Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Gringo20

Suposto Malware, tanto em PC/notebook/Celular.

Recommended Posts

E ae :D

Bom eu postei na área de invasões & infecções, mas por uma recomendação do moderador de lá estou postando aqui.

Ele pediu para eu verificar as configurações de DNS primário e secundário do meu roteador, mandei a imagem a baixo:

XGQBILm.jpg

Com isso ele concluiu que é uma infecção que altera o meu DNS, restando saber se é um malware ou falha de segurança, onde ele diz que o mais provavel é que o problema seja no modem/roteador.

Segue a descrição dos dois problemas, um já foi resolve em partes por mim.

Estou com um problema que não me deixa acessar nenhum vídeo do youtube.

Tento entrar no youtube e aparece essa mensagem (imagem 1) dizendo que meu flash está desatualizado, o que é incorreto de acordo com o site oficial do flash player.

Imagem 1

rhvi.jpg

Além desse problema, toda vez que eu abria algum página da internet, essa mensagem (imagem 2) aparecia, fechava umas três vezes até parar de abrir. Entrava em algum outro site e novamente abria três ou quatro vezes.

Pior que essa irritação é pelo fato de o uso do meu CPU disparar pra 100% quando eu clico em executar.

Nota: Esse problema parou depois de eu desinstalar o JAVA, que até o momento não está fazendo falta.

Imagem 2

enb0.jpg

O que eu sei:

Esse problema no youtube não é constante, ele aparece, passa algumas horas e ele me libera o acesso ao youtube novamente.

É na minha rede/modem, pois tento entrar no youtube no notebook ou celular e a mesma imagem da primeira foto aparece.

Já passei CCleaner, malwarebyte e nada.

Desde já eu agradeço!

Aqui vai os logs:

DDS:

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 8.0.7600.16385

Run by Cliente at 0:54:39 on 2013-09-05

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1046.18.4050.2382 [GMT -3:00]

.

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\PROGRA~2\GbPlugin\GbpSv.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskhost.exe

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\Origin\Origin.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit = userinit.exe,

BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: GbIehObj Class: {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll

BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

uRun: [JAVA] "C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -jar "C:\Users\Cliente\a.gif"

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: &Enviar para o OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: E&xportar para o Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TCP: NameServer = 192.168.0.1

TCP: Interfaces\{EE8F6E3C-EBBD-45D6-AE92-3C2555025E99} : DHCPNameServer = 192.168.0.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

SEH: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1612.2\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Cliente\AppData\Roaming\Mozilla\Firefox\Profiles\61cgnupz.default\

FF - prefs.js: network.proxy.type - 2

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll

FF - plugin: C:\Users\Cliente\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll

FF - plugin: C:\Users\Cliente\AppData\Roaming\raidcall\plugins\nprcplugin.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

FF - ExtSQL: 2013-08-24 01:57; wrc@avast.com; C:\Program Files\AVAST Software\Avast\WebRep\FF

FF - ExtSQL: 2013-09-02 12:45; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF - ExtSQL: 2013-09-04 11:54; {87F8774F-B485-47E2-A755-A40A8A5E886C}; C:\Users\Cliente\AppData\Local\GAS Tecnologia\GBBD\bb\xpi

FF - ExtSQL: !HIDDEN! 2013-09-02 12:45; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

.

============= SERVICES / DRIVERS ===============

.

R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-8-24 65336]

R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-8-24 189936]

R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-8-24 1030952]

R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-8-24 378944]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-3-28 241152]

R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-8-24 33400]

R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-8-24 80816]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-8-24 46808]

R2 GbpSv;Gbp Service;C:\PROGRA~2\GbPlugin\GbpSv.exe [2013-9-4 409640]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-2-14 96768]

R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2013-8-24 32344]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-8-24 805088]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 MBAMScheduler;MBAMScheduler;D:\Victor\Programas\Malware\mbamscheduler.exe [2013-8-23 418376]

S2 MBAMService;MBAMService;D:\Victor\Programas\Malware\mbamservice.exe [2013-8-23 701512]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-7-25 162672]

S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-8-23 25928]

.

=============== Created Last 30 ================

.

2013-09-04 14:57:52 -------- d-----w- C:\ProgramData\boost_interprocess

2013-09-04 14:54:52 49536 ----a-w- C:\Windows\SysWow64\drivers\gbpkm.sys

2013-09-04 14:54:52 31088 ----a-w- C:\Windows\SysWow64\drivers\gbpndisrd.sys

2013-09-04 14:54:37 -------- d-----w- C:\ProgramData\GbPlugin

2013-09-04 14:54:37 -------- d-----w- C:\Program Files (x86)\GbPlugin

2013-09-04 14:54:24 720082 ----a-w- C:\Users\Cliente\AppData\Roaming\unins000.exe

2013-09-04 14:54:24 -------- d-----w- C:\Users\Cliente\AppData\Local\GAS Tecnologia

2013-09-04 14:54:24 -------- d-----w- C:\ProgramData\GAS Tecnologia

2013-09-03 14:03:01 -------- d-----w- C:\Users\Cliente\AppData\Local\Macromedia

2013-09-03 14:02:31 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-09-03 14:02:31 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-09-03 13:40:43 -------- d-----w- C:\Windows\System32\appmgmt

2013-09-02 22:12:34 -------- d-----w- C:\Program Files (x86)\Common Files\Steam

2013-09-02 15:48:04 -------- d-----w- C:\ProgramData\WEBREG

2013-09-02 15:47:46 -------- d-----w- C:\Users\Cliente\AppData\Local\HP

2013-09-02 15:43:58 -------- d-----w- C:\Program Files (x86)\Common Files\HP

2013-09-02 15:43:50 -------- d-----w- C:\Program Files (x86)\Common Files\Hewlett-Packard

2013-09-02 15:43:12 -------- d-----w- C:\Program Files (x86)\HP

2013-09-02 15:42:38 938496 ----a-w- C:\Windows\System32\hpowiax8.dll

2013-09-02 15:42:38 642360 ----a-w- C:\Windows\System32\hpzids40.dll

2013-09-02 15:42:38 551424 ----a-w- C:\Windows\System32\hppldcoi.dll

2013-09-02 15:42:38 505344 ----a-w- C:\Windows\System32\hpovst14.dll

2013-09-02 15:42:38 1406464 ----a-w- C:\Windows\System32\hpotiop6.dll

2013-09-02 08:05:48 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{26B6DD88-D8F3-4143-8347-4460AB14CDEA}\offreg.dll

2013-08-31 22:29:05 -------- d-----w- C:\Users\Cliente\AppData\Local\ElevatedDiagnostics

2013-08-30 19:42:30 -------- d-----w- C:\Users\Cliente\AppData\Roaming\raidcall

2013-08-27 10:26:59 -------- d-----w- C:\Users\Cliente\AppData\Roaming\uTorrent

2013-08-26 19:22:31 -------- d-----r- C:\Program Files (x86)\Skype

2013-08-26 15:12:29 -------- d-----w- C:\Users\Cliente\.javafx

2013-08-26 15:12:26 -------- d-----w- C:\Users\Cliente\Sun

2013-08-26 15:11:54 -------- d-----w- C:\Users\Cliente\.lector

2013-08-26 15:11:54 -------- d-----w- C:\Lector

2013-08-24 20:00:25 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2013-08-24 20:00:22 -------- d-----w- C:\Users\Cliente\AppData\Local\PunkBuster

2013-08-24 19:59:09 -------- d-----w- C:\Program Files (x86)\Origin Games

2013-08-24 19:57:09 -------- d-----w- C:\Program Files (x86)\Origin

2013-08-24 19:48:37 -------- d--h--w- C:\Program Files (x86)\Common Files\EAInstaller

2013-08-24 19:48:06 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2013-08-24 19:48:06 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2013-08-24 19:48:02 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe

2013-08-24 07:03:27 230400 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpzppw71.dll

2013-08-24 07:02:26 -------- d-----w- C:\Users\Cliente\AppData\Local\ATI

2013-08-24 06:17:46 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll

2013-08-24 06:17:46 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll

2013-08-24 06:17:46 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll

2013-08-24 06:17:46 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe

2013-08-24 06:17:46 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll

2013-08-24 06:17:45 48960 ----a-w- C:\Windows\System32\netfxperf.dll

2013-08-24 06:17:45 444752 ----a-w- C:\Windows\System32\mscoree.dll

2013-08-24 06:17:45 320352 ----a-w- C:\Windows\System32\PresentationHost.exe

2013-08-24 06:17:45 1942856 ----a-w- C:\Windows\System32\dfshim.dll

2013-08-24 06:17:45 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll

2013-08-24 05:50:04 0 ----a-w- C:\Windows\ativpsrm.bin

2013-08-24 05:44:18 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services

2013-08-24 05:44:05 -------- d-----w- C:\Windows\PCHEALTH

2013-08-24 05:44:05 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition

2013-08-24 05:43:08 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8

2013-08-24 05:42:36 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services

2013-08-24 05:42:15 -------- d-----w- C:\Users\Cliente\AppData\Local\Microsoft Help

2013-08-24 04:58:26 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service

2013-08-24 04:58:22 72016 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys

2013-08-24 04:58:21 1030952 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2013-08-24 04:58:20 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys

2013-08-24 04:58:20 189936 ----a-w- C:\Windows\System32\drivers\aswVmm.sys

2013-08-24 04:58:14 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2013-08-24 04:57:30 41664 ----a-w- C:\Windows\avastSS.scr

2013-08-24 04:57:21 -------- d-----w- C:\Program Files\AVAST Software

2013-08-24 04:57:04 -------- d-----w- C:\ProgramData\AVAST Software

2013-08-24 04:49:33 -------- d-----w- C:\ProgramData\AMD

2013-08-24 04:49:32 -------- d-----w- C:\Program Files (x86)\AMD AVT

2013-08-24 04:49:29 -------- d-----w- C:\Program Files\Common Files\ATI Technologies

2013-08-24 04:49:29 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies

2013-08-24 04:48:37 -------- d-----w- C:\Program Files (x86)\ATI Technologies

2013-08-24 04:48:34 -------- d-sh--w- C:\Windows\Installer

2013-08-24 04:48:26 -------- d-----w- C:\Program Files\ATI Technologies

2013-08-24 04:48:25 -------- d-----w- C:\Program Files\ATI

2013-08-24 04:47:51 -------- d-----w- C:\AMD

2013-08-24 04:45:05 -------- d-----w- C:\Windows\SysWow64\RTCOM

2013-08-24 04:45:05 -------- d-----w- C:\Program Files\Realtek

2013-08-24 04:43:50 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll

2013-08-24 04:43:48 -------- d-----w- C:\Intel

2013-08-24 04:43:13 -------- d-----w- C:\MSI

2013-08-24 04:16:33 -------- d-----w- C:\Windows\Panther

2013-08-24 03:58:16 -------- d-----w- C:\Users\Cliente\AppData\Local\Adobe

2013-08-23 22:13:17 -------- d-----w- C:\Program Files\CCleaner

2013-08-23 22:12:45 -------- d-----w- C:\Users\Cliente\AppData\Roaming\Malwarebytes

2013-08-23 22:12:40 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-08-23 22:12:40 -------- d-----w- C:\ProgramData\Malwarebytes

2013-08-23 21:55:47 -------- d-----w- C:\Users\Cliente\AppData\Local\Origin

2013-08-23 21:33:20 -------- d-----w- C:\Users\Cliente\AppData\Local\Programs

2013-08-23 20:41:05 -------- d-----w- C:\ProgramData\Steam

2013-08-23 20:40:08 706560 ----a-w- C:\Windows\SysWow64\termsrv.dll

2013-08-23 20:40:08 706560 ----a-w- C:\Windows\System32\termsrv.dll.bak

2013-08-23 20:37:35 -------- d-----w- C:\Users\Cliente\AppData\Local\ESN

2013-08-23 20:37:31 -------- d-----w- C:\Program Files (x86)\Battlelog Web Plugins

2013-08-23 20:35:20 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-08-23 20:35:19 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2013-08-23 20:29:06 9515512 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{26B6DD88-D8F3-4143-8347-4460AB14CDEA}\mpengine.dll

2013-08-23 20:29:05 278800 ------w- C:\Windows\System32\MpSigStub.exe

2013-08-23 20:22:25 -------- d-----w- C:\ProgramData\Origin

2013-08-23 20:21:37 -------- d-----w- C:\Users\Cliente\AppData\Local\Google

2013-08-23 20:20:16 -------- d-----w- C:\Users\Cliente\AppData\Roaming\Origin

2013-08-23 20:19:35 -------- d-----w- C:\ProgramData\Electronic Arts

2013-08-23 20:19:35 -------- d-----w- C:\ProgramData\EA Core

2013-08-23 20:19:34 -------- d-----w- C:\ProgramData\EA Logs

2013-08-23 20:17:20 -------- d-----w- C:\Users\Cliente\AppData\Local\Mozilla

.

