @ 3.20GHz | SOCKET 0 | 1568/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 49 GiB total, 26,502 GiB free.

D: is FIXED (NTFS) - 417 GiB total, 284,364 GiB free.

E: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description: Controlador USB (Universal Serial Bus)

Device ID: PCI\VEN_8086&DEV_1E31&SUBSYS_77581462&REV_04\3&11583659&0&A0

Manufacturer:

Name: Controlador USB (Universal Serial Bus)

PNP Device ID: PCI\VEN_8086&DEV_1E31&SUBSYS_77581462&REV_04\3&11583659&0&A0

Service:

.

Class GUID:

Description: Controlador de comunicação PCI simples

Device ID: PCI\VEN_8086&DEV_1E3A&SUBSYS_77581462&REV_04\3&11583659&0&B0

Manufacturer:

Name: Controlador de comunicação PCI simples

PNP Device ID: PCI\VEN_8086&DEV_1E3A&SUBSYS_77581462&REV_04\3&11583659&0&B0

Service:

.

==== System Restore Points ===================

.

RP13: 04/09/2013 20:36:33 - Ponto de Verificação Agendado

.

==== Installed Programs ======================

.

64 Bit HP CIO Components Installer

Adobe Flash Player 11 Plugin

AMD Accelerated Video Transcoding

AMD Catalyst Install Manager

AMD Drag and Drop Transcoding

AMD Media Foundation Decoders

µTorrent

avast! Free Antivirus

Battlefield 3™

Battlelog Web Plugins

BufferChm

C4400

Catalyst Control Center

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

CCleaner

Copy

Destinations

DeviceDiscovery

DocProc

ESN Sonar

GBBD Banco do Brasil

Google Chrome

Google Update Helper

GPBaseService2

HP Customer Participation Program 13.0

HP Imaging Device Functions 13.0

HP Photosmart C4400 All-In-One Driver Software 13.0 Rel. 3

HP Photosmart Essential 3.5

HP Smart Web Printing 4.51

HP Solution Center 13.0

HP Update

HPPhotoGadget

HPPhotoSmartDiscLabelContent1

HPPhotosmartEssential

HPProductAssistant

HPSSupply

Malwarebytes Anti-Malware versão 1.75.0.1300

MarketResearch

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Office Access MUI (Portuguese (Brazil)) 2010

Microsoft Office Excel MUI (Portuguese (Brazil)) 2010

Microsoft Office Groove MUI (Portuguese (Brazil)) 2010

Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (Portuguese (Brazil)) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (Portuguese (Brazil)) 2010

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010

Microsoft Office Shared 64-bit MUI (Portuguese (Brazil)) 2010

Microsoft Office Shared MUI (Portuguese (Brazil)) 2010

Microsoft Office Word MUI (Portuguese (Brazil)) 2010

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Mozilla Firefox 23.0.1 (x86 pt-BR)

Mozilla Maintenance Service

OCR Software by I.R.I.S. 13.0

Origin

PS_AIO_03_C4400_Software_Min

PunkBuster Services

RaidCall

Realtek Ethernet Controller Driver

Realtek High Definition Audio Driver

Scan

Shop for HP Supplies

Skype™ 6.7

SmartWebPrinting

SolutionCenter

Status

Steam

Toolbox

TrayApp

UnloadSupport

War Thunder

WebReg

.

==== End Of File ===========================

Editado por Gringo20

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá

Desculpe a demora :)

Se ainda precisa de ajuda refaça os logs, pois preciso dos mesmos com datas atualizadas: Leia Antes de Postar - Criando um novo Tópico

ATENÇÃO 1: Não precisa abrir um novo tópico, coloque os novos logs neste mesmo tópico, obrigado!

ATENÇÃO 2: Não edite seu tópico, use o botão responder, obrigado!

ATENÇÃO 3: Não coloque os logs entre TAGS, obrigado!

ATENÇÃO 4: Não anexe os logs, obrigado!

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • Olá

    Desculpe a demora :)

    Se ainda precisa de ajuda refaça os logs, pois preciso dos mesmos com datas atualizadas.

    Abraços :D

    Opa :D

    Que isso, não tem problema, vocês fazem um trabalho excepcional.

    Vou postar os logs do DSS aqui e o Gmer no post de baixo.

    DDS (Ver_2012-11-20.01) - NTFS_AMD64

    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 10.25.2

    Run by Cliente at 15:44:52 on 2013-09-09

    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1046.18.4050.2392 [GMT -3:00]

    .

    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    .

    ============== Running Processes ===============

    .

    C:\Windows\system32\lsm.exe

    C:\Windows\system32\svchost.exe -k DcomLaunch

    C:\PROGRA~2\GbPlugin\GbpSv.exe

    C:\Windows\system32\svchost.exe -k RPCSS

    C:\Windows\system32\atiesrxx.exe

    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

    C:\Windows\system32\svchost.exe -k netsvcs

    C:\Windows\system32\svchost.exe -k LocalService

    C:\Windows\system32\svchost.exe -k NetworkService

    C:\Windows\system32\atieclxx.exe

    C:\Program Files\AVAST Software\Avast\AvastSvc.exe

    C:\Windows\Explorer.EXE

    C:\Windows\system32\Dwm.exe

    C:\Windows\System32\spoolsv.exe

    C:\Windows\system32\taskhost.exe

    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

    C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

    D:\Victor\Programas\Malware\mbamscheduler.exe

    D:\Victor\Programas\Malware\mbamservice.exe

    C:\Windows\System32\svchost.exe -k HPZ12

    D:\Victor\Programas\Malware\mbamgui.exe

    C:\Windows\System32\svchost.exe -k HPZ12

    C:\Windows\SysWOW64\PnkBstrA.exe

    C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

    C:\Program Files (x86)\Java\jre7\bin\javaw.exe

    C:\Program Files\Windows Sidebar\sidebar.exe

    C:\Program Files\AVAST Software\Avast\AvastUI.exe

    C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe

    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

    C:\Windows\system32\svchost.exe -k imgsvc

    C:\Windows\system32\SearchIndexer.exe

    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

    C:\Windows\system32\WUDFHost.exe

    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

    C:\Program Files\Windows Media Player\wmpnetwk.exe

    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

    C:\Windows\system32\sppsvc.exe

    C:\Windows\System32\svchost.exe -k secsvcs

    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

    C:\Program Files (x86)\Mozilla Firefox\firefox.exe

    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe

    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe

    C:\Windows\system32\wbem\wmiprvse.exe

    C:\Windows\System32\cscript.exe

    .

    ============== Pseudo HJT Report ===============

    .

    mWinlogon: Userinit = userinit.exe,

    BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

    BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

    BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

    BHO: GbIehObj Class: {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll

    BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

    BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

    TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

    EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

    EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

    uRun: [JAVA] "C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -jar "C:\Users\Cliente\a.gif"

    uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

    mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

    mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

    mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

    mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

    mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe

    mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

    mPolicies-Explorer: NoActiveDesktop = dword:1

    mPolicies-Explorer: NoActiveDesktopChanges = dword:1

    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

    mPolicies-System: ConsentPromptBehaviorUser = dword:3

    mPolicies-System: EnableLUA = dword:0

    mPolicies-System: EnableUIADesktopToggle = dword:0

    mPolicies-System: PromptOnSecureDesktop = dword:0

    IE: &Enviar para o OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

    IE: E&xportar para o Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

    TCP: NameServer = 192.168.0.1

    TCP: Interfaces\{EE8F6E3C-EBBD-45D6-AE92-3C2555025E99} : DHCPNameServer = 192.168.0.1

    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

    Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll

    SSODL: WebCheck - <orphaned>

    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

    SEH: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll

    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1622.7\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

    x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

    x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

    x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

    x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s

    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

    x64-SSODL: WebCheck - <orphaned>

    x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

    .

    ================= FIREFOX ===================

    .

    FF - ProfilePath - C:\Users\Cliente\AppData\Roaming\Mozilla\Firefox\Profiles\61cgnupz.default\

    FF - prefs.js: network.proxy.type - 2

    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

    FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll

    FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll

    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll

    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

    FF - plugin: C:\Users\Cliente\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll

    FF - plugin: C:\Users\Cliente\AppData\Roaming\raidcall\plugins\nprcplugin.dll

    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll

    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

    FF - ExtSQL: 2013-08-24 01:57; wrc@avast.com; C:\Program Files\AVAST Software\Avast\WebRep\FF

    FF - ExtSQL: 2013-09-02 12:45; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

    FF - ExtSQL: 2013-09-04 11:54; {87F8774F-B485-47E2-A755-A40A8A5E886C}; C:\Users\Cliente\AppData\Local\GAS Tecnologia\GBBD\bb\xpi

    FF - ExtSQL: !HIDDEN! 2013-09-02 12:45; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

    .

    ============= SERVICES / DRIVERS ===============

    .

    R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-8-24 65336]

    R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-8-24 189936]

    R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-8-24 1030952]

    R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-8-24 378944]

    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-3-28 241152]

    R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-8-24 33400]

    R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-8-24 80816]

    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-8-24 46808]

    R2 GbpSv;Gbp Service;C:\PROGRA~2\GbPlugin\GbpSv.exe [2013-9-4 409640]

    R2 MBAMScheduler;MBAMScheduler;D:\Victor\Programas\Malware\mbamscheduler.exe [2013-8-23 418376]

    R2 MBAMService;MBAMService;D:\Victor\Programas\Malware\mbamservice.exe [2013-8-23 701512]

    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-2-14 96768]

    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-8-23 25928]

    R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2013-8-24 32344]

    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-8-24 805088]

    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-7-25 162672]

    .

    =============== Created Last 30 ================

    .

