Ir ao conteúdo
  • Cadastre-se
Mogg Mester

RESOLVIDO Internet lenta e sites comprometido no navegador

Recommended Posts

Prezados, boa noite:

 

Venho tendo problemas de lentidão com a internet e  sites que  dão falha no carregamento, como o yahoo, que me levaram a ordar o malware bite no pc. O log foi esse:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Versão da Base de Dados:  v2014.06.03.07

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16899
Lucas :: LUCAS [administrador]

04/06/2014 21:06:58
MBAM-log-2014-06-04 (21-28-42).txt

Tipo de Verificação:  Verificação Rápida
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos  | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opções de verificação desativadas: P2P
Objetos escaneados:  259495
Tempo decorrido: 6 minuto(s), 53 segundo(s)

Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 5
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D} (PUP.Optional.SiteFinder.A) -> Nenhuma ação foi feita.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D} (PUP.Optional.SiteFinder.A) -> Nenhuma ação foi feita.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{533F0DA7-6C5D-9B8D-49C5-48B17EE80B4C} (PUP.Optional.Tarma.A) -> Nenhuma ação foi feita.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F3176FA1-D47C-AE31-2BE8-A8AE9381C79B} (PUP.Optional.Tarma.A) -> Nenhuma ação foi feita.
HKCU\Software\funmoodsToolbar (PUP.Optional.FunMoods.A) -> Nenhuma ação foi feita.

Valores de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Detectadas: 2
HKCU\Software\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.Hao123.A) -> Ruim: (http://br.hao123.com/?tn=sft_pay_hp_02_hao123_br) Bom: (www.google.com) -> Nenhuma ação foi feita.
HKCU\Software\Microsoft\Internet Explorer\SearchURI|(Default) (PUP.Optional.SearchCertifiedTB.A) -> Ruim: (http://search.certified-toolbar.com?si=39033&bs=true&tid=114&q=%s) Bom: (http://www.google.com) -> Nenhuma ação foi feita.

Pastas Detectadas: 5
C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\default\extensions\khcceooakamlehbimaepcldnnlnkcmfk (PUP.Optional.SaveSense.A) -> Nenhuma ação foi feita.
C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\default\extensions\ammfplfdkakimnibcghcebgbiiphabgc (PUP.Optional.CrossRider.A) -> Nenhuma ação foi feita.
C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\default\extensions\ammfplfdkakimnibcghcebgbiiphabgc\_locales (PUP.Optional.CrossRider.A) -> Nenhuma ação foi feita.
C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\default\extensions\ammfplfdkakimnibcghcebgbiiphabgc\_locales\en (PUP.Optional.CrossRider.A) -> Nenhuma ação foi feita.
C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\default\extensions\ammfplfdkakimnibcghcebgbiiphabgc\_locales\pl (PUP.Optional.CrossRider.A) -> Nenhuma ação foi feita.

Arquivos Detectados: 15
C:\ProgramData\InstallMate\{A98EE89B-C5B3-4F93-AD78-8D91726DCA6D}\Custom.dll (Adware.Agent) -> Nenhuma ação foi feita.
C:\ProgramData\InstallMate\{A98EE89B-C5B3-4F93-AD78-8D91726DCA6D}\Setup.exe (PUP.Optional.Tarma.A) -> Nenhuma ação foi feita.
C:\ProgramData\InstallMate\{AAFF98B7-0BFA-4EA5-AC4E-43D8711CBA41}\Custom.dll (Adware.Agent) -> Nenhuma ação foi feita.
C:\ProgramData\InstallMate\{AAFF98B7-0BFA-4EA5-AC4E-43D8711CBA41}\Setup.exe (PUP.Optional.Tarma.A) -> Nenhuma ação foi feita.
C:\Windows\Installer\1416d745.msi (PUP.Optional.SnapDo.A) -> Nenhuma ação foi feita.
C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\default\Local Storage\http_www.superfish.com_0.localstorage (PUP.Optional.Superfish.A) -> Nenhuma ação foi feita.
C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\default\Local Storage\http_www.superfish.com_0.localstorage-journal (PUP.Optional.Superfish.A) -> Nenhuma ação foi feita.
C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\default\extensions\ammfplfdkakimnibcghcebgbiiphabgc\background.html (PUP.Optional.CrossRider.A) -> Nenhuma ação foi feita.
C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\default\extensions\ammfplfdkakimnibcghcebgbiiphabgc\background.js (PUP.Optional.CrossRider.A) -> Nenhuma ação foi feita.
C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\default\extensions\ammfplfdkakimnibcghcebgbiiphabgc\icon_128.png (PUP.Optional.CrossRider.A) -> Nenhuma ação foi feita.
C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\default\extensions\ammfplfdkakimnibcghcebgbiiphabgc\inject.js (PUP.Optional.CrossRider.A) -> Nenhuma ação foi feita.
C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\default\extensions\ammfplfdkakimnibcghcebgbiiphabgc\jquery.min.js (PUP.Optional.CrossRider.A) -> Nenhuma ação foi feita.
C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\default\extensions\ammfplfdkakimnibcghcebgbiiphabgc\manifest.json (PUP.Optional.CrossRider.A) -> Nenhuma ação foi feita.
C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\default\extensions\ammfplfdkakimnibcghcebgbiiphabgc\_locales\en\messages.json (PUP.Optional.CrossRider.A) -> Nenhuma ação foi feita.
C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\default\extensions\ammfplfdkakimnibcghcebgbiiphabgc\_locales\pl\messages.json (PUP.Optional.CrossRider.A) -> Nenhuma ação foi feita.

(fim)
 

Seguindo as orientações do moderador, posto aqui o log do dds.scr, depois do atach.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537  BrowserJavaVersion: 10.25.2
Run by Lucas at 21:30:40 on 2014-06-04
Microsoft Windows 8 Single Language  6.2.9200.0.1252.55.1046.18.3965.1408 [GMT -3:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\PROGRA~2\GbPlugin\GbpSv.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\vcsFPService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\DigitalPersona\Bin\DpHostW.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
C:\Program Files\Conexant\SA3\CxUtilSvc.exe
C:\Windows\system32\dashost.exe
C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
c:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Baidu Security\PC App Store\4.4.0.5812\PCAppStoreSvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\dwm.exe
C:\Windows\system32\taskhostex.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files\Elantech\ETDGesture.exe
C:\Program Files\Conexant\SA3\SmartAudio3.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\MP3 Skype Recorder\MP3 Skype Recorder.exe
C:\Program Files (x86)\Origin\Origin.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Baidu Security\PC App Store\4.4.0.5812\AppStoreUtilExe.exe
C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.209\deploy\LoLLauncher.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\System32\Taskmgr.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://br.hao123.com/?tn=sft_pay_hp_02_hao123_br
uDefault_Page_URL = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
mSearch Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mURLSearchHooks: <No Name>:  - LocalServer32 - <no file>
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Adobe Acrobat Create PDF Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
BHO: GbIehObj Class: {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [MP3 Skype recorder] C:\Program Files (x86)\MP3 Skype Recorder\MP3 Skype Recorder.exe
uRun: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
uRun: [NitroPC] "C:\Users\Lucas\Desktop\back up\programas\NitroPC\NitroPC.exe" -minimized
mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
dRun: [MP3 Skype Recorder] C:\Program Files (x86)\MP3 Skype Recorder\MP3 Skype Recorder.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:221
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: DisableCAD = dword:1
IE: Anexar a PDF existente - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Anexar destino do link a PDF existente - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Converter destino do link em Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Converter em Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xportar para o Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.25.1
TCP: Interfaces\{A779EC43-2286-4350-8F97-DDEA2E2C68E5} : DHCPNameServer = 192.168.25.1
TCP: Interfaces\{CB1F9D34-3697-40C7-A2E7-6373044E6FAB} : DHCPNameServer = 10.42.0.251 10.42.0.252
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify:  GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
SEH: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll
LSA: Notification Packages =  DPPassFilter scecli
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://www.google.com
x64-mSearch Page = hxxp://www.google.com
x64-mDefault_Page_URL = hxxp://www.google.com
x64-mDefault_Search_URL = hxxp://www.google.com
x64-mSearchAssistant = hxxp://www.sweet-page.com/web/?type=ds&ts=1400300521&from=sof&uid=WDCXWD7500BPKT-75PK4T0_WD-WXK1E72ELWS3ELWS3&q={searchTerms}
x64-mCustomizeSearch = hxxp://www.sweet-page.com/web/?type=ds&ts=1400300521&from=sof&uid=WDCXWD7500BPKT-75PK4T0_WD-WXK1E72ELWS3ELWS3&q={searchTerms}
x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe
x64-Run: [smartAudio] C:\Program Files\CONEXANT\SA3\SACpl.exe /sa3 /nv:3.0+ /dne /s
x64-Run: [btTray] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe"
x64-Run: [btvStack] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe"
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-mPolicies-Explorer: NoDrives = dword:0
x64-mPolicies-System: DisableCAD = dword:1
x64-IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\3dxqr01a.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com.br
FF - prefs.js: keyword.URL -
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\DigitalPersona\Bin\ChromeExt\components\npChromeDPAgent.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\Users\Lucas\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll
FF - plugin: C:\Users\Lucas\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll
FF - plugin: C:\Users\Lucas\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll
FF - plugin: C:\Users\Lucas\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdisFlt;Avast! Firewall Driver;C:\Windows\System32\Drivers\aswNdisFlt.sys [2014-5-24 447888]
R0 aswRvrt;avast! Revert;C:\Windows\System32\Drivers\aswRvrt.sys [2014-3-21 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\Drivers\aswVmm.sys [2014-3-21 208416]
R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2012-10-27 651832]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\Drivers\stdcfltn.sys [2013-4-29 22168]
R1 aswKbd;aswKbd;C:\Windows\System32\Drivers\aswKbd.sys [2014-5-24 28184]
R1 aswSnx;aswSnx;C:\Windows\System32\Drivers\aswsnx.sys [2014-3-21 1039096]
R1 aswSP;aswSP;C:\Windows\System32\Drivers\aswsp.sys [2014-3-21 423240]
R1 CLVirtualDrive;CLVirtualDrive;C:\Windows\System32\Drivers\CLVirtualDrive.sys [2013-4-29 92536]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\Drivers\dtsoftbus01.sys [2013-5-25 283200]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\Drivers\aswMonFlt.sys [2014-3-21 79184]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe [2012-9-14 216192]
R2 CxUtilSvc;CxUtilSvc;C:\Program Files\CONEXANT\SA3\CxUtilSvc.exe [2013-4-29 109184]
R2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [2014-5-8 241704]
R2 GbpSv;Gbp Service;C:\PROGRA~2\GbPlugin\GbpSv.exe [2014-5-16 519720]
R2 IAStorDataMgrSvc;Tecnologia de armazenamento Intel® Rapid;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-4-29 14904]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-4-29 165760]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-12-3 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-12-3 701512]
R2 PCAppStoreSvc_{PCAppStore_4.4.0.5812};Baidu PC App Store Service 4.4.0.5812;C:\Program Files (x86)\Baidu Security\PC App Store\4.4.0.5812\PCAppStoreSvc.exe [2014-5-19 552480]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-8-14 39056]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [2013-12-20 1915920]
R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-5-29 5093216]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\Drivers\TurboB.sys [2012-5-30 16168]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-4-29 364416]
R2 vcsFPService;Validity vocês Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2012-8-3 2711160]
R2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [2013-4-29 81536]
R3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;C:\Windows\System32\Drivers\btath_flt.sys [2012-9-14 88728]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\Drivers\btath_a2dp.sys [2012-9-14 344216]
R3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;C:\Windows\System32\Drivers\btath_avdt.sys [2012-9-14 114840]
R3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;C:\Windows\System32\Drivers\btath_bus.sys [2012-9-14 33944]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\Drivers\btath_hcrp.sys [2012-9-14 178840]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\Drivers\btath_lwflt.sys [2012-9-14 76952]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\Drivers\btath_rcp.sys [2012-9-14 135832]
R3 BtFilter;BtFilter;C:\Windows\System32\Drivers\btfilter.sys [2012-9-14 575128]
R3 BthLEEnum;Driver de Baixa Energia do Bluetooth;C:\Windows\System32\Drivers\BthLEEnum.sys [2012-7-25 202752]
R3 ETD;Dell Touchpad;C:\Windows\System32\Drivers\ETD.sys [2013-4-29 211856]
R3 IntcDAud;Áudio do vídeo Intel®;C:\Windows\System32\Drivers\IntcDAud.sys [2013-4-29 342528]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2013-12-3 25928]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\System32\Drivers\RtsUVStor.sys [2013-4-29 315536]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2013-4-29 683664]
R3 ST_ACCEL;STMicroelectronics Accelerometer Service;C:\Windows\System32\Drivers\ST_Accel.sys [2013-4-29 71832]
S2 aswHwid;avast! HardwareID;C:\Windows\System32\Drivers\aswHwid.sys [2014-5-24 29208]
S2 aswStm;aswStm;C:\Windows\System32\Drivers\aswstm.sys [2014-3-21 85328]
S2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-5-24 50344]
S2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2014-5-24 109048]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S2 Util diamondata;Util diamondata;"C:\Program Files (x86)\diamondata\bin\utildiamondata.exe" --> C:\Program Files (x86)\diamondata\bin\utildiamondata.exe [?]
S3 BEService;BattlEye Service;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2013-12-23 49152]
S3 DellRbtn;Airplane Mode Switch;C:\Windows\System32\Drivers\DellRbtn.sys [2013-4-29 10752]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\Drivers\ssudbus.sys [2013-10-28 107288]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\Drivers\ssudmdm.sys [2013-8-20 204568]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.6;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2012-5-30 149544]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]
.
=============== Created Last 30 ================
.
2014-06-01 04:44:44    --------    d-----w-    C:\ProgramData\EA Logs
2014-05-31 20:30:55    --------    d-----w-    C:\Program Files (x86)\Origin Games
2014-05-31 20:30:20    --------    d-----w-    C:\Users\Lucas\AppData\Roaming\Origin
2014-05-31 20:30:18    --------    d-----w-    C:\Users\Lucas\AppData\Local\Origin
2014-05-31 20:28:04    --------    d-----w-    C:\ProgramData\Origin
2014-05-31 20:28:02    --------    d-----w-    C:\ProgramData\Electronic Arts
2014-05-31 20:27:56    --------    d-----w-    C:\Program Files (x86)\Origin
2014-05-29 20:53:39    111016    ----a-w-    C:\Windows\System32\WindowsAccessBridge-64.dll
2014-05-24 22:05:11    536576    ----a-w-    C:\Windows\SysWow64\sqlite3.dll
2014-05-24 21:38:48    29208    ----a-w-    C:\Windows\System32\drivers\aswHwid.sys
2014-05-24 21:38:48    28184    ----a-w-    C:\Windows\System32\drivers\aswKbd.sys
2014-05-24 21:38:42    43152    ----a-w-    C:\Windows\avastSS.scr
2014-05-24 21:38:29    447888    ----a-w-    C:\Windows\System32\drivers\aswNdisFlt.sys
2014-05-17 15:27:41    --------    d-----w-    C:\Program Files (x86)\Yodot Doc Repair
2014-05-17 04:15:24    --------    d-----w-    C:\Program Files (x86)\SiteLookup
2014-05-17 04:03:44    --------    d-----w-    C:\Users\Lucas\AppData\Local\Word Recovery Toolbox
2014-05-17 03:50:59    --------    d-----w-    C:\Users\Lucas\AppData\Roaming\OfficeRecovery.73cacdbf
2014-05-17 03:50:59    --------    d-----w-    C:\Users\Lucas\AppData\Roaming\OfficeRecovery
2014-05-17 02:33:20    --------    d-----w-    C:\Program Files (x86)\PowerDataRecovery
2014-05-16 21:22:13    815314    ----a-w-    C:\Users\Lucas\AppData\Roaming\unins001.exe
2014-05-16 20:51:47    --------    d-----w-    C:\ProgramData\GbPlugin
2014-05-16 20:51:47    --------    d-----w-    C:\Program Files (x86)\GbPlugin
2014-05-13 23:22:59    578048    ----a-w-    C:\Windows\System32\winlogon.exe
2014-05-13 23:20:29    1287168    ----a-w-    C:\Windows\System32\schedsvc.dll
2014-05-13 23:20:15    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-05-13 23:20:15    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-05-13 23:19:59    621568    ----a-w-    C:\Windows\System32\drivers\srv2.sys
2014-05-13 23:19:59    370688    ----a-w-    C:\Windows\System32\drivers\mrxsmb.sys
2014-05-13 23:19:59    215040    ----a-w-    C:\Windows\System32\drivers\mrxsmb20.sys
2014-05-13 23:19:59    1120768    ----a-w-    C:\Windows\System32\gpedit.dll
2014-05-13 23:19:58    247808    ----a-w-    C:\Windows\System32\drivers\srvnet.sys
2014-05-13 23:19:58    1075200    ----a-w-    C:\Windows\SysWow64\gpedit.dll
2014-05-13 23:19:57    78336    ----a-w-    C:\Windows\System32\drivers\IPMIDrv.sys
2014-05-10 18:08:59    75376    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
2014-05-10 18:08:59    46704    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2014-05-10 18:08:59    2106216    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2014-05-10 18:08:59    20080    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\AccessibleMarshal.dll
2014-05-10 18:08:59    117360    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\crashreporter.exe
2014-05-10 17:41:41    --------    d-----w-    C:\Users\Lucas\AppData\Roaming\SolidDocuments
2014-05-10 17:20:08    --------    d-----w-    C:\Program Files (x86)\Adobe Download Assistant
2014-05-10 17:13:19    --------    d-----w-    C:\Users\Lucas\AppData\Roaming\YCanPDF
2014-05-10 17:13:19    --------    d-----w-    C:\output
2014-05-08 20:01:25    --------    d-----w-    C:\Users\Lucas\AppData\Roaming\Foxit Software
2014-05-08 20:00:39    --------    d-----w-    C:\Program Files (x86)\Foxit Software
2014-05-08 13:48:42    227704    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2014-05-06 15:06:45    628024    ----a-w-    C:\Windows\System32\NotificationUI.exe
2014-05-06 15:06:44    693760    ----a-w-    C:\Windows\System32\WSShared.dll
2014-05-06 15:06:44    566784    ----a-w-    C:\Windows\SysWow64\WSShared.dll
2014-05-06 15:06:43    163840    ----a-w-    C:\Windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-06 15:06:43    124928    ----a-w-    C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
.
==================== Find3M  ====================
.
2014-05-24 21:39:17    85328    ----a-w-    C:\Windows\System32\drivers\aswstm.sys
2014-05-24 21:39:17    1039096    ----a-w-    C:\Windows\System32\drivers\aswsnx.sys
2014-05-24 21:38:42    93568    ----a-w-    C:\Windows\System32\drivers\aswRdr2.sys
2014-05-24 21:38:42    79184    ----a-w-    C:\Windows\System32\drivers\aswMonFlt.sys
2014-05-24 21:38:42    65776    ----a-w-    C:\Windows\System32\drivers\aswRvrt.sys
2014-05-24 21:38:42    208416    ----a-w-    C:\Windows\System32\drivers\aswVmm.sys
2014-05-05 15:19:14    730834    ----a-w-    C:\Users\Lucas\AppData\Roaming\unins000.exe
2014-05-02 19:55:07    280792    ----a-w-    C:\Windows\SysWow64\PnkBstrB.xtr
2014-05-02 19:55:07    280792    ----a-w-    C:\Windows\SysWow64\PnkBstrB.exe
2014-05-02 19:19:33    76888    ----a-w-    C:\Windows\SysWow64\PnkBstrA.exe
2014-05-02 19:19:23    280792    ----a-w-    C:\Windows\SysWow64\PnkBstrB.ex0
2014-05-01 20:37:50    78296    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-01 20:37:50    694240    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-04-12 09:27:03    172888    ----a-w-    C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 09:09:43    208896    ----a-w-    C:\Windows\System32\wdigest.dll
2014-04-12 09:09:39    1043968    ----a-w-    C:\Windows\System32\usercpl.dll
2014-04-12 09:09:34    94720    ----a-w-    C:\Windows\System32\TSpkg.dll
2014-04-12 09:09:19    588288    ----a-w-    C:\Windows\System32\SHCore.dll
2014-04-12 09:08:37    318464    ----a-w-    C:\Windows\System32\msv1_0.dll
2014-04-12 09:08:17    439808    ----a-w-    C:\Windows\System32\lsm.dll
2014-04-12 09:08:17    1281536    ----a-w-    C:\Windows\System32\lsasrv.dll
2014-04-12 09:08:10    827904    ----a-w-    C:\Windows\System32\kerberos.dll
2014-04-12 09:07:36    20480    ----a-w-    C:\Windows\System32\credssp.dll
2014-04-12 07:23:59    178688    ----a-w-    C:\Windows\SysWow64\wdigest.dll
2014-04-12 07:23:52    961536    ----a-w-    C:\Windows\SysWow64\usercpl.dll
2014-04-12 07:23:49    76800    ----a-w-    C:\Windows\SysWow64\TSpkg.dll
2014-04-12 07:23:40    452608    ----a-w-    C:\Windows\SysWow64\SHCore.dll
2014-04-12 07:23:14    273920    ----a-w-    C:\Windows\SysWow64\msv1_0.dll
2014-04-12 07:22:58    666624    ----a-w-    C:\Windows\SysWow64\kerberos.dll
2014-04-12 07:22:33    17408    ----a-w-    C:\Windows\SysWow64\credssp.dll
2014-04-12 06:58:06    14848    ----a-w-    C:\Windows\System32\workerdd.dll
2014-04-12 00:49:16    534528    ----a-w-    C:\Windows\SysWow64\uxtheme.dll
2014-04-12 00:47:06    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-04-12 00:46:38    53760    ----a-w-    C:\Windows\System32\UXInit.dll
2014-04-12 00:41:21    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2014-04-12 00:40:58    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2014-04-01 01:46:48    130712    ----a-w-    C:\Windows\SysWow64\MSSTDFMT.DLL
2014-04-01 01:46:48    1070232    ----a-w-    C:\Windows\SysWow64\MSCOMCTL.OCX
2014-03-28 19:19:38    35856    ----a-w-    C:\Windows\System32\drivers\WdBoot.sys
2014-03-23 22:11:52    269592    ----a-w-    C:\Windows\System32\drivers\WdFilter.sys
2014-03-11 03:32:43    6987096    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2014-03-11 03:25:51    100184    ----a-w-    C:\Windows\System32\drivers\ksecdd.sys
2014-03-11 00:41:55    323072    ----a-w-    C:\Windows\SysWow64\schannel.dll
2014-03-11 00:41:51    559104    ----a-w-    C:\Windows\SysWow64\objsel.dll
2014-03-11 00:41:24    38400    ----a-w-    C:\Windows\SysWow64\dimsroam.dll
2014-03-11 00:39:12    35840    ----a-w-    C:\Windows\System32\lsass.exe
2014-03-11 00:38:58    27648    ----a-w-    C:\Windows\System32\sspisrv.dll
2014-03-11 00:38:58    164864    ----a-w-    C:\Windows\System32\sspicli.dll
2014-03-11 00:38:53    419328    ----a-w-    C:\Windows\System32\schannel.dll
2014-03-11 00:38:47    684032    ----a-w-    C:\Windows\System32\objsel.dll
2014-03-11 00:38:31    982016    ----a-w-    C:\Windows\System32\KernelBase.dll
2014-03-11 00:38:23    45056    ----a-w-    C:\Windows\System32\dimsroam.dll
2014-03-11 00:38:23    179712    ----a-w-    C:\Windows\System32\dpapisrv.dll
2014-03-10 03:05:14    668160    ----a-w-    C:\Windows\SysWow64\KernelBase.dll
2014-03-10 01:27:03    99840    ----a-w-    C:\Windows\SysWow64\sspicli.dll
2014-03-07 00:48:11    1766400    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-03-07 00:47:24    2877952    ----a-w-    C:\Windows\SysWow64\jscript9.dll
.
============= FINISH: 21:31:44,59 ===============
 