==================== Find3M ====================

.

2013-08-23 20:39:29 706560 ----a-w- C:\Windows\System32\termsrv.dll

.

============= FINISH: 0:54:59,90 ===============

GMER:

GMER 2.1.19163 -

http://www.gmer.net

Rootkit scan 2013-09-05 01:01:28

Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HD502HI rev.1AG01118 465,76GB

Running: gmer.exe; Driver: C:\Users\Cliente\AppData\Local\Temp\agdiafow.sys

---- Kernel code sections - GMER 2.1 ----

INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification

---- User code sections - GMER 2.1 ----

.text C:\Windows\system32\wininit.exe[548] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770df1bd 1 byte [62]

.text C:\Windows\system32\services.exe[616] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770df1bd 1 byte [62]

.text C:\Windows\system32\winlogon.exe[640] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770df1bd 1 byte [62]

.text C:\Windows\system32\lsass.exe[668] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770df1bd 1 byte [62]

.text C:\Windows\system32\svchost.exe[776] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770df1bd 1 byte [62]

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[856] C:\Windows\syswow64\kernel32.dll!FreeLibrary 0000000076ee1de2 5 bytes JMP 000000013b0ae02d

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[856] C:\Windows\syswow64\kernel32.dll!FreeLibraryAndExitThread 0000000076efc82d 5 bytes JMP 000000013b0adfa5

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[856] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076f0b0c5 1 byte [62]

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[856] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 00000000750e1401 2 bytes JMP 76efeb26 C:\Windows\syswow64\kernel32.dll

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[856] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 00000000750e1419 2 bytes JMP 76f0b513 C:\Windows\syswow64\kernel32.dll

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[856] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 00000000750e1431 2 bytes JMP 76f88609 C:\Windows\syswow64\kernel32.dll

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[856] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 00000000750e144a 2 bytes CALL 76ee1dfa C:\Windows\syswow64\kernel32.dll

.text ... * 9

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[856] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000750e14dd 2 bytes JMP 76f87efe C:\Windows\syswow64\kernel32.dll

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[856] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000750e14f5 2 bytes JMP 76f880d8 C:\Windows\syswow64\kernel32.dll

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[856] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 00000000750e150d 2 bytes JMP 76f87df4 C:\Windows\syswow64\kernel32.dll

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[856] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 00000000750e1525 2 bytes JMP 76f881c2 C:\Windows\syswow64\kernel32.dll

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[856] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 00000000750e153d 2 bytes JMP 76eff088 C:\Windows\syswow64\kernel32.dll

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[856] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 00000000750e1555 2 bytes JMP 76f0b885 C:\Windows\syswow64\kernel32.dll

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[856] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 00000000750e156d 2 bytes JMP 76f886c1 C:\Windows\syswow64\kernel32.dll

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[856] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 00000000750e1585 2 bytes JMP 76f88222 C:\Windows\syswow64\kernel32.dll

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[856] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 00000000750e159d 2 bytes JMP 76f87db8 C:\Windows\syswow64\kernel32.dll

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[856] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000750e15b5 2 bytes JMP 76eff121 C:\Windows\syswow64\kernel32.dll

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[856] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000750e15cd 2 bytes JMP 76f0b29f C:\Windows\syswow64\kernel32.dll

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[856] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000750e16b2 2 bytes JMP 76f88584 C:\Windows\syswow64\kernel32.dll

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[856] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000750e16bd 2 bytes JMP 76f87d4d C:\Windows\syswow64\kernel32.dll

.text C:\Windows\system32\svchost.exe[904] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770df1bd 1 byte [62]

.text C:\Windows\system32\atiesrxx.exe[968] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770df1bd 1 byte [62]

.text C:\Windows\System32\svchost.exe[124] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770df1bd 1 byte [62]

.text C:\Windows\System32\svchost.exe[268] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770df1bd 1 byte [62]

.text C:\Windows\system32\svchost.exe[488] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770df1bd 1 byte [62]

.text C:\Windows\system32\svchost.exe[1072] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770df1bd 1 byte [62]

.text C:\Windows\system32\svchost.exe[1216] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770df1bd 1 byte [62]

.text C:\Windows\Explorer.EXE[1528] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770df1bd 1 byte [62]

.text C:\Windows\System32\spoolsv.exe[1696] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770df1bd 1 byte [62]

.text C:\Windows\system32\svchost.exe[1744] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770df1bd 1 byte [62]

.text C:\Windows\SysWOW64\svchost.exe[1936] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076f0b0c5 1 byte [62]

.text C:\Windows\System32\svchost.exe[1668] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770df1bd 1 byte [62]

.text C:\Windows\SysWOW64\PnkBstrA.exe[1592] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076f0b0c5 1 byte [62]

.text C:\Windows\SysWOW64\PnkBstrA.exe[1592] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 0000000074ed17fa 2 bytes CALL 76ee1199 C:\Windows\syswow64\kernel32.dll

.text C:\Windows\SysWOW64\PnkBstrA.exe[1592] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 0000000074ed1860 2 bytes CALL 76ee1199 C:\Windows\syswow64\kernel32.dll

.text C:\Windows\SysWOW64\PnkBstrA.exe[1592] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 0000000074ed1942 2 bytes JMP 7666c29f C:\Windows\syswow64\WS2_32.dll

.text C:\Windows\SysWOW64\PnkBstrA.exe[1592] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 0000000074ed194d 2 bytes JMP 7666418d C:\Windows\syswow64\WS2_32.dll

.text C:\Windows\SysWOW64\PnkBstrA.exe[1592] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000750e1401 2 bytes JMP 76efeb26 C:\Windows\syswow64\kernel32.dll

.text C:\Windows\SysWOW64\PnkBstrA.exe[1592] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000750e1419 2 bytes JMP 76f0b513 C:\Windows\syswow64\kernel32.dll

.text C:\Windows\SysWOW64\PnkBstrA.exe[1592] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000750e1431 2 bytes JMP 76f88609 C:\Windows\syswow64\kernel32.dll

.text C:\Windows\SysWOW64\PnkBstrA.exe[1592] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000750e144a 2 bytes CALL 76ee1dfa C:\Windows\syswow64\kernel32.dll

.text ... * 9

.text C:\Windows\SysWOW64\PnkBstrA.exe[1592] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000750e14dd 2 bytes JMP 76f87efe C:\Windows\syswow64\kernel32.dll

.text C:\Windows\SysWOW64\PnkBstrA.exe[1592] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000750e14f5 2 bytes JMP 76f880d8 C:\Windows\syswow64\kernel32.dll

.text C:\Windows\SysWOW64\PnkBstrA.exe[1592] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000750e150d 2 bytes JMP 76f87df4 C:\Windows\syswow64\kernel32.dll

.text C:\Windows\SysWOW64\PnkBstrA.exe[1592] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000750e1525 2 bytes JMP 76f881c2 C:\Windows\syswow64\kernel32.dll

.text C:\Windows\SysWOW64\PnkBstrA.exe[1592] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000750e153d 2 bytes JMP 76eff088 C:\Windows\syswow64\kernel32.dll

.text C:\Windows\SysWOW64\PnkBstrA.exe[1592] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000750e1555 2 bytes JMP 76f0b885 C:\Windows\syswow64\kernel32.dll

.text C:\Windows\SysWOW64\PnkBstrA.exe[1592] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000750e156d 2 bytes JMP 76f886c1 C:\Windows\syswow64\kernel32.dll

.text C:\Windows\SysWOW64\PnkBstrA.exe[1592] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000750e1585 2 bytes JMP 76f88222 C:\Windows\syswow64\kernel32.dll

.text C:\Windows\SysWOW64\PnkBstrA.exe[1592] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000750e159d 2 bytes JMP 76f87db8 C:\Windows\syswow64\kernel32.dll

.text C:\Windows\SysWOW64\PnkBstrA.exe[1592] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000750e15b5 2 bytes JMP 76eff121 C:\Windows\syswow64\kernel32.dll

.text C:\Windows\SysWOW64\PnkBstrA.exe[1592] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000750e15cd 2 bytes JMP 76f0b29f C:\Windows\syswow64\kernel32.dll

.text C:\Windows\SysWOW64\PnkBstrA.exe[1592] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000750e16b2 2 bytes JMP 76f88584 C:\Windows\syswow64\kernel32.dll

.text C:\Windows\SysWOW64\PnkBstrA.exe[1592] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000750e16bd 2 bytes JMP 76f87d4d C:\Windows\syswow64\kernel32.dll

.text C:\Windows\system32\svchost.exe[2084] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770df1bd 1 byte [62]

.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2724] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770df1bd 1 byte [62]

.text C:\Windows\system32\SearchIndexer.exe[2852] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770df1bd 1 byte [62]

.text C:\Program Files\Windows Sidebar\sidebar.exe[2976] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770df1bd 1 byte [62]

.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[1176] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076f0b0c5 1 byte [62]

.text C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe[2752] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076f0b0c5 1 byte [62]

.text C:\Windows\system32\svchost.exe[3508] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770df1bd 1 byte [62]

.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3748] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770df1bd 1 byte [62]

.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[3540] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076f0b0c5 1 byte [62]

.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[3592] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076f0b0c5 1 byte [62]

.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[4660] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076f0b0c5 1 byte [62]

.text C:\Windows\system32\sppsvc.exe[3956] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770df1bd 1 byte [62]

.text C:\Windows\system32\AUDIODG.EXE[1984] C:\Windows\System32\kernel32.dll!GetBinaryTypeW + 189 00000000770df1bd 1 byte [62]

.text C:\Windows\system32\NOTEPAD.EXE[4996] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770df1bd 1 byte [62]

.text C:\Users\Cliente\Desktop\Nova pasta\gmer.exe[2196] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076f0b0c5 1 byte [62]

---- Kernel code sections - GMER 2.1 ----

INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification

---- Threads - GMER 2.1 ----

Thread C:\Windows\system32\Dwm.exe [1496:1712] 000007fefa6cb0e4

Thread C:\Windows\system32\Dwm.exe [1496:1716] 000007fefa21abf0

Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3748:3664] 000007fefb7a2a74

Thread C:\Windows\system32\WUDFHost.exe [3488:3744] 000007fef18324a0

Thread C:\Windows\System32\svchost.exe [1572:3604] 000007fee9f19688

---- Services - GMER 2.1 ----

Service C:\Windows\system32\drivers\aswFsBlk.sys (*** hidden *** ) [AUTO] aswFsBlk <-- ROOTKIT !!!

Service C:\Windows\system32\drivers\aswMonFlt.sys (*** hidden *** ) [AUTO] aswMonFlt <-- ROOTKIT !!!

Service C:\Windows\System32\Drivers\aswrdr2.sys (*** hidden *** ) [sYSTEM] aswRdr <-- ROOTKIT !!!

