Ir ao conteúdo
  • Cadastre-se
may88

Muitos problemas ao instalar "atualização" do Flash

Recommended Posts

Boa noite.

Serei breve: outro dia estava navegando em um site de uma empresa, e o mesmo pediu a instalação do Flash Player. Era um vírus. Ele reiniciou minha máquina no modo de remoção de malware. Quando terminou todo processo, sumiu com meu avast, o microsoft security essentials e classificou meu Chrome como inseguro para rodar o site do banco (Banco do Brasil), e me direcionava automaticamente pro explorer. Lá, quando abria o site do meu banco, ele pedia senhas q ele jamais pediu. Não dei continuidade, instalei o Avast novamente e fiz um scan. Vários virus, alguns consegui mover pra quarentena, outros não havia opção pra isso. Então, toda vez que inicio meu computador, dá uma msg de que o MFC71U.DLL está faltando e que precisa ser instalado. Pesquisei em alguns lugares e vi que isso pode ser por causa de virus.

Estou enviando meus logs para análise. E desde já agradeço a atenção.

Aaah, esqueci de mencionar... Apesar de ter reinstalado meu avast, ainda aparece um ícone extra na barra de ferramentas, como se tivesse 2 rodando, no qual o outro diz q estão todos os servidores em execução e q há uma atualização em andamento. E não sai disso.

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 10.0.9200.16720 BrowserJavaVersion: 10.45.2

Run by ICHARD at 19:07:08 on 2013-11-04

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.1046.18.2039.554 [GMT -2:00]

.

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\PROGRA~1\GbPlugin\GbpSv.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Windows\System32\alg.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\rundll32.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe

C:\Program Files\CyberLink\Shared Files\brs.exe

C:\Program Files\Real\RealPlayer\Update\realsched.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Greenshot\Greenshot.exe

C:\Program Files\Samsung\Kies\KiesTrayAgent.exe

C:\Program Files\qubnfe\qubnfe.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Ares\Ares.exe

C:\Program Files\Samsung\Kies\Kies.exe

C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Windows\system32\rundll32.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Windows\system32\DllHost.exe

C:\Users\ICHARD\AppData\Roaming\ICHARD-PC-ICHARD-PC\AVAST.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\CCleaner\CCleaner.exe

C:\Users\ICHARD\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\ICHARD\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\ICHARD\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\ICHARD\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\ICHARD\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\ICHARD\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\ICHARD\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\ICHARD\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k hpdevmgmt

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k HPService

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\System32\svchost.exe -k swprv

.

============== Pseudo HJT Report ===============

.

uStart Page = -

BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL

BHO: GbIehObj Class: {C41A1C0E-EA6C-11D4-B1B8-444553540000} -

BHO: Atualizações_Automáticas_de_Segurança.Microsoft: {c42d40f0-bebf-418d-8ea1-18d99ac2ab17} -

BHO: Atualizações_Automáticas_de_Segurança.Microsoft: {c69b8481-7f0c-4c81-822e-05174a8789f4} -

BHO: Help the General-Search Project: {CA4520F3-AE13-4FB1-A513-58E23991C86D} - c:\users\ichard\appdata\roaming\media finder\extensions\gencrawler_gc.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"

uRun: [Google Update] "c:\users\ichard\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [ares] "c:\program files\ares\Ares.exe" -h

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [KiesPreload] c:\program files\samsung\kies\Kies.exe /preload

uRun: [KiesAirMessage] c:\program files\samsung\kies\KiesAirMessage.exe -startup

uRun: [] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe

uRun: [Facebook Update] "c:\users\ichard\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver

uRun: [iCHARD-PCNEWDEVV1R3] "c:\users\ichard\appdata\roaming\ichard-pc-ichard-pc\ichard-pcDefSysNWDVV1R3.cpl"

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices

mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe

mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin

mRun: [RemoteControl8] "c:\program files\cyberlink\powerdvd8\PDVD8Serv.exe"

mRun: [PDVD8LanguageShortcut] "c:\program files\cyberlink\powerdvd8\language\Language.exe"

mRun: [bDRegion] c:\program files\cyberlink\shared files\brs.exe

mRun: [uSBToolTip] c:\progra~1\pinnacle\shared~1\programs\usbtip\USBTip.exe

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [Greenshot] c:\program files\greenshot\Greenshot.exe

mRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe

mRun: [qubnfe] c:\program files\qubnfe\qubnfe.exe /auto

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Windows Defender] ****

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

uPolicies-Explorer: RestrictRun = dword:0

uPolicies-Explorer: NoDrives = dword:0

uPolicies-Explorer: NoViewOnDrive = dword:0

mPolicies-System: EnableLUA = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-Explorer: RestrictRun = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoViewOnDrive = dword:0

IE: &Enviar para o OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105

IE: Download with &Media Finder - c:\program files\media finder\hook.html

IE: E&xportar para o Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{4686ED12-27B5-4D89-A322-0A693CC1473B} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{4686ED12-27B5-4D89-A322-0A693CC1473B}\14271657A6F637 : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{4686ED12-27B5-4D89-A322-0A693CC1473B}\27F637563716E647F6 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{4686ED12-27B5-4D89-A322-0A693CC1473B}\46C696E6B6 : DHCPNameServer = 192.168.0.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

Notify: GbPluginBb - c:\program files\gbplugin\gbieh.dll

Notify: igfxcui - igfxdev.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL

SEH: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} -

.

============= SERVICES / DRIVERS ===============

.

R0 360HookOem;360HookOem;c:\windows\system32\drivers\360HookOem.sys [2012-12-22 54912]

R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-6-18 211560]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-11-4 441176]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-11-4 307928]

R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\cyberlink\powerdvd8\000.fcl [2008-2-1 41456]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-11-4 19544]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-11-4 53592]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-11-4 42184]

R2 GbpSv;Gbp Service;c:\progra~1\gbplugin\GbpSv.exe [2013-8-3 409640]

R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 107392]

R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2012-10-2 3064000]

R3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\drivers\athur.sys [2012-8-30 1570304]

R3 NdisrdMP;NdisrdMP;c:\windows\system32\drivers\GbpNdisrd.sys [2013-8-3 31088]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]

S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2013-1-1 30312]

S3 AutoLock;WinPolicy AutoLock;c:\program files\justsoft winpolicy\WPService.exe [2006-9-27 93132]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 62464]

S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2012-8-21 39272]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]

S3 Ndisrd;GAS Tecnologia Service;c:\windows\system32\drivers\GbpNdisrd.sys [2013-8-3 31088]

S3 NisSrv;Inspeção de Rede da Microsoft;c:\program files\microsoft security client\NisSrv.exe [2013-8-12 295376]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2013-1-1 121064]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2013-1-1 12776]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2013-1-1 136808]

S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2013-1-1 114280]

S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-21 77184]

S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 25600]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]

S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]

S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 112640]

S3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\wat\WatAdminSvc.exe [2012-8-17 1343400]

S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

.

=============== Created Last 30 ================

.

