Ir ao conteúdo
  • Cadastre-se
Scantrexx

Verificação do meu PC

Recommended Posts

Gostaria que vocês me ajudassem verificar se existe algum malware ou coisa do tipo no meu computador. Recebi um aviso do google que alguém tentou logar na minha conta da china então apareceu essa suspeita.

Desde já agradeço.

:lol:

Compartilhar este post


Link para o post
Compartilhar em outros sites

Leia o tópico "Leia Antes de Postar" e poste os logs solicitados.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Segue abaixo os logs

dds

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 10.45.2

Run by Tauê at 12:54:31 on 2013-11-07

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1046.18.2047.1144 [GMT -2:00]

.

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\PROGRA~1\GbPlugin\GbpSv.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskhost.exe

C:\Windows\Explorer.EXE

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Microsoft\DarkSetup\Dark.exe

C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\System32\svchost.exe -k secsvcs

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://google.com.br/

uSearch Bar = Preserve

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - c:\program files\iobit\advanced systemcare 6\browerprotect\ASCPlugin_Protection.dll

BHO: GbIehObj Class: {C41A1C0E-EA6C-11D4-B1B8-444553540003} - c:\program files\gbplugin\gbiehcef.dll

BHO: SpeedBit Link Verification Helper: {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} - c:\program files\dap\LinkVerifier.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll

uRun: [Google Update] "c:\users\tauê\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [Dark] c:\program files\microsoft\darksetup\Dark.exe

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"

mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"

mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [VDownloader] c:\program files\vdownloader\VDownloader.exe /silent

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [RaidCall] c:\program files\raidcall\raidcall.exe

mRun: [Nvtmru] "c:\program files\nvidia corporation\nvidia update core\nvtmru.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

StartupFolder: c:\users\tau~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\recort~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: &Download with &DAP - c:\program files\dap\dapextie.htm

IE: &Verify with DAP - c:\program files\dap\dapverify.htm

IE: Download &all with DAP - c:\program files\dap\dapextie2.htm

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

LSP: %SystemRoot%\system32\WTFastDrv.dll

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

TCP: NameServer = 201.33.240.34 201.33.240.36 0.0.0.0

TCP: Interfaces\{A6F96AFE-8168-4BBC-BEC3-354D9AA6CA22} : DHCPNameServer = 200.204.0.10 200.204.0.138

TCP: Interfaces\{D6FBDC49-97A9-428E-AE1D-D4FE86389362} : NameServer = 8.8.8.8,8.8.4.4

TCP: Interfaces\{D6FBDC49-97A9-428E-AE1D-D4FE86389362} : DHCPNameServer = 201.33.240.34 201.33.240.36 0.0.0.0

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

Notify: GbPluginCef - c:\program files\gbplugin\gbiehCef.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

SEH: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - c:\program files\gbplugin\gbiehcef.dll

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\30.0.1599.101\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

.

============= SERVICES / DRIVERS ===============

.

R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-3-2 49376]

R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-3-2 175176]

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [2013-4-15 47720]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-3-2 770344]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-3-2 369584]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-3-2 29816]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-3-2 66336]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-5-29 46808]

R2 GbpSv;Gbp Service;c:\progra~1\gbplugin\GbpSv.exe [2013-4-15 527720]

R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-5-18 418376]

R2 SBUpd;SpeedBit Update;c:\program files\common files\speedbit\sbupdate\sbu.exe [2013-2-27 772728]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2013-6-21 413472]

R3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\system32\drivers\l260x86.sys [2009-6-10 29184]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-5-18 22856]

R3 SBUpdd;SpeedBit UpdateD;c:\program files\common files\speedbit\sbupdate\sbw.sys [2013-2-27 31640]

S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\iobit\advanced systemcare 6\ascservice.exe --> c:\program files\iobit\advanced systemcare 6\ASCService.exe [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]

S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-5-18 701512]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-6-21 162408]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 netr28u;Driver para Vista do RT2870 USB Wireless LAN Card;c:\windows\system32\drivers\netr28u.sys [2009-6-10 657408]

S3 WatAdminSvc;WatAdminSvc;c:\windows\system32\wat\WatAdminSvc.exe [2013-3-2 1343400]

.

=============== Created Last 30 ================

.

2013-10-21 18:39:16 -------- d-----w- c:\users\tauê\pxgclient

2013-10-18 13:51:41 -------- d-----w- c:\programdata\Oracle

2013-10-18 13:51:11 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

.

==================== Find3M ====================

.

2013-11-05 16:09:28 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-11-05 16:09:28 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2010-01-26 13:11:08 444283 ----a-w- c:\program files\common files\WinPcapNmap.exe

.

============= FINISH: 12:54:57,40 ===============

attach

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 02/03/2013 10:04:38

System Uptime: 07/11/2013 12:28:41 (0 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | P5GC-MX/1333

Processor: Pentium® Dual-Core CPU E5300 @ 2.60GHz | LGA 775 | 2600/200mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 699 GiB total, 648,881 GiB free.

D: is CDROM (CDFS)

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318}

Description: Teclado Padrão PS/2

Device ID: ACPI\PNP0303\4&2E2B2FDC&0

Manufacturer: (teclados padrões)

Name: Teclado Padrão PS/2

PNP Device ID: ACPI\PNP0303\4&2E2B2FDC&0

Service: i8042prt

.

==== System Restore Points ===================

.