    2013-09-05 13:25:01 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

    2013-09-04 14:57:52 -------- d-----w- C:\ProgramData\boost_interprocess

    2013-09-04 14:54:52 49536 ----a-w- C:\Windows\SysWow64\drivers\gbpkm.sys

    2013-09-04 14:54:52 31088 ----a-w- C:\Windows\SysWow64\drivers\gbpndisrd.sys

    2013-09-04 14:54:37 -------- d-----w- C:\ProgramData\GbPlugin

    2013-09-04 14:54:37 -------- d-----w- C:\Program Files (x86)\GbPlugin

    2013-09-04 14:54:24 720082 ----a-w- C:\Users\Cliente\AppData\Roaming\unins000.exe

    2013-09-04 14:54:24 -------- d-----w- C:\Users\Cliente\AppData\Local\GAS Tecnologia

    2013-09-04 14:54:24 -------- d-----w- C:\ProgramData\GAS Tecnologia

    2013-09-03 14:03:01 -------- d-----w- C:\Users\Cliente\AppData\Local\Macromedia

    2013-09-03 14:02:31 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

    2013-09-03 14:02:31 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

    2013-09-03 13:40:43 -------- d-----w- C:\Windows\System32\appmgmt

    2013-09-02 22:12:34 -------- d-----w- C:\Program Files (x86)\Common Files\Steam

    2013-09-02 15:48:04 -------- d-----w- C:\ProgramData\WEBREG

    2013-09-02 15:47:46 -------- d-----w- C:\Users\Cliente\AppData\Local\HP

    2013-09-02 15:43:58 -------- d-----w- C:\Program Files (x86)\Common Files\HP

    2013-09-02 15:43:50 -------- d-----w- C:\Program Files (x86)\Common Files\Hewlett-Packard

    2013-09-02 15:43:12 -------- d-----w- C:\Program Files (x86)\HP

    2013-09-02 15:42:38 938496 ----a-w- C:\Windows\System32\hpowiax8.dll

    2013-09-02 15:42:38 642360 ----a-w- C:\Windows\System32\hpzids40.dll

    2013-09-02 15:42:38 551424 ----a-w- C:\Windows\System32\hppldcoi.dll

    2013-09-02 15:42:38 505344 ----a-w- C:\Windows\System32\hpovst14.dll

    2013-09-02 15:42:38 1406464 ----a-w- C:\Windows\System32\hpotiop6.dll

    2013-08-31 22:29:05 -------- d-----w- C:\Users\Cliente\AppData\Local\ElevatedDiagnostics

    2013-08-30 19:42:30 -------- d-----w- C:\Users\Cliente\AppData\Roaming\raidcall

    2013-08-27 10:26:59 -------- d-----w- C:\Users\Cliente\AppData\Roaming\uTorrent

    2013-08-26 19:22:31 -------- d-----r- C:\Program Files (x86)\Skype

    2013-08-26 15:12:29 -------- d-----w- C:\Users\Cliente\.javafx

    2013-08-26 15:12:26 -------- d-----w- C:\Users\Cliente\Sun

    2013-08-26 15:11:54 -------- d-----w- C:\Users\Cliente\.lector

    2013-08-26 15:11:54 -------- d-----w- C:\Lector

    2013-08-24 20:00:25 290184 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

    2013-08-24 20:00:22 -------- d-----w- C:\Users\Cliente\AppData\Local\PunkBuster

    2013-08-24 19:59:09 -------- d-----w- C:\Program Files (x86)\Origin Games

    2013-08-24 19:57:09 -------- d-----w- C:\Program Files (x86)\Origin

    2013-08-24 19:48:37 -------- d--h--w- C:\Program Files (x86)\Common Files\EAInstaller

    2013-08-24 19:48:06 290184 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

    2013-08-24 19:48:06 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

    2013-08-24 19:48:02 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe

    2013-08-24 07:03:27 230400 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpzppw71.dll

    2013-08-24 07:02:26 -------- d-----w- C:\Users\Cliente\AppData\Local\ATI

    2013-08-24 06:17:46 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll

    2013-08-24 06:17:46 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll

    2013-08-24 06:17:46 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll

    2013-08-24 06:17:46 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe

    2013-08-24 06:17:46 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll

    2013-08-24 06:17:45 48960 ----a-w- C:\Windows\System32\netfxperf.dll

    2013-08-24 06:17:45 444752 ----a-w- C:\Windows\System32\mscoree.dll

    2013-08-24 06:17:45 320352 ----a-w- C:\Windows\System32\PresentationHost.exe

    2013-08-24 06:17:45 1942856 ----a-w- C:\Windows\System32\dfshim.dll

    2013-08-24 06:17:45 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll

    2013-08-24 05:50:04 0 ----a-w- C:\Windows\ativpsrm.bin

    2013-08-24 05:44:18 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services

    2013-08-24 05:44:05 -------- d-----w- C:\Windows\PCHEALTH

    2013-08-24 05:44:05 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition

    2013-08-24 05:43:08 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8

    2013-08-24 05:42:36 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services

    2013-08-24 05:42:15 -------- d-----w- C:\Users\Cliente\AppData\Local\Microsoft Help

    2013-08-24 04:58:26 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service

    2013-08-24 04:58:22 72016 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys

    2013-08-24 04:58:21 1030952 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

    2013-08-24 04:58:20 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys

    2013-08-24 04:58:20 189936 ----a-w- C:\Windows\System32\drivers\aswVmm.sys

    2013-08-24 04:58:14 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

    2013-08-24 04:57:30 41664 ----a-w- C:\Windows\avastSS.scr

    2013-08-24 04:57:21 -------- d-----w- C:\Program Files\AVAST Software

    2013-08-24 04:57:04 -------- d-----w- C:\ProgramData\AVAST Software

    2013-08-24 04:49:33 -------- d-----w- C:\ProgramData\AMD

    2013-08-24 04:49:32 -------- d-----w- C:\Program Files (x86)\AMD AVT

    2013-08-24 04:49:29 -------- d-----w- C:\Program Files\Common Files\ATI Technologies

    2013-08-24 04:49:29 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies

    2013-08-24 04:48:37 -------- d-----w- C:\Program Files (x86)\ATI Technologies

    2013-08-24 04:48:34 -------- d-sh--w- C:\Windows\Installer

    2013-08-24 04:48:26 -------- d-----w- C:\Program Files\ATI Technologies

    2013-08-24 04:48:25 -------- d-----w- C:\Program Files\ATI

    2013-08-24 04:47:51 -------- d-----w- C:\AMD

    2013-08-24 04:45:05 -------- d-----w- C:\Windows\SysWow64\RTCOM

    2013-08-24 04:45:05 -------- d-----w- C:\Program Files\Realtek

    2013-08-24 04:43:50 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll

    2013-08-24 04:43:48 -------- d-----w- C:\Intel

    2013-08-24 04:43:13 -------- d-----w- C:\MSI

    2013-08-24 04:16:33 -------- d-----w- C:\Windows\Panther

    2013-08-24 03:58:16 -------- d-----w- C:\Users\Cliente\AppData\Local\Adobe

    2013-08-23 22:13:17 -------- d-----w- C:\Program Files\CCleaner

    2013-08-23 22:12:45 -------- d-----w- C:\Users\Cliente\AppData\Roaming\Malwarebytes

    2013-08-23 22:12:40 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

    2013-08-23 22:12:40 -------- d-----w- C:\ProgramData\Malwarebytes

    2013-08-23 21:55:47 -------- d-----w- C:\Users\Cliente\AppData\Local\Origin

    2013-08-23 21:33:20 -------- d-----w- C:\Users\Cliente\AppData\Local\Programs

    2013-08-23 20:41:05 -------- d-----w- C:\ProgramData\Steam

    2013-08-23 20:40:08 706560 ----a-w- C:\Windows\SysWow64\termsrv.dll.bak

    2013-08-23 20:40:08 706560 ----a-w- C:\Windows\System32\termsrv.dll.bak

    2013-08-23 20:37:35 -------- d-----w- C:\Users\Cliente\AppData\Local\ESN

    2013-08-23 20:37:31 -------- d-----w- C:\Program Files (x86)\Battlelog Web Plugins

    2013-08-23 20:35:20 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll

    2013-08-23 20:35:19 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

    2013-08-23 20:29:06 9515512 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{26B6DD88-D8F3-4143-8347-4460AB14CDEA}\mpengine.dll

    2013-08-23 20:29:05 278800 ------w- C:\Windows\System32\MpSigStub.exe

    2013-08-23 20:22:25 -------- d-----w- C:\ProgramData\Origin

    2013-08-23 20:21:37 -------- d-----w- C:\Users\Cliente\AppData\Local\Google

    2013-08-23 20:20:16 -------- d-----w- C:\Users\Cliente\AppData\Roaming\Origin

    2013-08-23 20:19:35 -------- d-----w- C:\ProgramData\Electronic Arts

    2013-08-23 20:19:35 -------- d-----w- C:\ProgramData\EA Core

    2013-08-23 20:19:34 -------- d-----w- C:\ProgramData\EA Logs

    2013-08-23 20:17:20 -------- d-----w- C:\Users\Cliente\AppData\Local\Mozilla

    .

    ==================== Find3M ====================

    .

    .