2013-11-04 20:11:45 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2013-11-04 20:11:43 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2013-11-04 20:11:24 40112 ----a-w- c:\windows\avastSS.scr

2013-11-04 20:11:14 -------- d-----w- c:\program files\AVAST Software

2013-11-04 19:57:43 719224 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\updates\gapaengine.dll

2013-11-04 17:16:52 185 ----a-w- c:\users\ichard\appdata\roaming\processoOLDV22.cmd

2013-11-04 17:16:51 -------- d-----w- c:\users\ichard\appdata\roaming\ICHARD-PC-ICHARD-PC

2013-11-04 17:15:16 135 ----a-w- c:\users\ichard\appdata\roaming\Passo1.bat

2013-11-04 17:15:14 483840 ----a-w- c:\users\ichard\appdata\roaming\Installv3.cpl

2013-10-17 23:02:11 -------- d-----w- c:\programdata\Oracle

2013-10-17 23:01:31 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-10-17 00:24:15 521216 ----a-w- c:\windows\system32\termsrv.dll.backup

2013-10-16 23:36:43 -------- d-sh--w- C:\Boot

2013-10-16 23:36:10 -------- d-----w- c:\users\ichard\appdata\roaming\ICHARD-ICHARD-PC

2013-10-16 18:04:57 7796464 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{cf8315da-16d8-4510-b254-d0678f3589c8}\mpengine.dll

2013-10-14 19:06:22 7328304 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2013-10-13 21:36:41 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2013-10-13 21:36:40 6016 ----a-w- c:\windows\system32\drivers\usbd.sys

2013-10-13 21:36:40 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys

2013-10-13 21:36:40 284672 ----a-w- c:\windows\system32\drivers\usbport.sys

2013-10-13 21:36:40 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys

2013-10-13 21:36:39 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys

2013-10-13 21:36:39 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys

2013-10-10 19:11:18 530432 ----a-w- c:\windows\system32\comctl32.dll

2013-10-10 19:10:36 2348544 ----a-w- c:\windows\system32\win32k.sys

2013-10-10 19:10:25 81920 ----a-w- c:\windows\system32\davclnt.dll

2013-10-10 19:10:25 205824 ----a-w- c:\windows\system32\WebClnt.dll

2013-10-10 19:10:25 115712 ----a-w- c:\windows\system32\drivers\mrxdav.sys

2013-10-10 19:10:21 86016 ----a-w- c:\windows\system32\drivers\usbcir.sys

2013-10-10 19:10:20 527064 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

.

==================== Find3M ====================

.

2013-11-04 19:51:25 151552 ----a-w- c:\windows\KMSEmulator.exe

2013-10-17 00:24:15 521216 ----a-w- c:\windows\system32\termsrv.dll

2013-10-16 23:41:51 31088 ----a-w- c:\windows\system32\drivers\GbpNdisrd.sys

2013-10-08 19:39:32 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-10-08 19:39:32 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-10-04 00:16:43 720082 ----a-w- c:\users\ichard\appdata\roaming\unins000.exe

2013-09-22 23:28:06 1767936 ----a-w- c:\windows\system32\wininet.dll

2013-09-22 23:27:49 2876928 ----a-w- c:\windows\system32\jscript9.dll

2013-09-22 23:27:48 61440 ----a-w- c:\windows\system32\iesetup.dll

2013-09-22 23:27:48 109056 ----a-w- c:\windows\system32\iesysprep.dll

2013-09-21 03:30:24 2706432 ----a-w- c:\windows\system32\mshtml.tlb

2013-09-21 02:39:47 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2013-09-14 00:48:58 338944 ----a-w- c:\windows\system32\drivers\afd.sys

2013-09-08 02:07:12 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-09-08 02:03:58 231424 ----a-w- c:\windows\system32\mswsock.dll

2013-08-29 01:51:45 3969472 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-08-29 01:51:45 3914176 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-08-29 01:50:30 1289096 ----a-w- c:\windows\system32\ntdll.dll

2013-08-29 01:50:16 619520 ----a-w- c:\windows\system32\tdh.dll

2013-08-29 01:48:17 640512 ----a-w- c:\windows\system32\advapi32.dll

2013-08-28 00:57:20 434688 ----a-w- c:\windows\system32\scavengeui.dll

.

============= FINISH: 19:07:28,86 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 17/08/2012 17:48:28

System Uptime: 04/11/2013 17:50:21 (2 hours ago)

.

Motherboard: PCWARE | | PW-945GCX

Processor: Intel® Pentium® Dual CPU E2200 @ 2.20GHz | CPU 1 | 2203/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 74 GiB total, 32,389 GiB free.

D: is CDROM ()

G: is FIXED (NTFS) - 233 GiB total, 122,435 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: aswRdr

Device ID: ROOT\LEGACY_ASWRDR\0000

Manufacturer:

Name: aswRdr

PNP Device ID: ROOT\LEGACY_ASWRDR\0000

Service: aswRdr

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: aswSP

Device ID: ROOT\LEGACY_ASWSP\0000

Manufacturer:

Name: aswSP

PNP Device ID: ROOT\LEGACY_ASWSP\0000

Service: aswSP

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: avast! Network Shield Support

Device ID: ROOT\LEGACY_ASWTDI\0000

Manufacturer:

Name: avast! Network Shield Support

PNP Device ID: ROOT\LEGACY_ASWTDI\0000

Service: aswTdi

.

==== System Restore Points ===================

.

RP218: 26/10/2013 20:53:51 - Ponto de Verificação Agendado

RP219: 03/11/2013 00:07:13 - Ponto de Verificação Agendado

RP220: 04/11/2013 17:57:08 - Windows Update

RP221: 04/11/2013 18:11:00 - avast! Free Antivirus Setup

.

==== Installed Programs ======================

.