 

Agora Attach

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8 Single Language
Boot Device: \Device\HarddiskVolume1
Install Date: 06/05/2013 19:07:06
System Uptime: 03/06/2014 21:24:52 (24 hours ago)
.
Motherboard: Dell Inc. |  | 05HVFH
Processor: Intel® Core i5-3230M CPU @ 2.60GHz | U3E1 | 1200/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 688 GiB total, 372,076 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Adaptador de Túnel Teredo da Microsoft
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Adaptador de Túnel Teredo da Microsoft
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
==== System Restore Points ===================
.
RP74: 17/05/2014 00:46:23 - Installed Recovery for Word 5.0.19634.2 Demo License
RP75: 24/05/2014 18:36:32 - avast! antivirus system restore point
RP76: 29/05/2014 17:52:33 - Installed Java 7 Update 60 (64-bit)
RP77: 31/05/2014 17:43:24 - DirectX instalado
.
==== Installed Programs ======================
.
Adobe Acrobat XI Pro
Adobe AIR
Adobe Community Help
Adobe Content Viewer
Adobe Download Assistant
Adobe Flash Player 13 Plugin
Adobe InDesign CS5.5
Adobe Photoshop 7.0
Adobe Reader XI (11.0.07)
AGEIA PhysX v7.09.13
Atualização do produto Microsoft Office Excel 2007 Help (KB963678)
Atualização do produto Microsoft Office Outlook 2007 Help (KB963677)
Atualização do produto Microsoft Office Powerpoint 2007 Help (KB963669)
Atualização do produto Microsoft Office Word 2007 Help (KB963665)
aTube Catcher
avast! Internet Security
BattlEye for OA Uninstall
BattlEye Uninstall
BitTorrent
BS.Player FREE
Conexant SmartAudio HD
CyberLink LabelPrint 2.5
CyberLink Media Suite 10
CyberLink Media Suite Essentials
CyberLink Power2Go 8
CyberLink PowerDirector 10
CyberLink PowerDVD 10
D3DX10
DAEMON Tools Lite
DayZ Commander
Dell Backup and Recovery
Dell Backup and Recovery - Support Software
Dell Touchpad
Dell WLAN and Bluetooth Client Installation
DigitalPersona Fingerprint Software 6.2
Doxillion Document Converter
Dropbox
ffdshow v1.1.4399 [2012-03-22]
Foxit Cloud
Foxit Reader
Galeria de Fotos
GBBD Caixa Economica Federal
Google Chrome
Google Update Helper
Image Resizer for Windows
Image Resizer for Windows (64 bit)
Instalação do DivX
Intel® Control Center
Intel® Management Engine Components
Intel® Processor Graphics
Intel® Rapid Storage Technology
Intel® Trusted Connect Service Client
Java 7 Update 25
Java 7 Update 60 (64-bit)
Java Auto Updater
Lagarith Lossless Codec (1.3.27)
LAME v3.99.3 (for Windows)
League of Legends
Módulo de Segurança - Banco do Brasil
Malwarebytes Anti-Malware versão 1.75.0.1300
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64)
Microsoft Application Error Reporting
Microsoft Chart Controls for Microsoft .NET Framework 3.5
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (Portuguese (Brazil)) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Portuguese (Brazil)) 2007
Microsoft Office Groove MUI (Portuguese (Brazil)) 2007
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (Portuguese (Brazil)) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (Portuguese (Brazil)) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007
Microsoft Office Shared 64-bit MUI (Portuguese (Brazil)) 2007
Microsoft Office Shared MUI (Portuguese (Brazil)) 2007
Microsoft Office Word MUI (Portuguese (Brazil)) 2007
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft VC80 Support DLLs
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
Microsoft_VC90_MFCLOC_x86
Monitor da tecnologia Intel® Turbo Boost 2.6
Mount & Blade
Mount & Blade: Warband
Mount & Blade: With Fire and Sword
Movie Maker
Mozilla Firefox 29.0.1 (x86 pt-BR)
Mozilla Maintenance Service
MP3 Skype Recorder
MSVCRT
MSVCRT110
MSVCRT110_amd64
My Dell
OpenSource Flash Video Splitter 1.0.0.5
Origin
PDF Settings CS5
Photo Common
Photo Gallery
PokerStars
PunkBuster Services
Qualcomm Atheros Bluetooth Suite (64)
Quickset64
QuickShare
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek USB 2.0 Card Reader
RealUpgrade 1.1
Red Orchestra 2: Heroes of Stalingrad Beta
Rhinoceros 4.0
Rising Storm Beta
Rising Storm/Red Orchestra 2 Multiplayer
Savensharee
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2878236) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2817565) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2878237) 32-Bit Edition
Skype™ 6.16
Sniper Elite: Nazi Zombie Army
ST Microelectronics 3 Axis Digital Accelerometer Solution
Steam
TeamViewer 8
Thief 2
Unlocker 1.9.2
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2880505) 32-Bit Edition
Validity Sensors DDK
VC80CRTRedist - 8.0.50727.6195
VideoPad Video Editor
ViewPassword
WavePad Sound Editor
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Mobile Device Updater Component
WinRAR 4.20 (32-bit)
Yodot Doc Repair
Zune
Zune Language Pack (CHS)
Zune Language Pack (CHT)
Zune Language Pack (CSY)
Zune Language Pack (DAN)
Zune Language Pack (DEU)
Zune Language Pack (ELL)
Zune Language Pack (ESP)
Zune Language Pack (FIN)
Zune Language Pack (FRA)
Zune Language Pack (HUN)
Zune Language Pack (IND)
Zune Language Pack (ITA)
Zune Language Pack (JPN)
Zune Language Pack (KOR)
Zune Language Pack (MSL)
Zune Language Pack (NLD)
Zune Language Pack (NOR)
Zune Language Pack (PLK)
Zune Language Pack (PTB)
Zune Language Pack (PTG)
Zune Language Pack (RUS)
Zune Language Pack (SVE)
.
==== End Of File ===========================
 

Em contrapartida, mandei rodar o Gmer, mas sempre que o faço dá um travamento no windows( 8) que diz o seguinte: IRQL NOT LESS OR EQUAL e reinicia o pc. O que faço?

 

Fico no aguardo d e uma resposta. Desde já grato pela atenção.

M.M

Compartilhar este post


Link para o post
Compartilhar em outros sites
Olá

 

Desculpe a demora :)

 

Se ainda precisa de ajuda refaça os logs, pois preciso dos mesmos com datas atualizadas: Leia Antes de Postar - Criando um novo Tópico

 

ATENÇÃO 1: Não precisa abrir um novo tópico, coloque os novos logs neste mesmo tópico, obrigado!

ATENÇÃO 2: Não edite seu tópico, use o botão responder, obrigado!

ATENÇÃO 3: Não coloque os logs entre TAGS, obrigado!

ATENÇÃO 4: Não anexe os logs, obrigado!

 

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá, Diego, boa tarde.

Aqui estão os logs. Primeiro o do malware bite:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Versão da Base de Dados:  v2014.06.11.07

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16899
Lucas :: LUCAS [administrador]

11/06/2014 16:40:20
MBAM-log-2014-06-11 (16-46-59).txt

Tipo de Verificação:  Verificação Rápida
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos  | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opções de verificação desativadas: P2P
Objetos escaneados:  262853
Tempo decorrido: 6 minuto(s), 18 segundo(s)

Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D} (PUP.Optional.SiteFinder.A) -> Nenhuma ação foi feita.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D} (PUP.Optional.SiteFinder.A) -> Nenhuma ação foi feita.
HKCU\Software\funmoodsToolbar (PUP.Optional.FunMoods.A) -> Nenhuma ação foi feita.

Valores de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Detectadas: 2
HKCU\Software\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.Hao123.A) -> Ruim: (http://br.hao123.com/?tn=sft_pay_hp_02_hao123_br) Bom: (www.google.com) -> Nenhuma ação foi feita.
HKCU\Software\Microsoft\Internet Explorer\SearchURI|(Default) (PUP.Optional.SearchCertifiedTB.A) -> Ruim: (http://search.certified-toolbar.com?si=39033&bs=true&tid=114&q=%s) Bom: (http://www.google.com) -> Nenhuma ação foi feita.

Pastas Detectadas: 5
C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\default\extensions\khcceooakamlehbimaepcldnnlnkcmfk (PUP.Optional.SaveSense.A) -> Nenhuma ação foi feita.
C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\default\extensions\ammfplfdkakimnibcghcebgbiiphabgc (PUP.Optional.CrossRider.A) -> Nenhuma ação foi feita.
C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\default\extensions\ammfplfdkakimnibcghcebgbiiphabgc\_locales (PUP.Optional.CrossRider.A) -> Nenhuma ação foi feita.
C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\default\extensions\ammfplfdkakimnibcghcebgbiiphabgc\_locales\en (PUP.Optional.CrossRider.A) -> Nenhuma ação foi feita.
C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\default\extensions\ammfplfdkakimnibcghcebgbiiphabgc\_locales\pl (PUP.Optional.CrossRider.A) -> Nenhuma ação foi feita.

Arquivos Detectados: 13
C:\ProgramData\InstallMate\{A98EE89B-C5B3-4F93-AD78-8D91726DCA6D}\Custom.dll (Adware.Agent) -> Nenhuma ação foi feita.
C:\ProgramData\InstallMate\{AAFF98B7-0BFA-4EA5-AC4E-43D8711CBA41}\Custom.dll (Adware.Agent) -> Nenhuma ação foi feita.
C:\Windows\Installer\1416d745.msi (PUP.Optional.SnapDo.A) -> Nenhuma ação foi feita.
C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\default\Local Storage\http_www.superfish.com_0.localstorage (PUP.Optional.Superfish.A) -> Nenhuma ação foi feita.
C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\default\Local Storage\http_www.superfish.com_0.localstorage-journal (PUP.Optional.Superfish.A) -> Nenhuma ação foi feita.
C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\default\extensions\ammfplfdkakimnibcghcebgbiiphabgc\background.html (PUP.Optional.CrossRider.A) -> Nenhuma ação foi feita.
C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\default\extensions\ammfplfdkakimnibcghcebgbiiphabgc\background.js (PUP.Optional.CrossRider.A) -> Nenhuma ação foi feita.
C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\default\extensions\ammfplfdkakimnibcghcebgbiiphabgc\icon_128.png (PUP.Optional.CrossRider.A) -> Nenhuma ação foi feita.
C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\default\extensions\ammfplfdkakimnibcghcebgbiiphabgc\inject.js (PUP.Optional.CrossRider.A) -> Nenhuma ação foi feita.
C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\default\extensions\ammfplfdkakimnibcghcebgbiiphabgc\jquery.min.js (PUP.Optional.CrossRider.A) -> Nenhuma ação foi feita.
C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\default\extensions\ammfplfdkakimnibcghcebgbiiphabgc\manifest.json (PUP.Optional.CrossRider.A) -> Nenhuma ação foi feita.
C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\default\extensions\ammfplfdkakimnibcghcebgbiiphabgc\_locales\en\messages.json (PUP.Optional.CrossRider.A) -> Nenhuma ação foi feita.
C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\default\extensions\ammfplfdkakimnibcghcebgbiiphabgc\_locales\pl\messages.json (PUP.Optional.CrossRider.A) -> Nenhuma ação foi feita.

(fim)
 

 