RP75: 16/10/2013 18:40:46 - Ponto de Verificação Agendado

RP76: 18/10/2013 10:49:40 - Installed Java 7 Update 45

RP77: 25/10/2013 17:00:57 - Ponto de Verificação Agendado

RP78: 02/11/2013 19:38:54 - Ponto de Verificação Agendado

RP79: 05/11/2013 14:14:29 - Installed Adobe Reader XI.

.

==== Installed Programs ======================

.

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader XI (11.0.05)

Adobe Reader XI (11.0.05) - Português

Adobe Shockwave Player 12.0

µTorrent

Atualizações da NVIDIA 4.11.9

Atualização do produto Microsoft Office Excel 2007 Help (KB963678)

Atualização do produto Microsoft Office Outlook 2007 Help (KB963677)

Atualização do produto Microsoft Office Powerpoint 2007 Help (KB963669)

Atualização do produto Microsoft Office Word 2007 Help (KB963665)

avast! Free Antivirus

CCleaner

D3DX10

DarkSetup

Download Accelerator Plus (DAP)

DVD Suite

Galeria de Fotos

Google Chrome

Google Drive

Google Update Helper

Heroes of Might and Magic® III

Java 7 Update 45

Java Auto Updater

K-Lite Mega Codec Pack 9.9.0

League of Legends

LOLReplay

Malwarebytes Anti-Malware versão 1.75.0.1300

Microsoft .NET Framework 4.5

Microsoft .NET Framework 4.5 PTB Language Pack

Microsoft Application Error Reporting

Microsoft IntelliPoint 8.2

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (Portuguese (Brazil)) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (Portuguese (Brazil)) 2007

Microsoft Office Groove MUI (Portuguese (Brazil)) 2007

Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (Portuguese (Brazil)) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (Portuguese (Brazil)) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007

Microsoft Office Shared MUI (Portuguese (Brazil)) 2007

Microsoft Office Word MUI (Portuguese (Brazil)) 2007

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Movie Maker

MSVCRT

MSVCRT110

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Nero 7 Essentials

neroxml

Neverwinter

NVIDIA Driver de controle do 3D Vision 320.49

NVIDIA Driver de gráficos 320.49

NVIDIA Driver do 3D Vision 320.49

NVIDIA GeForce Experience 1.5

NVIDIA Install Application

NVIDIA PhysX

NVIDIA Software do sistema PhysX 9.13.0604

NVIDIA Stereoscopic 3D Driver

NVIDIA Update Components

osu!

Pacote de Idiomas do Microsoft .NET Framework 4.5 - Português (Brasil)

Painel de controle da NVIDIA 320.49

Photo Common

Photo Gallery

PhotoScape

PowerDVD

RaidCall

Skype™ 6.6

swMSM

TeamSpeak 3 Client

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760586) 32-Bit Edition

VDownloader 3.9.1360

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Messenger

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

WinPcap 4.1.1

WinRAR 4.01 (32-bit)

WTFast 2.11

.

==== End Of File ===========================

gmer

GMER 2.1.19163 - http://www.gmer.net

Rootkit scan 2013-11-07 13:39:24

Windows 6.1.7600 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 WDC_WD7500AADS-00M2B0 rev.01.00A01 698,64GB

Running: gmer.exe; Driver: C:\Users\TAU~1\AppData\Local\Temp\kxldipoc.sys

---- System - GMER 2.1 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8DE4A610]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x8E64C5FA]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x8DE4B0E6]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8DE56F18]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8DE56F64]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8DE570FE]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8DE56E86]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x8E64C992]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8DE56ECE]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0x8DE4B5E4]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThreadEx [0x8DE4B800]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8DE570B8]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0x8DE4BE9C]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8DE4A676]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0x8DE4F596]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x8E64C6C2]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x8E64AC12]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8DE4A6DC]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8DE4F98C]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8DE4C92C]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8DE56F42]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8DE56F86]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8DE57122]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8DE56EAC]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0x8DE4EE78]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8DE57036]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8DE56EF6]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0x8DE4F26E]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8DE570DC]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x8E64C822]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8DE4C7F8]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThreadEx [0x8DE4C506]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8DE4A742]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8DE4A7A8]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0x8DE4BD16]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8DE4A2F8]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8DE4A4CE]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8DE4A45C]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0x8DE4C066]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0x8DE4C1C8]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8DE4A556]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x8E64C8EA]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0x8DE4BCF6]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0x8E64AC42]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8DE4A80E]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x8E64C76E]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8E665E00]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 2.1 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82A44579 1 Byte [06]

.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82A68F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

.text ntkrnlpa.exe!RtlSidHashLookup + 214 82A70714 4 Bytes [10, A6, E4, 8D]

.text ntkrnlpa.exe!RtlSidHashLookup + 23C 82A7073C 4 Bytes [FA, C5, 64, 8E]

.text ntkrnlpa.exe!RtlSidHashLookup + 29C 82A7079C 4 Bytes [E6, B0, E4, 8D] {OUT 0xb0, AL; IN AL, 0x8d}

.text ntkrnlpa.exe!RtlSidHashLookup + 2F0 82A707F0 8 Bytes [18, 6F, E5, 8D, 64, 6F, E5, ...]

.text ntkrnlpa.exe!RtlSidHashLookup + 2FC 82A707FC 4 Bytes [FE, 70, E5, 8D]

.text ...

PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82C09F59 5 Bytes JMP 8E662C9A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

PAGE ntkrnlpa.exe!ObInsertObject + 27 82C23C5F 5 Bytes JMP 8E6647CC \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 82C6E0EA 4 Bytes CALL 8DE4CFEF \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 82C761C5 4 Bytes CALL 8DE4D005 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

PAGE ntkrnlpa.exe!ZwCreateProcessEx 82CDBE52 7 Bytes JMP 8E665E04 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

? C:\Users\TAU~1\AppData\Local\Temp\mbr.sys O sistema não pode encontrar o arquivo especificado. !

.text autochk.exe 004311D1 17 Bytes [0A, 8B, 45, F0, 8B, 4D, 0C, ...]

.text autochk.exe 004311E3 1 Byte [05]

.text autochk.exe 004311E7 6 Bytes [83, C8, FF, E9, 8E, 01]

.text autochk.exe 004311EF 67 Bytes [8B, 55, FC, 89, 55, EC, 8B, ...]

.text autochk.exe 00431233 24 Bytes [E4, 8B, 4D, E4, 8B, 55, E4, ...]

.text ...

.text kernel32.dll!GetBinaryTypeW + 70 76097934 1 Byte [62]

---- User code sections - GMER 2.1 ----

.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[348] kernel32.dll!GetBinaryTypeW + 70 76097934 1 Byte [62]

.text C:\Windows\system32\csrss.exe[404] kernel32.dll!GetBinaryTypeW + 70 76097934 1 Byte [62]

.text C:\Windows\system32\wininit.exe[464] kernel32.dll!GetBinaryTypeW + 70 76097934 1 Byte [62]

.text C:\Windows\system32\csrss.exe[476] kernel32.dll!GetBinaryTypeW + 70 76097934 1 Byte [62]

.text C:\Windows\system32\services.exe[524] kernel32.dll!FreeLibraryAndExitThread 760734E0 5 Bytes JMP 3B6A7099 C:\Program Files\GbPlugin\gbiehcef.dll (Gbieh Module/Caixa Economica Federal)

.text C:\Windows\system32\services.exe[524] kernel32.dll!FreeLibrary 760819C9 5 Bytes JMP 3B6A7121 C:\Program Files\GbPlugin\gbiehcef.dll (Gbieh Module/Caixa Economica Federal)

.text C:\Windows\system32\services.exe[524] kernel32.dll!GetBinaryTypeW + 70 76097934 1 Byte [62]

.text C:\Windows\system32\services.exe[524] ole32.dll!CoUnmarshalInterface 7657527B 6 Bytes JMP 71AB000A

.text C:\Windows\system32\lsass.exe[532] kernel32.dll!GetBinaryTypeW + 70 76097934 1 Byte [62]

.text C:\Windows\system32\lsm.exe[544] kernel32.dll!GetBinaryTypeW + 70 76097934 1 Byte [62]

.text C:\Windows\system32\winlogon.exe[600] kernel32.dll!GetBinaryTypeW + 70 76097934 1 Byte [62]

.text C:\Windows\system32\svchost.exe[696] kernel32.dll!GetBinaryTypeW + 70 76097934 1 Byte [62]

.text C:\Windows\system32\nvvsvc.exe[772] kernel32.dll!GetBinaryTypeW + 70 76097934 1 Byte [62]

.text ...

.text C:\Windows\system32\AUDIODG.EXE[1012] ntdll.dll!LdrUnloadDll 77A3BE7F 5 Bytes JMP 000B03FC

.text C:\Windows\system32\AUDIODG.EXE[1012] ntdll.dll!LdrLoadDll 77A3F585 5 Bytes JMP 000B01F8

.text C:\Windows\system32\AUDIODG.EXE[1012] KERNEL32.dll!GetBinaryTypeW + 70 76097934 1 Byte [62]

.text C:\Windows\system32\AUDIODG.EXE[1012] USER32.dll!UnhookWindowsHookEx 76AFCC7B 5 Bytes JMP 00240A08

.text C:\Windows\system32\AUDIODG.EXE[1012] USER32.dll!UnhookWinEvent 76AFD924 5 Bytes JMP 002403FC

.text C:\Windows\system32\AUDIODG.EXE[1012] USER32.dll!SetWindowsHookExW 76B0210A 5 Bytes JMP 00240804

.text C:\Windows\system32\AUDIODG.EXE[1012] USER32.dll!SetWinEventHook 76B0507E 5 Bytes JMP 002401F8

.text C:\Windows\system32\AUDIODG.EXE[1012] USER32.dll!SetWindowsHookExA 76B26DFA 5 Bytes JMP 00240600

.text C:\Windows\System32\svchost.exe[1024] kernel32.dll!GetBinaryTypeW + 70 76097934 1 Byte [62]

.text C:\Windows\system32\svchost.exe[1076] kernel32.dll!GetBinaryTypeW + 70 76097934 1 Byte [62]

.text C:\Windows\system32\svchost.exe[1228] kernel32.dll!GetBinaryTypeW + 70 76097934 1 Byte [62]

.text C:\Users\Tauê\Desktop\gmer\gmer.exe[1272] kernel32.dll!GetBinaryTypeW + 70 76097934 1 Byte [62]

.text C:\Windows\system32\svchost.exe[1308] kernel32.dll!GetBinaryTypeW + 70 76097934 1 Byte [62]

.text ...