32 Bit HP CIO Components Installer

Adobe After Effects CS4 Third Party Content

Adobe AIR

Adobe Anchor Service CS4

Adobe Bridge CS4

Adobe CMaps CS4

Adobe Color - Photoshop Specific CS4

Adobe Color EU Recommended Settings CS4

Adobe Color JA Extra Settings CS4

Adobe Color NA Extra Settings CS4

Adobe Color Video Profiles CS CS4

Adobe Creative Suite 4 Master Collection

Adobe CSI CS4

Adobe Default Language CS4

Adobe Encore CS4 Codecs

Adobe ExtendScript Toolkit CS4

Adobe Flash Player 11 ActiveX

Adobe Fonts All

Adobe Linguistics CS4

Adobe Media Encoder CS4 Exporter

Adobe Media Encoder CS4 Importer

Adobe Media Player

Adobe Output Module

Adobe PDF Library Files CS4

Adobe Photoshop CS4

Adobe Photoshop CS4 Support

Adobe Premiere Pro CS4 Third Party Content

Adobe Reader X (10.1.8) - Português

Adobe Search for Help

Adobe Service Manager Extension

Adobe Setup

Adobe Shockwave Player 11.6

Adobe Soundbooth CS4 Codecs

Adobe Type Support CS4

Adobe Update Manager CS4

Adobe WinSoft Linguistics Plugin

Adobe XMP Panels CS4

AdobeColorCommonSetCMYK

AdobeColorCommonSetRGB

AIO_CDA_ProductContext

AIO_CDA_Software

AIO_Scan

Apple Mobile Device Support

Apple Software Update

Ares 2.1.6

avast! Free Antivirus

BitTorrent

Bonjour

BufferChm

C3100

c3100_Help

CALL - Vs5

CALL Vs.5

CCleaner

Connect

Controle ActiveX do Windows Live Mesh para Conexões Remotas

ConvertXtoDVD 4.1.19.365

Copy

Corel Graphics - Windows Shell Extension

CorelDRAW Graphics Suite X5

CorelDRAW Graphics Suite X5 - BR

CorelDRAW Graphics Suite X5 - Capture

CorelDRAW Graphics Suite X5 - Common

CorelDRAW Graphics Suite X5 - Connect

CorelDRAW Graphics Suite X5 - Custom Data

CorelDRAW Graphics Suite X5 - Draw

CorelDRAW Graphics Suite X5 - Filters

CorelDRAW Graphics Suite X5 - FontNav

CorelDRAW Graphics Suite X5 - IPM

CorelDRAW Graphics Suite X5 - PHOTO-PAINT

CorelDRAW Graphics Suite X5 - Photozoom Plugin

CorelDRAW Graphics Suite X5 - Redist

CorelDRAW Graphics Suite X5 - Setup Files

CorelDRAW Graphics Suite X5 - VBA

CorelDRAW Graphics Suite X5 - VideoBrowser

CorelDRAW Graphics Suite X5 - VSTA

CorelDRAW Graphics Suite X5 - WT

CorelDRAW® Graphics Suite X5

CyberLink PowerDVD 8

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Destinations

DeviceDiscovery

DIC Michaelis Escolar - Inglês

DIC Michaelis Escolar - Português

DocProc

Driver de vídeo Pinnacle

DVDFab 8.1.8.5 (24/05/2012) Qt

Facebook Video Calling 1.2.0.287

Fax

GBBD Banco do Brasil

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

GPBaseService2

Greenshot 1.0.6.2228

Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)

Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)

Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)

Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)

Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)

Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)

HP Customer Participation Program 13.0

HP Imaging Device Functions 13.0

HP Photosmart All-In-One Driver Software 13.0 Rel. A

HP Photosmart Essential 3.5

HP Smart Web Printing 4.51

HP Solution Center 13.0

HP Update

HPDiagnosticAlert

HPPhotoGadget

HPPhotoSmartDiscLabelContent1

HPPhotosmartEssential

HPProductAssistant

HPSSupply

Intel® Graphics Media Accelerator Driver

InterApp Control 3.59

IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País

iTunes

Java 7 Update 45

Java Auto Updater

Junk Mail filter update

Justsoft WinPolicy 3.1.5 Freeware

Knoll Light Factory EZ Studio

Knoll Light Factory EZ Studio 15

kuler

Magic Bullet Looks Studio

MarketResearch

Media Player Classic - Home Cinema Packages

Mesh Runtime

Messenger Companion

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Client Profile PTB Language Pack

Microsoft Application Error Reporting

Microsoft Office Access MUI (Portuguese (Brazil)) 2010

Microsoft Office Excel MUI (Portuguese (Brazil)) 2010

Microsoft Office Groove MUI (Portuguese (Brazil)) 2010

Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (Portuguese (Brazil)) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (Portuguese (Brazil)) 2010

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010

Microsoft Office Shared MUI (Portuguese (Brazil)) 2010

Microsoft Office Word MUI (Portuguese (Brazil)) 2010

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual Studio Tools for Applications 2.0 - ENU

Microsoft Visual Studio Tools for Applications 2.0 Runtime

MPC-HC 1.6.6.6957 (3975d54)

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MyFreeCodec

Nero 7 Essentials

neroxml

Network

NVIDIA Drivers

OCR Software by I.R.I.S. 13.0

Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)

PDF Converter Packages

PDF Creator

PDF Reader

PDF Reader Packages

PDF Settings CS4

Photoshop Camera Raw

Pinnacle Studio 15

Pinnacle Studio 15 Ultimate Plugins

Pinnacle Studio Ultimate Collection Plugins

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

RealUpgrade 1.1

Receitanet

Red Giant ToonIt Studio

Red Giant ToonIt Studio 15

Samsung Kies

SAMSUNG USB Driver for Mobile Phones

Samsung_MonSetup

Scan

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)

Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition

Security Update for Microsoft Outlook 2010 (KB2794707) 32-Bit Edition

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition

Shop for HP Supplies

Skype Click to Call

Skype™ 6.1

SmartWebPrinting

SolutionCenter

Status

Suite Shared Configuration CS4

Suporte para Aplicativos Apple

swMSM

TL-WN721N/TL-WN722N Driver

Toolbox

Trapcode 3DStroke Studio

Trapcode Particular Studio

Trapcode Shine Studio

TrayApp

Unity Web Player

UnloadSupport

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)

Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition

Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition

Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition

Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition

Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition

Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition

Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition

Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition

Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition

Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition

Update for PDF Converter

Visual Basic for Applications ® Core

Visual Basic for Applications ® Core - English

Visual Basic for Applications ® Core - Portuguese (Brazil)

Web Album Maker 2.20

WebReg

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live Galeria de Fotos

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Media Player Firefox Plugin

WinRAR 4.20 beta 3 (32-bit)

.

==== End Of File ===========================

GMER 2.1.19163 - http://www.gmer.net

Rootkit scan 2013-11-04 20:30:55

Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 MAXTOR_STM380215A rev.3.AAD 74,53GB

Running: ykle3yup.exe; Driver: C:\Users\ICHARD\AppData\Local\Temp\kwdiqpow.sys

---- System - GMER 2.1 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xACA2A202]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xAC9C9CB2]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xACA2C81C]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xACA2C874]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xACA2C98A]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xACA2C772]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xACA2C8C4]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xACA2C7C6]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xACA2C938]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xACA2A226]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xAC9C9D62]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xACA29FF0]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xACA2A24A]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xACA2CD82]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xACA2ACDA]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xACA2C84C]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xACA2C89C]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xACA2C9B4]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xACA2C79E]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xACA2C904]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xACA2C7F4]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xACA2C962]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xAC9C9DFA]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xACA2ABA0]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xACA2A26E]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xACA2A292]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xACA2A04A]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xACA2A186]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xACA2A162]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xACA2A1AA]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xACA2A2B6]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xAC9DF902]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 2.1 ----

.text ntoskrnl.exe!ZwRollbackEnlistment + 1268 83047804 4 Bytes JMP 854C1138

.text ntoskrnl.exe!ZwRollbackEnlistment + 1409 830479A5 1 Byte [06]

.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 83067512 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

.text ntoskrnl.exe!KeRemoveQueueEx + 1393 8306E988 4 Bytes [02, A2, A2, AC]

.text ntoskrnl.exe!KeRemoveQueueEx + 13BB 8306E9B0 4 Bytes [b2, 9C, 9C, AC] {MOV DL, 0x9c; PUSHF ; LODSB }

.text ntoskrnl.exe!KeRemoveQueueEx + 146F 8306EA64 8 Bytes [1C, C8, A2, AC, 74, C8, A2, ...] {SBB AL, 0xc8; MOV [0xa2c874ac], AL; LODSB }

.text ntoskrnl.exe!KeRemoveQueueEx + 147B 8306EA70 4 Bytes [8A, C9, A2, AC]

.text ntoskrnl.exe!KeRemoveQueueEx + 1497 8306EA8C 4 Bytes [72, C7, A2, AC]

.text ...