Agora o do DDS:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537  BrowserJavaVersion: 10.25.2
Run by Lucas at 16:48:06 on 2014-06-11
Microsoft Windows 8 Single Language  6.2.9200.0.1252.55.1046.18.3965.1522 [GMT -3:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus *Enabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\PROGRA~2\GbPlugin\GbpSv.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\vcsFPService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\DigitalPersona\Bin\DpHostW.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
C:\Program Files\Conexant\SA3\CxUtilSvc.exe
C:\Windows\system32\dashost.exe
C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
c:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Baidu Security\PC App Store\4.4.0.5812\PCAppStoreSvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Zune\WMZuneComm.exe
C:\Program Files\Zune\ZuneWlanCfgSvc.exe
C:\Windows\System32\dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskhostex.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files\Elantech\ETDGesture.exe
C:\Program Files\Conexant\SA3\SmartAudio3.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files (x86)\MP3 Skype Recorder\MP3 Skype Recorder.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Origin\Origin.exe
C:\Program Files (x86)\Baidu Security\PC App Store\4.4.0.5812\AppStoreUtilExe.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://br.hao123.com/?tn=sft_pay_hp_02_hao123_br
uDefault_Page_URL = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
mSearch Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mURLSearchHooks: <No Name>:  - LocalServer32 - <no file>
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Adobe Acrobat Create PDF Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
BHO: GbIehObj Class: {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [MP3 Skype recorder] C:\Program Files (x86)\MP3 Skype Recorder\MP3 Skype Recorder.exe
uRun: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
uRun: [NitroPC] "C:\Users\Lucas\Desktop\back up\programas\NitroPC\NitroPC.exe" -minimized
mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
dRun: [MP3 Skype Recorder] C:\Program Files (x86)\MP3 Skype Recorder\MP3 Skype Recorder.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:221
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: DisableCAD = dword:1
IE: Anexar a PDF existente - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Anexar destino do link a PDF existente - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Converter destino do link em Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Converter em Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xportar para o Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.25.1
TCP: Interfaces\{A779EC43-2286-4350-8F97-DDEA2E2C68E5} : DHCPNameServer = 192.168.25.1
TCP: Interfaces\{CB1F9D34-3697-40C7-A2E7-6373044E6FAB} : DHCPNameServer = 10.42.0.251 10.42.0.252
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify:  GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
SEH: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll
LSA: Notification Packages =  DPPassFilter scecli
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://www.google.com
x64-mSearch Page = hxxp://www.google.com
x64-mDefault_Page_URL = hxxp://www.google.com
x64-mDefault_Search_URL = hxxp://www.google.com
x64-mSearchAssistant = hxxp://www.sweet-page.com/web/?type=ds&ts=1400300521&from=sof&uid=WDCXWD7500BPKT-75PK4T0_WD-WXK1E72ELWS3ELWS3&q={searchTerms}
x64-mCustomizeSearch = hxxp://www.sweet-page.com/web/?type=ds&ts=1400300521&from=sof&uid=WDCXWD7500BPKT-75PK4T0_WD-WXK1E72ELWS3ELWS3&q={searchTerms}
x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe
x64-Run: [smartAudio] C:\Program Files\CONEXANT\SA3\SACpl.exe /sa3 /nv:3.0+ /dne /s
x64-Run: [btTray] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe"
x64-Run: [btvStack] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe"
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-mPolicies-Explorer: NoDrives = dword:0
x64-mPolicies-System: DisableCAD = dword:1
x64-IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\3dxqr01a.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com.br
FF - prefs.js: keyword.URL -
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\DigitalPersona\Bin\ChromeExt\components\npChromeDPAgent.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\Users\Lucas\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll
FF - plugin: C:\Users\Lucas\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll
FF - plugin: C:\Users\Lucas\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll
FF - plugin: C:\Users\Lucas\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdisFlt;Avast! Firewall Driver;C:\Windows\System32\Drivers\aswNdisFlt.sys [2014-5-24 447888]
R0 aswRvrt;avast! Revert;C:\Windows\System32\Drivers\aswRvrt.sys [2014-3-21 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\Drivers\aswVmm.sys [2014-3-21 208416]
R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2012-10-27 651832]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\Drivers\stdcfltn.sys [2013-4-29 22168]
R1 aswKbd;aswKbd;C:\Windows\System32\Drivers\aswKbd.sys [2014-5-24 28184]
R1 aswSnx;aswSnx;C:\Windows\System32\Drivers\aswsnx.sys [2014-3-21 1039096]
R1 aswSP;aswSP;C:\Windows\System32\Drivers\aswsp.sys [2014-3-21 423240]
R1 CLVirtualDrive;CLVirtualDrive;C:\Windows\System32\Drivers\CLVirtualDrive.sys [2013-4-29 92536]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\Drivers\dtsoftbus01.sys [2013-5-25 283200]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\Drivers\aswMonFlt.sys [2014-3-21 79184]
R2 aswStm;aswStm;C:\Windows\System32\Drivers\aswstm.sys [2014-3-21 85328]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe [2012-9-14 216192]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-5-24 50344]
R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2014-5-24 109048]
R2 CxUtilSvc;CxUtilSvc;C:\Program Files\CONEXANT\SA3\CxUtilSvc.exe [2013-4-29 109184]
R2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [2014-5-8 241704]
R2 GbpSv;Gbp Service;C:\PROGRA~2\GbPlugin\GbpSv.exe [2014-5-16 519720]
R2 IAStorDataMgrSvc;Tecnologia de armazenamento Intel® Rapid;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-4-29 14904]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-4-29 165760]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-12-3 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-12-3 701512]
R2 PCAppStoreSvc_{PCAppStore_4.4.0.5812};Baidu PC App Store Service 4.4.0.5812;C:\Program Files (x86)\Baidu Security\PC App Store\4.4.0.5812\PCAppStoreSvc.exe [2014-5-19 552480]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-8-14 39056]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [2013-12-20 1915920]
R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-5-29 5093216]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\Drivers\TurboB.sys [2012-5-30 16168]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-4-29 364416]
R2 vcsFPService;Validity vocês Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2012-8-3 2711160]
R2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [2013-4-29 81536]
R3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;C:\Windows\System32\Drivers\btath_flt.sys [2012-9-14 88728]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\Drivers\btath_a2dp.sys [2012-9-14 344216]
R3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;C:\Windows\System32\Drivers\btath_avdt.sys [2012-9-14 114840]
R3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;C:\Windows\System32\Drivers\btath_bus.sys [2012-9-14 33944]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\Drivers\btath_hcrp.sys [2012-9-14 178840]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\Drivers\btath_lwflt.sys [2012-9-14 76952]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\Drivers\btath_rcp.sys [2012-9-14 135832]
R3 BtFilter;BtFilter;C:\Windows\System32\Drivers\btfilter.sys [2012-9-14 575128]
R3 BthLEEnum;Driver de Baixa Energia do Bluetooth;C:\Windows\System32\Drivers\BthLEEnum.sys [2012-7-25 202752]
R3 ETD;Dell Touchpad;C:\Windows\System32\Drivers\ETD.sys [2013-4-29 211856]
R3 IntcDAud;Áudio do vídeo Intel®;C:\Windows\System32\Drivers\IntcDAud.sys [2013-4-29 342528]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2013-12-3 25928]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2013-4-29 683664]
R3 ST_ACCEL;STMicroelectronics Accelerometer Service;C:\Windows\System32\Drivers\ST_Accel.sys [2013-4-29 71832]
S2 aswHwid;avast! HardwareID;C:\Windows\System32\Drivers\aswHwid.sys [2014-5-24 29208]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S2 Util diamondata;Util diamondata;"C:\Program Files (x86)\diamondata\bin\utildiamondata.exe" --> C:\Program Files (x86)\diamondata\bin\utildiamondata.exe [?]
S3 BEService;BattlEye Service;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2013-12-23 49152]
S3 DellRbtn;Airplane Mode Switch;C:\Windows\System32\Drivers\DellRbtn.sys [2013-4-29 10752]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\Drivers\ssudbus.sys [2013-10-28 107288]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\System32\Drivers\RtsUVStor.sys [2013-4-29 315536]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\Drivers\ssudmdm.sys [2013-8-20 204568]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.6;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2012-5-30 149544]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]
.
=============== Created Last 30 ================
.
2014-06-11 00:31:51    33616    ----a-w-    C:\Windows\System32\drivers\iqvw64e.sys
2014-06-05 21:33:34    --------    d-----w-    C:\Users\Lucas\AppData\Local\SniperV2
2014-06-01 04:44:44    --------    d-----w-    C:\ProgramData\EA Logs
2014-05-31 20:30:55    --------    d-----w-    C:\Program Files (x86)\Origin Games
2014-05-31 20:30:20    --------    d-----w-    C:\Users\Lucas\AppData\Roaming\Origin
2014-05-31 20:30:18    --------    d-----w-    C:\Users\Lucas\AppData\Local\Origin
2014-05-31 20:28:04    --------    d-----w-    C:\ProgramData\Origin
2014-05-31 20:28:02    --------    d-----w-    C:\ProgramData\Electronic Arts
2014-05-31 20:27:56    --------    d-----w-    C:\Program Files (x86)\Origin
2014-05-29 20:53:39    111016    ----a-w-    C:\Windows\System32\WindowsAccessBridge-64.dll
2014-05-24 22:05:11    536576    ----a-w-    C:\Windows\SysWow64\sqlite3.dll
2014-05-24 21:38:48    29208    ----a-w-    C:\Windows\System32\drivers\aswHwid.sys
2014-05-24 21:38:48    28184    ----a-w-    C:\Windows\System32\drivers\aswKbd.sys
2014-05-24 21:38:42    43152    ----a-w-    C:\Windows\avastSS.scr
2014-05-24 21:38:29    447888    ----a-w-    C:\Windows\System32\drivers\aswNdisFlt.sys
2014-05-17 15:27:41    --------    d-----w-    C:\Program Files (x86)\Yodot Doc Repair
2014-05-17 04:15:24    --------    d-----w-    C:\Program Files (x86)\SiteLookup
2014-05-17 04:03:44    --------    d-----w-    C:\Users\Lucas\AppData\Local\Word Recovery Toolbox
2014-05-17 03:50:59    --------    d-----w-    C:\Users\Lucas\AppData\Roaming\OfficeRecovery.73cacdbf
2014-05-17 03:50:59    --------    d-----w-    C:\Users\Lucas\AppData\Roaming\OfficeRecovery
2014-05-17 02:33:20    --------    d-----w-    C:\Program Files (x86)\PowerDataRecovery
2014-05-16 21:22:13    815314    ----a-w-    C:\Users\Lucas\AppData\Roaming\unins001.exe
2014-05-16 20:51:47    --------    d-----w-    C:\ProgramData\GbPlugin
2014-05-16 20:51:47    --------    d-----w-    C:\Program Files (x86)\GbPlugin
2014-05-13 23:22:59    578048    ----a-w-    C:\Windows\System32\winlogon.exe
2014-05-13 23:20:29    1287168    ----a-w-    C:\Windows\System32\schedsvc.dll
2014-05-13 23:20:15    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-05-13 23:20:15    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-05-13 23:19:59    621568    ----a-w-    C:\Windows\System32\drivers\srv2.sys
2014-05-13 23:19:59    370688    ----a-w-    C:\Windows\System32\drivers\mrxsmb.sys
2014-05-13 23:19:59    215040    ----a-w-    C:\Windows\System32\drivers\mrxsmb20.sys
2014-05-13 23:19:59    1120768    ----a-w-    C:\Windows\System32\gpedit.dll
2014-05-13 23:19:58    247808    ----a-w-    C:\Windows\System32\drivers\srvnet.sys
2014-05-13 23:19:58    1075200    ----a-w-    C:\Windows\SysWow64\gpedit.dll
2014-05-13 23:19:57    78336    ----a-w-    C:\Windows\System32\drivers\IPMIDrv.sys
.
==================== Find3M  ====================
.
2014-05-24 21:39:17    85328    ----a-w-    C:\Windows\System32\drivers\aswstm.sys
2014-05-24 21:39:17    1039096    ----a-w-    C:\Windows\System32\drivers\aswsnx.sys
2014-05-24 21:38:42    93568    ----a-w-    C:\Windows\System32\drivers\aswRdr2.sys
2014-05-24 21:38:42    79184    ----a-w-    C:\Windows\System32\drivers\aswMonFlt.sys
2014-05-24 21:38:42    65776    ----a-w-    C:\Windows\System32\drivers\aswRvrt.sys
2014-05-24 21:38:42    208416    ----a-w-    C:\Windows\System32\drivers\aswVmm.sys
2014-05-05 15:19:14    730834    ----a-w-    C:\Users\Lucas\AppData\Roaming\unins000.exe
2014-05-02 19:55:07    280792    ----a-w-    C:\Windows\SysWow64\PnkBstrB.xtr
2014-05-02 19:55:07    280792    ----a-w-    C:\Windows\SysWow64\PnkBstrB.exe
2014-05-02 19:19:33    76888    ----a-w-    C:\Windows\SysWow64\PnkBstrA.exe
2014-05-02 19:19:23    280792    ----a-w-    C:\Windows\SysWow64\PnkBstrB.ex0
2014-05-01 20:37:50    78296    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-01 20:37:50    694240    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-04-19 09:39:36    628024    ----a-w-    C:\Windows\System32\NotificationUI.exe
2014-04-19 08:45:39    693760    ----a-w-    C:\Windows\System32\WSShared.dll
2014-04-19 08:45:39    163840    ----a-w-    C:\Windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-19 06:57:49    566784    ----a-w-    C:\Windows\SysWow64\WSShared.dll
2014-04-19 06:57:49    124928    ----a-w-    C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-12 09:27:03    172888    ----a-w-    C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 09:09:43    208896    ----a-w-    C:\Windows\System32\wdigest.dll
2014-04-12 09:09:39    1043968    ----a-w-    C:\Windows\System32\usercpl.dll
2014-04-12 09:09:34    94720    ----a-w-    C:\Windows\System32\TSpkg.dll
2014-04-12 09:09:19    588288    ----a-w-    C:\Windows\System32\SHCore.dll
2014-04-12 09:08:37    318464    ----a-w-    C:\Windows\System32\msv1_0.dll
2014-04-12 09:08:17    439808    ----a-w-    C:\Windows\System32\lsm.dll
2014-04-12 09:08:17    1281536    ----a-w-    C:\Windows\System32\lsasrv.dll
2014-04-12 09:08:10    827904    ----a-w-    C:\Windows\System32\kerberos.dll
2014-04-12 09:07:36    20480    ----a-w-    C:\Windows\System32\credssp.dll
2014-04-12 07:23:59    178688    ----a-w-    C:\Windows\SysWow64\wdigest.dll
2014-04-12 07:23:52    961536    ----a-w-    C:\Windows\SysWow64\usercpl.dll
2014-04-12 07:23:49    76800    ----a-w-    C:\Windows\SysWow64\TSpkg.dll
2014-04-12 07:23:40    452608    ----a-w-    C:\Windows\SysWow64\SHCore.dll
2014-04-12 07:23:14    273920    ----a-w-    C:\Windows\SysWow64\msv1_0.dll
2014-04-12 07:22:58    666624    ----a-w-    C:\Windows\SysWow64\kerberos.dll
2014-04-12 07:22:33    17408    ----a-w-    C:\Windows\SysWow64\credssp.dll
2014-04-12 06:58:06    14848    ----a-w-    C:\Windows\System32\workerdd.dll
2014-04-12 00:49:16    534528    ----a-w-    C:\Windows\SysWow64\uxtheme.dll
2014-04-12 00:47:06    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-04-12 00:46:38    53760    ----a-w-    C:\Windows\System32\UXInit.dll
2014-04-12 00:41:21    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2014-04-12 00:40:58    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2014-04-01 01:46:48    130712    ----a-w-    C:\Windows\SysWow64\MSSTDFMT.DLL
2014-04-01 01:46:48    1070232    ----a-w-    C:\Windows\SysWow64\MSCOMCTL.OCX
2014-03-28 19:19:38    35856    ----a-w-    C:\Windows\System32\drivers\WdBoot.sys
2014-03-23 22:11:52    269592    ----a-w-    C:\Windows\System32\drivers\WdFilter.sys
.
============= FINISH: 16:49:10,49 ===============
 

 

Agora o Attach

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8 Single Language
Boot Device: \Device\HarddiskVolume1
Install Date: 06/05/2013 19:07:06
System Uptime: 04/06/2014 21:46:34 (163 hours ago)
.
Motherboard: Dell Inc. |  | 05HVFH
Processor: Intel® Core i5-3230M CPU @ 2.60GHz | U3E1 | 2601/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 688 GiB total, 362,051 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Adaptador de Túnel Teredo da Microsoft
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Adaptador de Túnel Teredo da Microsoft
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
Class GUID: {36fc9e60-c465-11cf-8056-444553540000}
Description: Intel® 7 Series/C216 Chipset Family USB Enhanced Host Controller - 1E2D
Device ID: PCI\VEN_8086&DEV_1E2D&SUBSYS_056D1028&REV_04\3&11583659&0&D0
Manufacturer: Intel
Name: Intel® 7 Series/C216 Chipset Family USB Enhanced Host Controller - 1E2D
PNP Device ID: PCI\VEN_8086&DEV_1E2D&SUBSYS_056D1028&REV_04\3&11583659&0&D0
Service: usbehci
.
==== System Restore Points ===================
.
RP75: 24/05/2014 18:36:32 - avast! antivirus system restore point
RP76: 29/05/2014 17:52:33 - Installed Java 7 Update 60 (64-bit)
RP77: 31/05/2014 17:43:24 - DirectX instalado
RP78: 05/06/2014 18:09:06 - DirectX instalado
RP79: 09/06/2014 00:52:32 - Windows Live Essentials
.
==== Installed Programs ======================
.
Adobe Acrobat XI Pro
Adobe AIR
Adobe Community Help
Adobe Content Viewer
Adobe Download Assistant
Adobe Flash Player 13 Plugin
Adobe InDesign CS5.5
Adobe Photoshop 7.0
Adobe Reader XI (11.0.07)
AGEIA PhysX v7.09.13
Atualização do produto Microsoft Office Excel 2007 Help (KB963678)
Atualização do produto Microsoft Office Outlook 2007 Help (KB963677)
Atualização do produto Microsoft Office Powerpoint 2007 Help (KB963669)
Atualização do produto Microsoft Office Word 2007 Help (KB963665)
aTube Catcher
avast! Internet Security
BattlEye for OA Uninstall
BattlEye Uninstall
BitTorrent
BS.Player FREE
Conexant SmartAudio HD
CyberLink LabelPrint 2.5
CyberLink Media Suite 10
CyberLink Media Suite Essentials
CyberLink Power2Go 8
CyberLink PowerDirector 10
CyberLink PowerDVD 10
D3DX10
DAEMON Tools Lite
DayZ Commander
Dell Backup and Recovery
Dell Backup and Recovery - Support Software
Dell Touchpad
Dell WLAN and Bluetooth Client Installation
DigitalPersona Fingerprint Software 6.2
Doxillion Document Converter
Dropbox
ffdshow v1.1.4399 [2012-03-22]
Foxit Cloud
Foxit Reader
Galeria de Fotos
GBBD Caixa Economica Federal
Google Chrome
Google Update Helper
Image Resizer for Windows
Image Resizer for Windows (64 bit)
Instalação do DivX
Intel® Control Center
Intel® Management Engine Components
Intel® Processor Graphics
Intel® Rapid Storage Technology
Intel® Trusted Connect Service Client
Java 7 Update 25
Java 7 Update 60 (64-bit)
Java Auto Updater
Lagarith Lossless Codec (1.3.27)
LAME v3.99.3 (for Windows)
League of Legends
Módulo de Segurança - Banco do Brasil
Malwarebytes Anti-Malware versão 1.75.0.1300
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64)
Microsoft Application Error Reporting
Microsoft Chart Controls for Microsoft .NET Framework 3.5
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (Portuguese (Brazil)) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Portuguese (Brazil)) 2007
Microsoft Office Groove MUI (Portuguese (Brazil)) 2007
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (Portuguese (Brazil)) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (Portuguese (Brazil)) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007
Microsoft Office Shared 64-bit MUI (Portuguese (Brazil)) 2007
Microsoft Office Shared MUI (Portuguese (Brazil)) 2007
Microsoft Office Word MUI (Portuguese (Brazil)) 2007
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft VC80 Support DLLs
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
Microsoft_VC90_MFCLOC_x86
Monitor da tecnologia Intel® Turbo Boost 2.6
Mount & Blade
Mount & Blade: Warband
Mount & Blade: With Fire and Sword
Movie Maker
Mozilla Firefox 29.0.1 (x86 pt-BR)
Mozilla Maintenance Service
MP3 Skype Recorder
MSVCRT
MSVCRT110
MSVCRT110_amd64
My Dell
OpenSource Flash Video Splitter 1.0.0.5
Origin
PDF Settings CS5
Photo Common
Photo Gallery
PokerStars
PunkBuster Services
Qualcomm Atheros Bluetooth Suite (64)
Quickset64
QuickShare
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek USB 2.0 Card Reader
RealUpgrade 1.1
Red Orchestra 2: Heroes of Stalingrad Beta
Rhinoceros 4.0
Rising Storm Beta
Rising Storm/Red Orchestra 2 Multiplayer
Savensharee
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2878236) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2817565) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2878237) 32-Bit Edition
Skype™ 6.16
Sniper Elite V2
Sniper Elite: Nazi Zombie Army
ST Microelectronics 3 Axis Digital Accelerometer Solution
Steam
TeamViewer 8
Thief 2
Unlocker 1.9.2
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2880505) 32-Bit Edition
Validity Sensors DDK
VC80CRTRedist - 8.0.50727.6195
VideoPad Video Editor
ViewPassword
WavePad Sound Editor
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Mobile Device Updater Component
WinRAR 4.20 (32-bit)
Yodot Doc Repair
Zune
Zune Language Pack (CHS)
Zune Language Pack (CHT)
Zune Language Pack (CSY)
Zune Language Pack (DAN)
Zune Language Pack (DEU)
Zune Language Pack (ELL)
Zune Language Pack (ESP)
Zune Language Pack (FIN)
Zune Language Pack (FRA)
Zune Language Pack (HUN)
Zune Language Pack (IND)
Zune Language Pack (ITA)
Zune Language Pack (JPN)
Zune Language Pack (KOR)
Zune Language Pack (MSL)
Zune Language Pack (NLD)
Zune Language Pack (NOR)
Zune Language Pack (PLK)
Zune Language Pack (PTB)
Zune Language Pack (PTG)
Zune Language Pack (RUS)
Zune Language Pack (SVE)
.
==== End Of File ===========================
 

O Gmer eu não consegui rodar ainda por causa da reinicialização e tela azul que aparece quando o rodo ele.


Diego, consegui rodar o Gmer e consegui o log dele agora:

 

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-06-11 17:03:35
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000034 WDC_WD7500BPKT-75PK4T0 rev.01.01A01 698,64GB
Running: gmer.exe; Driver: C:\Users\Lucas\AppData\Local\Temp\fxloapow.sys


---- Kernel code sections - GMER 2.1 ----

.text   C:\Windows\system32\ntoskrnl.exe!KiCpuId + 988                                                                                     fffff801de06d3dc 1 byte [31]
.text   C:\Windows\System32\win32k.sys!W32pServiceTable                                                                                    fffff9600017de00 7 bytes [00, 77, 82, 01, 00, 57, F2]
.text   C:\Windows\System32\win32k.sys!W32pServiceTable + 8                                                                                fffff9600017de08 7 bytes [01, 42, C0, FF, 00, 17, DB]

---- User code sections - GMER 2.1 ----

.text   C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\kernel32.dll!GetBinaryTypeW + 163                                           000007fa54e0f817 1 byte [62]
.text   C:\Windows\system32\wininit.exe[596] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                         000007fa54e0f817 1 byte [62]
.text   C:\Windows\system32\svchost.exe[892] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                         000007fa54e0f817 1 byte [62]
.text   C:\Windows\system32\svchost.exe[1004] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                        000007fa54e0f817 1 byte [62]
.text   C:\Windows\System32\svchost.exe[340] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                         000007fa54e0f817 1 byte [62]
.text   C:\Windows\system32\svchost.exe[452] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                         000007fa54e0f817 1 byte [62]
.text   C:\Windows\system32\svchost.exe[524] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                         000007fa54e0f817 1 byte [62]
.text   C:\Windows\System32\svchost.exe[1036] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                        000007fa54e0f817 1 byte [62]
.text   C:\Windows\system32\vcsFPService.exe[1140] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                   000007fa54e0f817 1 byte [62]
.text   C:\Windows\system32\svchost.exe[1236] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                        000007fa54e0f817 1 byte [62]
.text   C:\Windows\System32\spoolsv.exe[1608] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                        000007fa54e0f817 1 byte [62]
.text   C:\Program Files\DigitalPersona\Bin\DpHostW.exe[1656] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                        000007fa54e0f817 1 byte [62]
.text   C:\Program Files\DigitalPersona\Bin\DpHostW.exe[1656] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                 000007fa5583177a 4 bytes [83, 55, FA, 07]
.text   C:\Program Files\DigitalPersona\Bin\DpHostW.exe[1656] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                 000007fa55831782 4 bytes [83, 55, FA, 07]
.text   C:\Windows\system32\svchost.exe[1832] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                        000007fa54e0f817 1 byte [62]
.text   C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe[1416] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163  000007fa54e0f817 1 byte [62]
.text   C:\Windows\system32\dashost.exe[2136] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                        000007fa54e0f817 1 byte [62]
.text   c:\Program Files\Intel\iCLS Client\HeciServer.exe[2220] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                      000007fa54e0f817 1 byte [62]
.text   C:\Windows\system32\svchost.exe[2600] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                        000007fa54e0f817 1 byte [62]
.text   C:\Windows\system32\svchost.exe[2724] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                        000007fa54e0f817 1 byte [62]
.text   C:\Windows\system32\svchost.exe[3120] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                        000007fa54e0f817 1 byte [62]
.text   C:\Windows\System32\svchost.exe[3600] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                        000007fa54e0f817 1 byte [62]
.text   C:\Windows\system32\DllHost.exe[3352] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                        000007fa54e0f817 1 byte [62]
.text   C:\Windows\system32\SearchIndexer.exe[4756] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                  000007fa54e0f817 1 byte [62]
.text   C:\Program Files\Zune\WMZuneComm.exe[4472] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                   000007fa54e0f817 1 byte [62]
.text   C:\Program Files\Zune\ZuneWlanCfgSvc.exe[1016] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                               000007fa54e0f817 1 byte [62]
.text   C:\Windows\system32\csrss.exe[6040] C:\Windows\SYSTEM32\kernel32.dll!GetBinaryTypeW + 163                                          000007fa54e0f817 1 byte [62]
.text   C:\Windows\System32\WinLogon.exe[5236] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                       000007fa54e0f817 1 byte [62]
.text   C:\Windows\System32\dwm.exe[6948] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                            000007fa54e0f817 1 byte [62]
.text   C:\Windows\system32\taskhost.exe[7248] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                       000007fa54e0f817 1 byte [62]
.text   C:\Windows\system32\taskhostex.exe[7548] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                     000007fa54e0f817 1 byte [62]
.text   C:\Windows\Explorer.EXE[8224] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                                000007fa54e0f817 1 byte [62]
.text   C:\Windows\Explorer.EXE[8224] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                                   000007fa493f1532 4 bytes [3F, 49, FA, 07]
.text   C:\Windows\Explorer.EXE[8224] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                                   000007fa493f153a 4 bytes [3F, 49, FA, 07]
.text   C:\Windows\Explorer.EXE[8224] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                                 000007fa493f165a 4 bytes [3F, 49, FA, 07]
.text   C:\Windows\System32\RuntimeBroker.exe[6664] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                  000007fa54e0f817 1 byte [62]
.text   C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe[8480] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                  000007fa54e0f817 1 byte [62]
.text   C:\Program Files\Elantech\ETDCtrl.exe[5072] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                  000007fa54e0f817 1 byte [62]
.text   C:\Program Files\Elantech\ETDCtrl.exe[5072] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                     000007fa493f1532 4 bytes [3F, 49, FA, 07]
.text   C:\Program Files\Elantech\ETDCtrl.exe[5072] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                     000007fa493f153a 4 bytes [3F, 49, FA, 07]
.text   C:\Program Files\Elantech\ETDCtrl.exe[5072] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                   000007fa493f165a 4 bytes [3F, 49, FA, 07]
.text   C:\Program Files\Elantech\ETDCtrlHelper.exe[9208] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                            000007fa54e0f817 1 byte [62]
.text   C:\Program Files\Elantech\ETDCtrlHelper.exe[9208] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                               000007fa493f1532 4 bytes [3F, 49, FA, 07]
.text   C:\Program Files\Elantech\ETDCtrlHelper.exe[9208] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                               000007fa493f153a 4 bytes [3F, 49, FA, 07]
.text   C:\Program Files\Elantech\ETDCtrlHelper.exe[9208] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                             000007fa493f165a 4 bytes [3F, 49, FA, 07]
.text   C:\Program Files\Elantech\ETDGesture.exe[5656] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                               000007fa54e0f817 1 byte [62]
.text   C:\Program Files\Elantech\ETDGesture.exe[5656] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                  000007fa493f1532 4 bytes [3F, 49, FA, 07]
.text   C:\Program Files\Elantech\ETDGesture.exe[5656] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                  000007fa493f153a 4 bytes [3F, 49, FA, 07]
.text   C:\Program Files\Elantech\ETDGesture.exe[5656] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                000007fa493f165a 4 bytes [3F, 49, FA, 07]
.text   C:\Program Files\Conexant\SA3\SmartAudio3.exe[6680] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 163                          000007fa54e0f817 1 byte [62]
.text   C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe[4504] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 163        000007fa54e0f817 1 byte [62]
.text   C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe[4504] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690           000007fa493f1532 4 bytes [3F, 49, FA, 07]
.text   C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe[4504] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698           000007fa493f153a 4 bytes [3F, 49, FA, 07]
.text   C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe[4504] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246         000007fa493f165a 4 bytes [3F, 49, FA, 07]
.text   C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe[4660] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163      000007fa54e0f817 1 byte [62]
.text   C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe[4660] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690         000007fa493f1532 4 bytes [3F, 49, FA, 07]
.text   C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe[4660] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698         000007fa493f153a 4 bytes [3F, 49, FA, 07]
.text   C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe[4660] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246       000007fa493f165a 4 bytes [3F, 49, FA, 07]
.text   C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe[4660] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 742             000007fa53a81b32 4 bytes [A8, 53, FA, 07]
.text   C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe[4660] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 750             000007fa53a81b3a 4 bytes [A8, 53, FA, 07]
.text   C:\Windows\System32\hkcmd.exe[5644] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                          000007fa54e0f817 1 byte [62]
.text   C:\Program Files\Zune\ZuneLauncher.exe[532] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                  000007fa54e0f817 1 byte [62]
.text   C:\Windows\system32\conhost.exe[6880] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                        000007fa54e0f817 1 byte [62]
.text   C:\Windows\system32\wbem\wmiprvse.exe[1156] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                  000007fa54e0f817 1 byte [62]
.text   C:\Windows\system32\wbem\unsecapp.exe[2176] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                  000007fa54e0f817 1 byte [62]
.text   C:\Windows\system32\AUDIODG.EXE[7104] C:\Windows\SYSTEM32\KERNEL32.DLL!GetBinaryTypeW + 163                                        000007fa54e0f817 1 byte [62]