Service C:\Windows\system32\drivers\aswRvrt.sys (*** hidden *** ) [bOOT] aswRvrt <-- ROOTKIT !!!

Service C:\Windows\system32\drivers\aswSnx.sys (*** hidden *** ) [sYSTEM] aswSnx <-- ROOTKIT !!!

Service C:\Windows\system32\drivers\aswSP.sys (*** hidden *** ) [sYSTEM] aswSP <-- ROOTKIT !!!

Service C:\Windows\system32\drivers\aswTdi.sys (*** hidden *** ) [sYSTEM] aswTdi <-- ROOTKIT !!!

Service C:\Windows\system32\drivers\aswVmm.sys (*** hidden *** ) [bOOT] aswVmm <-- ROOTKIT !!!

Service C:\Program Files\AVAST Software\Avast\AvastSvc.exe (*** hidden *** ) [AUTO] avast! Antivirus <-- ROOTKIT !!!

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Type 2

Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Start 2

Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ErrorControl 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DisplayName aswFsBlk

Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Group FSFilter Activity Monitor

Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DependOnService FltMgr?

Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk)

Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Tag 2

Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances

Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance

Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance

Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400

Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0

Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk

Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Type 2

Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Start 2

Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ErrorControl 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys

Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DisplayName aswMonFlt

Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Group FSFilter Anti-Virus

Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DependOnService FltMgr?

Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt)

Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances

Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance

Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance

Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700

Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0

Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Type 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Start 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ErrorControl 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DisplayName aswRdr

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Group PNP_TDI

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DependOnService tcpip?

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Description avast! WFP Redirect driver

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@MSIgnoreLSPDefault

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Type 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Start 0

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@ErrorControl 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@DisplayName aswRvrt

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Description avast! Revert

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@BootCounter 29

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@TickCounter 701717

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition2\Windows

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@ImproperShutdown 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Type 2

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Start 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ErrorControl 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DisplayName aswSnx

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Group FSFilter Virtualization

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DependOnService FltMgr?

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Description avast! virtualization driver (aswSnx)

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Tag 2

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances@DefaultInstance aswSnx Instance

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Altitude 137600

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Flags 0

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Type 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Start 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@ErrorControl 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@DisplayName aswSP

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Description avast! Self Protection

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@BehavShield 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP

Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Type 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Start 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ErrorControl 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DisplayName avast! Network Shield Support

Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Group PNP_TDI

Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DependOnService tcpip?

Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Description avast! Network Shield TDI driver

Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Tag 9

Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi

Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Type 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Start 0

Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@ErrorControl 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@DisplayName aswVmm

Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Description avast! VM Monitor

Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm\Parameters

Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm

Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Type 32

Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Start 2

Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ErrorControl 1

Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"

Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DisplayName avast! Antivirus

Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Group ShellSvcGroup

Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS?

Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@WOW64 1

Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ObjectName LocalSystem

Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ServiceSidType 1

Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Description Gerencia e executa os servi?os do antiv?rus avast! neste computador. Isto inclui os M?dulos residentes, a Quarentena e o Agendador.

Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus

Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Type 2

Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Start 2

Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ErrorControl 1

Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DisplayName aswFsBlk

Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Group FSFilter Activity Monitor

Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DependOnService FltMgr?

Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk)

Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Tag 2

Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance

Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400

Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0

Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Type 2

Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Start 2

Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ErrorControl 1

Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys

Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DisplayName aswMonFlt

Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Group FSFilter Anti-Virus

Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DependOnService FltMgr?

Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt)

Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance

Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700

Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0

Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys

Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Type 1

Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Start 1

Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ErrorControl 1

Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DisplayName aswRdr

Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Group PNP_TDI

Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DependOnService tcpip?

Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Description avast! WFP Redirect driver

Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@MSIgnoreLSPDefault

Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll

Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Type 1

Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Start 0

Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@ErrorControl 1

Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@DisplayName aswRvrt

Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Description avast! Revert

Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@BootCounter 29

Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@TickCounter 701717

Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition2\Windows

Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@ImproperShutdown 1

Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Type 2

Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Start 1

Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@ErrorControl 1

Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DisplayName aswSnx

Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Group FSFilter Virtualization

Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DependOnService FltMgr?

Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Description avast! virtualization driver (aswSnx)

Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Tag 2

Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances@DefaultInstance aswSnx Instance

Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Altitude 137600

Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Flags 0

Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast

Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast

Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Type 1

Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Start 1

Reg HKLM\SYSTEM\ControlSet002\services\aswSP@ErrorControl 1

Reg HKLM\SYSTEM\ControlSet002\services\aswSP@DisplayName aswSP

Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Description avast! Self Protection

Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@BehavShield 1

Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast

Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast

Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files

Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget

Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Type 1

Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Start 1

Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@ErrorControl 1

Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DisplayName avast! Network Shield Support

Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Group PNP_TDI

Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DependOnService tcpip?

Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Description avast! Network Shield TDI driver

Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Tag 9

Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Type 1

Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Start 0

Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@ErrorControl 1

Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@DisplayName aswVmm

Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Description avast! VM Monitor

Reg HKLM\SYSTEM\ControlSet002\services\aswVmm\Parameters (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Type 32

Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Start 2

Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ErrorControl 1

Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"

Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DisplayName avast! Antivirus

Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Group ShellSvcGroup

Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS?

Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@WOW64 1

Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ObjectName LocalSystem

Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ServiceSidType 1

Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Description Gerencia e executa os servi?os do antiv?rus avast! neste computador. Isto inclui os M?dulos residentes, a Quarentena e o Agendador.

---- EOF - GMER 2.1 ----

ATTACH:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 24/08/2013 01:31:21

System Uptime: 04/09/2013 19:37:33 (5 hours ago)

.

Motherboard: MSI | | Z77A-G43 (MS-7758)

Processor: Intel® Core i5-3470 CPU @ 3.20GHz | SOCKET 0 | 1568/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 49 GiB total, 26,502 GiB free.

D: is FIXED (NTFS) - 417 GiB total, 284,364 GiB free.

E: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description: Controlador USB (Universal Serial Bus)

Device ID: PCI\VEN_8086&DEV_1E31&SUBSYS_77581462&REV_04\3&11583659&0&A0

Manufacturer:

Name: Controlador USB (Universal Serial Bus)

PNP Device ID: PCI\VEN_8086&DEV_1E31&SUBSYS_77581462&REV_04\3&11583659&0&A0

Service:

.

Class GUID:

Description: Controlador de comunicação PCI simples

Device ID: PCI\VEN_8086&DEV_1E3A&SUBSYS_77581462&REV_04\3&11583659&0&B0

Manufacturer:

Name: Controlador de comunicação PCI simples

PNP Device ID: PCI\VEN_8086&DEV_1E3A&SUBSYS_77581462&REV_04\3&11583659&0&B0

Service:

.

==== System Restore Points ===================

.

RP13: 04/09/2013 20:36:33 - Ponto de Verificação Agendado

.

==== Installed Programs ======================

.

64 Bit HP CIO Components Installer

Adobe Flash Player 11 Plugin

AMD Accelerated Video Transcoding

AMD Catalyst Install Manager

AMD Drag and Drop Transcoding

AMD Media Foundation Decoders

µTorrent

avast! Free Antivirus

Battlefield 3™

Battlelog Web Plugins

BufferChm

C4400

Catalyst Control Center

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

CCleaner

Copy

Destinations

DeviceDiscovery

DocProc

ESN Sonar

GBBD Banco do Brasil

Google Chrome

Google Update Helper

GPBaseService2

HP Customer Participation Program 13.0

HP Imaging Device Functions 13.0

HP Photosmart C4400 All-In-One Driver Software 13.0 Rel. 3

HP Photosmart Essential 3.5

HP Smart Web Printing 4.51

HP Solution Center 13.0

HP Update

HPPhotoGadget

HPPhotoSmartDiscLabelContent1

HPPhotosmartEssential

HPProductAssistant

HPSSupply

Malwarebytes Anti-Malware versão 1.75.0.1300

MarketResearch

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Office Access MUI (Portuguese (Brazil)) 2010

Microsoft Office Excel MUI (Portuguese (Brazil)) 2010

Microsoft Office Groove MUI (Portuguese (Brazil)) 2010

Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (Portuguese (Brazil)) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (Portuguese (Brazil)) 2010

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010

Microsoft Office Shared 64-bit MUI (Portuguese (Brazil)) 2010

Microsoft Office Shared MUI (Portuguese (Brazil)) 2010

Microsoft Office Word MUI (Portuguese (Brazil)) 2010

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Mozilla Firefox 23.0.1 (x86 pt-BR)

Mozilla Maintenance Service

OCR Software by I.R.I.S. 13.0

Origin

PS_AIO_03_C4400_Software_Min

PunkBuster Services

RaidCall

Realtek Ethernet Controller Driver

Realtek High Definition Audio Driver

Scan

Shop for HP Supplies

Skype™ 6.7

SmartWebPrinting

SolutionCenter

Status

Steam

Toolbox

TrayApp

UnloadSupport

War Thunder

WebReg

.

==== End Of File ===========================

Editado por Gringo20

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá

Desculpe a demora :)

Se ainda precisa de ajuda refaça os logs, pois preciso dos mesmos com datas atualizadas: Leia Antes de Postar - Criando um novo Tópico

ATENÇÃO 1: Não precisa abrir um novo tópico, coloque os novos logs neste mesmo tópico, obrigado!

ATENÇÃO 2: Não edite seu tópico, use o botão responder, obrigado!

ATENÇÃO 3: Não coloque os logs entre TAGS, obrigado!

ATENÇÃO 4: Não anexe os logs, obrigado!

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites
Olá

Desculpe a demora :)

Se ainda precisa de ajuda refaça os logs, pois preciso dos mesmos com datas atualizadas.

Abraços :D

Opa :D

Que isso, não tem problema, vocês fazem um trabalho excepcional.

Vou postar os logs do DSS aqui e o Gmer no post de baixo.

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 10.25.2

Run by Cliente at 15:44:52 on 2013-09-09

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1046.18.4050.2392 [GMT -3:00]

.

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\PROGRA~2\GbPlugin\GbpSv.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\Dwm.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

D:\Victor\Programas\Malware\mbamscheduler.exe

D:\Victor\Programas\Malware\mbamservice.exe

C:\Windows\System32\svchost.exe -k HPZ12

D:\Victor\Programas\Malware\mbamgui.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

C:\Program Files (x86)\Java\jre7\bin\javaw.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\WUDFHost.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit = userinit.exe,

BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: GbIehObj Class: {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

uRun: [JAVA] "C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -jar "C:\Users\Cliente\a.gif"

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: &Enviar para o OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: E&xportar para o Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TCP: NameServer = 192.168.0.1

TCP: Interfaces\{EE8F6E3C-EBBD-45D6-AE92-3C2555025E99} : DHCPNameServer = 192.168.0.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

SEH: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1622.7\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Cliente\AppData\Roaming\Mozilla\Firefox\Profiles\61cgnupz.default\

FF - prefs.js: network.proxy.type - 2

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: C:\Users\Cliente\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll

FF - plugin: C:\Users\Cliente\AppData\Roaming\raidcall\plugins\nprcplugin.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

FF - ExtSQL: 2013-08-24 01:57; wrc@avast.com; C:\Program Files\AVAST Software\Avast\WebRep\FF

FF - ExtSQL: 2013-09-02 12:45; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF - ExtSQL: 2013-09-04 11:54; {87F8774F-B485-47E2-A755-A40A8A5E886C}; C:\Users\Cliente\AppData\Local\GAS Tecnologia\GBBD\bb\xpi

FF - ExtSQL: !HIDDEN! 2013-09-02 12:45; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

.

============= SERVICES / DRIVERS ===============

.

R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-8-24 65336]

R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-8-24 189936]

R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-8-24 1030952]

R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-8-24 378944]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-3-28 241152]

R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-8-24 33400]

R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-8-24 80816]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-8-24 46808]

R2 GbpSv;Gbp Service;C:\PROGRA~2\GbPlugin\GbpSv.exe [2013-9-4 409640]

R2 MBAMScheduler;MBAMScheduler;D:\Victor\Programas\Malware\mbamscheduler.exe [2013-8-23 418376]

R2 MBAMService;MBAMService;D:\Victor\Programas\Malware\mbamservice.exe [2013-8-23 701512]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-2-14 96768]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-8-23 25928]

R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2013-8-24 32344]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-8-24 805088]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-7-25 162672]

.