.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1496] ntdll.dll!LdrUnloadDll 77A3BE7F 5 Bytes JMP 000E03FC

.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1496] ntdll.dll!LdrLoadDll 77A3F585 5 Bytes JMP 000E01F8

.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1496] KERNEL32.dll!GetBinaryTypeW + 70 76097934 1 Byte [62]

.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1496] USER32.dll!UnhookWindowsHookEx 76AFCC7B 5 Bytes JMP 00140A08

.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1496] USER32.dll!UnhookWinEvent 76AFD924 5 Bytes JMP 001403FC

.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1496] USER32.dll!SetWindowsHookExW 76B0210A 5 Bytes JMP 00140804

.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1496] USER32.dll!SetWinEventHook 76B0507E 5 Bytes JMP 001401F8

.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1496] USER32.dll!SetWindowsHookExA 76B26DFA 5 Bytes JMP 00140600

.text C:\Windows\System32\spoolsv.exe[1684] kernel32.dll!GetBinaryTypeW + 70 76097934 1 Byte [62]

.text C:\Windows\system32\svchost.exe[1720] kernel32.dll!GetBinaryTypeW + 70 76097934 1 Byte [62]

.text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[1756] kernel32.dll!GetBinaryTypeW + 70 76097934 1 Byte [62]

.text C:\Windows\system32\Dwm.exe[1920] kernel32.dll!GetBinaryTypeW + 70 76097934 1 Byte [62]

.text C:\Windows\system32\taskhost.exe[1948] kernel32.dll!GetBinaryTypeW + 70 76097934 1 Byte [62]

.text C:\Windows\Explorer.EXE[2040] kernel32.dll!FreeLibraryAndExitThread 760734E0 5 Bytes JMP 3B6A7099 C:\Program Files\GbPlugin\gbiehCef.dll (Gbieh Module/Caixa Economica Federal)

.text C:\Windows\Explorer.EXE[2040] kernel32.dll!FreeLibrary 760819C9 5 Bytes JMP 3B6A7121 C:\Program Files\GbPlugin\gbiehCef.dll (Gbieh Module/Caixa Economica Federal)

.text C:\Windows\Explorer.EXE[2040] kernel32.dll!GetBinaryTypeW + 70 76097934 1 Byte [62]

.text C:\Windows\Explorer.EXE[2040] ole32.dll!CoUnmarshalInterface 7657527B 6 Bytes JMP 718D000A

.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2100] ntdll.dll!LdrUnloadDll 77A3BE7F 5 Bytes JMP 001E03FC

.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2100] ntdll.dll!LdrLoadDll 77A3F585 5 Bytes JMP 001E01F8

.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2100] KERNEL32.dll!GetBinaryTypeW + 70 76097934 1 Byte [62]

.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2100] USER32.dll!UnhookWindowsHookEx 76AFCC7B 5 Bytes JMP 001F0A08

.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2100] USER32.dll!UnhookWinEvent 76AFD924 5 Bytes JMP 001F03FC

.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2100] USER32.dll!SetWindowsHookExW 76B0210A 5 Bytes JMP 001F0804

.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2100] USER32.dll!SetWinEventHook 76B0507E 5 Bytes JMP 001F01F8

.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2100] USER32.dll!SetWindowsHookExA 76B26DFA 5 Bytes JMP 001F0600

.text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2444] ntdll.dll!LdrUnloadDll 77A3BE7F 5 Bytes JMP 000E03FC

.text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2444] ntdll.dll!LdrLoadDll 77A3F585 5 Bytes JMP 000E01F8

.text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2444] KERNEL32.dll!GetBinaryTypeW + 70 76097934 1 Byte [62]

.text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2444] USER32.dll!UnhookWindowsHookEx 76AFCC7B 5 Bytes JMP 000F0A08

.text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2444] USER32.dll!UnhookWinEvent 76AFD924 5 Bytes JMP 000F03FC

.text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2444] USER32.dll!SetWindowsHookExW 76B0210A 5 Bytes JMP 000F0804

.text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2444] USER32.dll!SetWinEventHook 76B0507E 5 Bytes JMP 000F01F8

.text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2444] USER32.dll!SetWindowsHookExA 76B26DFA 5 Bytes JMP 000F0600

.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2472] ntdll.dll!LdrUnloadDll 77A3BE7F 5 Bytes JMP 001D03FC

.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2472] ntdll.dll!LdrLoadDll 77A3F585 5 Bytes JMP 001D01F8

.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2472] KERNEL32.dll!GetBinaryTypeW + 70 76097934 1 Byte [62]

.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2472] USER32.dll!UnhookWindowsHookEx 76AFCC7B 5 Bytes JMP 001E0A08

.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2472] USER32.dll!UnhookWinEvent 76AFD924 5 Bytes JMP 001E03FC

.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2472] USER32.dll!SetWindowsHookExW 76B0210A 5 Bytes JMP 001E0804

.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2472] USER32.dll!SetWinEventHook 76B0507E 5 Bytes JMP 001E01F8

.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2472] USER32.dll!SetWindowsHookExA 76B26DFA 5 Bytes JMP 001E0600

.text C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe[2596] ntdll.dll!LdrUnloadDll 77A3BE7F 5 Bytes JMP 000F03FC

.text C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe[2596] ntdll.dll!LdrLoadDll 77A3F585 5 Bytes JMP 000F01F8

.text C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe[2596] KERNEL32.dll!GetBinaryTypeW + 70 76097934 1 Byte [62]

.text C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe[2596] USER32.dll!UnhookWindowsHookEx 76AFCC7B 5 Bytes JMP 00200A08