---- Threads - GMER 2.1 ----

Thread  C:\Windows\system32\svchost.exe [452:3836]                                                                                         000007fa4da75c38
Thread  C:\Windows\system32\svchost.exe [452:1272]                                                                                         000007fa488351dc
Thread  C:\Windows\system32\svchost.exe [452:3776]                                                                                         000007fa502610f0
Thread  C:\Windows\system32\svchost.exe [1832:2148]                                                                                        000007fa4e0631a0
Thread  C:\Windows\system32\svchost.exe [1832:2688]                                                                                        000007fa4e069c68
Thread  C:\Windows\system32\svchost.exe [1832:3624]                                                                                        000007fa4afd24e8
Thread  C:\Windows\system32\svchost.exe [1832:3716]                                                                                        000007fa4acd1544
Thread  C:\Windows\system32\svchost.exe [1832:3756]                                                                                        000007fa4aa155dc
Thread  C:\Windows\system32\svchost.exe [1832:4140]                                                                                        000007fa48b44910
Thread  C:\Windows\system32\svchost.exe [1832:2696]                                                                                        000007fa48b41044
Thread  C:\Windows\system32\csrss.exe [6040:2812]                                                                                          fffff960008f55e8
Thread  C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe [3928:2700]         000007fa548223a8
Thread  C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe [3928:7524]         000007fa4cc977b0
Thread  C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe [3928:3392]         000007fa4cc977b0
Thread  C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe [3928:6536]         000007fa55eb3f94
Thread  C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe [3928:8620]         000007fa55a8b2b8
Thread  C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe [3928:8404]         000007fa535e5990
Thread  C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe [3928:3680]         000007fa53ed3af0
Thread  C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe [3928:5452]         000007fa52d92e1c
Thread  C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe [3928:6560]         000007fa548223a8
Thread  C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe [3928:4556]         000007fa548223a8
Thread  C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe [3928:8876]         000007fa548223a8

---- Disk sectors - GMER 2.1 ----

Disk    \Device\Harddisk0\DR0                                                                                                              unknown MBR code

---- EOF - GMER 2.1 ----
 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro Mogg Mester

 

Recomendo que salve este tópico em seus Favoritos para facilitar na hora de encontrá-lo.
 
Por favor, atente para o seguinte:
  • Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP);
O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
Sempre coloque suas respostas neste tópico... Não abra outro!
Procure sempre me manter informado, durante a remoção, sobre o que acontece com seu computador.
Respeite a ordem das instruções passadas.
Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

# Etapa nº 1 #

 

Aqui estão os logs. Primeiro o do malware bite:

 

 

Não foi pedido o log do MalwareBytes... atente bem para as instruções passadas acima ;)
 
# Etapa nº 2 #
 
Não é recomendável mais de um antivírus instalado, escolha somente um AV e um SP e desinstale/desative os outros:

AV: Windows Defender
AV: avast! Antivirus
SP: Windows Defender
SP: avast! Antivirus

 

 

 
FW: avast! Antivirus, se está usando este firewall certifique que o do Windows esteja desativado.
 
Depois de tudo, faça um novo log com o DDS e poste aqui os dois.
 
Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro Diaego:

bom dia,

Muito obrigado pela atenção.

Com relação ao malware bytes coloquei como um acréscimo, já que foi ele quem me chamou a atenção para uma infecção no note. Mas como é importuno, não será mais acrescido :lol: .

Quanto ao fire wall, ambos estão desligados, tanto Windows como Avast.

O Windows defender, segundo o próprio windows está desativado.

Segue novo log do DDS abaixo:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16921  BrowserJavaVersion: 10.25.2
Run by Lucas at 14:00:01 on 2014-06-14
Microsoft Windows 8 Single Language  6.2.9200.0.1252.55.1046.18.3965.2059 [GMT -3:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\PROGRA~2\GbPlugin\GbpSv.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\vcsFPService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\DigitalPersona\Bin\DpHostW.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
C:\Program Files\Conexant\SA3\CxUtilSvc.exe
C:\Windows\system32\dashost.exe
C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
c:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Baidu Security\PC App Store\4.4.0.5812\PCAppStoreSvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Google\Update\Install\{DD546E04-10E7-4ACE-8EA7-D0579030107D}\35.0.1916.153_35.0.1916.114_chrome_updater.exe
C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\setup.exe
C:\Program Files\AVAST Software\Avast\setup\New\instup.exe
C:\Windows\System32\dwm.exe
C:\Windows\system32\taskhostex.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\Explorer.EXE
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Conexant\SA3\SmartAudio3.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Elantech\ETDGesture.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files (x86)\MP3 Skype Recorder\MP3 Skype Recorder.exe
C:\Program Files (x86)\Origin\Origin.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\My Dell\uaclauncher.exe
C:\Program Files (x86)\Baidu Security\PC App Store\4.4.0.5812\AppStoreUtilExe.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://br.hao123.com/?tn=sft_pay_hp_02_hao123_br
uDefault_Page_URL = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
mSearch Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mURLSearchHooks: <No Name>:  - LocalServer32 - <no file>
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Adobe Acrobat Create PDF Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
BHO: GbIehObj Class: {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [MP3 Skype recorder] C:\Program Files (x86)\MP3 Skype Recorder\MP3 Skype Recorder.exe
uRun: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
uRun: [NitroPC] "C:\Users\Lucas\Desktop\back up\programas\NitroPC\NitroPC.exe" -minimized
mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
dRun: [MP3 Skype Recorder] C:\Program Files (x86)\MP3 Skype Recorder\MP3 Skype Recorder.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:221
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: DisableCAD = dword:1
IE: Anexar a PDF existente - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Anexar destino do link a PDF existente - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Converter destino do link em Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Converter em Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xportar para o Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.25.1
TCP: Interfaces\{A779EC43-2286-4350-8F97-DDEA2E2C68E5} : DHCPNameServer = 192.168.25.1
TCP: Interfaces\{CB1F9D34-3697-40C7-A2E7-6373044E6FAB} : DHCPNameServer = 10.42.0.251 10.42.0.252
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify:  GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
SEH: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll
LSA: Notification Packages =  DPPassFilter scecli
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://www.google.com
x64-mSearch Page = hxxp://www.google.com
x64-mDefault_Page_URL = hxxp://www.google.com
x64-mDefault_Search_URL = hxxp://www.google.com
x64-mSearchAssistant = hxxp://www.sweet-page.com/web/?type=ds&ts=1400300521&from=sof&uid=WDCXWD7500BPKT-75PK4T0_WD-WXK1E72ELWS3ELWS3&q={searchTerms}
x64-mCustomizeSearch = hxxp://www.sweet-page.com/web/?type=ds&ts=1400300521&from=sof&uid=WDCXWD7500BPKT-75PK4T0_WD-WXK1E72ELWS3ELWS3&q={searchTerms}
x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe
x64-Run: [smartAudio] C:\Program Files\CONEXANT\SA3\SACpl.exe /sa3 /nv:3.0+ /dne /s
x64-Run: [btTray] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe"
x64-Run: [btvStack] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe"
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-mPolicies-Explorer: NoDrives = dword:0
x64-mPolicies-System: DisableCAD = dword:1
x64-IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\3dxqr01a.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com.br
FF - prefs.js: keyword.URL -
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\DigitalPersona\Bin\ChromeExt\components\npChromeDPAgent.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\Users\Lucas\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll
FF - plugin: C:\Users\Lucas\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll
FF - plugin: C:\Users\Lucas\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll
FF - plugin: C:\Users\Lucas\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdisFlt;Avast! Firewall Driver;C:\Windows\System32\Drivers\aswNdisFlt.sys [2014-5-24 447888]
R0 aswRvrt;avast! Revert;C:\Windows\System32\Drivers\aswRvrt.sys [2014-3-21 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\Drivers\aswVmm.sys [2014-3-21 208416]
R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2012-10-27 651832]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\Drivers\stdcfltn.sys [2013-4-29 22168]
R1 aswKbd;aswKbd;C:\Windows\System32\Drivers\aswKbd.sys [2014-5-24 28184]
R1 aswSnx;aswSnx;C:\Windows\System32\Drivers\aswsnx.sys [2014-3-21 1039096]
R1 aswSP;aswSP;C:\Windows\System32\Drivers\aswsp.sys [2014-3-21 423240]
R1 CLVirtualDrive;CLVirtualDrive;C:\Windows\System32\Drivers\CLVirtualDrive.sys [2013-4-29 92536]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\Drivers\dtsoftbus01.sys [2013-5-25 283200]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\Drivers\aswMonFlt.sys [2014-3-21 79184]
R2 aswStm;aswStm;C:\Windows\System32\Drivers\aswstm.sys [2014-3-21 85328]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe [2012-9-14 216192]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-5-24 50344]
R2 CxUtilSvc;CxUtilSvc;C:\Program Files\CONEXANT\SA3\CxUtilSvc.exe [2013-4-29 109184]
R2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [2014-5-8 241704]
R2 GbpSv;Gbp Service;C:\PROGRA~2\GbPlugin\GbpSv.exe [2014-5-16 519720]
R2 IAStorDataMgrSvc;Tecnologia de armazenamento Intel® Rapid;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-4-29 14904]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-4-29 165760]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-12-3 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-12-3 701512]
R2 PCAppStoreSvc_{PCAppStore_4.4.0.5812};Baidu PC App Store Service 4.4.0.5812;C:\Program Files (x86)\Baidu Security\PC App Store\4.4.0.5812\PCAppStoreSvc.exe [2014-5-19 552480]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-8-14 39056]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [2013-12-20 1915920]
R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-5-29 5093216]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\Drivers\TurboB.sys [2012-5-30 16168]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-4-29 364416]
R2 vcsFPService;Validity vocês Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2012-8-3 2711160]
R2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [2013-4-29 81536]
R3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;C:\Windows\System32\Drivers\btath_flt.sys [2012-9-14 88728]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\Drivers\btath_a2dp.sys [2012-9-14 344216]
R3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;C:\Windows\System32\Drivers\btath_avdt.sys [2012-9-14 114840]
R3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;C:\Windows\System32\Drivers\btath_bus.sys [2012-9-14 33944]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\Drivers\btath_hcrp.sys [2012-9-14 178840]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\Drivers\btath_lwflt.sys [2012-9-14 76952]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\Drivers\btath_rcp.sys [2012-9-14 135832]
R3 BtFilter;BtFilter;C:\Windows\System32\Drivers\btfilter.sys [2012-9-14 575128]
R3 BthLEEnum;Driver de Baixa Energia do Bluetooth;C:\Windows\System32\Drivers\BthLEEnum.sys [2012-7-25 202752]
R3 ETD;Dell Touchpad;C:\Windows\System32\Drivers\ETD.sys [2013-4-29 211856]
R3 IntcDAud;Áudio do vídeo Intel®;C:\Windows\System32\Drivers\IntcDAud.sys [2013-4-29 342528]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2013-12-3 25928]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2013-4-29 683664]
R3 ST_ACCEL;STMicroelectronics Accelerometer Service;C:\Windows\System32\Drivers\ST_Accel.sys [2013-4-29 71832]
S?2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2014-5-24 109048]
S2 aswHwid;avast! HardwareID;C:\Windows\System32\Drivers\aswHwid.sys [2014-5-24 29208]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S2 Util diamondata;Util diamondata;"C:\Program Files (x86)\diamondata\bin\utildiamondata.exe" --> C:\Program Files (x86)\diamondata\bin\utildiamondata.exe [?]
S3 BEService;BattlEye Service;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2013-12-23 49152]
S3 DellRbtn;Airplane Mode Switch;C:\Windows\System32\Drivers\DellRbtn.sys [2013-4-29 10752]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\Drivers\ssudbus.sys [2013-10-28 107288]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\System32\Drivers\RtsUVStor.sys [2013-4-29 315536]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\Drivers\ssudmdm.sys [2013-8-20 204568]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.6;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2012-5-30 149544]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]
.
=============== Created Last 30 ================
.
2014-06-11 19:14:59    915968    ----a-w-    C:\Windows\System32\uxtheme.dll
2014-06-11 19:13:39    1845760    ----a-w-    C:\Windows\System32\msxml3.dll
2014-06-11 19:13:39    1419264    ----a-w-    C:\Windows\SysWow64\msxml3.dll
2014-06-11 19:13:38    2233176    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2014-06-11 19:13:32    619008    ----a-w-    C:\Windows\System32\drivers\srv2.sys
2014-06-11 19:13:32    328024    ----a-w-    C:\Windows\System32\drivers\Classpnp.sys
2014-06-11 19:13:31    309760    ----a-w-    C:\Windows\System32\wusa.exe
2014-06-11 19:13:31    305152    ----a-w-    C:\Windows\SysWow64\wusa.exe
2014-06-11 00:31:51    33616    ----a-w-    C:\Windows\System32\drivers\iqvw64e.sys
2014-06-05 21:33:34    --------    d-----w-    C:\Users\Lucas\AppData\Local\SniperV2
2014-06-01 04:44:44    --------    d-----w-    C:\ProgramData\EA Logs
2014-05-31 20:30:55    --------    d-----w-    C:\Program Files (x86)\Origin Games
2014-05-31 20:30:20    --------    d-----w-    C:\Users\Lucas\AppData\Roaming\Origin
2014-05-31 20:30:18    --------    d-----w-    C:\Users\Lucas\AppData\Local\Origin
2014-05-31 20:28:04    --------    d-----w-    C:\ProgramData\Origin
2014-05-31 20:28:02    --------    d-----w-    C:\ProgramData\Electronic Arts
2014-05-31 20:27:56    --------    d-----w-    C:\Program Files (x86)\Origin
2014-05-29 20:53:39    111016    ----a-w-    C:\Windows\System32\WindowsAccessBridge-64.dll
2014-05-24 22:05:11    536576    ----a-w-    C:\Windows\SysWow64\sqlite3.dll
2014-05-24 21:38:48    29208    ----a-w-    C:\Windows\System32\drivers\aswHwid.sys
2014-05-24 21:38:48    28184    ----a-w-    C:\Windows\System32\drivers\aswKbd.sys
2014-05-24 21:38:42    43152    ----a-w-    C:\Windows\avastSS.scr
2014-05-24 21:38:29    447888    ----a-w-    C:\Windows\System32\drivers\aswNdisFlt.sys
2014-05-17 15:27:41    --------    d-----w-    C:\Program Files (x86)\Yodot Doc Repair
2014-05-17 04:15:24    --------    d-----w-    C:\Program Files (x86)\SiteLookup
2014-05-17 04:03:44    --------    d-----w-    C:\Users\Lucas\AppData\Local\Word Recovery Toolbox
2014-05-17 03:50:59    --------    d-----w-    C:\Users\Lucas\AppData\Roaming\OfficeRecovery.73cacdbf
2014-05-17 03:50:59    --------    d-----w-    C:\Users\Lucas\AppData\Roaming\OfficeRecovery
2014-05-17 02:33:20    --------    d-----w-    C:\Program Files (x86)\PowerDataRecovery
2014-05-16 21:22:13    815314    ----a-w-    C:\Users\Lucas\AppData\Roaming\unins001.exe
2014-05-16 20:51:47    --------    d-----w-    C:\ProgramData\GbPlugin
2014-05-16 20:51:47    --------    d-----w-    C:\Program Files (x86)\GbPlugin
2014-05-16 11:56:24    1619632    ----a-w-    C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\OGL.DLL
.
==================== Find3M  ====================
.
2014-05-31 05:16:07    703992    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-05-31 05:16:07    105464    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-24 21:39:17    85328    ----a-w-    C:\Windows\System32\drivers\aswstm.sys
2014-05-24 21:39:17    1039096    ----a-w-    C:\Windows\System32\drivers\aswsnx.sys
2014-05-24 21:38:42    93568    ----a-w-    C:\Windows\System32\drivers\aswRdr2.sys
2014-05-24 21:38:42    79184    ----a-w-    C:\Windows\System32\drivers\aswMonFlt.sys
2014-05-24 21:38:42    65776    ----a-w-    C:\Windows\System32\drivers\aswRvrt.sys
2014-05-24 21:38:42    208416    ----a-w-    C:\Windows\System32\drivers\aswVmm.sys
2014-05-24 02:47:54    2239488    ----a-w-    C:\Windows\System32\wininet.dll
2014-05-24 02:47:44    53760    ----a-w-    C:\Windows\System32\UXInit.dll
2014-05-24 02:46:15    3958784    ----a-w-    C:\Windows\System32\jscript9.dll
2014-05-24 02:46:07    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2014-05-24 02:46:07    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2014-05-24 02:45:26    1508864    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-05-24 01:26:54    1766400    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-05-24 01:26:46    44032    ----a-w-    C:\Windows\SysWow64\UXInit.dll
2014-05-24 01:25:52    2862080    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-05-24 01:25:49    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-05-24 01:25:49    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2014-05-24 01:25:25    1440768    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-05-24 01:09:41    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-05-24 01:03:36    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-05-23 22:37:13    534528    ----a-w-    C:\Windows\SysWow64\uxtheme.dll
2014-05-05 15:19:14    730834    ----a-w-    C:\Users\Lucas\AppData\Roaming\unins000.exe
2014-05-03 05:47:22    3246592    ----a-w-    C:\Windows\System32\rdpcorets.dll
2014-05-03 03:34:54    235520    ----a-w-    C:\Windows\System32\rdpudd.dll
2014-05-02 19:55:07    280792    ----a-w-    C:\Windows\SysWow64\PnkBstrB.xtr
2014-05-02 19:55:07    280792    ----a-w-    C:\Windows\SysWow64\PnkBstrB.exe
2014-05-02 19:19:33    76888    ----a-w-    C:\Windows\SysWow64\PnkBstrA.exe
2014-05-02 19:19:23    280792    ----a-w-    C:\Windows\SysWow64\PnkBstrB.ex0
2014-04-29 22:32:07    1301504    ----a-w-    C:\Windows\System32\gdi32.dll
2014-04-29 22:22:23    1023488    ----a-w-    C:\Windows\SysWow64\gdi32.dll
2014-04-19 09:39:36    628024    ----a-w-    C:\Windows\System32\NotificationUI.exe
2014-04-19 08:45:39    693760    ----a-w-    C:\Windows\System32\WSShared.dll
2014-04-19 08:45:39    163840    ----a-w-    C:\Windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-19 06:57:49    566784    ----a-w-    C:\Windows\SysWow64\WSShared.dll
2014-04-19 06:57:49    124928    ----a-w-    C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-12 09:27:03    172888    ----a-w-    C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 09:10:31    578048    ----a-w-    C:\Windows\System32\winlogon.exe
2014-04-12 09:09:43    208896    ----a-w-    C:\Windows\System32\wdigest.dll
2014-04-12 09:09:39    1043968    ----a-w-    C:\Windows\System32\usercpl.dll
2014-04-12 09:09:34    94720    ----a-w-    C:\Windows\System32\TSpkg.dll
2014-04-12 09:09:19    588288    ----a-w-    C:\Windows\System32\SHCore.dll
2014-04-12 09:08:37    318464    ----a-w-    C:\Windows\System32\msv1_0.dll
2014-04-12 09:08:17    439808    ----a-w-    C:\Windows\System32\lsm.dll
2014-04-12 09:08:17    1281536    ----a-w-    C:\Windows\System32\lsasrv.dll
2014-04-12 09:08:10    827904    ----a-w-    C:\Windows\System32\kerberos.dll
2014-04-12 09:07:36    20480    ----a-w-    C:\Windows\System32\credssp.dll
2014-04-12 07:23:59    178688    ----a-w-    C:\Windows\SysWow64\wdigest.dll
2014-04-12 07:23:52    961536    ----a-w-    C:\Windows\SysWow64\usercpl.dll
2014-04-12 07:23:49    76800    ----a-w-    C:\Windows\SysWow64\TSpkg.dll
2014-04-12 07:23:40    452608    ----a-w-    C:\Windows\SysWow64\SHCore.dll
2014-04-12 07:23:14    273920    ----a-w-    C:\Windows\SysWow64\msv1_0.dll
2014-04-12 07:22:58    666624    ----a-w-    C:\Windows\SysWow64\kerberos.dll
2014-04-12 07:22:33    17408    ----a-w-    C:\Windows\SysWow64\credssp.dll
2014-04-12 06:58:06    14848    ----a-w-    C:\Windows\System32\workerdd.dll
2014-04-01 01:46:48    130712    ----a-w-    C:\Windows\SysWow64\MSSTDFMT.DLL
2014-04-01 01:46:48    1070232    ----a-w-    C:\Windows\SysWow64\MSCOMCTL.OCX
2014-03-28 19:19:38    35856    ----a-w-    C:\Windows\System32\drivers\WdBoot.sys
2014-03-28 08:23:00    1287168    ----a-w-    C:\Windows\System32\schedsvc.dll
2014-03-23 22:11:52    269592    ----a-w-    C:\Windows\System32\drivers\WdFilter.sys
.
============= FINISH: 14:01:13,98 ===============
 