=============== Created Last 30 ================

.

2013-09-05 13:25:01 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-09-04 14:57:52 -------- d-----w- C:\ProgramData\boost_interprocess

2013-09-04 14:54:52 49536 ----a-w- C:\Windows\SysWow64\drivers\gbpkm.sys

2013-09-04 14:54:52 31088 ----a-w- C:\Windows\SysWow64\drivers\gbpndisrd.sys

2013-09-04 14:54:37 -------- d-----w- C:\ProgramData\GbPlugin

2013-09-04 14:54:37 -------- d-----w- C:\Program Files (x86)\GbPlugin

2013-09-04 14:54:24 720082 ----a-w- C:\Users\Cliente\AppData\Roaming\unins000.exe

2013-09-04 14:54:24 -------- d-----w- C:\Users\Cliente\AppData\Local\GAS Tecnologia

2013-09-04 14:54:24 -------- d-----w- C:\ProgramData\GAS Tecnologia

2013-09-03 14:03:01 -------- d-----w- C:\Users\Cliente\AppData\Local\Macromedia

2013-09-03 14:02:31 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-09-03 14:02:31 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-09-03 13:40:43 -------- d-----w- C:\Windows\System32\appmgmt

2013-09-02 22:12:34 -------- d-----w- C:\Program Files (x86)\Common Files\Steam

2013-09-02 15:48:04 -------- d-----w- C:\ProgramData\WEBREG

2013-09-02 15:47:46 -------- d-----w- C:\Users\Cliente\AppData\Local\HP

2013-09-02 15:43:58 -------- d-----w- C:\Program Files (x86)\Common Files\HP

2013-09-02 15:43:50 -------- d-----w- C:\Program Files (x86)\Common Files\Hewlett-Packard

2013-09-02 15:43:12 -------- d-----w- C:\Program Files (x86)\HP

2013-09-02 15:42:38 938496 ----a-w- C:\Windows\System32\hpowiax8.dll

2013-09-02 15:42:38 642360 ----a-w- C:\Windows\System32\hpzids40.dll

2013-09-02 15:42:38 551424 ----a-w- C:\Windows\System32\hppldcoi.dll

2013-09-02 15:42:38 505344 ----a-w- C:\Windows\System32\hpovst14.dll

2013-09-02 15:42:38 1406464 ----a-w- C:\Windows\System32\hpotiop6.dll

2013-08-31 22:29:05 -------- d-----w- C:\Users\Cliente\AppData\Local\ElevatedDiagnostics

2013-08-30 19:42:30 -------- d-----w- C:\Users\Cliente\AppData\Roaming\raidcall

2013-08-27 10:26:59 -------- d-----w- C:\Users\Cliente\AppData\Roaming\uTorrent

2013-08-26 19:22:31 -------- d-----r- C:\Program Files (x86)\Skype

2013-08-26 15:12:29 -------- d-----w- C:\Users\Cliente\.javafx

2013-08-26 15:12:26 -------- d-----w- C:\Users\Cliente\Sun

2013-08-26 15:11:54 -------- d-----w- C:\Users\Cliente\.lector

2013-08-26 15:11:54 -------- d-----w- C:\Lector

2013-08-24 20:00:25 290184 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2013-08-24 20:00:22 -------- d-----w- C:\Users\Cliente\AppData\Local\PunkBuster

2013-08-24 19:59:09 -------- d-----w- C:\Program Files (x86)\Origin Games

2013-08-24 19:57:09 -------- d-----w- C:\Program Files (x86)\Origin

2013-08-24 19:48:37 -------- d--h--w- C:\Program Files (x86)\Common Files\EAInstaller

2013-08-24 19:48:06 290184 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2013-08-24 19:48:06 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2013-08-24 19:48:02 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe

2013-08-24 07:03:27 230400 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpzppw71.dll

2013-08-24 07:02:26 -------- d-----w- C:\Users\Cliente\AppData\Local\ATI

2013-08-24 06:17:46 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll

2013-08-24 06:17:46 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll

2013-08-24 06:17:46 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll

2013-08-24 06:17:46 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe

2013-08-24 06:17:46 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll

2013-08-24 06:17:45 48960 ----a-w- C:\Windows\System32\netfxperf.dll

2013-08-24 06:17:45 444752 ----a-w- C:\Windows\System32\mscoree.dll

2013-08-24 06:17:45 320352 ----a-w- C:\Windows\System32\PresentationHost.exe

2013-08-24 06:17:45 1942856 ----a-w- C:\Windows\System32\dfshim.dll

2013-08-24 06:17:45 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll

2013-08-24 05:50:04 0 ----a-w- C:\Windows\ativpsrm.bin

2013-08-24 05:44:18 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services

2013-08-24 05:44:05 -------- d-----w- C:\Windows\PCHEALTH

2013-08-24 05:44:05 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition

2013-08-24 05:43:08 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8

2013-08-24 05:42:36 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services

2013-08-24 05:42:15 -------- d-----w- C:\Users\Cliente\AppData\Local\Microsoft Help

2013-08-24 04:58:26 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service

2013-08-24 04:58:22 72016 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys

2013-08-24 04:58:21 1030952 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2013-08-24 04:58:20 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys

2013-08-24 04:58:20 189936 ----a-w- C:\Windows\System32\drivers\aswVmm.sys

2013-08-24 04:58:14 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2013-08-24 04:57:30 41664 ----a-w- C:\Windows\avastSS.scr

2013-08-24 04:57:21 -------- d-----w- C:\Program Files\AVAST Software

2013-08-24 04:57:04 -------- d-----w- C:\ProgramData\AVAST Software

2013-08-24 04:49:33 -------- d-----w- C:\ProgramData\AMD

2013-08-24 04:49:32 -------- d-----w- C:\Program Files (x86)\AMD AVT

2013-08-24 04:49:29 -------- d-----w- C:\Program Files\Common Files\ATI Technologies

2013-08-24 04:49:29 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies

2013-08-24 04:48:37 -------- d-----w- C:\Program Files (x86)\ATI Technologies

2013-08-24 04:48:34 -------- d-sh--w- C:\Windows\Installer

2013-08-24 04:48:26 -------- d-----w- C:\Program Files\ATI Technologies

2013-08-24 04:48:25 -------- d-----w- C:\Program Files\ATI

2013-08-24 04:47:51 -------- d-----w- C:\AMD

2013-08-24 04:45:05 -------- d-----w- C:\Windows\SysWow64\RTCOM

2013-08-24 04:45:05 -------- d-----w- C:\Program Files\Realtek

2013-08-24 04:43:50 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll

2013-08-24 04:43:48 -------- d-----w- C:\Intel

2013-08-24 04:43:13 -------- d-----w- C:\MSI

2013-08-24 04:16:33 -------- d-----w- C:\Windows\Panther

2013-08-24 03:58:16 -------- d-----w- C:\Users\Cliente\AppData\Local\Adobe

2013-08-23 22:13:17 -------- d-----w- C:\Program Files\CCleaner

2013-08-23 22:12:45 -------- d-----w- C:\Users\Cliente\AppData\Roaming\Malwarebytes

2013-08-23 22:12:40 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-08-23 22:12:40 -------- d-----w- C:\ProgramData\Malwarebytes

2013-08-23 21:55:47 -------- d-----w- C:\Users\Cliente\AppData\Local\Origin

2013-08-23 21:33:20 -------- d-----w- C:\Users\Cliente\AppData\Local\Programs

2013-08-23 20:41:05 -------- d-----w- C:\ProgramData\Steam

2013-08-23 20:40:08 706560 ----a-w- C:\Windows\SysWow64\termsrv.dll.bak

2013-08-23 20:40:08 706560 ----a-w- C:\Windows\System32\termsrv.dll.bak

2013-08-23 20:37:35 -------- d-----w- C:\Users\Cliente\AppData\Local\ESN

2013-08-23 20:37:31 -------- d-----w- C:\Program Files (x86)\Battlelog Web Plugins

2013-08-23 20:35:20 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-08-23 20:35:19 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2013-08-23 20:29:06 9515512 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{26B6DD88-D8F3-4143-8347-4460AB14CDEA}\mpengine.dll

2013-08-23 20:29:05 278800 ------w- C:\Windows\System32\MpSigStub.exe

2013-08-23 20:22:25 -------- d-----w- C:\ProgramData\Origin

2013-08-23 20:21:37 -------- d-----w- C:\Users\Cliente\AppData\Local\Google

2013-08-23 20:20:16 -------- d-----w- C:\Users\Cliente\AppData\Roaming\Origin

2013-08-23 20:19:35 -------- d-----w- C:\ProgramData\Electronic Arts

2013-08-23 20:19:35 -------- d-----w- C:\ProgramData\EA Core

2013-08-23 20:19:34 -------- d-----w- C:\ProgramData\EA Logs

2013-08-23 20:17:20 -------- d-----w- C:\Users\Cliente\AppData\Local\Mozilla

.

==================== Find3M ====================

.

.

============= FINISH: 15:45:16,77 ===============

Compartilhar este post


Link para o post
Compartilhar em outros sites

GMER 2.1.19163 - http://www.gmer.net

Rootkit scan 2013-09-09 15:54:55

Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HD502HI rev.1AG01118 465,76GB

Running: gmer.exe; Driver: C:\Users\Cliente\AppData\Local\Temp\agdiafow.sys

---- Kernel code sections - GMER 2.1 ----

INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification

---- User code sections - GMER 2.1 ----

.text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

.text C:\Windows\system32\wininit.exe[580] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

.text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

.text C:\Windows\system32\services.exe[648] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

.text C:\Windows\system32\lsass.exe[664] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

.text C:\Windows\system32\lsm.exe[676] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

.text C:\Windows\system32\winlogon.exe[700] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

.text C:\Windows\system32\svchost.exe[808] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[880] C:\Windows\syswow64\kernel32.dll!FreeLibrary 0000000074f61de2 5 bytes JMP 000000013b0ae02d

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[880] C:\Windows\syswow64\kernel32.dll!FreeLibraryAndExitThread 0000000074f7c82d 5 bytes JMP 000000013b0adfa5

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[880] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074f8b0c5 1 byte [62]

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[880] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000076f91401 2 bytes JMP 74f7eb26 C:\Windows\syswow64\kernel32.dll

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[880] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000076f91419 2 bytes JMP 74f8b513 C:\Windows\syswow64\kernel32.dll

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[880] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000076f91431 2 bytes JMP 75008609 C:\Windows\syswow64\kernel32.dll

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[880] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 0000000076f9144a 2 bytes CALL 74f61dfa C:\Windows\syswow64\kernel32.dll

.text ... * 9

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[880] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 0000000076f914dd 2 bytes JMP 75007efe C:\Windows\syswow64\kernel32.dll

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[880] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 0000000076f914f5 2 bytes JMP 750080d8 C:\Windows\syswow64\kernel32.dll

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[880] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 0000000076f9150d 2 bytes JMP 75007df4 C:\Windows\syswow64\kernel32.dll

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[880] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000076f91525 2 bytes JMP 750081c2 C:\Windows\syswow64\kernel32.dll

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[880] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 0000000076f9153d 2 bytes JMP 74f7f088 C:\Windows\syswow64\kernel32.dll

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[880] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000076f91555 2 bytes JMP 74f8b885 C:\Windows\syswow64\kernel32.dll

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[880] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 0000000076f9156d 2 bytes JMP 750086c1 C:\Windows\syswow64\kernel32.dll

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[880] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000076f91585 2 bytes JMP 75008222 C:\Windows\syswow64\kernel32.dll