.text C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe[2596] USER32.dll!UnhookWinEvent 76AFD924 5 Bytes JMP 002003FC

.text C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe[2596] USER32.dll!SetWindowsHookExW 76B0210A 5 Bytes JMP 00200804

.text C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe[2596] USER32.dll!SetWinEventHook 76B0507E 5 Bytes JMP 002001F8

.text C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe[2596] USER32.dll!SetWindowsHookExA 76B26DFA 5 Bytes JMP 00200600

.text C:\Windows\system32\svchost.exe[2644] ntdll.dll!LdrUnloadDll 77A3BE7F 5 Bytes JMP 001E03FC

.text C:\Windows\system32\svchost.exe[2644] ntdll.dll!LdrLoadDll 77A3F585 5 Bytes JMP 001E01F8

.text C:\Windows\system32\svchost.exe[2644] KERNEL32.dll!GetBinaryTypeW + 70 76097934 1 Byte [62]

.text C:\Windows\system32\svchost.exe[2644] USER32.dll!UnhookWindowsHookEx 76AFCC7B 5 Bytes JMP 00240A08

.text C:\Windows\system32\svchost.exe[2644] USER32.dll!UnhookWinEvent 76AFD924 5 Bytes JMP 002403FC

.text C:\Windows\system32\svchost.exe[2644] USER32.dll!SetWindowsHookExW 76B0210A 5 Bytes JMP 00240804

.text C:\Windows\system32\svchost.exe[2644] USER32.dll!SetWinEventHook 76B0507E 5 Bytes JMP 002401F8

.text C:\Windows\system32\svchost.exe[2644] USER32.dll!SetWindowsHookExA 76B26DFA 5 Bytes JMP 00240600

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2680] ntdll.dll!LdrUnloadDll 77A3BE7F 5 Bytes JMP 000703FC

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2680] ntdll.dll!LdrLoadDll 77A3F585 5 Bytes JMP 000701F8

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2680] KERNEL32.dll!GetBinaryTypeW + 70 76097934 1 Byte [62]

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2680] USER32.dll!UnhookWindowsHookEx 76AFCC7B 5 Bytes JMP 00140A08

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2680] USER32.dll!UnhookWinEvent 76AFD924 5 Bytes JMP 001403FC

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2680] USER32.dll!SetWindowsHookExW 76B0210A 5 Bytes JMP 00140804

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2680] USER32.dll!SetWinEventHook 76B0507E 5 Bytes JMP 001401F8

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2680] USER32.dll!SetWindowsHookExA 76B26DFA 5 Bytes JMP 00140600

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2756] ntdll.dll!LdrUnloadDll 77A3BE7F 5 Bytes JMP 000E03FC

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2756] ntdll.dll!LdrLoadDll 77A3F585 5 Bytes JMP 000E01F8

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2756] KERNEL32.dll!GetBinaryTypeW + 70 76097934 1 Byte [62]

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2756] USER32.dll!UnhookWindowsHookEx 76AFCC7B 5 Bytes JMP 00100A08

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2756] USER32.dll!UnhookWinEvent 76AFD924 5 Bytes JMP 001003FC

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2756] USER32.dll!SetWindowsHookExW 76B0210A 5 Bytes JMP 00100804

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2756] USER32.dll!SetWinEventHook 76B0507E 5 Bytes JMP 001001F8

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2756] USER32.dll!SetWindowsHookExA 76B26DFA 5 Bytes JMP 00100600

.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2940] kernel32.dll!GetBinaryTypeW + 70 76097934 1 Byte [62]

.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[3168] ntdll.dll!LdrUnloadDll 77A3BE7F 5 Bytes JMP 000703FC

.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[3168] ntdll.dll!LdrLoadDll 77A3F585 5 Bytes JMP 000701F8

.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[3168] KERNEL32.dll!GetBinaryTypeW + 70 76097934 1 Byte [62]

.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[3168] USER32.dll!UnhookWindowsHookEx 76AFCC7B 5 Bytes JMP 00190A08

.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[3168] USER32.dll!UnhookWinEvent 76AFD924 5 Bytes JMP 001903FC

.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[3168] USER32.dll!SetWindowsHookExW 76B0210A 5 Bytes JMP 00190804

.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[3168] USER32.dll!SetWinEventHook 76B0507E 5 Bytes JMP 001901F8

.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[3168] USER32.dll!SetWindowsHookExA 76B26DFA 5 Bytes JMP 00190600

.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[3192] ntdll.dll!LdrUnloadDll 77A3BE7F 5 Bytes JMP 000703FC

.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[3192] ntdll.dll!LdrLoadDll 77A3F585 5 Bytes JMP 000701F8

.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[3192] KERNEL32.dll!GetBinaryTypeW + 70 76097934 1 Byte [62]

.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[3192] USER32.dll!UnhookWindowsHookEx 76AFCC7B 5 Bytes JMP 00090A08

.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[3192] USER32.dll!UnhookWinEvent 76AFD924 5 Bytes JMP 000903FC

.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[3192] USER32.dll!SetWindowsHookExW 76B0210A 5 Bytes JMP 00090804

.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[3192] USER32.dll!SetWinEventHook 76B0507E 5 Bytes JMP 000901F8

.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[3192] USER32.dll!SetWindowsHookExA 76B26DFA 5 Bytes JMP 00090600

.text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3240] ntdll.dll!LdrUnloadDll 77A3BE7F 5 Bytes JMP 000F03FC