Agora o Attach:

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8 Single Language
Boot Device: \Device\HarddiskVolume1
Install Date: 06/05/2013 19:07:06
System Uptime: 11/06/2014 20:23:14 (66 hours ago)
.
Motherboard: Dell Inc. |  | 05HVFH
Processor: Intel® Core i5-3230M CPU @ 2.60GHz | U3E1 | 2601/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 688 GiB total, 361,097 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Adaptador de Túnel Teredo da Microsoft
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Adaptador de Túnel Teredo da Microsoft
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
Class GUID: {36fc9e60-c465-11cf-8056-444553540000}
Description: Intel® 7 Series/C216 Chipset Family USB Enhanced Host Controller - 1E2D
Device ID: PCI\VEN_8086&DEV_1E2D&SUBSYS_056D1028&REV_04\3&11583659&0&D0
Manufacturer: Intel
Name: Intel® 7 Series/C216 Chipset Family USB Enhanced Host Controller - 1E2D
PNP Device ID: PCI\VEN_8086&DEV_1E2D&SUBSYS_056D1028&REV_04\3&11583659&0&D0
Service: usbehci
.
==== System Restore Points ===================
.
RP75: 24/05/2014 18:36:32 - avast! antivirus system restore point
RP76: 29/05/2014 17:52:33 - Installed Java 7 Update 60 (64-bit)
RP77: 31/05/2014 17:43:24 - DirectX instalado
RP78: 05/06/2014 18:09:06 - DirectX instalado
RP79: 09/06/2014 00:52:32 - Windows Live Essentials
RP80: 13/06/2014 19:52:08 - avast! antivirus system restore point
.
==== Installed Programs ======================
.
Adobe Acrobat XI Pro
Adobe AIR
Adobe Community Help
Adobe Content Viewer
Adobe Download Assistant
Adobe Flash Player 13 Plugin
Adobe InDesign CS5.5
Adobe Photoshop 7.0
Adobe Reader XI (11.0.07)
AGEIA PhysX v7.09.13
Atualização do produto Microsoft Office Excel 2007 Help (KB963678)
Atualização do produto Microsoft Office Outlook 2007 Help (KB963677)
Atualização do produto Microsoft Office Powerpoint 2007 Help (KB963669)
Atualização do produto Microsoft Office Word 2007 Help (KB963665)
aTube Catcher
avast! Free Antivirus
BattlEye for OA Uninstall
BattlEye Uninstall
BitTorrent
BS.Player FREE
Conexant SmartAudio HD
CyberLink LabelPrint 2.5
CyberLink Media Suite 10
CyberLink Media Suite Essentials
CyberLink Power2Go 8
CyberLink PowerDirector 10
CyberLink PowerDVD 10
D3DX10
DAEMON Tools Lite
DayZ Commander
Dell Backup and Recovery
Dell Backup and Recovery - Support Software
Dell Touchpad
Dell WLAN and Bluetooth Client Installation
DigitalPersona Fingerprint Software 6.2
Doxillion Document Converter
Dropbox
ffdshow v1.1.4399 [2012-03-22]
Foxit Cloud
Foxit Reader
Galeria de Fotos
GBBD Caixa Economica Federal
Google Chrome
Google Update Helper
Image Resizer for Windows
Image Resizer for Windows (64 bit)
Instalação do DivX
Intel® Control Center
Intel® Management Engine Components
Intel® Processor Graphics
Intel® Rapid Storage Technology
Intel® Trusted Connect Service Client
Java 7 Update 25
Java 7 Update 60 (64-bit)
Java Auto Updater
Lagarith Lossless Codec (1.3.27)
LAME v3.99.3 (for Windows)
League of Legends
Módulo de Segurança - Banco do Brasil
Malwarebytes Anti-Malware versão 1.75.0.1300
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64)
Microsoft Application Error Reporting
Microsoft Chart Controls for Microsoft .NET Framework 3.5
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (Portuguese (Brazil)) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Portuguese (Brazil)) 2007
Microsoft Office Groove MUI (Portuguese (Brazil)) 2007
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (Portuguese (Brazil)) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (Portuguese (Brazil)) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007
Microsoft Office Shared 64-bit MUI (Portuguese (Brazil)) 2007
Microsoft Office Shared MUI (Portuguese (Brazil)) 2007
Microsoft Office Word MUI (Portuguese (Brazil)) 2007
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft VC80 Support DLLs
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
Microsoft_VC90_MFCLOC_x86
Monitor da tecnologia Intel® Turbo Boost 2.6
Mount & Blade
Mount & Blade: Warband
Mount & Blade: With Fire and Sword
Movie Maker
Mozilla Firefox 29.0.1 (x86 pt-BR)
Mozilla Maintenance Service
MP3 Skype recorder
MSVCRT
MSVCRT110
MSVCRT110_amd64
My Dell
OpenSource Flash Video Splitter 1.0.0.5
Origin
PDF Settings CS5
Photo Common
Photo Gallery
PokerStars
PunkBuster Services
Qualcomm Atheros Bluetooth Suite (64)
Quickset64
QuickShare
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek USB 2.0 Card Reader
RealUpgrade 1.1
Red Orchestra 2: Heroes of Stalingrad Beta
Rhinoceros 4.0
Rising Storm Beta
Rising Storm/Red Orchestra 2 Multiplayer
Savensharee
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2878233) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880513) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2817565) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2880515) 32-Bit Edition
Skype™ 6.16
Sniper Elite V2
Sniper Elite: Nazi Zombie Army
ST Microelectronics 3 Axis Digital Accelerometer Solution
Steam
TeamViewer 8
Thief 2
Unlocker 1.9.2
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2881065) 32-Bit Edition
Validity Sensors DDK
VC80CRTRedist - 8.0.50727.6195
VideoPad Video Editor
ViewPassword
WavePad Sound Editor
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Mobile Device Updater Component
WinRAR 4.20 (32-bit)
Yodot Doc Repair
Zune
Zune Language Pack (CHS)
Zune Language Pack (CHT)
Zune Language Pack (CSY)
Zune Language Pack (DAN)
Zune Language Pack (DEU)
Zune Language Pack (ELL)
Zune Language Pack (ESP)
Zune Language Pack (FIN)
Zune Language Pack (FRA)
Zune Language Pack (HUN)
Zune Language Pack (IND)
Zune Language Pack (ITA)
Zune Language Pack (JPN)
Zune Language Pack (KOR)
Zune Language Pack (MSL)
Zune Language Pack (NLD)
Zune Language Pack (NOR)
Zune Language Pack (PLK)
Zune Language Pack (PTB)
Zune Language Pack (PTG)
Zune Language Pack (RUS)
Zune Language Pack (SVE)
.
==== End Of File ===========================
 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro Mogg Mester

 

Quanto ao fire wall, ambos estão desligados, tanto Windows como Avast.

 

 

Mantenha sempre um firewall ativado. ;)

 

# Etapa nº 1 #
 
Faça o download Junkware Removal Tool e salve em seu Desktop.
  • Desative seus programas de proteção (antivírus etc) para evitar qualquer conflito.
  • Clique duas vezes JRT.exe
    • Se seu sistema for Windows Vista ou Windows 7 ou Windows 8, clique com o botão direito do mouse e peça para Executar como Administrador.

    [*]Seja paciente e aguarde o scan terminar.[*]Abra o log JRT.txt que está em seu Desktop.[*]Copie todo conteúdo e cole em sua próximo mensagem.

 
# Etapa nº 2 #
 

  • Clique duas vezes no adwcleaner.exe
  • Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png

  • Clique em Pesquisar
No final do scan será aberto um log com o resultado.
Caso algo seja detectado, clique então no botão Remover.
Novamente, no final do scan será aberto um log com o resultado.
Copie todo seu conteúdo e cole em sua próxima resposta.

 
# Etapa nº 3 #
 
Leia as instruções contidas neste link:
 
 
Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"
Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

[*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).
[*]Duplo clique no icone desktopicon.png que está no desktop.
[*]Leia e aceite as condições, digitando 1 e enter.
[*]Computadores com Windows XP deverão instalar o Console de Recuperação:
Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
Clique em "OK" ao EULA.
Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

[*]O ComboFix será executado, por favor seja paciente e aguarde.
[*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.
[*]Poderá surgir o aviso que é necessário reiniciar o computador.
NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.
[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.


NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.
Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Valeu, Diego. Segue o log do JRT

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8 Single Language x64
Ran by Lucas on 17/06/2014 at 20:34:30,44
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1220029359-3082925304-2817561659-1001\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\AboutURLs\\Tabs



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\baidu
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1220029359-3082925304-2817561659-1001\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1220029359-3082925304-2817561659-1001\Software\wajam
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{232f1b14-7126-491f-ac8c-6123ba58fde2}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{33D59858-89D9-4AC2-A956-93875EB02323}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5887B007-9FA0-4B02-9E79-8EDDED1F3ADF}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9F208BDC-5D2A-4741-BE3A-26078138E11F}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\Lucas\AppData\Roaming\getrighttogo"
Successfully deleted: [Folder] "C:\Users\Lucas\appdata\locallow\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\Lucas\appdata\locallow\sitefinder"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ FireFox