    ============= FINISH: 15:45:16,77 ===============

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • GMER 2.1.19163 - http://www.gmer.net

    Rootkit scan 2013-09-09 15:54:55

    Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HD502HI rev.1AG01118 465,76GB

    Running: gmer.exe; Driver: C:\Users\Cliente\AppData\Local\Temp\agdiafow.sys

    ---- Kernel code sections - GMER 2.1 ----

    INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification

    ---- User code sections - GMER 2.1 ----

    .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

    .text C:\Windows\system32\wininit.exe[580] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

    .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

    .text C:\Windows\system32\services.exe[648] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

    .text C:\Windows\system32\lsass.exe[664] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

    .text C:\Windows\system32\lsm.exe[676] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

    .text C:\Windows\system32\winlogon.exe[700] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

    .text C:\Windows\system32\svchost.exe[808] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

    .text C:\PROGRA~2\GbPlugin\GbpSv.exe[880] C:\Windows\syswow64\kernel32.dll!FreeLibrary 0000000074f61de2 5 bytes JMP 000000013b0ae02d

    .text C:\PROGRA~2\GbPlugin\GbpSv.exe[880] C:\Windows\syswow64\kernel32.dll!FreeLibraryAndExitThread 0000000074f7c82d 5 bytes JMP 000000013b0adfa5

    .text C:\PROGRA~2\GbPlugin\GbpSv.exe[880] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074f8b0c5 1 byte [62]

    .text C:\PROGRA~2\GbPlugin\GbpSv.exe[880] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000076f91401 2 bytes JMP 74f7eb26 C:\Windows\syswow64\kernel32.dll

    .text C:\PROGRA~2\GbPlugin\GbpSv.exe[880] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000076f91419 2 bytes JMP 74f8b513 C:\Windows\syswow64\kernel32.dll

    .text C:\PROGRA~2\GbPlugin\GbpSv.exe[880] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000076f91431 2 bytes JMP 75008609 C:\Windows\syswow64\kernel32.dll

    .text C:\PROGRA~2\GbPlugin\GbpSv.exe[880] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 0000000076f9144a 2 bytes CALL 74f61dfa C:\Windows\syswow64\kernel32.dll

    .text ... * 9

    .text C:\PROGRA~2\GbPlugin\GbpSv.exe[880] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 0000000076f914dd 2 bytes JMP 75007efe C:\Windows\syswow64\kernel32.dll

    .text C:\PROGRA~2\GbPlugin\GbpSv.exe[880] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 0000000076f914f5 2 bytes JMP 750080d8 C:\Windows\syswow64\kernel32.dll

    .text C:\PROGRA~2\GbPlugin\GbpSv.exe[880] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 0000000076f9150d 2 bytes JMP 75007df4 C:\Windows\syswow64\kernel32.dll

    .text C:\PROGRA~2\GbPlugin\GbpSv.exe[880] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000076f91525 2 bytes JMP 750081c2 C:\Windows\syswow64\kernel32.dll

    .text C:\PROGRA~2\GbPlugin\GbpSv.exe[880] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 0000000076f9153d 2 bytes JMP 74f7f088 C:\Windows\syswow64\kernel32.dll

    .text C:\PROGRA~2\GbPlugin\GbpSv.exe[880] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000076f91555 2 bytes JMP 74f8b885 C:\Windows\syswow64\kernel32.dll

    .text C:\PROGRA~2\GbPlugin\GbpSv.exe[880] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 0000000076f9156d 2 bytes JMP 750086c1 C:\Windows\syswow64\kernel32.dll

    .text C:\PROGRA~2\GbPlugin\GbpSv.exe[880] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000076f91585 2 bytes JMP 75008222 C:\Windows\syswow64\kernel32.dll

    .text C:\PROGRA~2\GbPlugin\GbpSv.exe[880] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 0000000076f9159d 2 bytes JMP 75007db8 C:\Windows\syswow64\kernel32.dll

    .text C:\PROGRA~2\GbPlugin\GbpSv.exe[880] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 0000000076f915b5 2 bytes JMP 74f7f121 C:\Windows\syswow64\kernel32.dll

    .text C:\PROGRA~2\GbPlugin\GbpSv.exe[880] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 0000000076f915cd 2 bytes JMP 74f8b29f C:\Windows\syswow64\kernel32.dll

    .text C:\PROGRA~2\GbPlugin\GbpSv.exe[880] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 0000000076f916b2 2 bytes JMP 75008584 C:\Windows\syswow64\kernel32.dll

    .text C:\PROGRA~2\GbPlugin\GbpSv.exe[880] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 0000000076f916bd 2 bytes JMP 75007d4d C:\Windows\syswow64\kernel32.dll

    .text C:\Windows\system32\svchost.exe[928] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

    .text C:\Windows\system32\atiesrxx.exe[992] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

    .text C:\Windows\System32\svchost.exe[308] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

    .text C:\Windows\System32\svchost.exe[520] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

    .text C:\Windows\system32\svchost.exe[592] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

    .text C:\Windows\system32\svchost.exe[1120] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

    .text C:\Windows\system32\svchost.exe[1236] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

    .text C:\Windows\system32\atieclxx.exe[1284] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

    .text C:\Windows\Explorer.EXE[1540] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

    .text C:\Windows\system32\Dwm.exe[1556] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

    .text C:\Windows\System32\spoolsv.exe[1792] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

    .text C:\Windows\system32\taskhost.exe[1800] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

    .text C:\Windows\system32\svchost.exe[1852] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

    .text C:\Windows\SysWOW64\svchost.exe[1712] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074f8b0c5 1 byte [62]

    .text D:\Victor\Programas\Malware\mbamscheduler.exe[1528] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074f8b0c5 1 byte [62]

    .text C:\Windows\System32\svchost.exe[1224] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

    .text D:\Victor\Programas\Malware\mbamgui.exe[2100] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074f8b0c5 1 byte [62]

    .text C:\Windows\System32\svchost.exe[2168] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

    .text C:\Windows\SysWOW64\PnkBstrA.exe[2188] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074f8b0c5 1 byte [62]

    .text C:\Windows\SysWOW64\PnkBstrA.exe[2188] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 0000000074a117fa 2 bytes CALL 74f61199 C:\Windows\syswow64\kernel32.dll

    .text C:\Windows\SysWOW64\PnkBstrA.exe[2188] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 0000000074a11860 2 bytes CALL 74f61199 C:\Windows\syswow64\kernel32.dll

    .text C:\Windows\SysWOW64\PnkBstrA.exe[2188] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 0000000074a11942 2 bytes JMP 76a6c29f C:\Windows\syswow64\WS2_32.dll

    .text C:\Windows\SysWOW64\PnkBstrA.exe[2188] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 0000000074a1194d 2 bytes JMP 76a6418d C:\Windows\syswow64\WS2_32.dll

    .text C:\Windows\SysWOW64\PnkBstrA.exe[2188] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076f91401 2 bytes JMP 74f7eb26 C:\Windows\syswow64\kernel32.dll

    .text C:\Windows\SysWOW64\PnkBstrA.exe[2188] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076f91419 2 bytes JMP 74f8b513 C:\Windows\syswow64\kernel32.dll

    .text C:\Windows\SysWOW64\PnkBstrA.exe[2188] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076f91431 2 bytes JMP 75008609 C:\Windows\syswow64\kernel32.dll

    .text C:\Windows\SysWOW64\PnkBstrA.exe[2188] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076f9144a 2 bytes CALL 74f61dfa C:\Windows\syswow64\kernel32.dll

    .text ... * 9

    .text C:\Windows\SysWOW64\PnkBstrA.exe[2188] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076f914dd 2 bytes JMP 75007efe C:\Windows\syswow64\kernel32.dll

    .text C:\Windows\SysWOW64\PnkBstrA.exe[2188] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076f914f5 2 bytes JMP 750080d8 C:\Windows\syswow64\kernel32.dll

    .text C:\Windows\SysWOW64\PnkBstrA.exe[2188] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076f9150d 2 bytes JMP 75007df4 C:\Windows\syswow64\kernel32.dll

    .text C:\Windows\SysWOW64\PnkBstrA.exe[2188] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076f91525 2 bytes JMP 750081c2 C:\Windows\syswow64\kernel32.dll

    .text C:\Windows\SysWOW64\PnkBstrA.exe[2188] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076f9153d 2 bytes JMP 74f7f088 C:\Windows\syswow64\kernel32.dll

    .text C:\Windows\SysWOW64\PnkBstrA.exe[2188] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076f91555 2 bytes JMP 74f8b885 C:\Windows\syswow64\kernel32.dll

    .text C:\Windows\SysWOW64\PnkBstrA.exe[2188] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076f9156d 2 bytes JMP 750086c1 C:\Windows\syswow64\kernel32.dll

    .text C:\Windows\SysWOW64\PnkBstrA.exe[2188] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076f91585 2 bytes JMP 75008222 C:\Windows\syswow64\kernel32.dll

    .text C:\Windows\SysWOW64\PnkBstrA.exe[2188] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076f9159d 2 bytes JMP 75007db8 C:\Windows\syswow64\kernel32.dll

    .text C:\Windows\SysWOW64\PnkBstrA.exe[2188] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076f915b5 2 bytes JMP 74f7f121 C:\Windows\syswow64\kernel32.dll

    .text C:\Windows\SysWOW64\PnkBstrA.exe[2188] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076f915cd 2 bytes JMP 74f8b29f C:\Windows\syswow64\kernel32.dll

    .text C:\Windows\SysWOW64\PnkBstrA.exe[2188] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076f916b2 2 bytes JMP 75008584 C:\Windows\syswow64\kernel32.dll

    .text C:\Windows\SysWOW64\PnkBstrA.exe[2188] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076f916bd 2 bytes JMP 75007d4d C:\Windows\syswow64\kernel32.dll

    .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2392] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

    .text C:\Program Files (x86)\Java\jre7\bin\javaw.exe[2564] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074f8b0c5 1 byte [62]

    .text C:\Program Files\Windows Sidebar\sidebar.exe[2572] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

    .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2772] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074f8b0c5 1 byte [62]

    .text C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe[2788] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074f8b0c5 1 byte [62]

    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2832] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074f8b0c5 1 byte [62]

    .text C:\Windows\system32\svchost.exe[2968] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

    .text C:\Windows\system32\SearchIndexer.exe[3076] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

    .text C:\Windows\system32\svchost.exe[3212] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

    .text C:\Windows\system32\WUDFHost.exe[3288] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4380] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4756] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074f8b0c5 1 byte [62]

    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[4800] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074f8b0c5 1 byte [62]

    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[4984] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074f8b0c5 1 byte [62]

    .text C:\Windows\system32\sppsvc.exe[3680] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

    .text C:\Windows\System32\svchost.exe[1364] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

    .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[920] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

    .text C:\Windows\system32\AUDIODG.EXE[3364] C:\Windows\System32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

    .text C:\Windows\system32\NOTEPAD.EXE[1356] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

    .text C:\Users\Cliente\Desktop\Nova pasta\gmer.exe[4588] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074f8b0c5 1 byte [62]

    ---- Kernel code sections - GMER 2.1 ----

    INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification

    ---- Services - GMER 2.1 ----

    Service C:\Windows\system32\drivers\aswFsBlk.sys (*** hidden *** ) [AUTO] aswFsBlk <-- ROOTKIT !!!