C:\Program Files\CyberLink\PowerDVD8\000.fcl entry point in "" section [0x90B60000]

.clc C:\Program Files\CyberLink\PowerDVD8\000.fcl unknown last section [0x90B61000, 0x1000, 0x00000000]

? C:\Users\ICHARD\AppData\Local\Temp\mbr.sys O sistema não pode encontrar o arquivo especificado. !

.text autochk.exe 001D11D1 4 Bytes [EC, D7, 2A, 5C]

.text autochk.exe 001D11D7 4 Bytes [8C, 18, 85, 26] {MOV [EAX], DS; TEST [ESI], ESP}

.text autochk.exe 001D11DC 8 Bytes [FF, FF, FF, 7F, FF, FF, FF, ...]

.text autochk.exe 001D11E6 8 Bytes [FF, 7F, FF, 7F, FF, 7F, FF, ...]

.text autochk.exe 001D11F4 4 Bytes [F0, 2D, 41, 01]

.text ...

---- User code sections - GMER 2.1 ----

.text C:\Users\ICHARD\Desktop\ykle3yup.exe[2196] kernel32.dll!GetBinaryTypeW + 70 76FB69E4 1 Byte [62]

.text C:\Windows\system32\taskeng.exe[2856] kernel32.dll!GetBinaryTypeW + 70 76FB69E4 1 Byte [62]

.text C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[2916] ntdll.dll!DbgBreakPoint 770C4108 1 Byte [C3]

.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3520] kernel32.dll!GetBinaryTypeW + 70 76FB69E4 1 Byte [62]

.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3900] kernel32.dll!SetUnhandledExceptionFilter 76F9F4EB 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[4832] kernel32.dll!SetUnhandledExceptionFilter 76F9F4EB 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }

.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[4832] kernel32.dll!GetBinaryTypeW + 70 76FB69E4 1 Byte [62]

.text C:\Program Files\CCleaner\CCleaner.exe[4892] ntdll.dll!LdrUnloadDll 770EC8DE 5 Bytes JMP 001603FC

.text C:\Program Files\CCleaner\CCleaner.exe[4892] ntdll.dll!LdrLoadDll 770F22AE 5 Bytes JMP 001601F8

.text C:\Program Files\CCleaner\CCleaner.exe[4892] kernel32.dll!GetBinaryTypeW + 70 76FB69E4 1 Byte [62]

.text C:\Program Files\CCleaner\CCleaner.exe[4892] USER32.dll!UnhookWindowsHookEx 754CADF9 5 Bytes JMP 00310A08

.text C:\Program Files\CCleaner\CCleaner.exe[4892] USER32.dll!UnhookWinEvent 754CB750 5 Bytes JMP 003103FC

.text C:\Program Files\CCleaner\CCleaner.exe[4892] USER32.dll!SetWindowsHookExW 754CE30C 5 Bytes JMP 00310804

.text C:\Program Files\CCleaner\CCleaner.exe[4892] USER32.dll!SetWinEventHook 754D24DC 5 Bytes JMP 003101F8

.text C:\Program Files\CCleaner\CCleaner.exe[4892] USER32.dll!SetWindowsHookExA 754F6D0C 5 Bytes JMP 00310600

---- Kernel IAT/EAT - GMER 2.1 ----

IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!KeAddSystemServiceTable] [83ECF8DC] \SystemRoot\system32\drivers\360HookOem.sys (360HookOem/360????)

IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!KeUserModeCallback] [83ECFDD8] \SystemRoot\system32\drivers\360HookOem.sys (360HookOem/360????)

---- User IAT/EAT - GMER 2.1 ----

IAT C:\Program Files\Internet Explorer\iexplore.exe[2988] @ C:\Windows\system32\advapi32.DLL [KERNEL32.dll!GetProcAddress] [6B511E4B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2988] @ C:\Windows\system32\user32.DLL [KERNEL32.dll!GetProcAddress] [6B511E4B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2988] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [6B511E4B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2988] @ C:\Windows\system32\shlwapi.DLL [KERNEL32.dll!GetProcAddress] [6B511E4B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2988] @ C:\Windows\system32\shlwapi.DLL [uSER32.dll!DialogBoxParamW] [6B5287FF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2988] @ C:\Windows\system32\shlwapi.DLL [uSER32.dll!DialogBoxParamA] [6B53F23A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2988] @ C:\Windows\system32\shlwapi.DLL [uSER32.dll!SetWindowLongW] [6B51277F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2988] @ C:\Windows\system32\shlwapi.DLL [uSER32.dll!SetWindowLongA] [6B512A84] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2988] @ C:\Windows\system32\shlwapi.DLL [uSER32.dll!MessageBoxW] [6B53EF6F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2988] @ C:\Windows\system32\shell32.DLL [uSER32.dll!MessageBoxW] [6B53EF6F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2988] @ C:\Windows\system32\shell32.DLL [uSER32.dll!DialogBoxParamW] [6B5287FF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2988] @ C:\Windows\system32\shell32.DLL [uSER32.dll!MessageBoxIndirectW] [6B528867] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2988] @ C:\Windows\system32\shell32.DLL [uSER32.dll!EnableWindow] [6B514093] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2988] @ C:\Windows\system32\shell32.DLL [uSER32.dll!SetWindowLongW] [6B51277F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2988] @ C:\Windows\system32\ole32.DLL [uSER32.dll!DialogBoxParamW] [6B5287FF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2988] @ C:\Windows\system32\ole32.DLL [uSER32.dll!SetWindowLongW] [6B51277F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2988] @ C:\Windows\system32\ole32.DLL [uSER32.dll!EnableWindow] [6B514093] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2988] @ C:\Windows\system32\ole32.DLL [uSER32.dll!MessageBoxW] [6B53EF6F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2988] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [6B511E4B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2988] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [6B511E4B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2988] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [6B511E4B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Windows\system32\rundll32.exe[3344] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [74FDFFF6] C:\Windows\system32\apphelp.dll (Biblioteca de cliente de compatibilidade de aplicativos/Microsoft Corporation)

IAT C:\Windows\system32\rundll32.exe[3344] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [74FDFFF6] C:\Windows\system32\apphelp.dll (Biblioteca de cliente de compatibilidade de aplicativos/Microsoft Corporation)

IAT C:\Windows\system32\rundll32.exe[3344] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [74FDFFF6] C:\Windows\system32\apphelp.dll (Biblioteca de cliente de compatibilidade de aplicativos/Microsoft Corporation)

IAT C:\Windows\system32\rundll32.exe[3344] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [74FDFFF6] C:\Windows\system32\apphelp.dll (Biblioteca de cliente de compatibilidade de aplicativos/Microsoft Corporation)

IAT C:\Windows\system32\rundll32.exe[3344] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!GetProcAddress] [74FDFFF6] C:\Windows\system32\apphelp.dll (Biblioteca de cliente de compatibilidade de aplicativos/Microsoft Corporation)