Emptied folder: C:\Users\Lucas\AppData\Roaming\mozilla\firefox\profiles\3dxqr01a.default\minidumps [65 files]



~~~ Chrome

Successfully deleted: [Folder] C:\Users\Lucas\appdata\local\Google\Chrome\User Data\Default\Extensions\khcceooakamlehbimaepcldnnlnkcmfk



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17/06/2014 at 20:42:22,18
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

Agora o log do adware :

 

# AdwCleaner v3.212 - Relatório criado 17/06/2014 às 20:46:21
# Atualizado 05/06/2014 por Xplode
# Sistema Operacional : Windows 8 Single Language  (64 bits)
# Usuário : Lucas - LUCAS
# Executando de : C:\Users\Lucas\Desktop\adwcleaner_3.212.exe
# Opção : Limpar

***** [ Serviços ] *****


***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\Users\Public\Documents\baidu
Pasta Deletada : C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\oldchfemoapgakfjnmbngnljnkoapbhd
Arquivo Deletada : C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Arquivo Deletada : C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal

***** [ Atalhos ] *****


***** [ Registro ] *****


***** [ Navegadores ] *****

-\\ Internet Explorer v10.0.9200.16921


-\\ Mozilla Firefox v29.0.1 (pt-BR)

[ Arquivo : C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\3dxqr01a.default\prefs.js ]


-\\ Google Chrome v35.0.1916.153

[ Arquivo : C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [45021 octets] - [02/12/2013 22:42:17]
AdwCleaner[R1].txt - [51613 octets] - [24/05/2014 19:04:31]
AdwCleaner[R2].txt - [1551 octets] - [17/06/2014 20:45:02]
AdwCleaner[s0].txt - [47123 octets] - [24/05/2014 19:05:21]
AdwCleaner[s1].txt - [1461 octets] - [17/06/2014 20:46:21]

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [1521 octets] ##########
 

 

E por fim, o do combo fix

 

ComboFix 14-06-16.01 - Lucas 17/06/2014  21:06:53.2.4 - x64
Microsoft Windows 8 Single Language  6.2.9200.0.1252.55.1046.18.3965.2453 [GMT -3:00]
Executando de: c:\users\Lucas\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((   Outras Exclusões   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\6426\AddOnDownloaded\7bd91bf5-79bd-4c68-b85b-3c132cdb258a.dll
c:\programdata\PCDr\6426\AddOnDownloaded\d460bca3-24f0-49a7-beed-a064fad82750.dll
c:\users\Lucas\AppData\Roaming\unins000.exe
c:\users\Lucas\AppData\Roaming\unins001.exe
.
.
((((((((((((((((   Arquivos/Ficheiros criados de 2014-05-18 to 2014-06-18  ))))))))))))))))))))))))))))
.
.
2014-06-18 00:15 . 2014-06-18 00:15    --------    d-----w-    c:\users\Public\AppData\Local\temp
2014-06-18 00:15 . 2014-06-18 00:15    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-06-17 23:34 . 2014-06-17 23:34    --------    d-----w-    c:\windows\ERUNT
2014-06-17 18:32 . 2014-06-17 18:32    --------    d-----w-    c:\users\Lucas\AppData\Roaming\.mono
2014-06-17 18:32 . 2014-06-17 18:32    --------    d-----w-    c:\users\Lucas\AppData\Local\UWebKit
2014-06-11 19:14 . 2014-05-24 02:47    915968    ----a-w-    c:\windows\system32\uxtheme.dll
2014-06-11 19:13 . 2014-03-07 00:47    1419264    ----a-w-    c:\windows\SysWow64\msxml3.dll
2014-06-11 19:13 . 2014-03-07 00:08    1845760    ----a-w-    c:\windows\system32\msxml3.dll
2014-06-11 19:13 . 2014-04-03 11:22    2233176    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2014-06-11 19:13 . 2014-04-03 11:19    328024    ----a-w-    c:\windows\system32\drivers\Classpnp.sys
2014-06-11 19:13 . 2014-04-03 03:44    619008    ----a-w-    c:\windows\system32\drivers\srv2.sys
2014-06-11 19:13 . 2014-03-24 23:42    305152    ----a-w-    c:\windows\SysWow64\wusa.exe
2014-06-11 19:13 . 2014-03-24 22:56    309760    ----a-w-    c:\windows\system32\wusa.exe
2014-06-11 00:31 . 2014-01-31 20:56    33616    ----a-w-    c:\windows\system32\drivers\iqvw64e.sys
2014-06-05 21:33 . 2014-06-05 21:33    --------    d-----w-    c:\users\Lucas\AppData\Local\SniperV2
2014-06-01 04:44 . 2014-06-01 04:44    --------    d-----w-    c:\programdata\EA Logs
2014-05-31 20:30 . 2014-06-01 04:53    --------    d-----w-    c:\program files (x86)\Origin Games
2014-05-31 20:30 . 2014-06-01 04:09    --------    d-----w-    c:\users\Lucas\AppData\Roaming\Origin
2014-05-31 20:30 . 2014-06-01 04:48    --------    d-----w-    c:\users\Lucas\AppData\Local\Origin
2014-05-31 20:28 . 2014-06-17 23:50    --------    d-----w-    c:\programdata\Origin
2014-05-31 20:28 . 2014-05-31 20:28    --------    d-----w-    c:\programdata\Electronic Arts
2014-05-31 20:27 . 2014-06-17 16:58    --------    d-----w-    c:\program files (x86)\Origin
2014-05-29 20:54 . 2014-05-29 20:53    313256    ----a-w-    c:\windows\system32\javaws.exe
2014-05-29 20:53 . 2014-05-29 20:53    189352    ----a-w-    c:\windows\system32\javaw.exe
2014-05-29 20:53 . 2014-05-29 20:53    111016    ----a-w-    c:\windows\system32\WindowsAccessBridge-64.dll
2014-05-29 20:53 . 2014-05-29 20:53    189352    ----a-w-    c:\windows\system32\java.exe
2014-05-29 20:53 . 2014-05-29 20:53    --------    d-----w-    c:\program files\Java
2014-05-29 00:36 . 2014-05-29 00:36    --------    d-----w-    c:\program files (x86)\Common Files\Skype
2014-05-24 22:05 . 2010-08-30 11:34    536576    ----a-w-    c:\windows\SysWow64\sqlite3.dll
2014-05-24 21:38 . 2014-05-24 21:38    29208    ----a-w-    c:\windows\system32\drivers\aswHwid.sys
2014-05-24 21:38 . 2014-05-24 21:38    28184    ----a-w-    c:\windows\system32\drivers\aswKbd.sys
2014-05-24 21:38 . 2014-05-24 21:38    43152    ----a-w-    c:\windows\avastSS.scr
2014-05-24 21:38 . 2014-05-24 21:39    447888    ----a-w-    c:\windows\system32\drivers\aswNdisFlt.sys
.
.
.
(((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-11 20:07 . 2013-05-07 21:46    95414520    ----a-w-    c:\windows\system32\MRT.exe
2014-05-31 05:16 . 2013-12-13 12:44    703992    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-31 05:16 . 2013-11-16 23:00    105464    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-24 21:39 . 2014-03-21 05:58    85328    ----a-w-    c:\windows\system32\drivers\aswstm.sys
2014-05-24 21:39 . 2014-03-21 05:58    423240    ----a-w-    c:\windows\system32\drivers\aswsp.sys
2014-05-24 21:39 . 2014-03-21 05:58    1039096    ----a-w-    c:\windows\system32\drivers\aswsnx.sys
2014-05-24 21:38 . 2014-03-21 05:58    93568    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
2014-05-24 21:38 . 2014-03-21 05:58    79184    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2014-05-24 21:38 . 2014-03-21 05:58    65776    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2014-05-24 21:38 . 2014-03-21 05:58    208416    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2014-05-24 21:38 . 2014-03-21 05:58    334648    ----a-w-    c:\windows\system32\aswBoot.exe
2014-05-02 19:55 . 2014-05-02 19:18    280792    ----a-w-    c:\windows\SysWow64\PnkBstrB.xtr
2014-05-02 19:55 . 2014-04-26 23:44    280792    ----a-w-    c:\windows\SysWow64\PnkBstrB.exe
2014-05-02 19:19 . 2014-04-26 23:44    76888    ----a-w-    c:\windows\SysWow64\PnkBstrA.exe
2014-05-02 19:19 . 2014-04-26 23:44    280792    ----a-w-    c:\windows\SysWow64\PnkBstrB.ex0
2014-04-19 09:39 . 2014-05-06 15:06    628024    ----a-w-    c:\windows\system32\NotificationUI.exe
2014-04-19 08:45 . 2014-05-06 15:06    693760    ----a-w-    c:\windows\system32\WSShared.dll
2014-04-19 08:45 . 2014-05-06 15:06    163840    ----a-w-    c:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-19 06:57 . 2014-05-06 15:06    566784    ----a-w-    c:\windows\SysWow64\WSShared.dll
2014-04-19 06:57 . 2014-05-06 15:06    124928    ----a-w-    c:\windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-12 09:27 . 2014-05-13 23:22    172888    ----a-w-    c:\windows\system32\drivers\ksecpkg.sys
2014-04-12 09:10 . 2014-05-13 23:22    578048    ----a-w-    c:\windows\system32\winlogon.exe
2014-04-12 09:09 . 2014-05-13 23:22    208896    ----a-w-    c:\windows\system32\wdigest.dll
2014-04-12 09:09 . 2014-05-13 23:22    1043968    ----a-w-    c:\windows\system32\usercpl.dll
2014-04-12 09:09 . 2014-05-13 23:22    94720    ----a-w-    c:\windows\system32\TSpkg.dll
2014-04-12 09:09 . 2014-05-13 23:22    588288    ----a-w-    c:\windows\system32\SHCore.dll
2014-04-12 09:08 . 2014-05-13 23:22    318464    ----a-w-    c:\windows\system32\msv1_0.dll
2014-04-12 09:08 . 2014-05-13 23:23    1281536    ----a-w-    c:\windows\system32\lsasrv.dll
2014-04-12 09:08 . 2014-05-13 23:22    439808    ----a-w-    c:\windows\system32\lsm.dll
2014-04-12 09:08 . 2014-05-13 23:23    827904    ----a-w-    c:\windows\system32\kerberos.dll
2014-04-12 09:07 . 2014-05-13 23:22    20480    ----a-w-    c:\windows\system32\credssp.dll
2014-04-12 07:23 . 2014-05-13 23:22    178688    ----a-w-    c:\windows\SysWow64\wdigest.dll
2014-04-12 07:23 . 2014-05-13 23:22    961536    ----a-w-    c:\windows\SysWow64\usercpl.dll
2014-04-12 07:23 . 2014-05-13 23:22    76800    ----a-w-    c:\windows\SysWow64\TSpkg.dll
2014-04-12 07:23 . 2014-05-13 23:22    452608    ----a-w-    c:\windows\SysWow64\SHCore.dll
2014-04-12 07:23 . 2014-05-13 23:22    273920    ----a-w-    c:\windows\SysWow64\msv1_0.dll
2014-04-12 07:22 . 2014-05-13 23:23    666624    ----a-w-    c:\windows\SysWow64\kerberos.dll
2014-04-12 07:22 . 2014-05-13 23:22    17408    ----a-w-    c:\windows\SysWow64\credssp.dll
2014-04-12 06:58 . 2014-05-13 23:22    14848    ----a-w-    c:\windows\system32\workerdd.dll
2014-04-01 01:46 . 2014-04-01 01:46    130712    ----a-w-    c:\windows\SysWow64\MSSTDFMT.DLL
2014-04-01 01:46 . 2014-04-01 01:46    1070232    ----a-w-    c:\windows\SysWow64\MSCOMCTL.OCX
2014-03-28 19:19 . 2014-05-13 23:23    35856    ----a-w-    c:\windows\system32\drivers\WdBoot.sys
2014-03-28 08:23 . 2014-05-13 23:24    19759104    ----a-w-    c:\windows\system32\shell32.dll
2014-03-28 08:23 . 2014-05-13 23:20    1287168    ----a-w-    c:\windows\system32\schedsvc.dll
2014-03-23 22:11 . 2014-05-13 23:23    269592    ----a-w-    c:\windows\system32\drivers\WdFilter.sys
.
.
((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-05-08 21445248]
"MP3 Skype recorder"="c:\program files (x86)\MP3 Skype Recorder\MP3 Skype Recorder.exe" [2011-11-18 1975296]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2014-05-31 3588952]
"NitroPC"="c:\users\Lucas\Desktop\back up\programas\NitroPC\NitroPC.exe" [2012-08-01 3477504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-09-12 56128]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-10-23 102928]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-06-06 3890208]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [2012-09-23 3477640]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MP3 Skype Recorder"="c:\program files (x86)\MP3 Skype Recorder\MP3 Skype Recorder.exe" [2011-11-18 1975296]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2014-4-27 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]
2014-02-21 19:13    1582632    ------w-    c:\program files (x86)\GbPlugin\gbieh.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages    REG_MULTI_SZ       DPPassFilter scecli
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AutoUpdateDisableNotify"=dword:00000001
.
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 Util diamondata;Util diamondata;c:\program files (x86)\diamondata\bin\utildiamondata.exe;c:\program files (x86)\diamondata\bin\utildiamondata.exe [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 BprotectEx;Baidu ProtectEx;c:\windows\System32\drivers\BprotectEx.sys;c:\windows\SYSNATIVE\drivers\BprotectEx.sys [x]
R3 DellRbtn;Airplane Mode Switch;c:\windows\System32\drivers\DellRbtn.sys;c:\windows\SYSNATIVE\drivers\DellRbtn.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 PCFApiUtil;PCFApiUtil;c:\program files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys;c:\program files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.6;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
S0 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdisFlt.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys;c:\windows\SYSNATIVE\DRIVERS\stdcfltn.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 CLVirtualDrive;CLVirtualDrive;c:\windows\system32\DRIVERS\CLVirtualDrive.sys;c:\windows\SYSNATIVE\DRIVERS\CLVirtualDrive.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\System32\drivers\dtsoftbus01.sys;c:\windows\SYSNATIVE\drivers\dtsoftbus01.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [x]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]
S2 CxUtilSvc;CxUtilSvc;c:\program files\Conexant\SA3\CxUtilSvc.exe;c:\program files\Conexant\SA3\CxUtilSvc.exe [x]
S2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;c:\program files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe;c:\program files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [x]
S2 GbpSv;Gbp Service;c:\progra~2\GbPlugin\GbpSv.exe;c:\progra~2\GbPlugin\GbpSv.exe [x]
S2 IAStorDataMgrSvc;Tecnologia de armazenamento Intel® Rapid;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 PCAppStoreSvc_{PCAppStore_4.4.0.5812};Baidu PC App Store Service 4.4.0.5812;c:\program files (x86)\Baidu Security\PC App Store\4.4.0.5812\PCAppStoreSvc.exe;c:\program files (x86)\Baidu Security\PC App Store\4.4.0.5812\PCAppStoreSvc.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell Backup and Recovery\sftservice.exe;c:\program files (x86)\Dell Backup and Recovery\sftservice.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 vcsFPService;Validity vocês Fingerprint Service;c:\windows\system32\vcsFPService.exe;c:\windows\SYSNATIVE\vcsFPService.exe [x]
S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe [x]
S3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
S3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;c:\windows\System32\drivers\btath_bus.sys;c:\windows\SYSNATIVE\drivers\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\System32\drivers\btath_hcrp.sys;c:\windows\SYSNATIVE\drivers\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\System32\drivers\btath_rcp.sys;c:\windows\SYSNATIVE\drivers\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 BthLEEnum;Driver de Baixa Energia do Bluetooth;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
S3 ETD;Dell Touchpad;c:\windows\System32\drivers\ETD.sys;c:\windows\SYSNATIVE\drivers\ETD.sys [x]
S3 IntcDAud;Áudio do vídeo Intel®;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
S3 ST_ACCEL;STMicroelectronics Accelerometer Service;c:\windows\system32\DRIVERS\ST_Accel.sys;c:\windows\SYSNATIVE\DRIVERS\ST_Accel.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-13 03:57    1091912    ----a-w-    c:\program files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2014-06-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-07 23:42]
.
2014-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-21 01:15]
.
2014-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-21 01:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-05-24 21:38    290888    ----a-w-    c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09    164016    ----a-w-    c:\users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09    164016    ----a-w-    c:\users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09    164016    ----a-w-    c:\users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09    164016    ----a-w-    c:\users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDCtrl"="c:\program files\Elantech\ETDCtrl.exe" [2012-10-31 2780048]
"SmartAudio"="c:\program files\CONEXANT\SA3\SACpl.exe" [2012-06-13 1647616]
"BtTray"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe" [2012-09-14 764544]
"BtvStack"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" [2012-09-14 127616]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-06 171040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-06 399392]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
.
------- Scan Suplementar -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
IE: Anexar a PDF existente - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Anexar destino do link a PDF existente - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Converter destino do link em Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Converter em Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xportar para o Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: bancobrasil.com.br\www
Trusted Zone: bancobrasil.com.br\www14
Trusted Zone: bancobrasil.com.br\www2
Trusted Zone: bb.com.br\www
TCP: DhcpNameServer = 192.168.25.1
FF - ProfilePath - c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\3dxqr01a.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com.br
FF - prefs.js: keyword.URL -
.
- - - - ORFÃOS REMOVIDOS - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-BattlEye for A2 - c:\program files (x86)\Steam\steamapps\common\Arma 2BattlEye\UnInstallBE.exe
AddRemove-{36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1 - c:\users\Lucas\AppData\Roaming\unins001.exe
AddRemove-{5d01f486-f32d-462e-8830-cc1d116e8ece}_is1 - c:\users\Lucas\AppData\Roaming\unins000.exe
AddRemove-{e96ba9ae-2b3e-4417-8f3f-36c0ced95df1} - c:\program files (x86)\ViewPassword\Uninstall.exe
.
.
.
Tempo para conclusão: 2014-06-17  21:35:46
ComboFix-quarantined-files.txt  2014-06-18 00:35
.
Pré-execução: 386.173.476.864 bytes disponíveis
Pós execução: 386.068.541.440 bytes disponíveis
.
- - End Of File - - 842564F1966A336DC2D0DAAA518D2040
 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro Mogg Mester

 

Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).
  • Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Código":
KillAll:: File::c:\windows\System32\drivers\BprotectEx.sys Folder::c:\program files (x86)\Baidu Security Driver::BprotectExPCFApiUtilPCAppStoreSvc_{PCAppStore_4.4.0.5812} ADS::
  • Salve este arquivo como: CFScript.txt
Tal com exemplificado na animação abaixo, arraste o arquivo CFScript.txt para dentro do ComboFix.exe. Quando a ferramenta terminar de rodar, gerará um log. Poste esse arquivo C:\ComboFix.txt.

2872959479_997d4500c4_o.gif
 
Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Prezado Diego:

Bom dia,

Deu umas travadas absurdas aqui, mas saiu:

 

ComboFix 14-06-16.01 - Lucas 19/06/2014  12:23:09.3.4 - x64
Microsoft Windows 8 Single Language  6.2.9200.0.1252.55.1046.18.3965.2578 [GMT -3:00]
Executando de: c:\users\Lucas\Desktop\ComboFix.exe
Comandos utilizados :: c:\users\Lucas\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Criado um novo ponto de restauração
.
FILE ::
"c:\windows\System32\drivers\BprotectEx.sys"
.
.
(((((((((((((((((((((((((((((((((((((   Outras Exclusões   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Baidu Security
c:\program files (x86)\Baidu Security\PC App Store\4.3.1.5579\update\PCAppStore_Setup.exe
c:\program files (x86)\Baidu Security\PC App Store\4.4.0.5812\AppLogReporter.exe
c:\program files (x86)\Baidu Security\PC App Store\4.4.0.5812\AppPopUpTip.exe
c:\program files (x86)\Baidu Security\PC App Store\4.4.0.5812\appstore_sync.exe
c:\program files (x86)\Baidu Security\PC App Store\4.4.0.5812\AppStoreDataReport.dll
c:\program files (x86)\Baidu Security\PC App Store\4.4.0.5812\AppStoreDeskTool.exe
c:\program files (x86)\Baidu Security\PC App Store\4.4.0.5812\AppStoreHelper.dll
c:\program files (x86)\Baidu Security\PC App Store\4.4.0.5812\AppStoreSencePopup.exe
c:\program files (x86)\Baidu Security\PC App Store\4.4.0.5812\AppStoreUpdater.exe
c:\program files (x86)\Baidu Security\PC App Store\4.4.0.5812\AppStoreUtilExe.exe
c:\program files (x86)\Baidu Security\PC App Store\4.4.0.5812\bdappdownloader.exe
c:\program files (x86)\Baidu Security\PC App Store\4.4.0.5812\bdMiniDownloaderGB_PCF-mini_32_1648.exe
c:\program files (x86)\Baidu Security\PC App Store\4.4.0.5812\Communication.dll
c:\program files (x86)\Baidu Security\PC App Store\4.4.0.5812\config.ini
c:\program files (x86)\Baidu Security\PC App Store\4.4.0.5812\CrashReport.exe
c:\program files (x86)\Baidu Security\PC App Store\4.4.0.5812\CrashUL.exe
c:\program files (x86)\Baidu Security\PC App Store\4.4.0.5812\DataReport.dll
c:\program files (x86)\Baidu Security\PC App Store\4.4.0.5812\dbghelp.dll
c:\program files (x86)\Baidu Security\PC App Store\4.4.0.5812\DirectUI.dll
c:\program files (x86)\Baidu Security\PC App Store\4.4.0.5812\downloader_engine.dll
c:\program files (x86)\Baidu Security\PC App Store\4.4.0.5812\ftex.exe
c:\program files (x86)\Baidu Security\PC App Store\4.4.0.5812\I18N\1033\AppStoreUpdater\AppStoreUpdater.bskin
c:\program files (x86)\Baidu Security\PC App Store\4.4.0.5812\I18N\1033\BugReporter\BugReporter.bskin
c:\program files (x86)\Baidu Security\PC App Store\4.4.0.5812\I18N\1033\softmgr\softmgr.bskin
c:\program files (x86)\Baidu Security\PC App Store\4.4.0.5812\I18N\1033\updatepopup\updatepopup.bskin
c:\program files (x86)\Baidu Security\PC App Store\4.4.0.5812\I18N\1046\AppStoreUpdater\AppStoreUpdater.bskin
c:\program files (x86)\Baidu Security\PC App Store\4.4.0.5812\I18N\1046\BugReporter\BugReporter.bskin
c:\program files (x86)\Baidu Security\PC App Store\4.4.0.5812\I18N\1046\softmgr\softmgr.bskin
c:\program files (x86)\Baidu Security\PC App Store\4.4.0.5812\I18N\1046\updatepopup\updatepopup.bskin
c:\program files (x86)\Baidu Security\PC App Store\4.4.0.5812\I18N\1054\AppStoreUpdater\AppStoreUpdater.bskin
c:\program files (x86)\Baidu Security\PC App Store\4.4.0.5812\I18N\1054\BugReporter\BugReporter.bskin
c:\program files (x86)\Baidu Security\PC App Store\4.4.0.5812\I18N\1054\softmgr\softmgr.bskin
c:\program files (x86)\Baidu Security\PC App Store\4.4.0.5812\I18N\1054\updatepopup\updatepopup.bskin
c:\program files (x86)\Baidu Security\PC App Store\4.4.0.5812\I18N\1057\AppStoreUpdater\AppStoreUpdater.bskin
c:\program files (x86)\Baidu Security\PC App Store\4.4.0.5812\I18N\1057\BugReporter\BugReporter.bskin
c:\program files (x86)\Baidu Security\PC App Store\4.4.0.5812\I18N\1057\softmgr\softmgr.bskin
c:\program files (x86)\Baidu Security\PC App Store\4.4.0.5812\I18N\1057\updatepopup\updatepopup.bskin
c:\program files (x86)\Baidu Security\PC App Store\4.4.0.5812\I18N\3082\AppStoreUpdater\AppStoreUpdater.bskin
c:\program files (x86)\Baidu Security\PC App Store\4.4.0.5812\I18N\3082\BugReporter\BugReporter.bskin
c:\program files (x86)\Baidu Security\PC App Store\4.4.0.5812\I18N\3082\softmgr\softmgr.bskin
c:\program files (x86)\Baidu Security\PC App Store\4.4.0.5812\I18N\3082\updatepopup\updatepopup.bskin
c:\program files (x86)\Baidu Security\PC App Store\4.4.0.5812\log.dll
c:\program files (x86)\Baidu Security\PC App Store\4.4.0.5812\pcapp_data\soft_info.db3
c:\program files (x86)\Baidu Security\PC App Store\4.4.0.5812\PCAppStore.exe
c:\program files (x86)\Baidu Security\PC App Store\4.4.0.5812\PCAppStoreSvc.exe
c:\program files (x86)\Baidu Security\PC App Store\4.4.0.5812\Plugins\Plugin.ServShellEx\ServShellEx.dll
c:\program files (x86)\Baidu Security\PC App Store\4.4.0.5812\Plugins\PluginConfig.xml
c:\program files (x86)\Baidu Security\PC App Store\4.4.0.5812\ProgramFileList.xml
c:\program files (x86)\Baidu Security\PC App Store\4.4.0.5812\skin\AppStoreUpdater\AppStoreUpdater.bskin