.text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3240] ntdll.dll!LdrLoadDll 77A3F585 5 Bytes JMP 000F01F8

.text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3240] KERNEL32.dll!GetBinaryTypeW + 70 76097934 1 Byte [62]

.text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3240] USER32.dll!UnhookWindowsHookEx 76AFCC7B 5 Bytes JMP 00100A08

.text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3240] USER32.dll!UnhookWinEvent 76AFD924 5 Bytes JMP 001003FC

.text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3240] USER32.dll!SetWindowsHookExW 76B0210A 5 Bytes JMP 00100804

.text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3240] USER32.dll!SetWinEventHook 76B0507E 5 Bytes JMP 001001F8

.text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3240] USER32.dll!SetWindowsHookExA 76B26DFA 5 Bytes JMP 00100600

.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3256] ntdll.dll!LdrUnloadDll 77A3BE7F 5 Bytes JMP 001F03FC

.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3256] ntdll.dll!LdrLoadDll 77A3F585 5 Bytes JMP 001F01F8

.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3256] KERNEL32.dll!GetBinaryTypeW + 70 76097934 1 Byte [62]

.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3256] USER32.dll!UnhookWindowsHookEx 76AFCC7B 5 Bytes JMP 00210A08

.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3256] USER32.dll!UnhookWinEvent 76AFD924 5 Bytes JMP 002103FC

.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3256] USER32.dll!SetWindowsHookExW 76B0210A 5 Bytes JMP 00210804

.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3256] USER32.dll!SetWinEventHook 76B0507E 5 Bytes JMP 002101F8

.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3256] USER32.dll!SetWindowsHookExA 76B26DFA 5 Bytes JMP 00210600

.text C:\Windows\System32\svchost.exe[3268] ntdll.dll!LdrUnloadDll 77A3BE7F 5 Bytes JMP 000E03FC

.text C:\Windows\System32\svchost.exe[3268] ntdll.dll!LdrLoadDll 77A3F585 5 Bytes JMP 000E01F8

.text C:\Windows\System32\svchost.exe[3268] KERNEL32.dll!GetBinaryTypeW + 70 76097934 1 Byte [62]

.text C:\Windows\System32\svchost.exe[3268] USER32.dll!UnhookWindowsHookEx 76AFCC7B 5 Bytes JMP 00110A08

.text C:\Windows\System32\svchost.exe[3268] USER32.dll!UnhookWinEvent 76AFD924 5 Bytes JMP 001103FC

.text C:\Windows\System32\svchost.exe[3268] USER32.dll!SetWindowsHookExW 76B0210A 5 Bytes JMP 00110804

.text C:\Windows\System32\svchost.exe[3268] USER32.dll!SetWinEventHook 76B0507E 5 Bytes JMP 001101F8

.text C:\Windows\System32\svchost.exe[3268] USER32.dll!SetWindowsHookExA 76B26DFA 5 Bytes JMP 00110600

.text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe[3308] ntdll.dll!LdrUnloadDll 77A3BE7F 5 Bytes JMP 000803FC

.text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe[3308] ntdll.dll!LdrLoadDll 77A3F585 5 Bytes JMP 000801F8

.text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe[3308] KERNEL32.dll!GetBinaryTypeW + 70 76097934 1 Byte [62]

.text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe[3308] USER32.dll!UnhookWindowsHookEx 76AFCC7B 5 Bytes JMP 000A0A08

.text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe[3308] USER32.dll!UnhookWinEvent 76AFD924 5 Bytes JMP 000A03FC

.text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe[3308] USER32.dll!SetWindowsHookExW 76B0210A 5 Bytes JMP 000A0804

.text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe[3308] USER32.dll!SetWinEventHook 76B0507E 5 Bytes JMP 000A01F8

.text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe[3308] USER32.dll!SetWindowsHookExA 76B26DFA 5 Bytes JMP 000A0600

.text C:\Program Files\Windows Sidebar\sidebar.exe[3316] ntdll.dll!LdrUnloadDll 77A3BE7F 5 Bytes JMP 000E03FC

.text C:\Program Files\Windows Sidebar\sidebar.exe[3316] ntdll.dll!LdrLoadDll 77A3F585 5 Bytes JMP 000E01F8

.text C:\Program Files\Windows Sidebar\sidebar.exe[3316] KERNEL32.dll!GetBinaryTypeW + 70 76097934 1 Byte [62]

.text C:\Program Files\Windows Sidebar\sidebar.exe[3316] USER32.dll!UnhookWindowsHookEx 76AFCC7B 5 Bytes JMP 00100A08

.text C:\Program Files\Windows Sidebar\sidebar.exe[3316] USER32.dll!UnhookWinEvent 76AFD924 5 Bytes JMP 001003FC

.text C:\Program Files\Windows Sidebar\sidebar.exe[3316] USER32.dll!SetWindowsHookExW 76B0210A 5 Bytes JMP 00100804

.text C:\Program Files\Windows Sidebar\sidebar.exe[3316] USER32.dll!SetWinEventHook 76B0507E 5 Bytes JMP 001001F8

.text C:\Program Files\Windows Sidebar\sidebar.exe[3316] USER32.dll!SetWindowsHookExA 76B26DFA 5 Bytes JMP 00100600

.text C:\Windows\System32\svchost.exe[3456] ntdll.dll!LdrUnloadDll 77A3BE7F 5 Bytes JMP 000E03FC

.text C:\Windows\System32\svchost.exe[3456] ntdll.dll!LdrLoadDll 77A3F585 5 Bytes JMP 000E01F8