    Service C:\Windows\system32\drivers\aswMonFlt.sys (*** hidden *** ) [AUTO] aswMonFlt <-- ROOTKIT !!!

    Service C:\Windows\System32\Drivers\aswrdr2.sys (*** hidden *** ) [sYSTEM] aswRdr <-- ROOTKIT !!!

    Service C:\Windows\system32\drivers\aswRvrt.sys (*** hidden *** ) [bOOT] aswRvrt <-- ROOTKIT !!!

    Service C:\Windows\system32\drivers\aswSnx.sys (*** hidden *** ) [sYSTEM] aswSnx <-- ROOTKIT !!!

    Service C:\Windows\system32\drivers\aswSP.sys (*** hidden *** ) [sYSTEM] aswSP <-- ROOTKIT !!!

    Service C:\Windows\system32\drivers\aswTdi.sys (*** hidden *** ) [sYSTEM] aswTdi <-- ROOTKIT !!!

    Service C:\Windows\system32\drivers\aswVmm.sys (*** hidden *** ) [bOOT] aswVmm <-- ROOTKIT !!!

    Service C:\Program Files\AVAST Software\Avast\AvastSvc.exe (*** hidden *** ) [AUTO] avast! Antivirus <-- ROOTKIT !!!

    ---- Registry - GMER 2.1 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Type 2

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Start 2

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ErrorControl 1

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DisplayName aswFsBlk

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Group FSFilter Activity Monitor

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DependOnService FltMgr?

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk)

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Tag 2

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Type 2

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Start 2

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ErrorControl 1

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DisplayName aswMonFlt

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Group FSFilter Anti-Virus

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DependOnService FltMgr?

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt)

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Type 1

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Start 1

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ErrorControl 1

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DisplayName aswRdr

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Group PNP_TDI

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DependOnService tcpip?

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Description avast! WFP Redirect driver

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@MSIgnoreLSPDefault

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Type 1

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Start 0

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@ErrorControl 1

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@DisplayName aswRvrt

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Description avast! Revert

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@BootCounter 35

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@TickCounter 932471

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition2\Windows

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@ImproperShutdown 1

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Type 2

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Start 1

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ErrorControl 1

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DisplayName aswSnx

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Group FSFilter Virtualization

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DependOnService FltMgr?

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Description avast! virtualization driver (aswSnx)

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Tag 2

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances@DefaultInstance aswSnx Instance

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Altitude 137600

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Flags 0

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Type 1

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Start 1

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@ErrorControl 1

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@DisplayName aswSP

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Description avast! Self Protection

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@BehavShield 1

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Type 1

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Start 1

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ErrorControl 1

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DisplayName avast! Network Shield Support

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Group PNP_TDI

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DependOnService tcpip?

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Description avast! Network Shield TDI driver

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Tag 9

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Type 1

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Start 0

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@ErrorControl 1

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@DisplayName aswVmm

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Description avast! VM Monitor

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm\Parameters

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm

    Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Type 32

    Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Start 2

    Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ErrorControl 1

    Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"

    Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DisplayName avast! Antivirus

    Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Group ShellSvcGroup

    Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS?

    Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@WOW64 1

    Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ObjectName LocalSystem

    Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ServiceSidType 1

    Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Description Gerencia e executa os servi?os do antiv?rus avast! neste computador. Isto inclui os M?dulos residentes, a Quarentena e o Agendador.

    Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus

    Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Type 2

    Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Start 2

    Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ErrorControl 1

    Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DisplayName aswFsBlk

    Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Group FSFilter Activity Monitor

    Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DependOnService FltMgr?

    Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk)

    Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Tag 2

    Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances (not active ControlSet)

    Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance

    Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance (not active ControlSet)

    Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400

    Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0

    Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Type 2

    Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Start 2

    Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ErrorControl 1

    Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys

    Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DisplayName aswMonFlt

    Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Group FSFilter Anti-Virus

    Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DependOnService FltMgr?

    Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt)

    Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances (not active ControlSet)

    Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance

    Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance (not active ControlSet)

    Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700

    Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0

    Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys

    Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Type 1

    Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Start 1

    Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ErrorControl 1

    Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DisplayName aswRdr

    Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Group PNP_TDI

    Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DependOnService tcpip?

    Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Description avast! WFP Redirect driver

    Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters (not active ControlSet)

    Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@MSIgnoreLSPDefault

    Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll

    Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Type 1

    Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Start 0

    Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@ErrorControl 1

    Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@DisplayName aswRvrt

    Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Description avast! Revert

    Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters (not active ControlSet)

    Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@BootCounter 35

    Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@TickCounter 932471

    Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition2\Windows

    Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@ImproperShutdown 1

    Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Type 2

    Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Start 1

    Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@ErrorControl 1

    Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DisplayName aswSnx

    Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Group FSFilter Virtualization

    Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DependOnService FltMgr?

    Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Description avast! virtualization driver (aswSnx)

    Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Tag 2

    Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances (not active ControlSet)

    Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances@DefaultInstance aswSnx Instance

    Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance (not active ControlSet)

    Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Altitude 137600

    Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Flags 0

    Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters (not active ControlSet)

    Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast

    Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast

    Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Type 1

    Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Start 1

    Reg HKLM\SYSTEM\ControlSet002\services\aswSP@ErrorControl 1

    Reg HKLM\SYSTEM\ControlSet002\services\aswSP@DisplayName aswSP

    Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Description avast! Self Protection

    Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters (not active ControlSet)

    Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@BehavShield 1

    Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast

    Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast

    Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files

    Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget

    Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Type 1

    Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Start 1

    Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@ErrorControl 1

    Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DisplayName avast! Network Shield Support

    Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Group PNP_TDI

    Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DependOnService tcpip?

    Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Description avast! Network Shield TDI driver

    Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Tag 9

    Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Type 1

    Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Start 0

    Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@ErrorControl 1

    Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@DisplayName aswVmm

    Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Description avast! VM Monitor

    Reg HKLM\SYSTEM\ControlSet002\services\aswVmm\Parameters (not active ControlSet)

    Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Type 32

    Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Start 2

    Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ErrorControl 1

    Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"

    Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DisplayName avast! Antivirus

    Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Group ShellSvcGroup

    Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS?

    Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@WOW64 1

    Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ObjectName LocalSystem

    Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ServiceSidType 1

    Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Description Gerencia e executa os servi?os do antiv?rus avast! neste computador. Isto inclui os M?dulos residentes, a Quarentena e o Agendador.

    ---- EOF - GMER 2.1 ----

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • GMER 2.1.19163 - http://www.gmer.net

    Rootkit scan 2013-09-09 15:54:55

    Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HD502HI rev.1AG01118 465,76GB

    Running: gmer.exe; Driver: C:\Users\Cliente\AppData\Local\Temp\agdiafow.sys

    ---- Kernel code sections - GMER 2.1 ----

    INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification

    ---- User code sections - GMER 2.1 ----

    .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

    .text C:\Windows\system32\wininit.exe[580] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

    .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

    .text C:\Windows\system32\services.exe[648] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

    .text C:\Windows\system32\lsass.exe[664] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

    .text C:\Windows\system32\lsm.exe[676] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

    .text C:\Windows\system32\winlogon.exe[700] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

    .text C:\Windows\system32\svchost.exe[808] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

    .text C:\PROGRA~2\GbPlugin\GbpSv.exe[880] C:\Windows\syswow64\kernel32.dll!FreeLibrary 0000000074f61de2 5 bytes JMP 000000013b0ae02d

    .text C:\PROGRA~2\GbPlugin\GbpSv.exe[880] C:\Windows\syswow64\kernel32.dll!FreeLibraryAndExitThread 0000000074f7c82d 5 bytes JMP 000000013b0adfa5

    .text C:\PROGRA~2\GbPlugin\GbpSv.exe[880] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074f8b0c5 1 byte [62]

    .text C:\PROGRA~2\GbPlugin\GbpSv.exe[880] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000076f91401 2 bytes JMP 74f7eb26 C:\Windows\syswow64\kernel32.dll

    .text C:\PROGRA~2\GbPlugin\GbpSv.exe[880] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000076f91419 2 bytes JMP 74f8b513 C:\Windows\syswow64\kernel32.dll

    .text C:\PROGRA~2\GbPlugin\GbpSv.exe[880] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000076f91431 2 bytes JMP 75008609 C:\Windows\syswow64\kernel32.dll

    .text C:\PROGRA~2\GbPlugin\GbpSv.exe[880] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 0000000076f9144a 2 bytes CALL 74f61dfa C:\Windows\syswow64\kernel32.dll