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[880] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 0000000076f9159d 2 bytes JMP 75007db8 C:\Windows\syswow64\kernel32.dll

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[880] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 0000000076f915b5 2 bytes JMP 74f7f121 C:\Windows\syswow64\kernel32.dll

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[880] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 0000000076f915cd 2 bytes JMP 74f8b29f C:\Windows\syswow64\kernel32.dll

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[880] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 0000000076f916b2 2 bytes JMP 75008584 C:\Windows\syswow64\kernel32.dll

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[880] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 0000000076f916bd 2 bytes JMP 75007d4d C:\Windows\syswow64\kernel32.dll

.text C:\Windows\system32\svchost.exe[928] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

.text C:\Windows\system32\atiesrxx.exe[992] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

.text C:\Windows\System32\svchost.exe[308] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

.text C:\Windows\System32\svchost.exe[520] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

.text C:\Windows\system32\svchost.exe[592] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

.text C:\Windows\system32\svchost.exe[1120] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

.text C:\Windows\system32\svchost.exe[1236] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

.text C:\Windows\system32\atieclxx.exe[1284] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

.text C:\Windows\Explorer.EXE[1540] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

.text C:\Windows\system32\Dwm.exe[1556] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

.text C:\Windows\System32\spoolsv.exe[1792] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

.text C:\Windows\system32\taskhost.exe[1800] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

.text C:\Windows\system32\svchost.exe[1852] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

.text C:\Windows\SysWOW64\svchost.exe[1712] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074f8b0c5 1 byte [62]

.text D:\Victor\Programas\Malware\mbamscheduler.exe[1528] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074f8b0c5 1 byte [62]

.text C:\Windows\System32\svchost.exe[1224] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

.text D:\Victor\Programas\Malware\mbamgui.exe[2100] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074f8b0c5 1 byte [62]

.text C:\Windows\System32\svchost.exe[2168] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

.text C:\Windows\SysWOW64\PnkBstrA.exe[2188] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074f8b0c5 1 byte [62]

.text C:\Windows\SysWOW64\PnkBstrA.exe[2188] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 0000000074a117fa 2 bytes CALL 74f61199 C:\Windows\syswow64\kernel32.dll

.text C:\Windows\SysWOW64\PnkBstrA.exe[2188] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 0000000074a11860 2 bytes CALL 74f61199 C:\Windows\syswow64\kernel32.dll

.text C:\Windows\SysWOW64\PnkBstrA.exe[2188] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 0000000074a11942 2 bytes JMP 76a6c29f C:\Windows\syswow64\WS2_32.dll

.text C:\Windows\SysWOW64\PnkBstrA.exe[2188] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 0000000074a1194d 2 bytes JMP 76a6418d C:\Windows\syswow64\WS2_32.dll

.text C:\Windows\SysWOW64\PnkBstrA.exe[2188] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076f91401 2 bytes JMP 74f7eb26 C:\Windows\syswow64\kernel32.dll

.text C:\Windows\SysWOW64\PnkBstrA.exe[2188] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076f91419 2 bytes JMP 74f8b513 C:\Windows\syswow64\kernel32.dll

.text C:\Windows\SysWOW64\PnkBstrA.exe[2188] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076f91431 2 bytes JMP 75008609 C:\Windows\syswow64\kernel32.dll

.text C:\Windows\SysWOW64\PnkBstrA.exe[2188] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076f9144a 2 bytes CALL 74f61dfa C:\Windows\syswow64\kernel32.dll

.text ... * 9

.text C:\Windows\SysWOW64\PnkBstrA.exe[2188] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076f914dd 2 bytes JMP 75007efe C:\Windows\syswow64\kernel32.dll

.text C:\Windows\SysWOW64\PnkBstrA.exe[2188] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076f914f5 2 bytes JMP 750080d8 C:\Windows\syswow64\kernel32.dll

.text C:\Windows\SysWOW64\PnkBstrA.exe[2188] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076f9150d 2 bytes JMP 75007df4 C:\Windows\syswow64\kernel32.dll

.text C:\Windows\SysWOW64\PnkBstrA.exe[2188] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076f91525 2 bytes JMP 750081c2 C:\Windows\syswow64\kernel32.dll

.text C:\Windows\SysWOW64\PnkBstrA.exe[2188] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076f9153d 2 bytes JMP 74f7f088 C:\Windows\syswow64\kernel32.dll

.text C:\Windows\SysWOW64\PnkBstrA.exe[2188] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076f91555 2 bytes JMP 74f8b885 C:\Windows\syswow64\kernel32.dll

.text C:\Windows\SysWOW64\PnkBstrA.exe[2188] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076f9156d 2 bytes JMP 750086c1 C:\Windows\syswow64\kernel32.dll

.text C:\Windows\SysWOW64\PnkBstrA.exe[2188] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076f91585 2 bytes JMP 75008222 C:\Windows\syswow64\kernel32.dll

.text C:\Windows\SysWOW64\PnkBstrA.exe[2188] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076f9159d 2 bytes JMP 75007db8 C:\Windows\syswow64\kernel32.dll

.text C:\Windows\SysWOW64\PnkBstrA.exe[2188] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076f915b5 2 bytes JMP 74f7f121 C:\Windows\syswow64\kernel32.dll

.text C:\Windows\SysWOW64\PnkBstrA.exe[2188] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076f915cd 2 bytes JMP 74f8b29f C:\Windows\syswow64\kernel32.dll

.text C:\Windows\SysWOW64\PnkBstrA.exe[2188] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076f916b2 2 bytes JMP 75008584 C:\Windows\syswow64\kernel32.dll

.text C:\Windows\SysWOW64\PnkBstrA.exe[2188] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076f916bd 2 bytes JMP 75007d4d C:\Windows\syswow64\kernel32.dll

.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2392] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

.text C:\Program Files (x86)\Java\jre7\bin\javaw.exe[2564] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074f8b0c5 1 byte [62]

.text C:\Program Files\Windows Sidebar\sidebar.exe[2572] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2772] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074f8b0c5 1 byte [62]

.text C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe[2788] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074f8b0c5 1 byte [62]

.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2832] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074f8b0c5 1 byte [62]

.text C:\Windows\system32\svchost.exe[2968] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

.text C:\Windows\system32\SearchIndexer.exe[3076] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

.text C:\Windows\system32\svchost.exe[3212] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

.text C:\Windows\system32\WUDFHost.exe[3288] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4380] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4756] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074f8b0c5 1 byte [62]

.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[4800] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074f8b0c5 1 byte [62]

.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[4984] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074f8b0c5 1 byte [62]

.text C:\Windows\system32\sppsvc.exe[3680] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

.text C:\Windows\System32\svchost.exe[1364] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[920] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

.text C:\Windows\system32\AUDIODG.EXE[3364] C:\Windows\System32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

.text C:\Windows\system32\NOTEPAD.EXE[1356] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

.text C:\Users\Cliente\Desktop\Nova pasta\gmer.exe[4588] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074f8b0c5 1 byte [62]

---- Kernel code sections - GMER 2.1 ----

INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification

---- Services - GMER 2.1 ----

Service C:\Windows\system32\drivers\aswFsBlk.sys (*** hidden *** ) [AUTO] aswFsBlk <-- ROOTKIT !!!

Service C:\Windows\system32\drivers\aswMonFlt.sys (*** hidden *** ) [AUTO] aswMonFlt <-- ROOTKIT !!!

Service C:\Windows\System32\Drivers\aswrdr2.sys (*** hidden *** ) [sYSTEM] aswRdr <-- ROOTKIT !!!

Service C:\Windows\system32\drivers\aswRvrt.sys (*** hidden *** ) [bOOT] aswRvrt <-- ROOTKIT !!!

Service C:\Windows\system32\drivers\aswSnx.sys (*** hidden *** ) [sYSTEM] aswSnx <-- ROOTKIT !!!

Service C:\Windows\system32\drivers\aswSP.sys (*** hidden *** ) [sYSTEM] aswSP <-- ROOTKIT !!!

Service C:\Windows\system32\drivers\aswTdi.sys (*** hidden *** ) [sYSTEM] aswTdi <-- ROOTKIT !!!

Service C:\Windows\system32\drivers\aswVmm.sys (*** hidden *** ) [bOOT] aswVmm <-- ROOTKIT !!!

Service C:\Program Files\AVAST Software\Avast\AvastSvc.exe (*** hidden *** ) [AUTO] avast! Antivirus <-- ROOTKIT !!!

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Type 2

Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Start 2

Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ErrorControl 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DisplayName aswFsBlk

Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Group FSFilter Activity Monitor

Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DependOnService FltMgr?

Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk)

Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Tag 2

Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances

Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance

Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance

Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400

Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0

Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk

Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Type 2

Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Start 2

Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ErrorControl 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys

Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DisplayName aswMonFlt

Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Group FSFilter Anti-Virus

Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DependOnService FltMgr?

Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt)

Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances

Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance

Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance

Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700

Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0

Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Type 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Start 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ErrorControl 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DisplayName aswRdr

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Group PNP_TDI

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DependOnService tcpip?

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Description avast! WFP Redirect driver

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@MSIgnoreLSPDefault

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Type 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Start 0

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@ErrorControl 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@DisplayName aswRvrt

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Description avast! Revert

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@BootCounter 35

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@TickCounter 932471

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition2\Windows

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@ImproperShutdown 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Type 2

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Start 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ErrorControl 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DisplayName aswSnx

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Group FSFilter Virtualization

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DependOnService FltMgr?

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Description avast! virtualization driver (aswSnx)

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Tag 2

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances@DefaultInstance aswSnx Instance

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Altitude 137600

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Flags 0

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Type 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Start 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@ErrorControl 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@DisplayName aswSP

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Description avast! Self Protection

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@BehavShield 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP

Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Type 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Start 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ErrorControl 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DisplayName avast! Network Shield Support

Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Group PNP_TDI

Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DependOnService tcpip?

Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Description avast! Network Shield TDI driver

Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Tag 9

Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi

Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Type 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Start 0

Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@ErrorControl 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@DisplayName aswVmm

Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Description avast! VM Monitor

Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm\Parameters

Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm

Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Type 32

Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Start 2

Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ErrorControl 1

Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"

Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DisplayName avast! Antivirus

Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Group ShellSvcGroup

Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS?

Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@WOW64 1

Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ObjectName LocalSystem

Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ServiceSidType 1

Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Description Gerencia e executa os servi?os do antiv?rus avast! neste computador. Isto inclui os M?dulos residentes, a Quarentena e o Agendador.

Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus

Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Type 2

Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Start 2

Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ErrorControl 1

Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DisplayName aswFsBlk

Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Group FSFilter Activity Monitor

Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DependOnService FltMgr?

Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk)

Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Tag 2

Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance

Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400

Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0

Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Type 2

Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Start 2

Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ErrorControl 1

Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys

Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DisplayName aswMonFlt

Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Group FSFilter Anti-Virus

Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DependOnService FltMgr?

Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt)

Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance

Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700

Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0

Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys

Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Type 1

Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Start 1

Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ErrorControl 1

Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DisplayName aswRdr

Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Group PNP_TDI

Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DependOnService tcpip?

Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Description avast! WFP Redirect driver

Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@MSIgnoreLSPDefault

Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll

Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Type 1

Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Start 0

Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@ErrorControl 1

Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@DisplayName aswRvrt

Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Description avast! Revert

Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@BootCounter 35

Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@TickCounter 932471

Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition2\Windows

Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@ImproperShutdown 1

Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Type 2

Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Start 1

Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@ErrorControl 1

Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DisplayName aswSnx

Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Group FSFilter Virtualization

Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DependOnService FltMgr?

Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Description avast! virtualization driver (aswSnx)

Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Tag 2

Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances@DefaultInstance aswSnx Instance

Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Altitude 137600

Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Flags 0

Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast

Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast

Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Type 1

Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Start 1

Reg HKLM\SYSTEM\ControlSet002\services\aswSP@ErrorControl 1

Reg HKLM\SYSTEM\ControlSet002\services\aswSP@DisplayName aswSP

Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Description avast! Self Protection

Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@BehavShield 1

Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast

Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast

Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files

Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget

Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Type 1

Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Start 1

Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@ErrorControl 1

Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DisplayName avast! Network Shield Support

Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Group PNP_TDI

Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DependOnService tcpip?

Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Description avast! Network Shield TDI driver

Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Tag 9

Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Type 1

Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Start 0

Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@ErrorControl 1

Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@DisplayName aswVmm

Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Description avast! VM Monitor

Reg HKLM\SYSTEM\ControlSet002\services\aswVmm\Parameters (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Type 32

Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Start 2

Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ErrorControl 1

Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"

Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DisplayName avast! Antivirus

Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Group ShellSvcGroup

Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS?

Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@WOW64 1

Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ObjectName LocalSystem

Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ServiceSidType 1

Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Description Gerencia e executa os servi?os do antiv?rus avast! neste computador. Isto inclui os M?dulos residentes, a Quarentena e o Agendador.

---- EOF - GMER 2.1 ----

Compartilhar este post


Link para o post
Compartilhar em outros sites

GMER 2.1.19163 - http://www.gmer.net

Rootkit scan 2013-09-09 15:54:55

Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HD502HI rev.1AG01118 465,76GB

Running: gmer.exe; Driver: C:\Users\Cliente\AppData\Local\Temp\agdiafow.sys

---- Kernel code sections - GMER 2.1 ----

INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification

---- User code sections - GMER 2.1 ----

.text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

.text C:\Windows\system32\wininit.exe[580] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

.text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

.text C:\Windows\system32\services.exe[648] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

.text C:\Windows\system32\lsass.exe[664] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

.text C:\Windows\system32\lsm.exe[676] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

.text C:\Windows\system32\winlogon.exe[700] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

.text C:\Windows\system32\svchost.exe[808] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[880] C:\Windows\syswow64\kernel32.dll!FreeLibrary 0000000074f61de2 5 bytes JMP 000000013b0ae02d

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[880] C:\Windows\syswow64\kernel32.dll!FreeLibraryAndExitThread 0000000074f7c82d 5 bytes JMP 000000013b0adfa5

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[880] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074f8b0c5 1 byte [62]

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[880] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000076f91401 2 bytes JMP 74f7eb26 C:\Windows\syswow64\kernel32.dll

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[880] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000076f91419 2 bytes JMP 74f8b513 C:\Windows\syswow64\kernel32.dll

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[880] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000076f91431 2 bytes JMP 75008609 C:\Windows\syswow64\kernel32.dll

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[880] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 0000000076f9144a 2 bytes CALL 74f61dfa C:\Windows\syswow64\kernel32.dll

.text ... * 9

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[880] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 0000000076f914dd 2 bytes JMP 75007efe C:\Windows\syswow64\kernel32.dll

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[880] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 0000000076f914f5 2 bytes JMP 750080d8 C:\Windows\syswow64\kernel32.dll

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[880] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 0000000076f9150d 2 bytes JMP 75007df4 C:\Windows\syswow64\kernel32.dll

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[880] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000076f91525 2 bytes JMP 750081c2 C:\Windows\syswow64\kernel32.dll

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[880] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 0000000076f9153d 2 bytes JMP 74f7f088 C:\Windows\syswow64\kernel32.dll

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[880] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000076f91555 2 bytes JMP 74f8b885 C:\Windows\syswow64\kernel32.dll

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[880] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 0000000076f9156d 2 bytes JMP 750086c1 C:\Windows\syswow64\kernel32.dll

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[880] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000076f91585 2 bytes JMP 75008222 C:\Windows\syswow64\kernel32.dll

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[880] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 0000000076f9159d 2 bytes JMP 75007db8 C:\Windows\syswow64\kernel32.dll

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[880] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 0000000076f915b5 2 bytes JMP 74f7f121 C:\Windows\syswow64\kernel32.dll

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[880] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 0000000076f915cd 2 bytes JMP 74f8b29f C:\Windows\syswow64\kernel32.dll

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[880] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 0000000076f916b2 2 bytes JMP 75008584 C:\Windows\syswow64\kernel32.dll

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[880] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 0000000076f916bd 2 bytes JMP 75007d4d C:\Windows\syswow64\kernel32.dll

.text C:\Windows\system32\svchost.exe[928] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

.text C:\Windows\system32\atiesrxx.exe[992] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

.text C:\Windows\System32\svchost.exe[308] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

.text C:\Windows\System32\svchost.exe[520] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

.text C:\Windows\system32\svchost.exe[592] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

.text C:\Windows\system32\svchost.exe[1120] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

.text C:\Windows\system32\svchost.exe[1236] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

.text C:\Windows\system32\atieclxx.exe[1284] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

.text C:\Windows\Explorer.EXE[1540] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

.text C:\Windows\system32\Dwm.exe[1556] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

.text C:\Windows\System32\spoolsv.exe[1792] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

.text C:\Windows\system32\taskhost.exe[1800] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

.text C:\Windows\system32\svchost.exe[1852] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

.text C:\Windows\SysWOW64\svchost.exe[1712] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074f8b0c5 1 byte [62]

.text D:\Victor\Programas\Malware\mbamscheduler.exe[1528] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074f8b0c5 1 byte [62]

.text C:\Windows\System32\svchost.exe[1224] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

.text D:\Victor\Programas\Malware\mbamgui.exe[2100] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074f8b0c5 1 byte [62]

.text C:\Windows\System32\svchost.exe[2168] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

.text C:\Windows\SysWOW64\PnkBstrA.exe[2188] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074f8b0c5 1 byte [62]

.text C:\Windows\SysWOW64\PnkBstrA.exe[2188] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 0000000074a117fa 2 bytes CALL 74f61199 C:\Windows\syswow64\kernel32.dll

.text C:\Windows\SysWOW64\PnkBstrA.exe[2188] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 0000000074a11860 2 bytes CALL 74f61199 C:\Windows\syswow64\kernel32.dll

.text C:\Windows\SysWOW64\PnkBstrA.exe[2188] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 0000000074a11942 2 bytes JMP 76a6c29f C:\Windows\syswow64\WS2_32.dll

.text C:\Windows\SysWOW64\PnkBstrA.exe[2188] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 0000000074a1194d 2 bytes JMP 76a6418d C:\Windows\syswow64\WS2_32.dll

.text C:\Windows\SysWOW64\PnkBstrA.exe[2188] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076f91401 2 bytes JMP 74f7eb26 C:\Windows\syswow64\kernel32.dll

.text C:\Windows\SysWOW64\PnkBstrA.exe[2188] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076f91419 2 bytes JMP 74f8b513 C:\Windows\syswow64\kernel32.dll

.text C:\Windows\SysWOW64\PnkBstrA.exe[2188] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076f91431 2 bytes JMP 75008609 C:\Windows\syswow64\kernel32.dll

.text C:\Windows\SysWOW64\PnkBstrA.exe[2188] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076f9144a 2 bytes CALL 74f61dfa C:\Windows\syswow64\kernel32.dll

.text ... * 9

.text C:\Windows\SysWOW64\PnkBstrA.exe[2188] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076f914dd 2 bytes JMP 75007efe C:\Windows\syswow64\kernel32.dll

.text C:\Windows\SysWOW64\PnkBstrA.exe[2188] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076f914f5 2 bytes JMP 750080d8 C:\Windows\syswow64\kernel32.dll

.text C:\Windows\SysWOW64\PnkBstrA.exe[2188] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076f9150d 2 bytes JMP 75007df4 C:\Windows\syswow64\kernel32.dll

.text C:\Windows\SysWOW64\PnkBstrA.exe[2188] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076f91525 2 bytes JMP 750081c2 C:\Windows\syswow64\kernel32.dll

.text C:\Windows\SysWOW64\PnkBstrA.exe[2188] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076f9153d 2 bytes JMP 74f7f088 C:\Windows\syswow64\kernel32.dll

.text C:\Windows\SysWOW64\PnkBstrA.exe[2188] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076f91555 2 bytes JMP 74f8b885 C:\Windows\syswow64\kernel32.dll

.text C:\Windows\SysWOW64\PnkBstrA.exe[2188] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076f9156d 2 bytes JMP 750086c1 C:\Windows\syswow64\kernel32.dll

.text C:\Windows\SysWOW64\PnkBstrA.exe[2188] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076f91585 2 bytes JMP 75008222 C:\Windows\syswow64\kernel32.dll

.text C:\Windows\SysWOW64\PnkBstrA.exe[2188] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076f9159d 2 bytes JMP 75007db8 C:\Windows\syswow64\kernel32.dll

.text C:\Windows\SysWOW64\PnkBstrA.exe[2188] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076f915b5 2 bytes JMP 74f7f121 C:\Windows\syswow64\kernel32.dll

.text C:\Windows\SysWOW64\PnkBstrA.exe[2188] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076f915cd 2 bytes JMP 74f8b29f C:\Windows\syswow64\kernel32.dll

.text C:\Windows\SysWOW64\PnkBstrA.exe[2188] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076f916b2 2 bytes JMP 75008584 C:\Windows\syswow64\kernel32.dll

.text C:\Windows\SysWOW64\PnkBstrA.exe[2188] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076f916bd 2 bytes JMP 75007d4d C:\Windows\syswow64\kernel32.dll

.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2392] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

.text C:\Program Files (x86)\Java\jre7\bin\javaw.exe[2564] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074f8b0c5 1 byte [62]

.text C:\Program Files\Windows Sidebar\sidebar.exe[2572] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2772] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074f8b0c5 1 byte [62]

.text C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe[2788] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074f8b0c5 1 byte [62]

.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2832] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074f8b0c5 1 byte [62]

.text C:\Windows\system32\svchost.exe[2968] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

.text C:\Windows\system32\SearchIndexer.exe[3076] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

.text C:\Windows\system32\svchost.exe[3212] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

.text C:\Windows\system32\WUDFHost.exe[3288] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4380] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4756] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074f8b0c5 1 byte [62]

.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[4800] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074f8b0c5 1 byte [62]

.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[4984] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074f8b0c5 1 byte [62]

.text C:\Windows\system32\sppsvc.exe[3680] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

.text C:\Windows\System32\svchost.exe[1364] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[920] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

.text C:\Windows\system32\AUDIODG.EXE[3364] C:\Windows\System32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

.text C:\Windows\system32\NOTEPAD.EXE[1356] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d1f1bd 1 byte [62]

.text C:\Users\Cliente\Desktop\Nova pasta\gmer.exe[4588] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074f8b0c5 1 byte [62]

---- Kernel code sections - GMER 2.1 ----

INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification

---- Services - GMER 2.1 ----

Service C:\Windows\system32\drivers\aswFsBlk.sys (*** hidden *** ) [AUTO] aswFsBlk <-- ROOTKIT !!!

Service C:\Windows\system32\drivers\aswMonFlt.sys (*** hidden *** ) [AUTO] aswMonFlt <-- ROOTKIT !!!

Service C:\Windows\System32\Drivers\aswrdr2.sys (*** hidden *** ) [sYSTEM] aswRdr <-- ROOTKIT !!!

Service C:\Windows\system32\drivers\aswRvrt.sys (*** hidden *** ) [bOOT] aswRvrt <-- ROOTKIT !!!

Service C:\Windows\system32\drivers\aswSnx.sys (*** hidden *** ) [sYSTEM] aswSnx <-- ROOTKIT !!!

Service C:\Windows\system32\drivers\aswSP.sys (*** hidden *** ) [sYSTEM] aswSP <-- ROOTKIT !!!

Service C:\Windows\system32\drivers\aswTdi.sys (*** hidden *** ) [sYSTEM] aswTdi <-- ROOTKIT !!!

Service C:\Windows\system32\drivers\aswVmm.sys (*** hidden *** ) [bOOT] aswVmm <-- ROOTKIT !!!

Service C:\Program Files\AVAST Software\Avast\AvastSvc.exe (*** hidden *** ) [AUTO] avast! Antivirus <-- ROOTKIT !!!