IAT C:\Windows\system32\rundll32.exe[3344] @ C:\Windows\system32\SECUR32.DLL [KERNEL32.dll!GetProcAddress] [74FDFFF6] C:\Windows\system32\apphelp.dll (Biblioteca de cliente de compatibilidade de aplicativos/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3388] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73D224CB] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3388] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73D0562E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3388] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73D056EC] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3388] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73D22546] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3388] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73D185AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3388] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73D14D5E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3388] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73D15105] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3388] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73D151DA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3388] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73D16707] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3388] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73D18301] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3388] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73D18850] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3388] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73D190B1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3388] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73D1E254] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3388] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73D14C90] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\System32\rundll32.exe[3508] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [74FDFFF6] C:\Windows\system32\apphelp.dll (Biblioteca de cliente de compatibilidade de aplicativos/Microsoft Corporation)

IAT C:\Windows\System32\rundll32.exe[3508] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [74FDFFF6] C:\Windows\system32\apphelp.dll (Biblioteca de cliente de compatibilidade de aplicativos/Microsoft Corporation)

IAT C:\Windows\System32\rundll32.exe[3508] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [74FDFFF6] C:\Windows\system32\apphelp.dll (Biblioteca de cliente de compatibilidade de aplicativos/Microsoft Corporation)

IAT C:\Windows\System32\rundll32.exe[3508] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [74FDFFF6] C:\Windows\system32\apphelp.dll (Biblioteca de cliente de compatibilidade de aplicativos/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4236] @ C:\Windows\system32\advapi32.DLL [KERNEL32.dll!GetProcAddress] [6B511E4B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4236] @ C:\Windows\system32\user32.DLL [KERNEL32.dll!CreateThread] [6B5131F2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4236] @ C:\Windows\system32\user32.DLL [KERNEL32.dll!GetProcAddress] [6B511E4B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4236] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [6B511E4B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4236] @ C:\Windows\system32\shlwapi.DLL [KERNEL32.dll!CreateThread] [6B5131F2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4236] @ C:\Windows\system32\shlwapi.DLL [KERNEL32.dll!GetProcAddress] [6B511E4B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4236] @ C:\Windows\system32\shlwapi.DLL [uSER32.dll!DialogBoxParamW] [6B5287FF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4236] @ C:\Windows\system32\shlwapi.DLL [uSER32.dll!DialogBoxParamA] [6B53F23A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4236] @ C:\Windows\system32\shlwapi.DLL [uSER32.dll!CreateWindowExA] [6B514181] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4236] @ C:\Windows\system32\shlwapi.DLL [uSER32.dll!SetWindowLongW] [6B51277F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4236] @ C:\Windows\system32\shlwapi.DLL [uSER32.dll!CreateWindowExW] [6B513EA3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4236] @ C:\Windows\system32\shlwapi.DLL [uSER32.dll!DefWindowProcW] [6B5110AC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4236] @ C:\Windows\system32\shlwapi.DLL [uSER32.dll!DefWindowProcA] [6B512821] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4236] @ C:\Windows\system32\shlwapi.DLL [uSER32.dll!SetWindowLongA] [6B512A84] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4236] @ C:\Windows\system32\shlwapi.DLL [uSER32.dll!MessageBoxW] [6B53EF6F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4236] @ C:\Windows\system32\shell32.DLL [uSER32.dll!MessageBoxW] [6B53EF6F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4236] @ C:\Windows\system32\shell32.DLL [uSER32.dll!DialogBoxParamW] [6B5287FF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4236] @ C:\Windows\system32\shell32.DLL [uSER32.dll!CallNextHookEx] [6B511018] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4236] @ C:\Windows\system32\shell32.DLL [uSER32.dll!UnhookWindowsHookEx] [6B513750] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4236] @ C:\Windows\system32\shell32.DLL [uSER32.dll!SetWindowsHookExW] [6B514205] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4236] @ C:\Windows\system32\shell32.DLL [uSER32.dll!CreateWindowExW] [6B513EA3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4236] @ C:\Windows\system32\shell32.DLL [uSER32.dll!MessageBoxIndirectW] [6B528867] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4236] @ C:\Windows\system32\shell32.DLL [uSER32.dll!EnableWindow] [6B514093] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4236] @ C:\Windows\system32\shell32.DLL [uSER32.dll!DefWindowProcW] [6B5110AC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4236] @ C:\Windows\system32\shell32.DLL [uSER32.dll!SetWindowLongW] [6B51277F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4236] @ C:\Windows\system32\shell32.DLL [KERNEL32.dll!TerminateThread] [6B513A05] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4236] @ C:\Windows\system32\ole32.DLL [uSER32.dll!UnhookWindowsHookEx] [6B513750] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4236] @ C:\Windows\system32\ole32.DLL [uSER32.dll!CallNextHookEx] [6B511018] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4236] @ C:\Windows\system32\ole32.DLL [uSER32.dll!SetWindowsHookExW] [6B514205] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4236] @ C:\Windows\system32\ole32.DLL [uSER32.dll!DefWindowProcW] [6B5110AC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4236] @ C:\Windows\system32\ole32.DLL [uSER32.dll!CreateWindowExW] [6B513EA3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4236] @ C:\Windows\system32\ole32.DLL [uSER32.dll!DialogBoxParamW] [6B5287FF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4236] @ C:\Windows\system32\ole32.DLL [uSER32.dll!SetWindowLongW] [6B51277F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4236] @ C:\Windows\system32\ole32.DLL [uSER32.dll!EnableWindow] [6B514093] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4236] @ C:\Windows\system32\ole32.DLL [uSER32.dll!MessageBoxW] [6B53EF6F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4236] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [6B511E4B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4236] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [6B511E4B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

---- Devices - GMER 2.1 ----

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- Registry - GMER 2.1 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\Windows\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0x2E 0xE8 0xE1 0x00 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\Windows\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\Windows\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ...

Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\Windows\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\Windows\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\Windows\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\Windows\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ...

Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\Windows\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ...

Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\Windows\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\Windows\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\Windows\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\Windows\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ...

---- Files - GMER 2.1 ----

File C:\Users\Public\interapp\*\041113\185110.jpg 0 bytes

File C:\Users\Public\interapp\*\041113\185110s.jpg 0 bytes

File C:\## aswSnx private storage 0 bytes

File C:\## aswSnx private storage\r40 0 bytes

File C:\## aswSnx private storage\snx_rhive 262144 bytes

File C:\## aswSnx private storage\snx_rhive.LOG1 5120 bytes

File C:\## aswSnx private storage\snx_rhive.LOG2 0 bytes

File C:\## aswSnx private storage\snx_rhive{56c80833-458a-11e3-8b85-002197747a90}.TM.blf 65536 bytes

File C:\## aswSnx private storage\snx_rhive{56c80833-458a-11e3-8b85-002197747a90}.TMContainer00000000000000000001.regtrans-ms 524288 bytes

File C:\## aswSnx private storage\snx_rhive{56c80833-458a-11e3-8b85-002197747a90}.TMContainer00000000000000000002.regtrans-ms 524288 bytes

---- EOF - GMER 2.1 ----

Compartilhar este post


Link para o post
Compartilhar em outros sites

Leia as instruções contidas neste link:

Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

  1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

[*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).[*]Duplo clique no icone desktopicon.png que está no desktop.[*]Leia e aceite as condições, digitando 1 e enter.[*]Computadores com Windows XP deverão instalar o Console de Recuperação:

  • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
  • Clique em "OK" ao EULA.
  • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

[*]O ComboFix será executado, por favor seja paciente e aguarde. [*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.[*]Poderá surgir o aviso que é necessário reiniciar o computador.

NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

  • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
  • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
  • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Segue o logo do Combofix

ComboFix 13-11-04.01 - ICHARD 05/11/2013 18:23:46.1.2 - x86

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.1046.18.2039.1240 [GMT -2:00]

Executando de: c:\users\ICHARD\Desktop\ComboFix.exe

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

ADS - system32: deleted 2 bytes in 1 streams.

ADS - drivers: deleted 208 bytes in 1 streams.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\ICHARD\AppData\Roaming\Installv3.cpl

c:\users\ICHARD\AppData\Roaming\Passo1.bat

c:\users\ICHARD\AppData\Roaming\unins000.exe

c:\users\ICHARD\Favorites\ntuser.dat.LOG1

c:\users\ICHARD\Favorites\ntuser.dat.LOG2

c:\windows\certutil.log

G:\install.exe

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2013-10-05 to 2013-11-05 ))))))))))))))))))))))))))))

.

.

2013-11-05 20:33 . 2013-11-05 20:33 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-11-04 19:57 . 2013-11-04 19:57 719224 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\gapaengine.dll

2013-11-04 17:16 . 2013-11-04 17:16 185 ----a-w- c:\users\ICHARD\AppData\Roaming\processoOLDV22.cmd

2013-11-04 17:16 . 2013-11-05 20:00 -------- d-----w- c:\users\ICHARD\AppData\Roaming\ICHARD-PC-ICHARD-PC

2013-10-17 23:02 . 2013-10-17 23:02 -------- d-----w- c:\programdata\Oracle

2013-10-17 23:02 . 2013-10-17 23:02 -------- d-----w- c:\program files\Common Files\Java

2013-10-17 23:01 . 2013-10-08 10:50 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-10-17 00:35 . 2013-10-17 00:35 -------- d-----w- c:\users\Administrador

2013-10-17 00:24 . 2010-11-20 21:29 521216 ----a-w- c:\windows\system32\termsrv.dll.backup

2013-10-16 23:36 . 2013-10-16 23:36 -------- d-----w- C:\Boot

2013-10-16 23:36 . 2013-11-04 17:23 -------- d-----w- c:\users\ICHARD\AppData\Roaming\ICHARD-ICHARD-PC

2013-10-16 18:04 . 2013-10-14 06:39 7796464 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CF8315DA-16D8-4510-B254-D0678F3589C8}\mpengine.dll

2013-10-14 19:06 . 2013-09-05 05:02 7328304 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-10-13 21:36 . 2013-09-04 01:14 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2013-10-13 21:36 . 2013-09-04 01:15 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys

2013-10-13 21:36 . 2013-09-04 01:14 284672 ----a-w- c:\windows\system32\drivers\usbport.sys

2013-10-13 21:36 . 2013-09-04 01:14 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys

2013-10-13 21:36 . 2013-09-04 01:14 6016 ----a-w- c:\windows\system32\drivers\usbd.sys

2013-10-13 21:36 . 2013-09-04 01:14 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys

2013-10-13 21:36 . 2013-09-04 01:14 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys

2013-10-10 19:11 . 2013-07-04 11:50 530432 ----a-w- c:\windows\system32\comctl32.dll

2013-10-10 19:10 . 2013-08-28 01:04 2348544 ----a-w- c:\windows\system32\win32k.sys

2013-10-10 19:10 . 2013-07-04 11:57 205824 ----a-w- c:\windows\system32\WebClnt.dll

2013-10-10 19:10 . 2013-07-04 11:51 81920 ----a-w- c:\windows\system32\davclnt.dll

2013-10-10 19:10 . 2013-07-04 09:48 115712 ----a-w- c:\windows\system32\drivers\mrxdav.sys

2013-10-10 19:10 . 2013-07-12 10:07 86016 ----a-w- c:\windows\system32\drivers\usbcir.sys

2013-10-10 19:10 . 2013-06-25 22:56 527064 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-11-05 19:59 . 2012-08-17 23:47 151552 ----a-w- c:\windows\KMSEmulator.exe

2013-10-17 00:24 . 2010-11-20 21:29 521216 ----a-w- c:\windows\system32\termsrv.dll

2013-10-16 23:41 . 2013-08-03 14:56 31088 ----a-w- c:\windows\system32\drivers\GbpNdisrd.sys

2013-10-08 19:39 . 2012-08-17 23:24 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-10-08 19:39 . 2012-08-17 23:24 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-09-05 22:14 . 2013-09-05 22:19 718712 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{25432083-65DE-4350-8A95-C41BA19CD181}\gapaengine.dll

2013-08-22 17:45 . 2012-10-02 22:44 697992 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2013-10-17 . FF6BCFB9B36AB6D5290EEF2AEE518D17 . 521216 . . [6.1.7601.17514] . . c:\windows\System32\termsrv.dll

[7] 2010-11-20 . 382C804C92811BE57829D8E550A900E2 . 521216 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_90a6abb3b286306d\termsrv.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{c42d40f0-bebf-418d-8ea1-18d99ac2ab17}]

2010-11-20 21:29 297808 ----a-w- c:\windows\System32\mscoree.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{c69b8481-7f0c-4c81-822e-05174a8789f4}]

2010-11-20 21:29 297808 ----a-w- c:\windows\System32\mscoree.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]

"ares"="c:\program files\Ares\Ares.exe" [2010-07-10 1015808]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-08-17 39408]

"KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2012-12-20 1476104]

"Facebook Update"="c:\users\ICHARD\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-04-23 138096]

"ICHARD-PCNEWDEVV1R3"="c:\users\ICHARD\AppData\Roaming\ICHARD-PC-ICHARD-PC\ichard-pcDefSysNWDVV1R3.cpl" [2013-11-04 11438592]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]

"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]

"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-03-21 91432]

"USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]

"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-08-25 296096]

"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]

"Greenshot"="c:\program files\Greenshot\Greenshot.exe" [2012-10-30 462848]

"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-12-20 310280]

"qubnfe"="c:\program files\qubnfe\qubnfe.exe" [2013-03-01 1220952]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-05-31 152392]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"ConsentPromptBehaviorAdmin"= 0 (0x0)

.

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"RestrictRun"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DIMBaixando a sua atualização...1300677038363]

2010-05-21 16:12 95592 ----a-w- c:\program files\Corel\CorelDRAW Graphics Suite X5\Programs\DIM.EXE

.

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [x]

R1 aswSnx;aswSnx; [x]

R1 aswSP;aswSP; [x]

R2 aswFsBlk;aswFsBlk; [x]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]

R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]

R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-01-08 161536]

R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2012-06-27 30312]

R3 AutoLock;WinPolicy AutoLock;c:\program files\Justsoft WinPolicy\WPService.exe [2006-09-27 93132]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]

R3 Ndisrd;GAS Tecnologia Service;c:\windows\system32\DRIVERS\gbpndisrd.sys [2013-10-16 31088]

R3 NisSrv;Inspeção de Rede da Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2013-08-12 295376]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]

R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2012-06-27 121064]

R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2012-06-27 12776]

R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2012-06-27 136808]

R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2012-06-27 114280]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]

R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-17 1343400]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

S0 360HookOem;360HookOem;c:\windows\system32\drivers\360HookOem.sys [2012-05-31 54912]

S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [2008-02-01 41456]

S2 GbpSv;Gbp Service;c:\progra~1\GbPlugin\GbpSv.exe [2013-07-15 409640]

S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-06-19 107392]

S3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athur.sys [2011-04-20 1570304]

S3 NdisrdMP;NdisrdMP;c:\windows\system32\DRIVERS\gbpndisrd.sys [2013-10-16 31088]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HPService REG_MULTI_SZ HPSLPSVC

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2013-11-05 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-17 19:39]

.