    .text ... * 9

    .text C:\PROGRA~2\GbPlugin\GbpSv.exe[880] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 0000000076f914dd 2 bytes JMP 75007efe C:\Windows\syswow64\kernel32.dll

    .text C:\PROGRA~2\GbPlugin\GbpSv.exe[880] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 0000000076f914f5 2 bytes JMP 750080d8 C:\Windows\syswow64\kernel32.dll

    .text C:\PROGRA~2\GbPlugin\GbpSv.exe[880] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 0000000076f9150d 2 bytes JMP 75007df4 C:\Windows\syswow64\kernel32.dll

    .text C:\PROGRA~2\GbPlugin\GbpSv.exe[880] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000076f91525 2 bytes JMP 750081c2 C:\Windows\syswow64\kernel32.dll

    .text C:\PROGRA~2\GbPlugin\GbpSv.exe[880] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 0000000076f9153d 2 bytes JMP 74f7f088 C:\Windows\syswow64\kernel32.dll

    .text C:\PROGRA~2\GbPlugin\GbpSv.exe[880] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000076f91555 2 bytes JMP 74f8b885 C:\Windows\syswow64\kernel32.dll

    .text C:\PROGRA~2\GbPlugin\GbpSv.exe[880] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 0000000076f9156d 2 bytes JMP 750086c1 C:\Windows\syswow64\kernel32.dll

    .text C:\PROGRA~2\GbPlugin\GbpSv.exe[880] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000076f91585 2 bytes JMP 75008222 C:\Windows\syswow64\kernel32.dll

    .text C:\PROGRA~2\GbPlugin\GbpSv.exe[880] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 0000000076f9159d 2 bytes JMP 75007db8 C:\Windows\syswow64\kernel32.dll

    .text C:\PROGRA~2\GbPlugin\GbpSv.exe[880] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 0000000076f915b5 2 bytes JMP 74f7f121 C:\Windows\syswow64\kernel32.dll

    .text C:\PROGRA~2\GbPlugin\GbpSv.exe[880] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 0000000076f915cd 2 bytes JMP 74f8b29f C:\Windows\syswow64\kernel32.dll

    .text C:\PROGRA~2\GbPlugin\GbpSv.exe[880] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 0000000076f916b2 2 bytes JMP 75008584 C:\Windows\syswow64\kernel32.dll

    .text C:\PROGRA~2\GbPlugin\GbpSv.exe[880] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 0000000076f916bd 2 bytes JMP 75007d4d C:\Windows\syswow64\kernel32.dll

    .text C:\Windows\system32\svchost.exe[928] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

    .text C:\Windows\system32\atiesrxx.exe[992] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

    .text C:\Windows\System32\svchost.exe[308] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

    .text C:\Windows\System32\svchost.exe[520] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

    .text C:\Windows\system32\svchost.exe[592] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

    .text C:\Windows\system32\svchost.exe[1120] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

    .text C:\Windows\system32\svchost.exe[1236] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

    .text C:\Windows\system32\atieclxx.exe[1284] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

    .text C:\Windows\Explorer.EXE[1540] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

    .text C:\Windows\system32\Dwm.exe[1556] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

    .text C:\Windows\System32\spoolsv.exe[1792] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

    .text C:\Windows\system32\taskhost.exe[1800] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

    .text C:\Windows\system32\svchost.exe[1852] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

    .text C:\Windows\SysWOW64\svchost.exe[1712] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074f8b0c5 1 byte [62]

    .text D:\Victor\Programas\Malware\mbamscheduler.exe[1528] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074f8b0c5 1 byte [62]

    .text C:\Windows\System32\svchost.exe[1224] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

    .text D:\Victor\Programas\Malware\mbamgui.exe[2100] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074f8b0c5 1 byte [62]

    .text C:\Windows\System32\svchost.exe[2168] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

    .text C:\Windows\SysWOW64\PnkBstrA.exe[2188] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074f8b0c5 1 byte [62]

    .text C:\Windows\SysWOW64\PnkBstrA.exe[2188] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 0000000074a117fa 2 bytes CALL 74f61199 C:\Windows\syswow64\kernel32.dll

    .text C:\Windows\SysWOW64\PnkBstrA.exe[2188] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 0000000074a11860 2 bytes CALL 74f61199 C:\Windows\syswow64\kernel32.dll

    .text C:\Windows\SysWOW64\PnkBstrA.exe[2188] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 0000000074a11942 2 bytes JMP 76a6c29f C:\Windows\syswow64\WS2_32.dll

    .text C:\Windows\SysWOW64\PnkBstrA.exe[2188] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 0000000074a1194d 2 bytes JMP 76a6418d C:\Windows\syswow64\WS2_32.dll

    .text C:\Windows\SysWOW64\PnkBstrA.exe[2188] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076f91401 2 bytes JMP 74f7eb26 C:\Windows\syswow64\kernel32.dll

    .text C:\Windows\SysWOW64\PnkBstrA.exe[2188] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076f91419 2 bytes JMP 74f8b513 C:\Windows\syswow64\kernel32.dll

    .text C:\Windows\SysWOW64\PnkBstrA.exe[2188] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076f91431 2 bytes JMP 75008609 C:\Windows\syswow64\kernel32.dll

    .text C:\Windows\SysWOW64\PnkBstrA.exe[2188] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076f9144a 2 bytes CALL 74f61dfa C:\Windows\syswow64\kernel32.dll

    .text ... * 9

    .text C:\Windows\SysWOW64\PnkBstrA.exe[2188] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076f914dd 2 bytes JMP 75007efe C:\Windows\syswow64\kernel32.dll

    .text C:\Windows\SysWOW64\PnkBstrA.exe[2188] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076f914f5 2 bytes JMP 750080d8 C:\Windows\syswow64\kernel32.dll

    .text C:\Windows\SysWOW64\PnkBstrA.exe[2188] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076f9150d 2 bytes JMP 75007df4 C:\Windows\syswow64\kernel32.dll

    .text C:\Windows\SysWOW64\PnkBstrA.exe[2188] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076f91525 2 bytes JMP 750081c2 C:\Windows\syswow64\kernel32.dll

    .text C:\Windows\SysWOW64\PnkBstrA.exe[2188] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076f9153d 2 bytes JMP 74f7f088 C:\Windows\syswow64\kernel32.dll

    .text C:\Windows\SysWOW64\PnkBstrA.exe[2188] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076f91555 2 bytes JMP 74f8b885 C:\Windows\syswow64\kernel32.dll

    .text C:\Windows\SysWOW64\PnkBstrA.exe[2188] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076f9156d 2 bytes JMP 750086c1 C:\Windows\syswow64\kernel32.dll

    .text C:\Windows\SysWOW64\PnkBstrA.exe[2188] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076f91585 2 bytes JMP 75008222 C:\Windows\syswow64\kernel32.dll

    .text C:\Windows\SysWOW64\PnkBstrA.exe[2188] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076f9159d 2 bytes JMP 75007db8 C:\Windows\syswow64\kernel32.dll

    .text C:\Windows\SysWOW64\PnkBstrA.exe[2188] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076f915b5 2 bytes JMP 74f7f121 C:\Windows\syswow64\kernel32.dll

    .text C:\Windows\SysWOW64\PnkBstrA.exe[2188] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076f915cd 2 bytes JMP 74f8b29f C:\Windows\syswow64\kernel32.dll

    .text C:\Windows\SysWOW64\PnkBstrA.exe[2188] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076f916b2 2 bytes JMP 75008584 C:\Windows\syswow64\kernel32.dll

    .text C:\Windows\SysWOW64\PnkBstrA.exe[2188] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076f916bd 2 bytes JMP 75007d4d C:\Windows\syswow64\kernel32.dll

    .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2392] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

    .text C:\Program Files (x86)\Java\jre7\bin\javaw.exe[2564] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074f8b0c5 1 byte [62]

    .text C:\Program Files\Windows Sidebar\sidebar.exe[2572] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

    .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2772] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074f8b0c5 1 byte [62]

    .text C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe[2788] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074f8b0c5 1 byte [62]

    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2832] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074f8b0c5 1 byte [62]

    .text C:\Windows\system32\svchost.exe[2968] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

    .text C:\Windows\system32\SearchIndexer.exe[3076] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

    .text C:\Windows\system32\svchost.exe[3212] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

    .text C:\Windows\system32\WUDFHost.exe[3288] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4380] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4756] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074f8b0c5 1 byte [62]

    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[4800] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074f8b0c5 1 byte [62]

    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[4984] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074f8b0c5 1 byte [62]

    .text C:\Windows\system32\sppsvc.exe[3680] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

    .text C:\Windows\System32\svchost.exe[1364] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

    .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[920] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

    .text C:\Windows\system32\AUDIODG.EXE[3364] C:\Windows\System32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

    .text C:\Windows\system32\NOTEPAD.EXE[1356] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

    .text C:\Users\Cliente\Desktop\Nova pasta\gmer.exe[4588] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074f8b0c5 1 byte [62]

    ---- Kernel code sections - GMER 2.1 ----

    INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification

    ---- Services - GMER 2.1 ----

    Service C:\Windows\system32\drivers\aswFsBlk.sys (*** hidden *** ) [AUTO] aswFsBlk <-- ROOTKIT !!!

    Service C:\Windows\system32\drivers\aswMonFlt.sys (*** hidden *** ) [AUTO] aswMonFlt <-- ROOTKIT !!!

    Service C:\Windows\System32\Drivers\aswrdr2.sys (*** hidden *** ) [sYSTEM] aswRdr <-- ROOTKIT !!!