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Type 2

Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Start 2

Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ErrorControl 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DisplayName aswFsBlk

Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Group FSFilter Activity Monitor

Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DependOnService FltMgr?

Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk)

Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Tag 2

Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances

Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance

Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance

Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400

Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0

Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk

Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Type 2

Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Start 2

Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ErrorControl 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys

Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DisplayName aswMonFlt

Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Group FSFilter Anti-Virus

Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DependOnService FltMgr?

Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt)

Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances

Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance

Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance

Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700

Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0

Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Type 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Start 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ErrorControl 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DisplayName aswRdr

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Group PNP_TDI

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DependOnService tcpip?

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Description avast! WFP Redirect driver

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@MSIgnoreLSPDefault

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Type 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Start 0

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@ErrorControl 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@DisplayName aswRvrt

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Description avast! Revert

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@BootCounter 35

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@TickCounter 932471

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition2\Windows

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@ImproperShutdown 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Type 2

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Start 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ErrorControl 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DisplayName aswSnx

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Group FSFilter Virtualization

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DependOnService FltMgr?

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Description avast! virtualization driver (aswSnx)

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Tag 2

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances@DefaultInstance aswSnx Instance

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Altitude 137600

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Flags 0

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Type 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Start 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@ErrorControl 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@DisplayName aswSP

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Description avast! Self Protection

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@BehavShield 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP

Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Type 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Start 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ErrorControl 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DisplayName avast! Network Shield Support

Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Group PNP_TDI

Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DependOnService tcpip?

Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Description avast! Network Shield TDI driver

Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Tag 9

Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi

Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Type 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Start 0

Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@ErrorControl 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@DisplayName aswVmm

Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Description avast! VM Monitor

Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm\Parameters

Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm

Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Type 32

Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Start 2

Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ErrorControl 1

Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"

Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DisplayName avast! Antivirus

Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Group ShellSvcGroup

Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS?

Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@WOW64 1

Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ObjectName LocalSystem

Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ServiceSidType 1

Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Description Gerencia e executa os servi?os do antiv?rus avast! neste computador. Isto inclui os M?dulos residentes, a Quarentena e o Agendador.

Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus

Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Type 2

Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Start 2

Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ErrorControl 1

Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DisplayName aswFsBlk

Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Group FSFilter Activity Monitor

Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DependOnService FltMgr?

Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk)

Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Tag 2

Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance

Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400

Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0

Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Type 2

Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Start 2

Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ErrorControl 1

Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys

Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DisplayName aswMonFlt

Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Group FSFilter Anti-Virus

Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DependOnService FltMgr?

Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt)

Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance

Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700

Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0

Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys

Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Type 1

Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Start 1

Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ErrorControl 1

Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DisplayName aswRdr

Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Group PNP_TDI

Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DependOnService tcpip?

Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Description avast! WFP Redirect driver

Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@MSIgnoreLSPDefault

Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll

Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Type 1

Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Start 0

Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@ErrorControl 1

Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@DisplayName aswRvrt

Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Description avast! Revert

Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@BootCounter 35

Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@TickCounter 932471

Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition2\Windows

Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@ImproperShutdown 1

Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Type 2

Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Start 1

Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@ErrorControl 1

Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DisplayName aswSnx

Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Group FSFilter Virtualization

Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DependOnService FltMgr?

Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Description avast! virtualization driver (aswSnx)

Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Tag 2

Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances@DefaultInstance aswSnx Instance

Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Altitude 137600

Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Flags 0

Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast

Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast

Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Type 1

Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Start 1

Reg HKLM\SYSTEM\ControlSet002\services\aswSP@ErrorControl 1

Reg HKLM\SYSTEM\ControlSet002\services\aswSP@DisplayName aswSP

Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Description avast! Self Protection

Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@BehavShield 1

Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast

Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast

Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files

Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget

Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Type 1

Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Start 1

Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@ErrorControl 1

Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DisplayName avast! Network Shield Support

Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Group PNP_TDI

Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DependOnService tcpip?

Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Description avast! Network Shield TDI driver

Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Tag 9

Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Type 1

Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Start 0

Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@ErrorControl 1

Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@DisplayName aswVmm

Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Description avast! VM Monitor

Reg HKLM\SYSTEM\ControlSet002\services\aswVmm\Parameters (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Type 32

Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Start 2

Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ErrorControl 1

Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"

Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DisplayName avast! Antivirus

Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Group ShellSvcGroup

Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS?

Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@WOW64 1

Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ObjectName LocalSystem

Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ServiceSidType 1

Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Description Gerencia e executa os servi?os do antiv?rus avast! neste computador. Isto inclui os M?dulos residentes, a Quarentena e o Agendador.

---- EOF - GMER 2.1 ----

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro Gringo20

Recomendo que salve este tópico em seus Favoritos para facilitar na hora de encontrá-lo.

Por favor, atente para o seguinte:

  • Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP);
  • O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
  • Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
  • Sempre coloque suas respostas neste tópico... Não abra outro!
  • Procure sempre me manter informado, durante a remoção, sobre o que acontece com seu computador.
  • Respeite a ordem das instruções passadas.
  • Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

# Etapa nº 1 #

Leia este artigo e tome as medidas necessárias:

http://www.linhadefensiva.org/2012/03/criminosos-alteram-dns-de-modems-usando-falha-para-realizar-fraudes/

Depois faça:

Faça o download do BankerFix e salve em seu desktop.

  • Importante:A ferramenta irá finalizar o Internet Explorer. Salve qualquer link que precisar antes de executá-la.
  • Clique duas vezes no ícone instalador do BankerFix.
  • Na janela que abrir clique em Executar. Depois clique em Sim.
  • Abrirá uma janela de aviso, certifique que seu computador esteja conectado a Internet. Clique em Ok
  • Vai perceber uma "movimentação" na barra de tarefas... Na janela que abrir em Ok para executar a ferramenta.
  • Abrirá um prompt. Pressione qualquer tecla para continuar.
  • Aguarde...
  • Novamente, pressione qualquer tecla para continuar.
  • Quando terminar, cole o conteúdo do arquivo C:\LinhaDefensiva\relatorio.txt em sua próxima resposta.

Depois de fazer sua resposta você pode apagar a pasta: C:\LinhaDefensiva

# Etapa nº 2 #

Faça o download Junkware Removal Tool e salve em seu Desktop.

  • Desative seus programas de proteção (antivírus etc) para evitar qualquer conflito.
  • Clique duas vezes JRT.exe
    • Se seu sistema for Windows Vista ou Windows 7 ou Windows 8, clique com o botão direito do mouse e peça para Executar como Administrador.

    [*]Seja paciente e aguarde o scan terminar.[*]Abra o log JRT.txt que está em seu Desktop.[*]Copie todo conteúdo e cole em sua próximo mensagem.

# Etapa nº 3 #

  • Clique duas vezes no adwcleaner.exe
    • Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png

  • Clique em Pesquisar
  • No final do scan será aberto um log com o resultado.
  • Caso algo seja detectado, clique então no botão Remover.
  • Novamente, no final do scan será aberto um log com o resultado.
  • Copie todo seu conteúdo e cole em sua próxima resposta.

# Etapa nº 4 #

Leia as instruções contidas neste link:

Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

  1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

[*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).[*]Duplo clique no icone desktopicon.png que está no desktop.[*]Leia e aceite as condições, digitando 1 e enter.[*]Computadores com Windows XP deverão instalar o Console de Recuperação:

  • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
  • Clique em "OK" ao EULA.
  • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

[*]O ComboFix será executado, por favor seja paciente e aguarde. [*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.[*]Poderá surgir o aviso que é necessário reiniciar o computador.

NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

  • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
  • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
  • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Diego, aqui vai os logs. Obrigado!

BANKERFIX

BankerFix 3.5 VALKYRIE - Removedor de Bankers

Linha Defensiva | http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

-------------------------------------------------------

Data: 2013-09-13 - 19:42

-------------------------------------------------------

Lista de Definição: 2012-08-22-1 | CORE: 2012-08-22-6

=======================================================

----- Fim -------------------------

JUNKWARE

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.0.0 (09.12.2013:1)

OS: Windows 7 Ultimate x64

Ran by Cliente on 13/09/2013 at 19:45:09,27

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"

~~~ FireFox

Emptied folder: C:\Users\Cliente\AppData\Roaming\mozilla\firefox\profiles\61cgnupz.default\minidumps [3 files]

~~~ Chrome

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google\Chrome\extensioninstallforcelist [blacklisted Policy]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 13/09/2013 at 19:49:41,16

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Compartilhar este post


Link para o post
Compartilhar em outros sites

COMBOFIX

ComboFix 13-09-13.03 - Cliente 13/09/2013 20:00:39.1.4 - x64

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1046.18.4050.2589 [GMT -3:00]

Executando de: c:\users\Cliente\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Cliente\AppData\Roaming\unins000.exe

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2013-08-13 to 2013-09-13 ))))))))))))))))))))))))))))

.

.

2013-09-13 23:03 . 2013-09-13 23:03 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-09-13 22:51 . 2013-09-13 22:52 -------- d-----w- C:\AdwCleaner

2013-09-13 22:45 . 2013-09-13 22:45 -------- d-----w- c:\windows\ERUNT

2013-09-13 22:40 . 2013-09-13 22:42 -------- d-----w- C:\LinhaDefensiva

2013-09-13 22:38 . 2013-09-13 22:38 -------- d-----w- c:\programdata\DAEMON Tools Lite

2013-09-05 13:25 . 2013-09-05 13:25 -------- d-----w- c:\program files (x86)\Common Files\Java

2013-09-05 13:25 . 2013-09-05 13:24 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-09-05 13:24 . 2013-09-05 13:24 -------- d-----w- c:\program files (x86)\Java

2013-09-04 14:54 . 2013-09-13 22:53 31088 ----a-w- c:\windows\SysWow64\drivers\gbpndisrd.sys

2013-09-04 14:54 . 2013-05-08 12:52 49536 ----a-w- c:\windows\SysWow64\drivers\gbpkm.sys

2013-09-04 14:54 . 2013-09-04 14:54 -------- d-----w- c:\program files (x86)\GbPlugin

2013-09-04 14:54 . 2013-09-04 14:54 -------- d-----w- c:\programdata\GbPlugin

2013-09-04 14:54 . 2013-09-13 18:54 -------- d-----w- c:\programdata\GAS Tecnologia

2013-09-03 14:02 . 2013-09-11 12:15 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-09-03 14:02 . 2013-09-11 12:15 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-09-03 13:40 . 2013-09-03 13:40 -------- d-----w- c:\windows\system32\appmgmt

2013-09-02 22:12 . 2013-09-02 22:12 -------- d-----w- c:\program files (x86)\Common Files\Steam

2013-09-02 15:48 . 2013-09-02 15:48 -------- d-----w- c:\programdata\WEBREG

2013-09-02 15:44 . 2013-09-02 15:44 -------- d-----w- c:\programdata\HP Product Assistant

2013-09-02 15:43 . 2013-09-02 15:43 -------- d-----w- c:\program files (x86)\Common Files\HP

2013-09-02 15:43 . 2013-09-02 15:43 -------- d-----w- c:\program files (x86)\Common Files\Hewlett-Packard

2013-09-02 15:43 . 2013-09-02 15:45 -------- d-----w- c:\program files (x86)\HP

2013-09-02 15:42 . 2013-09-02 15:48 -------- d-----w- c:\programdata\HP

2013-09-02 15:42 . 2009-07-08 10:51 938496 ----a-w- c:\windows\system32\hpowiax8.dll

2013-09-02 15:42 . 2009-07-08 10:51 642360 ----a-w- c:\windows\system32\hpzids40.dll

2013-09-02 15:42 . 2009-07-08 10:51 551424 ----a-w- c:\windows\system32\hppldcoi.dll

2013-09-02 15:42 . 2009-07-08 10:51 505344 ----a-w- c:\windows\system32\hpovst14.dll

2013-09-02 15:42 . 2009-07-08 10:51 1406464 ----a-w- c:\windows\system32\hpotiop6.dll

2013-08-26 19:22 . 2013-08-26 19:22 -------- d-----w- c:\program files (x86)\Common Files\Skype