c:\program files (x86)\Baidu Security\PC App Store\4.4.0.5812\skin\common\common.bskin
c:\program files (x86)\Baidu Security\PC App Store\4.4.0.5812\skin\DeskTool\DeskTool.bskin
c:\program files (x86)\Baidu Security\PC App Store\4.4.0.5812\skin\DownloadPage\DownloadPage.bskin
c:\program files (x86)\Baidu Security\PC App Store\4.4.0.5812\skin\GameNetPage\GameNetPage.bskin
c:\program files (x86)\Baidu Security\PC App Store\4.4.0.5812\skin\homepage\homepage.bskin
c:\program files (x86)\Baidu Security\PC App Store\4.4.0.5812\skin\mainframe\mainframe.bskin
c:\program files (x86)\Baidu Security\PC App Store\4.4.0.5812\skin\PCEssentialPage\PCEssentialPage.bskin
c:\program files (x86)\Baidu Security\PC App Store\4.4.0.5812\skin\PopDialog\PopDialog.bskin
c:\program files (x86)\Baidu Security\PC App Store\4.4.0.5812\skin\RookieGuidePage\RookieGuidePage.bskin
c:\program files (x86)\Baidu Security\PC App Store\4.4.0.5812\skin\Scattered\20107.bmp
c:\program files (x86)\Baidu Security\PC App Store\4.4.0.5812\skin\Scattered\37226.bmp
c:\program files (x86)\Baidu Security\PC App Store\4.4.0.5812\skin\Scattered\37403.bmp
c:\program files (x86)\Baidu Security\PC App Store\4.4.0.5812\skin\Scattered\43051.bmp
c:\program files (x86)\Baidu Security\PC App Store\4.4.0.5812\skin\Scattered\43052.bmp
c:\program files (x86)\Baidu Security\PC App Store\4.4.0.5812\skin\Scattered\43055.bmp
c:\program files (x86)\Baidu Security\PC App Store\4.4.0.5812\skin\Scattered\78.bmp
c:\program files (x86)\Baidu Security\PC App Store\4.4.0.5812\skin\Scattered\79.bmp
c:\program files (x86)\Baidu Security\PC App Store\4.4.0.5812\skin\Scattered\79177.bmp
c:\program files (x86)\Baidu Security\PC App Store\4.4.0.5812\skin\Scattered\79180.bmp
c:\program files (x86)\Baidu Security\PC App Store\4.4.0.5812\skin\Scattered\9978.bmp
c:\program files (x86)\Baidu Security\PC App Store\4.4.0.5812\skin\Scattered\app16.bmp
c:\program files (x86)\Baidu Security\PC App Store\4.4.0.5812\skin\Scattered\app32.bmp
c:\program files (x86)\Baidu Security\PC App Store\4.4.0.5812\skin\Scattered\app48.bmp
c:\program files (x86)\Baidu Security\PC App Store\4.4.0.5812\skin\Scattered\default.ico
c:\program files (x86)\Baidu Security\PC App Store\4.4.0.5812\skin\Scattered\icn_dl.png
c:\program files (x86)\Baidu Security\PC App Store\4.4.0.5812\skin\Scattered\icn_ignore.png
c:\program files (x86)\Baidu Security\PC App Store\4.4.0.5812\skin\Scattered\softmgr_catalog_icon\icon_all.png
c:\program files (x86)\Baidu Security\PC App Store\4.4.0.5812\skin\Scattered\softmgr_catalog_icon\icon_hot.png
c:\program files (x86)\Baidu Security\PC App Store\4.4.0.5812\skin\Scattered\softmgr_catalog_icon\icon_pc-essential.png
c:\program files (x86)\Baidu Security\PC App Store\4.4.0.5812\skin\SencePopup\SencePopup.bskin
c:\program files (x86)\Baidu Security\PC App Store\4.4.0.5812\skin\updatepopup\updatepopup.bskin
c:\program files (x86)\Baidu Security\PC App Store\4.4.0.5812\skin\WallPaper\WallPaper.bskin
c:\program files (x86)\Baidu Security\PC App Store\4.4.0.5812\softmgr_update.exe
c:\program files (x86)\Baidu Security\PC App Store\4.4.0.5812\sqlite.dll
c:\program files (x86)\Baidu Security\PC App Store\4.4.0.5812\Uninstall.exe
c:\program files (x86)\Baidu Security\PC App Store\4.4.0.5812\update.dll
c:\program files (x86)\Baidu Security\PC App Store\4.4.0.5812\update_config.xml
c:\program files (x86)\Baidu Security\PC App Store\4.4.0.5812\update_statistic.xml
c:\program files (x86)\Baidu Security\PC App Store\4.4.0.5812\update_tools.exe
c:\program files (x86)\Baidu Security\PC App Store\4.4.0.5812\UpdatePopUp.exe
c:\program files (x86)\Baidu Security\PC App Store\4.4.0.5812\url.ini
c:\program files (x86)\Baidu Security\PC App Store\4.4.0.5812\version.xml
c:\program files (x86)\Baidu Security\PC App Store\4.4.0.5812\WallPaper.dll
c:\program files (x86)\Baidu Security\PC Faster\4.0.0.0\fn.dat
c:\program files (x86)\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.Cleaner\SoftIcons.db
c:\program files (x86)\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.Cleaner\t1.db
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Serviços   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_BprotectEx
-------\Service_PCAppStoreSvc_{PCAppStore_4.4.0.5812}
-------\Service_PCFApiUtil
.
.
((((((((((((((((   Arquivos/Ficheiros criados de 2014-05-19 to 2014-06-19  ))))))))))))))))))))))))))))
.
.
2014-06-19 15:33 . 2014-06-19 15:33    --------    d-----w-    c:\users\Public\AppData\Local\temp
2014-06-19 15:33 . 2014-06-19 15:33    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-06-17 23:34 . 2014-06-17 23:34    --------    d-----w-    c:\windows\ERUNT
2014-06-17 18:32 . 2014-06-17 18:32    --------    d-----w-    c:\users\Lucas\AppData\Roaming\.mono
2014-06-17 18:32 . 2014-06-17 18:32    --------    d-----w-    c:\users\Lucas\AppData\Local\UWebKit
2014-06-11 19:14 . 2014-05-24 02:47    915968    ----a-w-    c:\windows\system32\uxtheme.dll
2014-06-11 19:13 . 2014-03-07 00:47    1419264    ----a-w-    c:\windows\SysWow64\msxml3.dll
2014-06-11 19:13 . 2014-03-07 00:08    1845760    ----a-w-    c:\windows\system32\msxml3.dll
2014-06-11 19:13 . 2014-04-03 11:22    2233176    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2014-06-11 19:13 . 2014-04-03 11:19    328024    ----a-w-    c:\windows\system32\drivers\Classpnp.sys
2014-06-11 19:13 . 2014-04-03 03:44    619008    ----a-w-    c:\windows\system32\drivers\srv2.sys
2014-06-11 19:13 . 2014-03-24 23:42    305152    ----a-w-    c:\windows\SysWow64\wusa.exe
2014-06-11 19:13 . 2014-03-24 22:56    309760    ----a-w-    c:\windows\system32\wusa.exe
2014-06-11 00:31 . 2014-01-31 20:56    33616    ----a-w-    c:\windows\system32\drivers\iqvw64e.sys
2014-06-05 21:33 . 2014-06-05 21:33    --------    d-----w-    c:\users\Lucas\AppData\Local\SniperV2
2014-06-01 04:44 . 2014-06-01 04:44    --------    d-----w-    c:\programdata\EA Logs
2014-05-31 20:30 . 2014-06-01 04:53    --------    d-----w-    c:\program files (x86)\Origin Games
2014-05-31 20:30 . 2014-06-01 04:09    --------    d-----w-    c:\users\Lucas\AppData\Roaming\Origin
2014-05-31 20:30 . 2014-06-01 04:48    --------    d-----w-    c:\users\Lucas\AppData\Local\Origin
2014-05-31 20:28 . 2014-06-19 14:59    --------    d-----w-    c:\programdata\Origin
2014-05-31 20:28 . 2014-05-31 20:28    --------    d-----w-    c:\programdata\Electronic Arts
2014-05-31 20:27 . 2014-06-19 15:07    --------    d-----w-    c:\program files (x86)\Origin
2014-05-29 20:54 . 2014-05-29 20:53    313256    ----a-w-    c:\windows\system32\javaws.exe
2014-05-29 20:53 . 2014-05-29 20:53    189352    ----a-w-    c:\windows\system32\javaw.exe
2014-05-29 20:53 . 2014-05-29 20:53    111016    ----a-w-    c:\windows\system32\WindowsAccessBridge-64.dll
2014-05-29 20:53 . 2014-05-29 20:53    189352    ----a-w-    c:\windows\system32\java.exe
2014-05-29 20:53 . 2014-05-29 20:53    --------    d-----w-    c:\program files\Java
2014-05-29 00:36 . 2014-05-29 00:36    --------    d-----w-    c:\program files (x86)\Common Files\Skype
2014-05-24 22:05 . 2010-08-30 11:34    536576    ----a-w-    c:\windows\SysWow64\sqlite3.dll
2014-05-24 21:38 . 2014-05-24 21:38    29208    ----a-w-    c:\windows\system32\drivers\aswHwid.sys
2014-05-24 21:38 . 2014-05-24 21:38    28184    ----a-w-    c:\windows\system32\drivers\aswKbd.sys
2014-05-24 21:38 . 2014-05-24 21:38    43152    ----a-w-    c:\windows\avastSS.scr
2014-05-24 21:38 . 2014-05-24 21:39    447888    ----a-w-    c:\windows\system32\drivers\aswNdisFlt.sys
.
.
.
(((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-11 20:07 . 2013-05-07 21:46    95414520    ----a-w-    c:\windows\system32\MRT.exe
2014-05-31 05:16 . 2013-12-13 12:44    703992    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-31 05:16 . 2013-11-16 23:00    105464    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-24 21:39 . 2014-03-21 05:58    85328    ----a-w-    c:\windows\system32\drivers\aswstm.sys
2014-05-24 21:39 . 2014-03-21 05:58    423240    ----a-w-    c:\windows\system32\drivers\aswsp.sys
2014-05-24 21:39 . 2014-03-21 05:58    1039096    ----a-w-    c:\windows\system32\drivers\aswsnx.sys
2014-05-24 21:38 . 2014-03-21 05:58    93568    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
2014-05-24 21:38 . 2014-03-21 05:58    79184    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2014-05-24 21:38 . 2014-03-21 05:58    65776    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2014-05-24 21:38 . 2014-03-21 05:58    208416    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2014-05-24 21:38 . 2014-03-21 05:58    334648    ----a-w-    c:\windows\system32\aswBoot.exe
2014-05-02 19:55 . 2014-05-02 19:18    280792    ----a-w-    c:\windows\SysWow64\PnkBstrB.xtr
2014-05-02 19:55 . 2014-04-26 23:44    280792    ----a-w-    c:\windows\SysWow64\PnkBstrB.exe
2014-05-02 19:19 . 2014-04-26 23:44    76888    ----a-w-    c:\windows\SysWow64\PnkBstrA.exe
2014-05-02 19:19 . 2014-04-26 23:44    280792    ----a-w-    c:\windows\SysWow64\PnkBstrB.ex0
2014-04-19 09:39 . 2014-05-06 15:06    628024    ----a-w-    c:\windows\system32\NotificationUI.exe
2014-04-19 08:45 . 2014-05-06 15:06    693760    ----a-w-    c:\windows\system32\WSShared.dll
2014-04-19 08:45 . 2014-05-06 15:06    163840    ----a-w-    c:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-19 06:57 . 2014-05-06 15:06    566784    ----a-w-    c:\windows\SysWow64\WSShared.dll
2014-04-19 06:57 . 2014-05-06 15:06    124928    ----a-w-    c:\windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-12 09:27 . 2014-05-13 23:22    172888    ----a-w-    c:\windows\system32\drivers\ksecpkg.sys
2014-04-12 09:10 . 2014-05-13 23:22    578048    ----a-w-    c:\windows\system32\winlogon.exe
2014-04-12 09:09 . 2014-05-13 23:22    208896    ----a-w-    c:\windows\system32\wdigest.dll
2014-04-12 09:09 . 2014-05-13 23:22    1043968    ----a-w-    c:\windows\system32\usercpl.dll
2014-04-12 09:09 . 2014-05-13 23:22    94720    ----a-w-    c:\windows\system32\TSpkg.dll
2014-04-12 09:09 . 2014-05-13 23:22    588288    ----a-w-    c:\windows\system32\SHCore.dll
2014-04-12 09:08 . 2014-05-13 23:22    318464    ----a-w-    c:\windows\system32\msv1_0.dll
2014-04-12 09:08 . 2014-05-13 23:23    1281536    ----a-w-    c:\windows\system32\lsasrv.dll
2014-04-12 09:08 . 2014-05-13 23:22    439808    ----a-w-    c:\windows\system32\lsm.dll
2014-04-12 09:08 . 2014-05-13 23:23    827904    ----a-w-    c:\windows\system32\kerberos.dll
2014-04-12 09:07 . 2014-05-13 23:22    20480    ----a-w-    c:\windows\system32\credssp.dll
2014-04-12 07:23 . 2014-05-13 23:22    178688    ----a-w-    c:\windows\SysWow64\wdigest.dll
2014-04-12 07:23 . 2014-05-13 23:22    961536    ----a-w-    c:\windows\SysWow64\usercpl.dll
2014-04-12 07:23 . 2014-05-13 23:22    76800    ----a-w-    c:\windows\SysWow64\TSpkg.dll
2014-04-12 07:23 . 2014-05-13 23:22    452608    ----a-w-    c:\windows\SysWow64\SHCore.dll
2014-04-12 07:23 . 2014-05-13 23:22    273920    ----a-w-    c:\windows\SysWow64\msv1_0.dll
2014-04-12 07:22 . 2014-05-13 23:23    666624    ----a-w-    c:\windows\SysWow64\kerberos.dll
2014-04-12 07:22 . 2014-05-13 23:22    17408    ----a-w-    c:\windows\SysWow64\credssp.dll
2014-04-12 06:58 . 2014-05-13 23:22    14848    ----a-w-    c:\windows\system32\workerdd.dll
2014-04-01 01:46 . 2014-04-01 01:46    130712    ----a-w-    c:\windows\SysWow64\MSSTDFMT.DLL
2014-04-01 01:46 . 2014-04-01 01:46    1070232    ----a-w-    c:\windows\SysWow64\MSCOMCTL.OCX
2014-03-28 19:19 . 2014-05-13 23:23    35856    ----a-w-    c:\windows\system32\drivers\WdBoot.sys
2014-03-28 08:23 . 2014-05-13 23:24    19759104    ----a-w-    c:\windows\system32\shell32.dll
2014-03-28 08:23 . 2014-05-13 23:20    1287168    ----a-w-    c:\windows\system32\schedsvc.dll
2014-03-23 22:11 . 2014-05-13 23:23    269592    ----a-w-    c:\windows\system32\drivers\WdFilter.sys
.
.
((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-05-08 21445248]
"MP3 Skype recorder"="c:\program files (x86)\MP3 Skype Recorder\MP3 Skype Recorder.exe" [2011-11-18 1975296]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2014-05-31 3588952]
"NitroPC"="c:\users\Lucas\Desktop\back up\programas\NitroPC\NitroPC.exe" [2012-08-01 3477504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-09-12 56128]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-10-23 102928]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-06-06 3890208]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [2012-09-23 3477640]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MP3 Skype Recorder"="c:\program files (x86)\MP3 Skype Recorder\MP3 Skype Recorder.exe" [2011-11-18 1975296]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2014-4-27 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]
2014-02-21 19:13    1582632    ------w-    c:\program files (x86)\GbPlugin\gbieh.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages    REG_MULTI_SZ       DPPassFilter scecli
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AutoUpdateDisableNotify"=dword:00000001
.
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
S0 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdisFlt.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [x]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]
S3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-13 03:57    1091912    ----a-w-    c:\program files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2014-06-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-07 23:42]
.
2014-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-21 01:15]
.
2014-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-21 01:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-05-24 21:38    290888    ----a-w-    c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09    164016    ----a-w-    c:\users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDCtrl"="c:\program files\Elantech\ETDCtrl.exe" [2012-10-31 2780048]
"SmartAudio"="c:\program files\CONEXANT\SA3\SACpl.exe" [2012-06-13 1647616]
"BtTray"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe" [2012-09-14 764544]
"BtvStack"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" [2012-09-14 127616]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-06 171040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-06 399392]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
.
------- Scan Suplementar -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
IE: Anexar a PDF existente - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Anexar destino do link a PDF existente - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Converter destino do link em Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Converter em Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xportar para o Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: bancobrasil.com.br\www
Trusted Zone: bancobrasil.com.br\www14
Trusted Zone: bancobrasil.com.br\www2
Trusted Zone: bb.com.br\www
TCP: DhcpNameServer = 192.168.25.1
FF - ProfilePath - c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\3dxqr01a.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com.br
FF - prefs.js: keyword.URL -
.
- - - - ORFÃOS REMOVIDOS - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
AddRemove-BattlEye for A2 - c:\program files (x86)\Steam\steamapps\common\Arma 2BattlEye\UnInstallBE.exe
AddRemove-PC App Store 4.4.0.5812 - c:\program files (x86)\Baidu Security\PC App Store\4.4.0.5812\Uninstall.exe
AddRemove-{36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1 - c:\users\Lucas\AppData\Roaming\unins001.exe
AddRemove-{5d01f486-f32d-462e-8830-cc1d116e8ece}_is1 - c:\users\Lucas\AppData\Roaming\unins000.exe
AddRemove-{e96ba9ae-2b3e-4417-8f3f-36c0ced95df1} - c:\program files (x86)\ViewPassword\Uninstall.exe
.
.
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
------------------------ Outros Processos em Execução ------------------------
.
c:\progra~2\GbPlugin\GbpSv.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Conexant\SA3\CxUtilSvc.exe
c:\program files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe
c:\program files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Dell Backup and Recovery\sftservice.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
c:\program files (x86)\TeamViewer\Version8\TeamViewer.exe
c:\program files (x86)\TeamViewer\Version8\tv_w32.exe
c:\program files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
.
**************************************************************************
.
Tempo para conclusão: 2014-06-19  13:00:26 - Máquina reiniciou
ComboFix-quarantined-files.txt  2014-06-19 16:00
ComboFix2.txt  2014-06-18 00:35
.
Pré-execução: 385.431.560.192 bytes disponíveis
Pós execução: 385.376.960.512 bytes disponíveis
.
- - End Of File - - 628803EA2CC132C871BEC7DB3E538956
 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro Mogg Mester

 

# Etapa nº 1 #
 
Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).
  • Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Código":
RegLock::[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings][HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0001\AllUserSettings]
  • Salve este arquivo como: CFScript.txt
Tal com exemplificado na animação abaixo, arraste o arquivo CFScript.txt para dentro do ComboFix.exe. Quando a ferramenta terminar de rodar, gerará um log. Poste esse arquivo C:\ComboFix.txt.

2872959479_997d4500c4_o.gif
 
# Etapa nº 2 #
 
Faça o download do Malwarebytes Anti-Malware:
  • Link1
  • Link alternativo
    • Clique duas vezes em mbam-setup.exe, escolha a linguagem e siga as instruções para o software ser instalado.
    • Certifique-se que esteja marcada a caixa Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware, e clique em concluir.
    • Se existirem atualizações, elas serão baixadas e instaladas.
    • Quando as atualizações terminarem, abrirá uma janela do programa. Marque "Verificação Rápida", e depois clique no botão Verificar.
    • O scan iniciará e poderá ser demorado. Por favor seja paciente.
    • Quando o scan estiver completo, clique em Ok, depois em Mostrar Resultados para ver o log.
    • Se algo for encontrado, certifique-se que tudo está marcado e clique em Remover.
    • Quando a desinfecção terminar, automaticamente um log surgirá aberto num documento do Bloco de Notas e pode ser questionado para reiniciar o PC. (Leia a nota)
    • O log é automaticamente guardado e pode ser consultado clicando na tab Logs do menu principal.
    • Copie e cole o conteúdo desse log na sua próxima resposta.

Nota: Em infecções mais complicadas, poderá haver a necessidade de reiniciar o PC. Caso lhe seja pedido para reiniciar, por favor, faça-o imediatamente.

 
Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Prezado Diego:

 

Ai vai o log do combo fix

 

ComboFix 14-06-16.01 - Lucas 21/06/2014  14:03:28.4.4 - x64
Microsoft Windows 8 Single Language  6.2.9200.0.1252.55.1046.18.3965.2409 [GMT -3:00]
Executando de: c:\users\Lucas\Desktop\ComboFix.exe
Comandos utilizados :: c:\users\Lucas\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((   Outras Exclusões   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\6426\AddOnDownloaded\7bd91bf5-79bd-4c68-b85b-3c132cdb258a.dll
c:\programdata\PCDr\6426\AddOnDownloaded\d460bca3-24f0-49a7-beed-a064fad82750.dll
.
.
((((((((((((((((   Arquivos/Ficheiros criados de 2014-05-21 to 2014-06-21  ))))))))))))))))))))))))))))
.
.
2014-06-21 17:12 . 2014-06-21 17:12    --------    d-----w-    c:\users\Public\AppData\Local\temp
2014-06-21 17:12 . 2014-06-21 17:12    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-06-19 16:52 . 2014-06-20 20:36    --------    d-----w-    c:\program files (x86)\Titan Poker
2014-06-17 23:34 . 2014-06-17 23:34    --------    d-----w-    c:\windows\ERUNT
2014-06-17 18:32 . 2014-06-17 18:32    --------    d-----w-    c:\users\Lucas\AppData\Roaming\.mono
2014-06-17 18:32 . 2014-06-17 18:32    --------    d-----w-    c:\users\Lucas\AppData\Local\UWebKit
2014-06-11 19:14 . 2014-05-24 02:47    915968    ----a-w-    c:\windows\system32\uxtheme.dll
2014-06-11 19:13 . 2014-03-07 00:47    1419264    ----a-w-    c:\windows\SysWow64\msxml3.dll
2014-06-11 19:13 . 2014-03-07 00:08    1845760    ----a-w-    c:\windows\system32\msxml3.dll
2014-06-11 19:13 . 2014-04-03 11:22    2233176    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2014-06-11 19:13 . 2014-04-03 11:19    328024    ----a-w-    c:\windows\system32\drivers\Classpnp.sys
2014-06-11 19:13 . 2014-04-03 03:44    619008    ----a-w-    c:\windows\system32\drivers\srv2.sys
2014-06-11 19:13 . 2014-03-24 23:42    305152    ----a-w-    c:\windows\SysWow64\wusa.exe
2014-06-11 19:13 . 2014-03-24 22:56    309760    ----a-w-    c:\windows\system32\wusa.exe
2014-06-11 00:31 . 2014-01-31 20:56    33616    ----a-w-    c:\windows\system32\drivers\iqvw64e.sys
2014-06-05 21:33 . 2014-06-05 21:33    --------    d-----w-    c:\users\Lucas\AppData\Local\SniperV2
2014-06-01 04:44 . 2014-06-01 04:44    --------    d-----w-    c:\programdata\EA Logs
2014-05-31 20:30 . 2014-06-01 04:53    --------    d-----w-    c:\program files (x86)\Origin Games
2014-05-31 20:30 . 2014-06-01 04:09    --------    d-----w-    c:\users\Lucas\AppData\Roaming\Origin
2014-05-31 20:30 . 2014-06-01 04:48    --------    d-----w-    c:\users\Lucas\AppData\Local\Origin
2014-05-31 20:28 . 2014-06-19 14:59    --------    d-----w-    c:\programdata\Origin
2014-05-31 20:28 . 2014-05-31 20:28    --------    d-----w-    c:\programdata\Electronic Arts
2014-05-31 20:27 . 2014-06-19 15:07    --------    d-----w-    c:\program files (x86)\Origin
2014-05-29 20:54 . 2014-05-29 20:53    313256    ----a-w-    c:\windows\system32\javaws.exe
2014-05-29 20:53 . 2014-05-29 20:53    189352    ----a-w-    c:\windows\system32\javaw.exe
2014-05-29 20:53 . 2014-05-29 20:53    111016    ----a-w-    c:\windows\system32\WindowsAccessBridge-64.dll
2014-05-29 20:53 . 2014-05-29 20:53    189352    ----a-w-    c:\windows\system32\java.exe
2014-05-29 20:53 . 2014-05-29 20:53    --------    d-----w-    c:\program files\Java
2014-05-29 00:36 . 2014-05-29 00:36    --------    d-----w-    c:\program files (x86)\Common Files\Skype
2014-05-24 22:05 . 2010-08-30 11:34    536576    ----a-w-    c:\windows\SysWow64\sqlite3.dll
2014-05-24 21:38 . 2014-05-24 21:38    29208    ----a-w-    c:\windows\system32\drivers\aswHwid.sys
2014-05-24 21:38 . 2014-05-24 21:38    28184    ----a-w-    c:\windows\system32\drivers\aswKbd.sys
2014-05-24 21:38 . 2014-05-24 21:38    43152    ----a-w-    c:\windows\avastSS.scr
2014-05-24 21:38 . 2014-05-24 21:39    447888    ----a-w-    c:\windows\system32\drivers\aswNdisFlt.sys
.
.
.
(((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-20 02:37 . 2014-05-02 19:18    280792    ----a-w-    c:\windows\SysWow64\PnkBstrB.xtr
2014-06-20 02:37 . 2014-04-26 23:44    280792    ----a-w-    c:\windows\SysWow64\PnkBstrB.exe
2014-06-20 01:59 . 2014-04-26 23:44    280792    ----a-w-    c:\windows\SysWow64\PnkBstrB.ex0
2014-06-11 20:07 . 2013-05-07 21:46    95414520    ----a-w-    c:\windows\system32\MRT.exe