.text C:\Windows\System32\svchost.exe[3456] KERNEL32.dll!GetBinaryTypeW + 70 76097934 1 Byte [62]

.text C:\Windows\System32\svchost.exe[3456] USER32.dll!UnhookWindowsHookEx 76AFCC7B 5 Bytes JMP 00100A08

.text C:\Windows\System32\svchost.exe[3456] USER32.dll!UnhookWinEvent 76AFD924 5 Bytes JMP 001003FC

.text C:\Windows\System32\svchost.exe[3456] USER32.dll!SetWindowsHookExW 76B0210A 5 Bytes JMP 00100804

.text C:\Windows\System32\svchost.exe[3456] USER32.dll!SetWinEventHook 76B0507E 5 Bytes JMP 001001F8

.text C:\Windows\System32\svchost.exe[3456] USER32.dll!SetWindowsHookExA 76B26DFA 5 Bytes JMP 00100600

.text C:\Windows\system32\SearchIndexer.exe[3668] ntdll.dll!LdrUnloadDll 77A3BE7F 5 Bytes JMP 000803FC

.text C:\Windows\system32\SearchIndexer.exe[3668] ntdll.dll!LdrLoadDll 77A3F585 5 Bytes JMP 000801F8

.text C:\Windows\system32\SearchIndexer.exe[3668] KERNEL32.dll!GetBinaryTypeW + 70 76097934 1 Byte [62]

.text C:\Windows\system32\SearchIndexer.exe[3668] USER32.dll!UnhookWindowsHookEx 76AFCC7B 5 Bytes JMP 000A0A08

.text C:\Windows\system32\SearchIndexer.exe[3668] USER32.dll!UnhookWinEvent 76AFD924 5 Bytes JMP 000A03FC

.text C:\Windows\system32\SearchIndexer.exe[3668] USER32.dll!SetWindowsHookExW 76B0210A 5 Bytes JMP 000A0804

.text C:\Windows\system32\SearchIndexer.exe[3668] USER32.dll!SetWinEventHook 76B0507E 5 Bytes JMP 000A01F8

.text C:\Windows\system32\SearchIndexer.exe[3668] USER32.dll!SetWindowsHookExA 76B26DFA 5 Bytes JMP 000A0600

.text C:\Windows\system32\svchost.exe[3904] ntdll.dll!LdrUnloadDll 77A3BE7F 5 Bytes JMP 000E03FC

.text C:\Windows\system32\svchost.exe[3904] ntdll.dll!LdrLoadDll 77A3F585 5 Bytes JMP 000E01F8

.text C:\Windows\system32\svchost.exe[3904] KERNEL32.dll!GetBinaryTypeW + 70 76097934 1 Byte [62]

.text C:\Windows\system32\svchost.exe[3904] USER32.dll!UnhookWindowsHookEx 76AFCC7B 5 Bytes JMP 00100A08

.text C:\Windows\system32\svchost.exe[3904] USER32.dll!UnhookWinEvent 76AFD924 5 Bytes JMP 001003FC

.text C:\Windows\system32\svchost.exe[3904] USER32.dll!SetWindowsHookExW 76B0210A 5 Bytes JMP 00100804

.text C:\Windows\system32\svchost.exe[3904] USER32.dll!SetWinEventHook 76B0507E 5 Bytes JMP 001001F8

.text C:\Windows\system32\svchost.exe[3904] USER32.dll!SetWindowsHookExA 76B26DFA 5 Bytes JMP 00100600

.text C:\Windows\system32\WUDFHost.exe[3944] ntdll.dll!LdrUnloadDll 77A3BE7F 5 Bytes JMP 000E03FC

.text C:\Windows\system32\WUDFHost.exe[3944] ntdll.dll!LdrLoadDll 77A3F585 5 Bytes JMP 000E01F8

.text C:\Windows\system32\WUDFHost.exe[3944] KERNEL32.dll!GetBinaryTypeW + 70 76097934 1 Byte [62]

.text C:\Windows\system32\WUDFHost.exe[3944] USER32.dll!UnhookWindowsHookEx 76AFCC7B 5 Bytes JMP 00110A08

.text C:\Windows\system32\WUDFHost.exe[3944] USER32.dll!UnhookWinEvent 76AFD924 5 Bytes JMP 001103FC

.text C:\Windows\system32\WUDFHost.exe[3944] USER32.dll!SetWindowsHookExW 76B0210A 5 Bytes JMP 00110804

.text C:\Windows\system32\WUDFHost.exe[3944] USER32.dll!SetWinEventHook 76B0507E 5 Bytes JMP 001101F8

.text C:\Windows\system32\WUDFHost.exe[3944] USER32.dll!SetWindowsHookExA 76B26DFA 5 Bytes JMP 00110600

.text C:\Windows\system32\svchost.exe[3992] ntdll.dll!LdrUnloadDll 77A3BE7F 5 Bytes JMP 000E03FC

.text C:\Windows\system32\svchost.exe[3992] ntdll.dll!LdrLoadDll 77A3F585 5 Bytes JMP 000E01F8

.text C:\Windows\system32\svchost.exe[3992] KERNEL32.dll!GetBinaryTypeW + 70 76097934 1 Byte [62]

.text C:\Windows\system32\svchost.exe[3992] USER32.dll!UnhookWindowsHookEx 76AFCC7B 5 Bytes JMP 00250A08