    Service C:\Windows\system32\drivers\aswRvrt.sys (*** hidden *** ) [bOOT] aswRvrt <-- ROOTKIT !!!

    Service C:\Windows\system32\drivers\aswSnx.sys (*** hidden *** ) [sYSTEM] aswSnx <-- ROOTKIT !!!

    Service C:\Windows\system32\drivers\aswSP.sys (*** hidden *** ) [sYSTEM] aswSP <-- ROOTKIT !!!

    Service C:\Windows\system32\drivers\aswTdi.sys (*** hidden *** ) [sYSTEM] aswTdi <-- ROOTKIT !!!

    Service C:\Windows\system32\drivers\aswVmm.sys (*** hidden *** ) [bOOT] aswVmm <-- ROOTKIT !!!

    Service C:\Program Files\AVAST Software\Avast\AvastSvc.exe (*** hidden *** ) [AUTO] avast! Antivirus <-- ROOTKIT !!!

    ---- Registry - GMER 2.1 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Type 2

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Start 2

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ErrorControl 1

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DisplayName aswFsBlk

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Group FSFilter Activity Monitor

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DependOnService FltMgr?

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk)

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Tag 2

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Type 2

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Start 2

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ErrorControl 1

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DisplayName aswMonFlt

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Group FSFilter Anti-Virus

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DependOnService FltMgr?

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt)

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Type 1

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Start 1

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ErrorControl 1

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DisplayName aswRdr

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Group PNP_TDI

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DependOnService tcpip?

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Description avast! WFP Redirect driver

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@MSIgnoreLSPDefault

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Type 1

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Start 0

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@ErrorControl 1

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@DisplayName aswRvrt

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Description avast! Revert

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@BootCounter 35

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@TickCounter 932471

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition2\Windows

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@ImproperShutdown 1

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Type 2

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Start 1

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ErrorControl 1

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DisplayName aswSnx

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Group FSFilter Virtualization

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DependOnService FltMgr?

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Description avast! virtualization driver (aswSnx)

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Tag 2

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances@DefaultInstance aswSnx Instance

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Altitude 137600

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Flags 0

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Type 1

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Start 1

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@ErrorControl 1

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@DisplayName aswSP

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Description avast! Self Protection

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@BehavShield 1

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Type 1

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Start 1

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ErrorControl 1

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DisplayName avast! Network Shield Support

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Group PNP_TDI

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DependOnService tcpip?

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Description avast! Network Shield TDI driver

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Tag 9

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Type 1

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Start 0

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@ErrorControl 1

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@DisplayName aswVmm

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Description avast! VM Monitor

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm\Parameters

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm

    Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Type 32

    Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Start 2

    Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ErrorControl 1

    Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"

    Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DisplayName avast! Antivirus

    Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Group ShellSvcGroup

    Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS?

    Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@WOW64 1

    Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ObjectName LocalSystem

    Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ServiceSidType 1

    Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Description Gerencia e executa os servi?os do antiv?rus avast! neste computador. Isto inclui os M?dulos residentes, a Quarentena e o Agendador.

    Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus

    Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Type 2

    Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Start 2

    Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ErrorControl 1

    Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DisplayName aswFsBlk

    Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Group FSFilter Activity Monitor

    Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DependOnService FltMgr?

    Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk)

    Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Tag 2

    Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances (not active ControlSet)

    Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance

    Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance (not active ControlSet)

    Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400

    Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0

    Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Type 2

    Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Start 2

    Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ErrorControl 1

    Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys

    Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DisplayName aswMonFlt

    Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Group FSFilter Anti-Virus

    Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DependOnService FltMgr?

    Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt)

    Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances (not active ControlSet)

    Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance

    Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance (not active ControlSet)

    Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700

    Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0

    Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys

    Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Type 1

    Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Start 1

    Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ErrorControl 1

    Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DisplayName aswRdr

    Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Group PNP_TDI

    Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DependOnService tcpip?

    Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Description avast! WFP Redirect driver

    Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters (not active ControlSet)

    Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@MSIgnoreLSPDefault

    Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll

    Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Type 1

    Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Start 0

    Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@ErrorControl 1

    Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@DisplayName aswRvrt

    Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Description avast! Revert

    Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters (not active ControlSet)

    Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@BootCounter 35

    Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@TickCounter 932471

    Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition2\Windows

    Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@ImproperShutdown 1

    Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Type 2

    Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Start 1

    Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@ErrorControl 1

    Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DisplayName aswSnx

    Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Group FSFilter Virtualization

    Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DependOnService FltMgr?

    Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Description avast! virtualization driver (aswSnx)

    Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Tag 2

    Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances (not active ControlSet)

    Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances@DefaultInstance aswSnx Instance

    Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance (not active ControlSet)

    Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Altitude 137600

    Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Flags 0

    Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters (not active ControlSet)

    Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast

    Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast

    Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Type 1

    Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Start 1

    Reg HKLM\SYSTEM\ControlSet002\services\aswSP@ErrorControl 1

    Reg HKLM\SYSTEM\ControlSet002\services\aswSP@DisplayName aswSP

    Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Description avast! Self Protection

    Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters (not active ControlSet)

    Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@BehavShield 1

    Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast

    Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast

    Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files

    Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget

    Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Type 1

    Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Start 1

    Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@ErrorControl 1

    Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DisplayName avast! Network Shield Support

    Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Group PNP_TDI

    Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DependOnService tcpip?

    Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Description avast! Network Shield TDI driver

    Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Tag 9

    Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Type 1

    Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Start 0

    Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@ErrorControl 1

    Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@DisplayName aswVmm

    Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Description avast! VM Monitor

    Reg HKLM\SYSTEM\ControlSet002\services\aswVmm\Parameters (not active ControlSet)

    Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Type 32

    Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Start 2

    Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ErrorControl 1

    Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"

    Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DisplayName avast! Antivirus

    Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Group ShellSvcGroup

    Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS?

    Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@WOW64 1

    Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ObjectName LocalSystem

    Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ServiceSidType 1

    Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Description Gerencia e executa os servi?os do antiv?rus avast! neste computador. Isto inclui os M?dulos residentes, a Quarentena e o Agendador.

    ---- EOF - GMER 2.1 ----

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caro Gringo20

    Recomendo que salve este tópico em seus Favoritos para facilitar na hora de encontrá-lo.

    Por favor, atente para o seguinte:

    • Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP);
    • O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
    • Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
    • Sempre coloque suas respostas neste tópico... Não abra outro!
    • Procure sempre me manter informado, durante a remoção, sobre o que acontece com seu computador.
    • Respeite a ordem das instruções passadas.
    • Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

    # Etapa nº 1 #

    Leia este artigo e tome as medidas necessárias:

    http://www.linhadefensiva.org/2012/03/criminosos-alteram-dns-de-modems-usando-falha-para-realizar-fraudes/

    Depois faça:

    Faça o download do BankerFix e salve em seu desktop.

    • Importante:A ferramenta irá finalizar o Internet Explorer. Salve qualquer link que precisar antes de executá-la.
    • Clique duas vezes no ícone instalador do BankerFix.
    • Na janela que abrir clique em Executar. Depois clique em Sim.
    • Abrirá uma janela de aviso, certifique que seu computador esteja conectado a Internet. Clique em Ok
    • Vai perceber uma "movimentação" na barra de tarefas... Na janela que abrir em Ok para executar a ferramenta.
    • Abrirá um prompt. Pressione qualquer tecla para continuar.
    • Aguarde...
    • Novamente, pressione qualquer tecla para continuar.
    • Quando terminar, cole o conteúdo do arquivo C:\LinhaDefensiva\relatorio.txt em sua próxima resposta.

    Depois de fazer sua resposta você pode apagar a pasta: C:\LinhaDefensiva

    # Etapa nº 2 #

    Faça o download Junkware Removal Tool e salve em seu Desktop.

    • Desative seus programas de proteção (antivírus etc) para evitar qualquer conflito.
    • Clique duas vezes JRT.exe
      • Se seu sistema for Windows Vista ou Windows 7 ou Windows 8, clique com o botão direito do mouse e peça para Executar como Administrador.

      [*]Seja paciente e aguarde o scan terminar.[*]Abra o log JRT.txt que está em seu Desktop.[*]Copie todo conteúdo e cole em sua próximo mensagem.

    # Etapa nº 3 #

    • Clique duas vezes no adwcleaner.exe
      • Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png

    • Clique em Pesquisar
    • No final do scan será aberto um log com o resultado.
    • Caso algo seja detectado, clique então no botão Remover.
    • Novamente, no final do scan será aberto um log com o resultado.
    • Copie todo seu conteúdo e cole em sua próxima resposta.

    # Etapa nº 4 #

    Leia as instruções contidas neste link:

    Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

    1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

    [*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).[*]Duplo clique no icone desktopicon.png que está no desktop.[*]Leia e aceite as condições, digitando 1 e enter.[*]Computadores com Windows XP deverão instalar o Console de Recuperação:

    • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
    • Clique em "OK" ao EULA.
    • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

    [*]O ComboFix será executado, por favor seja paciente e aguarde. [*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.[*]Poderá surgir o aviso que é necessário reiniciar o computador.

    NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

    NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

    • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
    • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
    • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Diego, aqui vai os logs. Obrigado!