2013-11-05 c:\windows\Tasks\AutoKMS.job

- c:\windows\AutoKMS\AutoKMS.exe [2012-08-17 23:47]

.

2013-11-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2615543129-563757311-2397235732-1001Core.job

- c:\users\ICHARD\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-04-23 23:59]

.

2013-11-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2615543129-563757311-2397235732-1001UA.job

- c:\users\ICHARD\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-04-23 23:59]

.

2013-11-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-17 23:35]

.

2013-11-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-17 23:35]

.

2013-11-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2615543129-563757311-2397235732-1001Core.job

- c:\users\ICHARD\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-21 23:40]

.

2013-11-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2615543129-563757311-2397235732-1001UA.job

- c:\users\ICHARD\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-21 23:40]

.

.

------- Scan Suplementar -------

.

uStart Page = -

uInternet Settings,ProxyOverride = *.local

IE: &Enviar para o OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105

IE: Download with &Media Finder - c:\program files\Media Finder\hook.html

IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

.

- - - - ORFÃOS REMOVIDOS - - - -

.

ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - c:\program files\AVAST Software\Avast\ashShell.dll

HKCU-Run-KiesAirMessage - c:\program files\Samsung\Kies\KiesAirMessage.exe

HKLM-Run-MSC - c:\program files\Microsoft Security Client\msseces.exe

HKLM-Run-avast - c:\program files\AVAST Software\Avast\avastUI.exe

Notify- GbPluginBb - c:\program files\GbPlugin\gbieh.dll

AddRemove-avast - c:\program files\AVAST Software\Avast\aswRunDll.exe

AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe

AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe

AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe

AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe

AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe

AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe

AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe

AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe

AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe

AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe

AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe

AddRemove-{36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1 - c:\users\ICHARD\AppData\Roaming\unins000.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]

"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_USERS\S-1-5-21-2615543129-563757311-2397235732-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-2615543129-563757311-2397235732-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Tempo para conclusão: 2013-11-05 18:37:15

ComboFix-quarantined-files.txt 2013-11-05 20:37

.

Pré-execução: 33.844.260.864 bytes disponíveis

Pós execução: 33.286.373.376 bytes disponíveis

.

- - End Of File - - 1F37204AF6EEB2C416F4253F49FB5CB1

A36C5E4F47E84449FF07ED3517B43A31

Compartilhar este post


Link para o post
Compartilhar em outros sites

Faça o download do Malwarebytes Anti-Malware:

  • Link1
  • Link alternativo
    • Clique duas vezes em mbam-setup.exe, escolha a linguagem e siga as instruções para o software ser instalado.
    • Certifique-se que esteja marcada a caixa Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware, e clique em concluir.
    • Se existirem atualizações, elas serão baixadas e instaladas.
    • Quando as atualizações terminarem, abrirá uma janela do programa. Marque "Verificação Rápida", e depois clique no botão Verificar.
    • O scan iniciará e poderá ser demorado. Por favor seja paciente.
    • Quando o scan estiver completo, clique em Ok, depois em Mostrar Resultados para ver o log.
    • Se algo for encontrado, certifique-se que tudo está marcado e clique em Remover.
    • Quando a desinfecção terminar, automaticamente um log surgirá aberto num documento do Bloco de Notas e pode ser questionado para reiniciar o PC. (Leia a nota)
    • O log é automaticamente guardado e pode ser consultado clicando na tab Logs do menu principal.
    • Copie e cole o conteúdo desse log na sua próxima resposta.

Nota: Em infecções mais complicadas, poderá haver a necessidade de reiniciar o PC. Caso lhe seja pedido para reiniciar, por favor, faça-o imediatamente.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Segue o log.

Ainda continua aparecendo a msg que a tal dll ainda está faltando.

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Versão da Base de Dados: v2013.11.09.06

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 10.0.9200.16721

ICHARD :: ICHARD-PC [administrador]

09/11/2013 16:10:59

mbam-log-2013-11-09 (16-10-59).txt

Tipo de Verificação: Verificação Rápida

Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM

Opções de verificação desativadas: P2P

Objetos escaneados: 245007

Tempo decorrido: 12 minuto(s), 26 segundo(s)

Processos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 16

HKCR\CLSID\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Enviado para a Quarentena e deletado com sucesso.

HKCR\gencrawler_gc.GenCrawler (Trojan.Downloader) -> Enviado para a Quarentena e deletado com sucesso.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Enviado para a Quarentena e deletado com sucesso.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Enviado para a Quarentena e deletado com sucesso.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Enviado para a Quarentena e deletado com sucesso.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} (PUP.FunMoods) -> Enviado para a Quarentena e deletado com sucesso.

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} (PUP.FunMoods) -> Enviado para a Quarentena e deletado com sucesso.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199} (PUP.Optional.Iminent.A) -> Enviado para a Quarentena e deletado com sucesso.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A} (PUP.Funmoods) -> Enviado para a Quarentena e deletado com sucesso.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08} (PUP.Optional.Iminent.A) -> Enviado para a Quarentena e deletado com sucesso.

HKCU\SOFTWARE\BabylonToolbar (PUP.Optional.BabylonToolBar.A) -> Enviado para a Quarentena e deletado com sucesso.

HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> Enviado para a Quarentena e deletado com sucesso.

HKCU\SOFTWARE\Funmoods (PUP.FunMoods) -> Enviado para a Quarentena e deletado com sucesso.

HKCU\SOFTWARE\InstallCore\funmoods (PUP.FunMoods) -> Enviado para a Quarentena e deletado com sucesso.

HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Enviado para a Quarentena e deletado com sucesso.

HKLM\SOFTWARE\InstallCore\funmoods (PUP.FunMoods) -> Enviado para a Quarentena e deletado com sucesso.

Valores de Registro Detectadas: 2

HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0L1N1H2O1S -> Enviado para a Quarentena e deletado com sucesso.

HKLM\SOFTWARE\Mozilla\Firefox\extensions|{336D0C35-8A85-403a-B9D2-65C292C39087} (PUP.Optional.Incredibar) -> Data: C:\Program Files\IB Updater\Firefox -> Enviado para a Quarentena e deletado com sucesso.

Itens de Dados no Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Pastas Detectadas: 7

C:\Users\ICHARD\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\ICHARD\AppData\Roaming\DealPly (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\ICHARD\AppData\Roaming\DealPly\UpdateProc (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\ICHARD\AppData\Roaming\BabSolution (PUP.Optional.BabSolution.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\ICHARD\AppData\Roaming\BabSolution\Shared (PUP.Optional.BabSolution.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Windows\System32\WNLT\Installation (PUP.Optional.InstallBrain.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Windows\System32\WNLT\Installation\x86 (PUP.Optional.InstallBrain.A) -> Enviado para a Quarentena e deletado com sucesso.