.text C:\Windows\system32\svchost.exe[3992] USER32.dll!UnhookWinEvent 76AFD924 5 Bytes JMP 002503FC

.text C:\Windows\system32\svchost.exe[3992] USER32.dll!SetWindowsHookExW 76B0210A 5 Bytes JMP 00250804

.text C:\Windows\system32\svchost.exe[3992] USER32.dll!SetWinEventHook 76B0507E 5 Bytes JMP 002501F8

.text C:\Windows\system32\svchost.exe[3992] USER32.dll!SetWindowsHookExA 76B26DFA 5 Bytes JMP 00250600

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4404] kernel32.dll!GetBinaryTypeW + 70 76097934 1 Byte [62]

---- User IAT/EAT - GMER 2.1 ----

IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1456] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [72D00790] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)

IAT C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2444] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75A85D3D] C:\Windows\system32\apphelp.dll (Biblioteca de cliente de compatibilidade de aplicativos/Microsoft Corporation)

IAT C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2444] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75A85D3D] C:\Windows\system32\apphelp.dll (Biblioteca de cliente de compatibilidade de aplicativos/Microsoft Corporation)

IAT C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2444] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75A85D3D] C:\Windows\system32\apphelp.dll (Biblioteca de cliente de compatibilidade de aplicativos/Microsoft Corporation)

IAT C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2444] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75A85D3D] C:\Windows\system32\apphelp.dll (Biblioteca de cliente de compatibilidade de aplicativos/Microsoft Corporation)

IAT C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2444] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75A85D3D] C:\Windows\system32\apphelp.dll (Biblioteca de cliente de compatibilidade de aplicativos/Microsoft Corporation)

IAT C:\Program Files\AVAST Software\Avast\AvastUI.exe[2940] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [72D00790] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)

---- Devices - GMER 2.1 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- Registry - GMER 2.1 ----

Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{C71596BB-8338-11E2-AFCC-806E6F6E6963} 4020578800

---- EOF - GMER 2.1 ----

Compartilhar este post


Link para o post
Compartilhar em outros sites

Baixe o Kaspersky AVP Tool de um desses 2 links:

http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/

http://dnl-us6.kaspersky-labs.com/devbuilds/AVPTool/

Você será conduzido a uma página da Kaspersky, solicitando um email para cadastro, nome e sobrenome. Somente o campo "email" é obrigatório.

Informe seu email depois clique no botão Submit Form.

A página será recarregada. Clique no botão Download

Salve-o em sua área de trabalho.

Execute o arquivo e aguarde a instalação.

** Usuários do Windows Vista e Windows 7:

Clique com o direito sobre o arquivo, depois clique em Executar como administrador

Na tela do contrato de licença, marque a opção I accept the license agreement e depois clique no botão Start. Aparentemente o programa congela e nada acontece. É normal, apenas aguarde até aparecer a tela inicial do programa, e então clique no ícone Settings:

KRT_settings.png

Nesta tela, marque a caixa ao lado de:

  • Meu Computador
  • Disco local (C:)

Marque também todas as unidades que aparecem abaixo de Disco Local, caso houverem. Depois clique na aba Automatic Scan

KRT_install2_.png

De volta à tela inicial do programa, clique no botão Start scanning

Tenha paciência, é um pouco demorado.

Quando terminar, caso tenha detectado algo, o programa irá lhe perguntar o que fazer.

Marque o quadradinho ao lado de Apply to all objects e depois clique em Skip (queremos apenas o log).

KRT_detection_.png

Enquanto durar o exame, a tela inicial exibirá uma barra de progresso. Quando terminar, o programa exibirá o status concluído e um botão que ficará na cor laranja, caso nada tenha sido detectado, e na cor vermelha, caso tenha encontrado algo.

Caso tenha detectado algo, o programa também exibirá uma tela de alerta, avisando que o seu sistema está desprotegido e sugerindo um produto da Kaspersky. Clique no botão No, thanks.

De volta à tela principal, caso tenha sido detectado algo, então salve o log. Se você fechar o programa e esquecer de salvar o log, terá que repetir todo o scan novamente.

Para salvar o log, clique no ícone Reports (ao lado do ícone "Settings"). Na próxima janela, clique em Detected Threats, depois clique no ícone de disquete para salvar o log.

Escolha um local de fácil acesso e salve como log.txt

Copie todo o conteúdo desse bloco de notas e cole na sua próxima resposta.

Se nada for detectado, então não precisa salvar o log. Apenas poste aqui avisando.

Para sair do programa, basta clicar no X no canto superior direito.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Status: Detected (events: 2)

10/11/2013 10:39:13 Detected Trojan program HEUR:Exploit.Java.Generic C:\Documents and Settings\Tauê\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\24a71ea6-528aca5b High

10/11/2013 11:16:47 Detected Trojan program HEUR:Exploit.Java.Generic C:\Users\Tauê\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\24a71ea6-528aca5b High

Compartilhar este post


Link para o post
Compartilhar em outros sites

Troque a senha do seu e-mail e monitore o comportamento do computador. Depois nos informe.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Só pra observar, eu não limpei essas 2 coisas apenas dei skip.

Se eu mudar a senha vai dar na mesma já que o PC ainda esta infectado

Compartilhar este post


Link para o post
Compartilhar em outros sites

Trata-se do cache do Java, não precisa se preocupar.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Não.

Referente ao meu post #6, o que foi observado?

Compartilhar este post


Link para o post
Compartilhar em outros sites





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×