2013-08-26 19:22 . 2013-08-26 19:22 -------- d-----r- c:\program files (x86)\Skype

2013-08-26 19:22 . 2013-08-26 19:22 -------- d-----w- c:\programdata\Skype

2013-08-26 15:11 . 2013-08-26 15:11 -------- d-----w- C:\Lector

2013-08-24 20:00 . 2013-09-13 21:41 290184 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2013-08-24 19:59 . 2013-08-24 19:59 -------- d-----w- c:\program files (x86)\Origin Games

2013-08-24 19:57 . 2013-09-13 00:06 -------- d-----w- c:\program files (x86)\Origin

2013-08-24 19:48 . 2013-08-24 19:48 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller

2013-08-24 19:48 . 2013-09-13 21:41 290184 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2013-08-24 19:48 . 2013-09-13 21:41 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2013-08-24 19:48 . 2013-08-24 20:05 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe

2013-08-24 19:46 . 2005-03-18 20:19 3823312 ----a-w- c:\windows\system32\d3dx9_25.dll

2013-08-24 19:46 . 2005-02-05 22:45 3544272 ----a-w- c:\windows\system32\d3dx9_24.dll

2013-08-24 07:03 . 2013-08-24 07:03 -------- d-----w- c:\programdata\Hewlett-Packard

2013-08-24 07:03 . 2009-07-14 01:41 230400 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpzppw71.dll

2013-08-24 07:02 . 2013-08-24 07:02 -------- d-----w- c:\programdata\ATI

2013-08-24 06:17 . 2009-11-25 15:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll

2013-08-24 06:17 . 2009-11-25 15:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll

2013-08-24 06:17 . 2009-11-25 15:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll

2013-08-24 06:17 . 2009-11-25 15:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe

2013-08-24 06:17 . 2009-11-25 15:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll

2013-08-24 06:17 . 2009-11-25 15:47 48960 ----a-w- c:\windows\system32\netfxperf.dll

2013-08-24 06:17 . 2009-11-25 15:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2013-08-24 06:17 . 2009-11-25 15:47 444752 ----a-w- c:\windows\system32\mscoree.dll

2013-08-24 06:17 . 2009-11-25 15:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe

2013-08-24 06:17 . 2009-11-25 15:47 1942856 ----a-w- c:\windows\system32\dfshim.dll

2013-08-24 05:50 . 2013-08-24 05:50 0 ----a-w- c:\windows\ativpsrm.bin

2013-08-24 05:44 . 2013-08-24 05:44 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services

2013-08-24 05:44 . 2013-08-24 06:18 -------- d-----w- c:\program files (x86)\Microsoft.NET

2013-08-24 05:44 . 2013-08-24 05:44 -------- d-----w- c:\windows\PCHEALTH

2013-08-24 05:44 . 2013-08-24 05:44 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework

2013-08-24 05:44 . 2013-08-24 05:44 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition

2013-08-24 05:43 . 2013-08-24 05:43 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8

2013-08-24 05:42 . 2013-08-24 05:42 -------- d-----w- c:\program files\Microsoft Office

2013-08-24 05:42 . 2013-08-24 05:42 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services

2013-08-24 05:41 . 2013-08-24 05:46 -------- d-----w- c:\programdata\Microsoft Help

2013-08-24 05:41 . 2013-08-24 05:41 -------- d-----r- C:\MSOCache

2013-08-24 04:58 . 2013-09-04 14:25 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service

2013-08-24 04:58 . 2013-05-09 08:59 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2013-08-24 04:58 . 2013-08-23 20:14 378944 ----a-w- c:\windows\system32\drivers\aswSP.sys

2013-08-24 04:58 . 2013-05-09 08:59 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2013-08-24 04:58 . 2013-08-23 20:14 1030952 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2013-08-24 04:58 . 2013-05-09 08:59 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2013-08-24 04:58 . 2013-08-23 20:14 189936 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2013-08-24 04:58 . 2013-05-09 08:59 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

2013-08-24 04:58 . 2013-05-09 08:59 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2013-08-24 04:58 . 2013-05-09 08:58 287840 ----a-w- c:\windows\system32\aswBoot.exe

2013-08-24 04:57 . 2013-05-09 08:58 41664 ----a-w- c:\windows\avastSS.scr

2013-08-24 04:57 . 2013-08-24 04:57 -------- d-----w- c:\program files\AVAST Software

2013-08-24 04:57 . 2013-08-24 04:57 -------- d-----w- c:\programdata\AVAST Software

2013-08-24 04:49 . 2013-08-24 04:49 -------- d-----w- c:\programdata\AMD

2013-08-24 04:49 . 2013-08-24 04:49 -------- d-----w- c:\program files (x86)\AMD AVT

2013-08-24 04:49 . 2013-08-24 04:49 -------- d-----w- c:\program files\Common Files\ATI Technologies

2013-08-24 04:49 . 2013-08-24 04:49 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies

2013-08-24 04:48 . 2013-08-24 04:48 -------- d-----w- c:\program files (x86)\ATI Technologies

2013-08-24 04:48 . 2013-09-05 13:25 -------- d-sh--w- c:\windows\Installer

2013-08-24 04:48 . 2013-08-24 04:49 -------- d-----w- c:\program files\ATI Technologies

2013-08-24 04:48 . 2013-08-24 04:48 -------- d-----w- c:\program files\ATI

2013-08-24 04:47 . 2013-08-24 04:47 -------- d-----w- C:\AMD

2013-08-24 04:45 . 2013-08-24 04:45 -------- d-----w- c:\windows\SysWow64\RTCOM

2013-08-24 04:45 . 2013-08-24 04:45 -------- d-----w- c:\program files\Realtek

2013-08-24 04:43 . 2013-08-24 04:43 -------- d-----w- c:\program files (x86)\Intel

2013-08-24 04:43 . 2012-07-04 13:55 53248 ----a-w- c:\windows\SysWow64\CSVer.dll

2013-08-24 04:43 . 2013-08-24 04:43 -------- d-----w- C:\Intel

2013-08-24 04:43 . 2013-08-24 04:43 -------- d-----w- C:\MSI

2013-08-24 04:16 . 2013-08-23 22:13 -------- d-----w- c:\windows\Panther

2013-08-24 04:01 . 2013-08-24 04:01 -------- d-----w- c:\windows\SysWow64\Macromed

2013-08-24 04:01 . 2013-08-24 04:01 -------- d-----w- c:\windows\system32\Macromed

2013-08-23 22:13 . 2013-08-23 22:13 -------- d-----w- c:\program files\CCleaner

2013-08-23 22:12 . 2013-08-23 22:12 -------- d-----w- c:\programdata\Malwarebytes

2013-08-23 22:12 . 2013-04-04 17:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-08-23 20:57 . 2013-08-23 20:57 -------- d-----w- c:\windows\Sun

2013-08-23 20:41 . 2013-08-23 20:41 -------- d-----w- c:\programdata\Steam

2013-08-23 20:40 . 2013-08-23 20:39 706560 ----a-w- c:\windows\SysWow64\termsrv.dll.bak

2013-08-23 20:40 . 2013-08-23 20:39 706560 ----a-w- c:\windows\system32\termsrv.dll.bak

2013-08-23 20:37 . 2013-08-23 20:37 -------- d-----w- c:\program files (x86)\Battlelog Web Plugins

2013-08-23 20:35 . 2013-09-05 13:24 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll

2013-08-23 20:35 . 2013-09-05 13:24 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2013-08-23 20:29 . 2013-08-20 03:46 9515512 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{26B6DD88-D8F3-4143-8347-4460AB14CDEA}\mpengine.dll

2013-08-23 20:29 . 2013-05-02 05:06 278800 ------w- c:\windows\system32\MpSigStub.exe

2013-08-23 20:22 . 2013-08-23 21:55 -------- d-----w- c:\programdata\Origin

2013-08-23 20:21 . 2013-08-23 20:24 -------- d-----w- c:\program files (x86)\Google

2013-08-23 20:19 . 2013-08-24 20:00 -------- d-----w- c:\programdata\Electronic Arts

2013-08-23 20:19 . 2013-08-23 20:19 -------- d-----w- c:\programdata\EA Core

2013-08-23 20:19 . 2013-08-25 04:31 -------- d-----w- c:\programdata\EA Logs

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-09-13 22:38 . 2012-03-29 20:21 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[7] 2009-07-14 . 0F05EC2887BFE197AD82A13287D2F404 . 706560 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7600.16385_none_ea94336f6df51e09\termsrv.dll

.

c:\windows\system32\termsrv.dll ... está faltando !!

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"JAVA"="c:\program files (x86)\Java\jre7\bin\javaw.exe" [2013-09-05 175016]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-03-29 642656]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2013-07-15 14:23 1410088 ----a-w- c:\program files (x86)\GbPlugin\gbieh.dll

.

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys;c:\windows\SYSNATIVE\drivers\GbpKm.sys [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 MSICDSetup;MSICDSetup;e:\cdriver64.sys;e:\CDriver64.sys [x]

R3 NTIOLib_1_0_C;NTIOLib_1_0_C;e:\ntiolib_x64.sys;e:\NTIOLib_X64.sys [x]

S0 aswRvrt;aswRvrt; [x]

S0 aswVmm;aswVmm; [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]

S2 GbpSv;Gbp Service;c:\progra~2\GbPlugin\GbpSv.exe;c:\progra~2\GbPlugin\GbpSv.exe [x]

S2 MBAMScheduler;MBAMScheduler;d:\victor\Programas\Malware\mbamscheduler.exe;d:\victor\Programas\Malware\mbamscheduler.exe [x]

S2 MBAMService;MBAMService;d:\victor\Programas\Malware\mbamservice.exe;d:\victor\Programas\Malware\mbamservice.exe [x]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-09-13 04:28 1198544 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1626.5\Installer\chrmstp.exe

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2013-09-13 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-03 12:15]

.

2013-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-23 20:21]

.

2013-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-23 20:21]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2013-01-15 6963272]

.

------- Scan Suplementar -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: &Enviar para o OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: E&xportar para o Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

Trusted Zone: bancobrasil.com.br\www

Trusted Zone: bancobrasil.com.br\www14

Trusted Zone: bancobrasil.com.br\www2

Trusted Zone: bb.com.br\www

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\users\Cliente\AppData\Roaming\Mozilla\Firefox\Profiles\61cgnupz.default\

FF - prefs.js: network.proxy.type - 2

FF - ExtSQL: 2013-08-24 01:57; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF

FF - ExtSQL: 2013-09-02 12:45; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF - ExtSQL: 2013-09-04 11:54; {87F8774F-B485-47E2-A755-A40A8A5E886C}; c:\users\Cliente\AppData\Local\GAS Tecnologia\GBBD\bb\xpi

FF - ExtSQL: !HIDDEN! 2013-09-02 12:45; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

.

- - - - ORFÃOS REMOVIDOS - - - -

.

AddRemove-Steam App 236390 - d:\victor\Steam\steam.exe

AddRemove-{36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1 - c:\users\Cliente\AppData\Roaming\unins000.exe

.

.

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Tempo para conclusão: 2013-09-13 20:05:49

ComboFix-quarantined-files.txt 2013-09-13 23:05

.

Pré-execução: 27.753.586.688 bytes disponíveis

Pós execução: 28.297.093.120 bytes disponíveis

.

- - End Of File - - 1197556B82B2A4714AB0B35D28FE9AE2

A36C5E4F47E84449FF07ED3517B43A31

Compartilhar este post


Link para o post
Compartilhar em outros sites

@diego_moicano

Só gostaria de relatar que depois de passar os programas corretamente da forma que você falou, percebi que o carregamento das páginas ficaram mais lentos, em alguns momentos aparece "Servidor não encontrado", eu aperto f5 umas 3 fezes e a página carrega corretamente, lento, mas carrega.

Compartilhar este post


Link para o post
Compartilhar em outros sites





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×