    BANKERFIX

    BankerFix 3.5 VALKYRIE - Removedor de Bankers

    Linha Defensiva | http://www.linhadefensiva.org

    http://www.linhadefensiva.org/bankerfix/

    -------------------------------------------------------

    Data: 2013-09-13 - 19:42

    -------------------------------------------------------

    Lista de Definição: 2012-08-22-1 | CORE: 2012-08-22-6

    =======================================================

    ----- Fim -------------------------

    JUNKWARE

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Junkware Removal Tool (JRT) by Thisisu

    Version: 6.0.0 (09.12.2013:1)

    OS: Windows 7 Ultimate x64

    Ran by Cliente on 13/09/2013 at 19:45:09,27

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    ~~~ Services

    ~~~ Registry Values

    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

    ~~~ Files

    ~~~ Folders

    Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"

    ~~~ FireFox

    Emptied folder: C:\Users\Cliente\AppData\Roaming\mozilla\firefox\profiles\61cgnupz.default\minidumps [3 files]

    ~~~ Chrome

    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google\Chrome\extensioninstallforcelist [blacklisted Policy]

    ~~~ Event Viewer Logs were cleared

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Scan was completed on 13/09/2013 at 19:49:41,16

    End of JRT log

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • COMBOFIX

    ComboFix 13-09-13.03 - Cliente 13/09/2013 20:00:39.1.4 - x64

    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1046.18.4050.2589 [GMT -3:00]

    Executando de: c:\users\Cliente\Desktop\ComboFix.exe

    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    .

    .

    ((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    c:\users\Cliente\AppData\Roaming\unins000.exe

    .

    .

    (((((((((((((((( Arquivos/Ficheiros criados de 2013-08-13 to 2013-09-13 ))))))))))))))))))))))))))))

    .

    .

    2013-09-13 23:03 . 2013-09-13 23:03 -------- d-----w- c:\users\Default\AppData\Local\temp

    2013-09-13 22:51 . 2013-09-13 22:52 -------- d-----w- C:\AdwCleaner

    2013-09-13 22:45 . 2013-09-13 22:45 -------- d-----w- c:\windows\ERUNT

    2013-09-13 22:40 . 2013-09-13 22:42 -------- d-----w- C:\LinhaDefensiva

    2013-09-13 22:38 . 2013-09-13 22:38 -------- d-----w- c:\programdata\DAEMON Tools Lite

    2013-09-05 13:25 . 2013-09-05 13:25 -------- d-----w- c:\program files (x86)\Common Files\Java

    2013-09-05 13:25 . 2013-09-05 13:24 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

    2013-09-05 13:24 . 2013-09-05 13:24 -------- d-----w- c:\program files (x86)\Java

    2013-09-04 14:54 . 2013-09-13 22:53 31088 ----a-w- c:\windows\SysWow64\drivers\gbpndisrd.sys

    2013-09-04 14:54 . 2013-05-08 12:52 49536 ----a-w- c:\windows\SysWow64\drivers\gbpkm.sys

    2013-09-04 14:54 . 2013-09-04 14:54 -------- d-----w- c:\program files (x86)\GbPlugin

    2013-09-04 14:54 . 2013-09-04 14:54 -------- d-----w- c:\programdata\GbPlugin

    2013-09-04 14:54 . 2013-09-13 18:54 -------- d-----w- c:\programdata\GAS Tecnologia

    2013-09-03 14:02 . 2013-09-11 12:15 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

    2013-09-03 14:02 . 2013-09-11 12:15 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

    2013-09-03 13:40 . 2013-09-03 13:40 -------- d-----w- c:\windows\system32\appmgmt

    2013-09-02 22:12 . 2013-09-02 22:12 -------- d-----w- c:\program files (x86)\Common Files\Steam

    2013-09-02 15:48 . 2013-09-02 15:48 -------- d-----w- c:\programdata\WEBREG

    2013-09-02 15:44 . 2013-09-02 15:44 -------- d-----w- c:\programdata\HP Product Assistant

    2013-09-02 15:43 . 2013-09-02 15:43 -------- d-----w- c:\program files (x86)\Common Files\HP

    2013-09-02 15:43 . 2013-09-02 15:43 -------- d-----w- c:\program files (x86)\Common Files\Hewlett-Packard

    2013-09-02 15:43 . 2013-09-02 15:45 -------- d-----w- c:\program files (x86)\HP

    2013-09-02 15:42 . 2013-09-02 15:48 -------- d-----w- c:\programdata\HP

    2013-09-02 15:42 . 2009-07-08 10:51 938496 ----a-w- c:\windows\system32\hpowiax8.dll

    2013-09-02 15:42 . 2009-07-08 10:51 642360 ----a-w- c:\windows\system32\hpzids40.dll

    2013-09-02 15:42 . 2009-07-08 10:51 551424 ----a-w- c:\windows\system32\hppldcoi.dll

    2013-09-02 15:42 . 2009-07-08 10:51 505344 ----a-w- c:\windows\system32\hpovst14.dll

    2013-09-02 15:42 . 2009-07-08 10:51 1406464 ----a-w- c:\windows\system32\hpotiop6.dll

    2013-08-26 19:22 . 2013-08-26 19:22 -------- d-----w- c:\program files (x86)\Common Files\Skype

    2013-08-26 19:22 . 2013-08-26 19:22 -------- d-----r- c:\program files (x86)\Skype

    2013-08-26 19:22 . 2013-08-26 19:22 -------- d-----w- c:\programdata\Skype

    2013-08-26 15:11 . 2013-08-26 15:11 -------- d-----w- C:\Lector

    2013-08-24 20:00 . 2013-09-13 21:41 290184 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

    2013-08-24 19:59 . 2013-08-24 19:59 -------- d-----w- c:\program files (x86)\Origin Games

    2013-08-24 19:57 . 2013-09-13 00:06 -------- d-----w- c:\program files (x86)\Origin

    2013-08-24 19:48 . 2013-08-24 19:48 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller

    2013-08-24 19:48 . 2013-09-13 21:41 290184 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

    2013-08-24 19:48 . 2013-09-13 21:41 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

    2013-08-24 19:48 . 2013-08-24 20:05 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe

    2013-08-24 19:46 . 2005-03-18 20:19 3823312 ----a-w- c:\windows\system32\d3dx9_25.dll

    2013-08-24 19:46 . 2005-02-05 22:45 3544272 ----a-w- c:\windows\system32\d3dx9_24.dll

    2013-08-24 07:03 . 2013-08-24 07:03 -------- d-----w- c:\programdata\Hewlett-Packard

    2013-08-24 07:03 . 2009-07-14 01:41 230400 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpzppw71.dll

    2013-08-24 07:02 . 2013-08-24 07:02 -------- d-----w- c:\programdata\ATI

    2013-08-24 06:17 . 2009-11-25 15:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll

    2013-08-24 06:17 . 2009-11-25 15:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll

    2013-08-24 06:17 . 2009-11-25 15:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll

    2013-08-24 06:17 . 2009-11-25 15:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe

    2013-08-24 06:17 . 2009-11-25 15:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll

    2013-08-24 06:17 . 2009-11-25 15:47 48960 ----a-w- c:\windows\system32\netfxperf.dll

    2013-08-24 06:17 . 2009-11-25 15:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll

    2013-08-24 06:17 . 2009-11-25 15:47 444752 ----a-w- c:\windows\system32\mscoree.dll

    2013-08-24 06:17 . 2009-11-25 15:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe

    2013-08-24 06:17 . 2009-11-25 15:47 1942856 ----a-w- c:\windows\system32\dfshim.dll

    2013-08-24 05:50 . 2013-08-24 05:50 0 ----a-w- c:\windows\ativpsrm.bin

    2013-08-24 05:44 . 2013-08-24 05:44 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services

    2013-08-24 05:44 . 2013-08-24 06:18 -------- d-----w- c:\program files (x86)\Microsoft.NET

    2013-08-24 05:44 . 2013-08-24 05:44 -------- d-----w- c:\windows\PCHEALTH

    2013-08-24 05:44 . 2013-08-24 05:44 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework

    2013-08-24 05:44 . 2013-08-24 05:44 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition

    2013-08-24 05:43 . 2013-08-24 05:43 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8

    2013-08-24 05:42 . 2013-08-24 05:42 -------- d-----w- c:\program files\Microsoft Office

    2013-08-24 05:42 . 2013-08-24 05:42 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services

    2013-08-24 05:41 . 2013-08-24 05:46 -------- d-----w- c:\programdata\Microsoft Help

    2013-08-24 05:41 . 2013-08-24 05:41 -------- d-----r- C:\MSOCache

    2013-08-24 04:58 . 2013-09-04 14:25 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service

    2013-08-24 04:58 . 2013-05-09 08:59 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

    2013-08-24 04:58 . 2013-08-23 20:14 378944 ----a-w- c:\windows\system32\drivers\aswSP.sys

    2013-08-24 04:58 . 2013-05-09 08:59 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

    2013-08-24 04:58 . 2013-08-23 20:14 1030952 ----a-w- c:\windows\system32\drivers\aswSnx.sys

    2013-08-24 04:58 . 2013-05-09 08:59 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys

    2013-08-24 04:58 . 2013-08-23 20:14 189936 ----a-w- c:\windows\system32\drivers\aswVmm.sys

    2013-08-24 04:58 . 2013-05-09 08:59 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

    2013-08-24 04:58 . 2013-05-09 08:59 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

    2013-08-24 04:58 . 2013-05-09 08:58 287840 ----a-w- c:\windows\system32\aswBoot.exe

    2013-08-24 04:57 . 2013-05-09 08:58 41664 ----a-w- c:\windows\avastSS.scr

    2013-08-24 04:57 . 2013-08-24 04:57 -------- d-----w- c:\program files\AVAST Software

    2013-08-24 04:57 . 2013-08-24 04:57 -------- d-----w- c:\programdata\AVAST Software

    2013-08-24 04:49 . 2013-08-24 04:49 -------- d-----w- c:\programdata\AMD

    2013-08-24 04:49 . 2013-08-24 04:49 -------- d-----w- c:\program files (x86)\AMD AVT

    2013-08-24 04:49 . 2013-08-24 04:49 -------- d-----w- c:\program files\Common Files\ATI Technologies

    2013-08-24 04:49 . 2013-08-24 04:49 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies

    2013-08-24 04:48 . 2013-08-24 04:48 -------- d-----w- c:\program files (x86)\ATI Technologies

    2013-08-24 04:48 . 2013-09-05 13:25 -------- d-sh--w- c:\windows\Installer

    2013-08-24 04:48 . 2013-08-24 04:49 -------- d-----w- c:\program files\ATI Technologies

    2013-08-24 04:48 . 2013-08-24 04:48 -------- d-----w- c:\program files\ATI

    2013-08-24 04:47 . 2013-08-24 04:47 -------- d-----w- C:\AMD

    2013-08-24 04:45 . 2013-08-24 04:45 -------- d-----w- c:\windows\SysWow64\RTCOM

    2013-08-24 04:45 . 2013-08-24 04:45 -------- d-----w- c:\program files\Realtek

    2013-08-24 04:43 . 2013-08-24 04:43 -------- d-----w- c:\program files (x86)\Intel

    2013-08-24 04:43 . 2012-07-04 13:55 53248 ----a-w- c:\windows\SysWow64\CSVer.dll

    2013-08-24 04:43 . 2013-08-24 04:43 -------- d-----w- C:\Intel

    2013-08-24 04:43 . 2013-08-24 04:43 -------- d-----w- C:\MSI

    2013-08-24 04:16 . 2013-08-23 22:13 -------- d-----w- c:\windows\Panther

    2013-08-24 04:01 . 2013-08-24 04:01 -------- d-----w- c:\windows\SysWow64\Macromed

    2013-08-24 04:01 . 2013-08-24 04:01 -------- d-----w- c:\windows\system32\Macromed

    2013-08-23 22:13 . 2013-08-23 22:13 -------- d-----w- c:\program files\CCleaner

    2013-08-23 22:12 . 2013-08-23 22:12 -------- d-----w- c:\programdata\Malwarebytes

    2013-08-23 22:12 . 2013-04-04 17:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

    2013-08-23 20:57 . 2013-08-23 20:57 -------- d-----w- c:\windows\Sun

    2013-08-23 20:41 . 2013-08-23 20:41 -------- d-----w- c:\programdata\Steam

    2013-08-23 20:40 . 2013-08-23 20:39 706560 ----a-w- c:\windows\SysWow64\termsrv.dll.bak

    2013-08-23 20:40 . 2013-08-23 20:39 706560 ----a-w- c:\windows\system32\termsrv.dll.bak

    2013-08-23 20:37 . 2013-08-23 20:37 -------- d-----w- c:\program files (x86)\Battlelog Web Plugins

    2013-08-23 20:35 . 2013-09-05 13:24 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll

    2013-08-23 20:35 . 2013-09-05 13:24 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

    2013-08-23 20:29 . 2013-08-20 03:46 9515512 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{26B6DD88-D8F3-4143-8347-4460AB14CDEA}\mpengine.dll

    2013-08-23 20:29 . 2013-05-02 05:06 278800 ------w- c:\windows\system32\MpSigStub.exe

    2013-08-23 20:22 . 2013-08-23 21:55 -------- d-----w- c:\programdata\Origin

    2013-08-23 20:21 . 2013-08-23 20:24 -------- d-----w- c:\program files (x86)\Google

    2013-08-23 20:19 . 2013-08-24 20:00 -------- d-----w- c:\programdata\Electronic Arts

    2013-08-23 20:19 . 2013-08-23 20:19 -------- d-----w- c:\programdata\EA Core

    2013-08-23 20:19 . 2013-08-25 04:31 -------- d-----w- c:\programdata\EA Logs

    .

    .

    .

    ((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2013-09-13 22:38 . 2012-03-29 20:21 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

    .

    .

    ------- Sigcheck -------

    Note: Unsigned files aren't necessarily malware.

    .

    [7] 2009-07-14 . 0F05EC2887BFE197AD82A13287D2F404 . 706560 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7600.16385_none_ea94336f6df51e09\termsrv.dll

    .

    c:\windows\system32\termsrv.dll ... está faltando !!

    .

    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

    .

    .

    *Nota* entradas vazias e legítimas por padrão não são apresentadas.

    REGEDIT4

    .

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "JAVA"="c:\program files (x86)\Java\jre7\bin\javaw.exe" [2013-09-05 175016]

    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-03-29 642656]

    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]

    "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

    "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

    "hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]

    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]

    .

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

    HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "ConsentPromptBehaviorAdmin"= 0 (0x0)

    "ConsentPromptBehaviorUser"= 3 (0x3)

    "EnableLUA"= 0 (0x0)

    "EnableUIADesktopToggle"= 0 (0x0)

    "PromptOnSecureDesktop"= 0 (0x0)

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

    2013-07-15 14:23 1410088 ----a-w- c:\program files (x86)\GbPlugin\gbieh.dll

    .

    R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys;c:\windows\SYSNATIVE\drivers\GbpKm.sys [x]

    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

    R3 MSICDSetup;MSICDSetup;e:\cdriver64.sys;e:\CDriver64.sys [x]

    R3 NTIOLib_1_0_C;NTIOLib_1_0_C;e:\ntiolib_x64.sys;e:\NTIOLib_X64.sys [x]

    S0 aswRvrt;aswRvrt; [x]

    S0 aswVmm;aswVmm; [x]

    S1 aswSnx;aswSnx; [x]

    S1 aswSP;aswSP; [x]

    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]

    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]

    S2 aswFsBlk;aswFsBlk; [x]

    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]

    S2 GbpSv;Gbp Service;c:\progra~2\GbPlugin\GbpSv.exe;c:\progra~2\GbPlugin\GbpSv.exe [x]

    S2 MBAMScheduler;MBAMScheduler;d:\victor\Programas\Malware\mbamscheduler.exe;d:\victor\Programas\Malware\mbamscheduler.exe [x]

    S2 MBAMService;MBAMService;d:\victor\Programas\Malware\mbamservice.exe;d:\victor\Programas\Malware\mbamservice.exe [x]

    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]

    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

    S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]

    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

    .

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

    2013-09-13 04:28 1198544 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1626.5\Installer\chrmstp.exe

    .

    Conteúdo da pasta 'Tarefas Agendadas'

    .

    2013-09-13 c:\windows\Tasks\Adobe Flash Player Updater.job

    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-03 12:15]

    .

    2013-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-23 20:21]

    .

    2013-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-23 20:21]

    .

    .

    --------- X64 Entries -----------

    .

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

    @="{472083B0-C522-11CF-8763-00608CC02F24}"

    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

    2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2013-01-15 6963272]

    .

    ------- Scan Suplementar -------

    .

    uLocal Page = c:\windows\system32\blank.htm

    mLocal Page = c:\windows\SysWOW64\blank.htm

    IE: &Enviar para o OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

    IE: E&xportar para o Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

    Trusted Zone: bancobrasil.com.br\www

    Trusted Zone: bancobrasil.com.br\www14

    Trusted Zone: bancobrasil.com.br\www2

    Trusted Zone: bb.com.br\www

    TCP: DhcpNameServer = 192.168.0.1

    FF - ProfilePath - c:\users\Cliente\AppData\Roaming\Mozilla\Firefox\Profiles\61cgnupz.default\

    FF - prefs.js: network.proxy.type - 2

    FF - ExtSQL: 2013-08-24 01:57; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF

    FF - ExtSQL: 2013-09-02 12:45; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

    FF - ExtSQL: 2013-09-04 11:54; {87F8774F-B485-47E2-A755-A40A8A5E886C}; c:\users\Cliente\AppData\Local\GAS Tecnologia\GBBD\bb\xpi

    FF - ExtSQL: !HIDDEN! 2013-09-02 12:45; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

    .

    - - - - ORFÃOS REMOVIDOS - - - -

    .

    AddRemove-Steam App 236390 - d:\victor\Steam\steam.exe

    AddRemove-{36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1 - c:\users\Cliente\AppData\Roaming\unins000.exe

    .

    .

    .

    --------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

    @Denied: (A 2) (Everyone)

    @="FlashBroker"

    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

    "Enabled"=dword:00000001

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

    @Denied: (A 2) (Everyone)

    @="Shockwave Flash Object"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"

    "ThreadingModel"="Apartment"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

    @="0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

    @="ShockwaveFlash.ShockwaveFlash.10"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

    @="1.0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

    @="ShockwaveFlash.ShockwaveFlash"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

    @Denied: (A 2) (Everyone)

    @="Macromedia Flash Factory Object"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"

    "ThreadingModel"="Apartment"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

    @="FlashFactory.FlashFactory.1"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

    @="1.0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

    @="FlashFactory.FlashFactory"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

    @Denied: (A 2) (Everyone)

    @="IFlashBroker3"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

    @="{00020424-0000-0000-C000-000000000046}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    "Version"="1.0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

    @Denied: (A) (Everyone)

    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

    @Denied: (A) (Everyone)

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

    "Key"="ActionsPane3"

    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

    @Denied: (Full) (Everyone)

    .

    Tempo para conclusão: 2013-09-13 20:05:49

    ComboFix-quarantined-files.txt 2013-09-13 23:05

    .

    Pré-execução: 27.753.586.688 bytes disponíveis

    Pós execução: 28.297.093.120 bytes disponíveis

    .

    - - End Of File - - 1197556B82B2A4714AB0B35D28FE9AE2

    A36C5E4F47E84449FF07ED3517B43A31

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • @diego_moicano

    Só gostaria de relatar que depois de passar os programas corretamente da forma que você falou, percebi que o carregamento das páginas ficaram mais lentos, em alguns momentos aparece "Servidor não encontrado", eu aperto f5 umas 3 fezes e a página carrega corretamente, lento, mas carrega.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×