Arquivos Detectados: 8

C:\Users\ICHARD\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.dll (Trojan.Downloader) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\ICHARD\Downloads\SaveAs.brazil.exe (PUP.Optional.4Shared) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\ICHARD\Downloads\SoftonicDownloader_para_greenshot.exe (PUP.Optional.Softonic.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\ICHARD\Downloads\Incubus_2013_If_Not_Now_When(MP3).exe (PUP.Optional.4Shared) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\ICHARD\AppData\Local\funmoods.crx (PUP.Funmoods) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\ICHARD\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\ICHARD\AppData\Roaming\DealPly\UpdateProc\config.dat (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\ICHARD\AppData\Roaming\BabSolution\Shared\sqlite3.dll (PUP.Optional.BabSolution.A) -> Enviado para a Quarentena e deletado com sucesso.

(fim)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Baixe o Kaspersky AVP Tool de um desses 2 links:

http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/

http://dnl-us6.kaspersky-labs.com/devbuilds/AVPTool/

Você será conduzido a uma página da Kaspersky, solicitando um email para cadastro, nome e sobrenome. Somente o campo "email" é obrigatório.

Informe seu email depois clique no botão Submit Form.

A página será recarregada. Clique no botão Download

Salve-o em sua área de trabalho.

Execute o arquivo e aguarde a instalação.

** Usuários do Windows Vista e Windows 7:

Clique com o direito sobre o arquivo, depois clique em Executar como administrador

Na tela do contrato de licença, marque a opção I accept the license agreement e depois clique no botão Start. Aparentemente o programa congela e nada acontece. É normal, apenas aguarde até aparecer a tela inicial do programa, e então clique no ícone Settings:

KRT_settings.png

Nesta tela, marque a caixa ao lado de:

  • Meu Computador
  • Disco local (C:)

Marque também todas as unidades que aparecem abaixo de Disco Local, caso houverem. Depois clique na aba Automatic Scan

KRT_install2_.png

De volta à tela inicial do programa, clique no botão Start scanning

Tenha paciência, é um pouco demorado.

Quando terminar, caso tenha detectado algo, o programa irá lhe perguntar o que fazer.

Marque o quadradinho ao lado de Apply to all objects e depois clique em Skip (queremos apenas o log).

KRT_detection_.png

Enquanto durar o exame, a tela inicial exibirá uma barra de progresso. Quando terminar, o programa exibirá o status concluído e um botão que ficará na cor laranja, caso nada tenha sido detectado, e na cor vermelha, caso tenha encontrado algo.

Caso tenha detectado algo, o programa também exibirá uma tela de alerta, avisando que o seu sistema está desprotegido e sugerindo um produto da Kaspersky. Clique no botão No, thanks.

De volta à tela principal, caso tenha sido detectado algo, então salve o log. Se você fechar o programa e esquecer de salvar o log, terá que repetir todo o scan novamente.

Para salvar o log, clique no ícone Reports (ao lado do ícone "Settings"). Na próxima janela, clique em Detected Threats, depois clique no ícone de disquete para salvar o log.

Escolha um local de fácil acesso e salve como log.txt

Copie todo o conteúdo desse bloco de notas e cole na sua próxima resposta.

Se nada for detectado, então não precisa salvar o log. Apenas poste aqui avisando.

Para sair do programa, basta clicar no X no canto superior direito.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok, não sei se os passos q você postou conferem com a versão q eu baixei, mas acredito que isso não afete no resultado final. Ele não pediu email para download e a interface é diferente, mas segui as instruções e escaneei as unidades indicadas.

Não houve resultados, o log gerado deu assim:

Verificação automática: concluído 24 minutos atrás (eventos: 2, objetos: 697643, hora: 02:25:52)

13/11/2013 19:06:58 Tarefa iniciada Ação padrão selecionada

13/11/2013 21:32:50 Tarefa concluída Ação padrão selecionada

A imagem do programas após o scan foi essa:

2013_11_13_22_02_24.jpg

Fiz certo?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Como tem estado o computador?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Segundo relatos do meu irmão, que costuma passar horas no pc, ele reclamava q estava travando muito quando abria o Chrome e começava a ver videos.

Não eprcebi mais esse problema. O que ainda me incomoda é a msg de que o MFC71U.DLL está faltando e que precisa ser instalado. E quanto ao meu avast, não consigo ao menos encontrá-lo para desinstalar, uma vez que já o instalei 3 vezes nesse meio tempo, ele simplesmente some do nada e temo pela segurança do meu computador. Se eu mudar o destino de instalação, ao invés do C colocar em outra unidade, pode dar certo? E esse problema da dll pode estar ligado ao sumiço do antivirus? porque ele iniciava automaticamente com o computador, e quando dá essa msg da dll, a caixa de texto diz: "O programa não pode ser iniciado por que o arquivo MFC71U.DLL está faltando e precisa ser instalado". Mas ele não especifica qual programa é.

E me preocupa também o fato do Microsoft Security Essentials ter sumido da mesma forma.

Mas no geral, está funcionando bem.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Possui o CD do sistema operacional?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Seria legal executar o comando sfc /scannow.

Este comando restaura os arquivos originais do sistema operacional e provavelmente resolveria o seu problema. Basicamente, seu problema não tem relação com malware, mas sim com o sistema operacionais.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Uhmm, entendi.

Outra coisa... Toda vez q o pc inicia, o Kapersky inicia automaticamente com ele. É normal? Não me lembro de ter pedido pra ele inciar com o windows...

E ele também deu duas mensagens importantes, uma pedindo pra ativar o Widnows Defender, quando clico pra ativar, dá uma msg de erro: A central de ações não pode ativar o windows defender. Tente novamente mais tarde.

E a outra é pra localizar um programa de antivírus online.

Visto que meu Microsoft Security Esssentials sumiu e meu Avast ta aqui mas não funciona, será q eu conseguiria instalar algum outro antivirus sem problemas? Não vai dar conflito?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Você diz o Kaspersky Removal Tool? Se sim, basta fazer a desinstalação.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok, desinstalei.

E até o momento, meu unico problema realmente é a falta da dll q só poderia ser resolvido, pelo jeito, com a cd original do sistema q não tenho. E o fato de estar sem antivirus. De resto está tudo ok!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Parabéns, seu log está limpo.

De agora em diante fique ALERTA!

Para finalizar faça o seguinte:

Vá em Iniciar > Executar e digite ComboFix /Uninstall . Isso desinstalará o ComboFix de sua máquina.

Faça download do OTC

  • Salve no seu desktop (área/ambiente de trabalho).
  • Duplo-clique no icone do OTC.
  • Clique no botão "Cleanup" 8gehxg0.gif
  • Permita que o seu computador seja reiniciado.

Sugiro que rode o CCleaner para fazer uma limpeza em sua máquina. Faça o download dele aqui CCleaner

  • Abra o programa e clique em Executar Limpeza;
  • Após isto, clique em Erros >> Procurar erros >> Corrigir Erros

Sugiro também que consulte este artigo: Proteja seu PC

Mais algum problema com o computador?

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×