2014-05-31 05:16 . 2013-12-13 12:44    703992    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-31 05:16 . 2013-11-16 23:00    105464    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-24 21:39 . 2014-03-21 05:58    85328    ----a-w-    c:\windows\system32\drivers\aswstm.sys
2014-05-24 21:39 . 2014-03-21 05:58    423240    ----a-w-    c:\windows\system32\drivers\aswsp.sys
2014-05-24 21:39 . 2014-03-21 05:58    1039096    ----a-w-    c:\windows\system32\drivers\aswsnx.sys
2014-05-24 21:38 . 2014-03-21 05:58    93568    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
2014-05-24 21:38 . 2014-03-21 05:58    79184    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2014-05-24 21:38 . 2014-03-21 05:58    65776    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2014-05-24 21:38 . 2014-03-21 05:58    208416    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2014-05-24 21:38 . 2014-03-21 05:58    334648    ----a-w-    c:\windows\system32\aswBoot.exe
2014-05-02 19:19 . 2014-04-26 23:44    76888    ----a-w-    c:\windows\SysWow64\PnkBstrA.exe
2014-04-19 09:39 . 2014-05-06 15:06    628024    ----a-w-    c:\windows\system32\NotificationUI.exe
2014-04-19 08:45 . 2014-05-06 15:06    693760    ----a-w-    c:\windows\system32\WSShared.dll
2014-04-19 08:45 . 2014-05-06 15:06    163840    ----a-w-    c:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-19 06:57 . 2014-05-06 15:06    566784    ----a-w-    c:\windows\SysWow64\WSShared.dll
2014-04-19 06:57 . 2014-05-06 15:06    124928    ----a-w-    c:\windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-12 09:27 . 2014-05-13 23:22    172888    ----a-w-    c:\windows\system32\drivers\ksecpkg.sys
2014-04-12 09:10 . 2014-05-13 23:22    578048    ----a-w-    c:\windows\system32\winlogon.exe
2014-04-12 09:09 . 2014-05-13 23:22    208896    ----a-w-    c:\windows\system32\wdigest.dll
2014-04-12 09:09 . 2014-05-13 23:22    1043968    ----a-w-    c:\windows\system32\usercpl.dll
2014-04-12 09:09 . 2014-05-13 23:22    94720    ----a-w-    c:\windows\system32\TSpkg.dll
2014-04-12 09:09 . 2014-05-13 23:22    588288    ----a-w-    c:\windows\system32\SHCore.dll
2014-04-12 09:08 . 2014-05-13 23:22    318464    ----a-w-    c:\windows\system32\msv1_0.dll
2014-04-12 09:08 . 2014-05-13 23:23    1281536    ----a-w-    c:\windows\system32\lsasrv.dll
2014-04-12 09:08 . 2014-05-13 23:22    439808    ----a-w-    c:\windows\system32\lsm.dll
2014-04-12 09:08 . 2014-05-13 23:23    827904    ----a-w-    c:\windows\system32\kerberos.dll
2014-04-12 09:07 . 2014-05-13 23:22    20480    ----a-w-    c:\windows\system32\credssp.dll
2014-04-12 07:23 . 2014-05-13 23:22    178688    ----a-w-    c:\windows\SysWow64\wdigest.dll
2014-04-12 07:23 . 2014-05-13 23:22    961536    ----a-w-    c:\windows\SysWow64\usercpl.dll
2014-04-12 07:23 . 2014-05-13 23:22    76800    ----a-w-    c:\windows\SysWow64\TSpkg.dll
2014-04-12 07:23 . 2014-05-13 23:22    452608    ----a-w-    c:\windows\SysWow64\SHCore.dll
2014-04-12 07:23 . 2014-05-13 23:22    273920    ----a-w-    c:\windows\SysWow64\msv1_0.dll
2014-04-12 07:22 . 2014-05-13 23:23    666624    ----a-w-    c:\windows\SysWow64\kerberos.dll
2014-04-12 07:22 . 2014-05-13 23:22    17408    ----a-w-    c:\windows\SysWow64\credssp.dll
2014-04-12 06:58 . 2014-05-13 23:22    14848    ----a-w-    c:\windows\system32\workerdd.dll
2014-04-01 01:46 . 2014-04-01 01:46    130712    ----a-w-    c:\windows\SysWow64\MSSTDFMT.DLL
2014-04-01 01:46 . 2014-04-01 01:46    1070232    ----a-w-    c:\windows\SysWow64\MSCOMCTL.OCX
2014-03-28 19:19 . 2014-05-13 23:23    35856    ----a-w-    c:\windows\system32\drivers\WdBoot.sys
2014-03-28 08:23 . 2014-05-13 23:24    19759104    ----a-w-    c:\windows\system32\shell32.dll
2014-03-28 08:23 . 2014-05-13 23:20    1287168    ----a-w-    c:\windows\system32\schedsvc.dll
2014-03-23 22:11 . 2014-05-13 23:23    269592    ----a-w-    c:\windows\system32\drivers\WdFilter.sys
.
.
((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-05-08 21445248]
"MP3 Skype recorder"="c:\program files (x86)\MP3 Skype Recorder\MP3 Skype Recorder.exe" [2011-11-18 1975296]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2014-05-31 3588952]
"NitroPC"="c:\users\Lucas\Desktop\back up\programas\NitroPC\NitroPC.exe" [2012-08-01 3477504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-09-12 56128]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-10-23 102928]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-06-06 3890208]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [2012-09-23 3477640]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MP3 Skype Recorder"="c:\program files (x86)\MP3 Skype Recorder\MP3 Skype Recorder.exe" [2011-11-18 1975296]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2014-4-27 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]
2014-02-21 19:13    1582632    ------w-    c:\program files (x86)\GbPlugin\gbieh.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages    REG_MULTI_SZ       DPPassFilter scecli
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AutoUpdateDisableNotify"=dword:00000001
.
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 Util diamondata;Util diamondata;c:\program files (x86)\diamondata\bin\utildiamondata.exe;c:\program files (x86)\diamondata\bin\utildiamondata.exe [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 DellRbtn;Airplane Mode Switch;c:\windows\System32\drivers\DellRbtn.sys;c:\windows\SYSNATIVE\drivers\DellRbtn.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.6;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
S0 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdisFlt.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys;c:\windows\SYSNATIVE\DRIVERS\stdcfltn.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 CLVirtualDrive;CLVirtualDrive;c:\windows\system32\DRIVERS\CLVirtualDrive.sys;c:\windows\SYSNATIVE\DRIVERS\CLVirtualDrive.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\System32\drivers\dtsoftbus01.sys;c:\windows\SYSNATIVE\drivers\dtsoftbus01.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [x]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]
S2 CxUtilSvc;CxUtilSvc;c:\program files\Conexant\SA3\CxUtilSvc.exe;c:\program files\Conexant\SA3\CxUtilSvc.exe [x]
S2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;c:\program files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe;c:\program files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [x]
S2 GbpSv;Gbp Service;c:\progra~2\GbPlugin\GbpSv.exe;c:\progra~2\GbPlugin\GbpSv.exe [x]
S2 IAStorDataMgrSvc;Tecnologia de armazenamento Intel® Rapid;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell Backup and Recovery\sftservice.exe;c:\program files (x86)\Dell Backup and Recovery\sftservice.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 vcsFPService;Validity vocês Fingerprint Service;c:\windows\system32\vcsFPService.exe;c:\windows\SYSNATIVE\vcsFPService.exe [x]
S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe [x]
S3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
S3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;c:\windows\System32\drivers\btath_bus.sys;c:\windows\SYSNATIVE\drivers\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\System32\drivers\btath_hcrp.sys;c:\windows\SYSNATIVE\drivers\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\System32\drivers\btath_rcp.sys;c:\windows\SYSNATIVE\drivers\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 BthLEEnum;Driver de Baixa Energia do Bluetooth;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
S3 ETD;Dell Touchpad;c:\windows\System32\drivers\ETD.sys;c:\windows\SYSNATIVE\drivers\ETD.sys [x]
S3 IntcDAud;Áudio do vídeo Intel®;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
S3 ST_ACCEL;STMicroelectronics Accelerometer Service;c:\windows\system32\DRIVERS\ST_Accel.sys;c:\windows\SYSNATIVE\DRIVERS\ST_Accel.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-13 03:57    1091912    ----a-w-    c:\program files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2014-06-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-07 23:42]
.
2014-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-21 01:15]
.
2014-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-21 01:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-05-24 21:38    290888    ----a-w-    c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09    164016    ----a-w-    c:\users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDCtrl"="c:\program files\Elantech\ETDCtrl.exe" [2012-10-31 2780048]
"SmartAudio"="c:\program files\CONEXANT\SA3\SACpl.exe" [2012-06-13 1647616]
"BtTray"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe" [2012-09-14 764544]
"BtvStack"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" [2012-09-14 127616]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-06 171040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-06 399392]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
.
------- Scan Suplementar -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
IE: Anexar a PDF existente - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Anexar destino do link a PDF existente - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Converter destino do link em Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Converter em Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xportar para o Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: bancobrasil.com.br\www
Trusted Zone: bancobrasil.com.br\www14
Trusted Zone: bancobrasil.com.br\www2
Trusted Zone: bb.com.br\www
TCP: DhcpNameServer = 192.168.25.1
FF - ProfilePath - c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\3dxqr01a.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com.br
FF - prefs.js: keyword.URL -
.
- - - - ORFÃOS REMOVIDOS - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
AddRemove-BattlEye for A2 - c:\program files (x86)\Steam\steamapps\common\Arma 2BattlEye\UnInstallBE.exe
AddRemove-PC App Store 4.4.0.5812 - c:\program files (x86)\Baidu Security\PC App Store\4.4.0.5812\Uninstall.exe
AddRemove-{36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1 - c:\users\Lucas\AppData\Roaming\unins001.exe
AddRemove-{5d01f486-f32d-462e-8830-cc1d116e8ece}_is1 - c:\users\Lucas\AppData\Roaming\unins000.exe
AddRemove-{e96ba9ae-2b3e-4417-8f3f-36c0ced95df1} - c:\program files (x86)\ViewPassword\Uninstall.exe
.
.
.
Tempo para conclusão: 2014-06-21  14:14:51
ComboFix-quarantined-files.txt  2014-06-21 17:14
ComboFix2.txt  2014-06-19 16:00
ComboFix3.txt  2014-06-18 00:35
.
Pré-execução: 382.731.571.200 bytes disponíveis
Pós execução: 382.697.586.688 bytes disponíveis
.
- - End Of File - - C944B725CC3F7BD1F23EE843C3DA0578
 

Agora o log do malwarebytes:

 

<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2014/06/21 14:21:42 -0300</date>
<logfile>mbam-log-2014-06-21 (14-21-37).xml</logfile>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.00.2.1012</version>
<malware-database>v2014.06.21.08</malware-database>
<rootkit-database>v2014.06.20.01</rootkit-database>
<license>trial</license>
<file-protection>enabled</file-protection>
<web-protection>enabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<osversion>Windows 8</osversion>
<arch>x64</arch>
<username>Lucas</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>288425</objects>
<time>536</time>
<processes>0</processes>
<modules>0</modules>
<keys>1</keys>
<values>2</values>
<datas>2</datas>
<folders>4</folders>
<files>11</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>disabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
<key><path>HKU\S-1-5-21-1220029359-3082925304-2817561659-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\funmoodsToolbar</path><vendor>PUP.Optional.FunMoods.A</vendor><action>success</action><hash>0a12bdbee69542f48be6667e20e334cc</hash></key>
<value><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURI</path><valuename>(Default)</valuename><vendor>PUP.Optional.CertifiedToolBar.A</vendor><action>success</action><valuedata>http://search.certified-toolbar.com?si=39033&bs=true&tid=114&q=%s</valuedata><hash>a676f289abd0b5814c37980ec83ad32d</hash></value>
<value><path>HKU\S-1-5-21-1220029359-3082925304-2817561659-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS</path><valuename>appid</valuename><vendor>PUP.Optional.QuickStart.A</vendor><action>success</action><valuedata>quick_start@gmail.com</valuedata><hash>7aa2b6c57efd73c3a0da673f43bf748c</hash></value>
<data><path>HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES</path><valuename>DefaultScope</valuename><vendor>PUP.Optional.Qone8</vendor><action>none</action><valuedata>{33BB0A4E-99AF-4226-BDF6-49120163DE86}</valuedata><baddata>{33BB0A4E-99AF-4226-BDF6-49120163DE86}</baddata><gooddata>{0633EE93-D776-472f-A0FF-E1416B8B2E3A}</gooddata><hash>fa222a51daa1ab8be3b8dca535cf4bb5</hash></data>
<data><path>HKU\S-1-5-21-1220029359-3082925304-2817561659-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURI</path><valuename>(Default)</valuename><vendor>PUP.Optional.SearchCertifiedTB.A</vendor><action>replaced</action><valuedata>http://search.certified-toolbar.com?si=39033&bs=true&tid=114&q=%s</valuedata><baddata>http://search.certified-toolbar.com?si=39033&bs=true&tid=114&q=%s</baddata><gooddata>http://www.google.com</gooddata><hash>da42cdae83f865d1e2668df5c93bca36</hash></data>
<folder><path>C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\default\extensions\ammfplfdkakimnibcghcebgbiiphabgc</path><vendor>PUP.Optional.CrossRider.A</vendor><action>none</action><hash>8d8f7902dc9f3bfbada2d3c05fa3a55b</hash></folder>
<folder><path>C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\default\extensions\ammfplfdkakimnibcghcebgbiiphabgc\_locales</path><vendor>PUP.Optional.CrossRider.A</vendor><action>none</action><hash>8d8f7902dc9f3bfbada2d3c05fa3a55b</hash></folder>
<folder><path>C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\default\extensions\ammfplfdkakimnibcghcebgbiiphabgc\_locales\en</path><vendor>PUP.Optional.CrossRider.A</vendor><action>none</action><hash>8d8f7902dc9f3bfbada2d3c05fa3a55b</hash></folder>
<folder><path>C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\default\extensions\ammfplfdkakimnibcghcebgbiiphabgc\_locales\pl</path><vendor>PUP.Optional.CrossRider.A</vendor><action>none</action><hash>8d8f7902dc9f3bfbada2d3c05fa3a55b</hash></folder>
<file><path>C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\default\extensions\ammfplfdkakimnibcghcebgbiiphabgc\background.html</path><vendor>PUP.Optional.CrossRider.A</vendor><action>none</action><hash>8d8f7902dc9f3bfbada2d3c05fa3a55b</hash></file>
<file><path>C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\default\extensions\ammfplfdkakimnibcghcebgbiiphabgc\background.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>none</action><hash>8d8f7902dc9f3bfbada2d3c05fa3a55b</hash></file>
<file><path>C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\default\extensions\ammfplfdkakimnibcghcebgbiiphabgc\icon_128.png</path><vendor>PUP.Optional.CrossRider.A</vendor><action>none</action><hash>8d8f7902dc9f3bfbada2d3c05fa3a55b</hash></file>
<file><path>C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\default\extensions\ammfplfdkakimnibcghcebgbiiphabgc\inject.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>none</action><hash>8d8f7902dc9f3bfbada2d3c05fa3a55b</hash></file>
<file><path>C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\default\extensions\ammfplfdkakimnibcghcebgbiiphabgc\jquery.min.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>none</action><hash>8d8f7902dc9f3bfbada2d3c05fa3a55b</hash></file>
<file><path>C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\default\extensions\ammfplfdkakimnibcghcebgbiiphabgc\manifest.json</path><vendor>PUP.Optional.CrossRider.A</vendor><action>none</action><hash>8d8f7902dc9f3bfbada2d3c05fa3a55b</hash></file>
<file><path>C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\default\extensions\ammfplfdkakimnibcghcebgbiiphabgc\_locales\en\messages.json</path><vendor>PUP.Optional.CrossRider.A</vendor><action>none</action><hash>8d8f7902dc9f3bfbada2d3c05fa3a55b</hash></file>
<file><path>C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\default\extensions\ammfplfdkakimnibcghcebgbiiphabgc\_locales\pl\messages.json</path><vendor>PUP.Optional.CrossRider.A</vendor><action>none</action><hash>8d8f7902dc9f3bfbada2d3c05fa3a55b</hash></file>
<file><path>C:\ProgramData\InstallMate\{A98EE89B-C5B3-4F93-AD78-8D91726DCA6D}\Custom.dll</path><vendor>Adware.Agent</vendor><action>success</action><hash>42da4e2da0db68ce7ba868eb9c65f40c</hash></file>
<file><path>C:\ProgramData\InstallMate\{AAFF98B7-0BFA-4EA5-AC4E-43D8711CBA41}\Custom.dll</path><vendor>Adware.Agent</vendor><action>success</action><hash>34e83249cbb04ee83be82a292dd48779</hash></file>
<file><path>C:\Windows\Installer\1416d745.msi</path><vendor>PUP.Optional.SnapDo.A</vendor><action>success</action><hash>44d8413a83f8330336504d3ac53c45bb</hash></file>
</items>
</mbam-log>
 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro Mogg Mester

 

Ok... :)

 

# Etapa nº 1 #
 
Faça o download do Kaspersky AVP Tool de um desses links:
 
Você será direcionado a uma página da Kaspersky, solicitando um email para cadastro, nome e sobrenome. 
Somente o campo "email" é obrigatório.
Informe seu email depois clique no botão Submit Form.
A página será recarregada. Clique no botão Download
Salve-o em sua área de trabalho (Desktop).
Execute o arquivo e aguarde a instalação.
  • ** Usuários do Windows Vista e Windows 7: Clique com o direito sobre o arquivo, depois clique em Executar como administrador

  • Na tela do contrato de licença, marque a opção I accept the license agreement e depois clique no botão Start.
Aparentemente o programa congela e nada acontece. É normal, apenas aguarde até aparecer a tela inicial do programa, e então clique no ícone Settings:

 
KRT_settings.png
 
Nesta tela, marque a caixa ao lado de:
Meu Computador; 
Disco local (C:);
Marque também todas as unidades que aparecem abaixo de Disco Local, caso houverem;
Depois clique na aba Automatic Scan.

 
KRT_install2_.png
 
De volta à tela inicial do programa, clique no botão Start scanning;
Tenha paciência, é um pouco demorado;
Quando terminar, caso tenha detectado algo, o programa irá lhe perguntar o que fazer;
Marque o quadradinho ao lado de Apply to all objects e depois clique em Skip (queremos apenas o log).

 
KRT_detection_.png
 
Uma vez finalizado o scan, proceda da seguinte forma:
Na tela principal, caso tenha sido detectado algo, então salve o log
Se você fechar o programa e esquecer de salvar o log, terá que repetir todo o scan novamente.
Para salvar o log, clique no ícone Reports (ao lado do ícone "Settings"). 
Na próxima janela, clique em Detected Threats, depois clique no ícone de disquete para salvar o log.
Escolha um local de fácil acesso e salve como log.txt
Copie todo o conteúdo desse bloco de notas e cole em sua próxima resposta.
Se nada for detectado, então não precisa salvar o log, apenas avise.
Para sair do programa, basta clicar no X no canto superior direito.

 

Observações:
Enquanto durar o scan, a tela inicial exibirá uma barra de progresso. Quando terminar, o programa exibirá o status concluído e um botão que ficará na cor
laranja
, caso nada tenha sido detectado; e na cor
vermelha
, caso tenha encontrado algo. Caso tenha detectado algo, o programa também exibirá uma tela de alerta, avisando que o seu sistema está desprotegido e sugerindo um produto da Kaspersky. Clique no botão
No, thanks
.

 
# Etapa nº 2 #
 
Faça o download do SecurityCheck e salve em seu Desktop
 
Clique duas vezes no SecurityCheck.exe
  • Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png

Pressione qualquer tecla para continuar... será aberto um relatório
Copie todo seu conteúdo e cole em sua próxima resposta

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Prezado Diego, o log do Kaspersky ficou gigantesco, com mais de 300 megas. É preciso postar aqui?

Bem, em todo caso, posto do Securit Check:

 

Results of screen317's Security Check version 0.99.85  
   x64 (UAC is enabled)  
 Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Defender   
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 25  
 Java version out of Date!
  Adobe Flash Player     13.0.0.214 Flash Player out of Date!  
 Adobe Reader XI  
 Mozilla Firefox (30.0)
 Google Chrome 35.0.1916.114  
 Google Chrome 35.0.1916.153  
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast afwServ.exe  
 AVAST Software Avast avastui.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro Mogg Mester

 

o log do Kaspersky ficou gigantesco, com mais de 300 megas. É preciso postar aqui?

 

 

Acusou alguma infecção?

 

Vamos fazer as correções/atualizações recomendadas ;)
 
# Etapa nº 1 #
 
Atualize o Java.
 
Atenção: Desinstale TODAS as versões antigas do Java.
  • Feche todos os programas especialmente o seu Navegador (IE, Firefox etc).
  • Acesse o site Java para Windows
  • Clique em 4531602912_e9606174d3_o.gif
  • Na janela que surgir clique em Executar;
  • Siga os procedimentos de instalação.

 
# Etapa nº 2 #
 
  • Atualize o Flash Player
Atualize o Internet Explorer

Aguardo retorno :)

 
Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro Mogg Mester

 

Caso não conheça este programa, detectado pelo Kaspersky, então pode removê-lo. No mais está limpo. ;)

 

>>>> Como está o computador?
 
# Etapa nº 1 #
 
Vamos desinstalar o ComboFix:
 
Renomeie o combofix.exe para uninstall.exe, clique duas vezes nele e aguarde o programa ser removido. 
 
Ou se preferir vá em,
 
iniciar > executar e digite  Combofix /Uninstall e clique OK, na janela que aparecer clique em executar e aguarde o programa ser removido.
 
# Etapa nº 2 #
 
Faça download do OTC by OldTimer e salve em seu desktop.
  • Clique duas vezes no ícone 4142006426_4719050954_o.gif
  • Clique em executar;
  • Clique em seu único botão (imagem abaixo):
4141259853_5a542d5908_o.jpgPermita que seu computador seja reiniciado.

 
# Etapa nº 3 #
 
  • Novamente: clique duas vezes no adwcleaner.exe
    • Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png

  • Clique em Desinstalar
  • Clique em Sim, aguarde.
 
# Etapa nº 4 #
 
<<@>> Instale o CCleaner
 
O CCleaner é um excelente utilitário de limpeza para o computador, que lhe ajudará no desempenho do computador. Faça o download dele aqui CCleaner
IMPORTANTE: Após a instalação vá até o local onde o programa foi instalado, C:\Arquivos de programas\CCleaner, clique duas vezes na pasta, numa área vazia desta janela, clique com o botão direito do mouse e escolha Novo > pasta e crie uma nova pasta; coloque o nome de backups!
Abra o programa e clique em Executar Limpeza;
clique no botão Registro > Procurar Erros > Corrigir erro(s) seleciona(s)...
 
Obs: Não se esqueça de aceitar o backup das correções, e salvá-los nas pasta criada acima!

<<@>> Mantenha sempre seu Windows atualizado; mantenha uma vigilância constante com o firewall e antivírus e por fim, lembre-se que, a melhor forma de prevenir começa pelas nossas atitudes!
 
Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×